Thank you for visiting www.lacastel.ro website (hereinafter referred to as the “Website” or the “Company”).
In the European Union, personal data are protected according to Regulation no. 679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, which came in force on 25 May 2018 (hereinafter referred to as the “GDPR” or the “Regulation”).
According to art. 13 from the Regulation, before collecting your personal data we shall identify ourselves and inform you about the reason, purpose and justification for collecting them. This Policy aims to properly inform you about the processing of your personal data when using the services of the Company.
Euro Market Junior. SRL – Hotel Restaurant La Castel*** holds the classification certificate no. 15929 from 10/03/2011 and the tourism authorization no. 25393 from 02/28/2018 issued by the Ministry of Tourism.
The Company, by its policies, acknowledges the importance of protecting personal data, undertakes to respect the rights of the data subjects according to GDPR and makes all the efforts to process your data in compliance with the GDPR requirements.
If you have under 16 years old, please do not provide us with your personal data.
The reason for collecting personal data appears when you interact with the Company through online platforms such as Facebook, Twitter and Instagram, telephone reservations, directly (when you personally arrive at the reception) or through the Website (filling the rooms booking form, contact form, account creation form or newsletter subscription form) – which are triggering factors for the collecting action.
It is also possible to use your information to provide you with products and/or services that we believe might be of interest to you, if you expressed your explicit consent for this purpose.
The Company cannot be held accountable for the inaccuracy of the data you provided, lack of updates on them and/or your negligence on data security in the event that third parties took possession of your data.
What information we collect
The personal data that we collect from you and then process, based on the legislation in force (Decision of the Government no. 237/2001 for the approval of the Norms regarding the access, the record and the protection of tourists in tourist welcoming facilities, Accounting Law no. 82/1991 and Ministry of Public Finance Order no. 3512/2008 on financial-accounting documents), legitimate interests or consent are: [first name], [last name], [date of birth], [place of birth], [citizenship], [home address], [ID series and number], [personal identification number], [contact telephone number], [email address]. Optionally, special data might be collected, to facilitate the booking process for people with disabilities.
In accordance with the provisions of the Regulation, the Company keeps all the information collected for the purpose of fulfilling the contractual or precontractual obligations, as well as a record of the electronic transactions necessary to establish, exercise or defend a right in court. In this respect, a minimum set of data regarding your identity will be processed for the sole purpose of complying with the legislation in force to ensure the record, inventory, selection, storage and use of the documents kept by the Company.
Your rights, according to GDPR
In accordance with the Regulation, you have the following rights concerning the personal data processing:
- Right of access to collected data. If your personal data are processed by the Company, we will grant you access to that data and to a series of information according to GDPR. Upon request, we will send you a copy of your data that are being processed;
- Right to rectification. You have the right to obtain from the Company, upon request and free of charge, the rectification of your inaccurate data, also having the right to request the completion of your incomplete data, including by providing an additional statement;
- Right to data erasure. („the right to be forgotten”). You have the right to obtain from the Company the erasure of your data, if one of the reason provided by GDPR is applied;
- Right to restriction of processing. You have the right to obtain from the Company the restriction of processing your data;
- Right to data portability. You have the right to receive from the Company the data you have provided and the right to request, as long as it is technically possible, to send your data to another personal data controller.
The rights you have can be exercised, in accordance with the Regulation, through a written, dated and signed request, sent by mail at the address of the Company from the preamble or to the email address of the Company (email@example.com) and/or to the Data Protection Officer at the following email address: firstname.lastname@example.org. We will answer to your request within the timeframe set by GDPR. Please note that in order to provide you with the answer to such a request, you will need to prove your identity and to provide us any further details to help us solve your request.
We wish to inform you that, based on the legal provisions, we have the option to duly refuse the abusive requests and/or certain requests that do not fall under the limits set by the rules in force and, also, that we have the right to charge a reasonable fee proportional with your request.
If you consider that the processing of your personal data is not performed in compliance with all the requirements of the Regulation, you may contact the National Supervisory Authority for Personal Data Processing (hereinafter referred to as “ANSPDCP”) – www.dataprotection.ro and/or the competent courts.
Processing of personal data
Your data shall be processed by the Company based on the consent given when you provided us with your personal data. Later, you may withdraw the consent at any time, through a request sent on the email address email@example.com or by any other available mean (including the use of the UNSUBSCRIBE link in the newsletter you receive). However, the withdrawal of the consent will not affect the lawfulness of any processing that took place prior to this withdrawal.
The personal data will be processed on the territory of Romania and/or other countries in the European Union, complying with the provisions of the Regulation. However, it is possible that certain information may be collected by third parties through cookies – for more information please consult the Cookies Policy, or through social communication functions described below.
Transfer of personal data to third parties
Your data, collected and processed by the Company, will not be sold to third parties.
Personal data may be communicated to the authorized suppliers or partners of the Company, which process personal data for the purpose they were collected and according to the instructions of the Company. The categories of authorized entities that process data on behalf of the Company can include, as example, but without being limited to: providers of accounting services, human resources, management consultancy, IT support services, IT security services, booking services, analytics services and search engines services that help us improve and optimize our Website. The Company shall make proper preliminary evaluations when selecting third parties service providers and shall require them to maintain proper technical and organizational security measures to protect the personal data and to process the personal data only in accordance with the instructions of the Company.
Personal data may be communicated to law enforcement authorities and/or agencies, if required by the legislation in force or if this is needed to exercise our rights, including the conditions of use, or to protect our legitimate interests according to the applicable laws.
The Company may share personal data to other third parties in certain types of transactions, including in the context of transactions involving a change in control over the Company, the substantial sale of all its actives or commercial restructuring.
The Company will keep your data on its own servers and/or the servers hosted by third parties (including the cloud services of third parties). We use proper technical and organizational measures, meant to protect your personal data and prevent the unauthorized access to it. Sending data on the internet is not completely secure, thus we cannot guarantee the security of your data until they reach our Website. Any submission is made on your own risk and the Company shall not be held accountable for the damage you or others may suffer as a result of unauthorized access. After we receive your data, we will use strict procedures and security features to prevent the unauthorized access.
Privacy of minors
The Company does not knowingly collect personal data from people under the age of 16. If a parent or a guardian is aware of situations in which his/her children provided their personal data to the Company, he/she must immediately inform the Company. If the Company discovers that a person under the age of 16 provided it with personal data, the Company shall immediately erase that information from its systems, unless the parent or guardian explicitly gives his/her consent to the Company to process the personal data of the child for the specified purposes.
Cookies and social communication features
The time period to store and process your data
The Company shall process your data for a period that will not exceed the time required to fulfil the purpose for which the data are processed.
Thus, if you withdraw your consent for data processing, the Company will cease processing your data. In such cases, we will cease to process the respective personal data for relevant purposes, subject of any legal obligation to process those personal data and/or our need to process those personal data for the purpose of our legitimate interests.
We may update this Policy periodically, depending on the applicable legislative amendments and additions, as the services we provide change, as well as depending on the technological development level. In such situations, we shall notify you of any change by posting a new version on the Website. If you provided us with your contact details and authorized us to contact you, we will notify you if we change this Policy.
Please consult this Policy periodically to be informed about the changes occurred.
For any questions or concerns about the processing of your personal data or if you wish to exercise a right, please contact the Data Protection Officer of the Company by email: firstname.lastname@example.org or send a letter to the Data Protection Officer at the address of the Company from the preamble.
In order to benefit from the services provided by the Company, there is no need to send to the Company sensitive personal data (such as information about racial or ethnical origin, political opinions, religious or other beliefs, health status or membership to a trade union) or information about the criminal record.
Questions and contact details:
National Supervisory Authority for Personal Data Processing Address: 28-30 Magheru Blvd., Sector 1, postal code 010336, BUCHAREST
Contact details: http://www.dataprotection.ro/?page=contact, e-mail: email@example.com.
 for example: completing the tax invoice for accommodation services using a software program
 for example: informing you on unforeseen events prior to your accommodation.