Respecting the right to the protection of personal data and the right to privacy is one of the fundamental missions of Hagi Sport SRL (IAKI).
We therefore take all necessary steps to process your personal data in accordance with the principles established by the applicable data protection legislation in Romania, including Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC ( "GDPR").
Personal data means any information relating to an identified or identifiable natural person ( "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his physical, physiological, genetic, mental, economic, cultural or social.
The personal data processing is done by: Hagi Sport SRL (IAKI) based in Constanta, Hotel Bucharest B, Mamaia, registered under no. J13 / 1896/1999 the Trade Register, having CUI RO 6646915.
Hagi Sport Society (IAKI) is operator of personal data in the meaning of GDPR, that determines the means and purposes of processing personal data.
Click one of the links below to go to a particular section:
• What kind of personal data do we process?
• Personal data of minors
• Special categories of personal data
• For what purpose and on what basis is your personal data processed
• Recipients of personal data
• Personal data we collect from third parties
• International transfers of personal data
• Providing your personal data to other individuals
• How long we keep your data personal
• What are your rights?
• Is your data.safe?
• Links to other web sites
• Questions or complaints
• Changes in policy
WHAT KIND OF PERSONAL DATA DO WE PROCESS?
If you are a client or potential client
We collect personal data from most interactions with you, and in other aspects of our business. The categories of data we process are:
a) necessary data for making reservations (for example, name, email, phone);
b) related data sheet arrival-departure, required under national law (eg, nationality, address, date of birth);
c) bank card details (card type, card number, credit / debit card holder's name, expiry date and security code);
d) customer’s stay information, including arrival and departure, special requirements, preferences;
e) information you provide regarding your marketing preferences;
f) personal data provided for newsletter subscription;
g) information about the vehicles that may bring on our property (e.g. registration number);
h) data collected from the access cards (at entry and exit);
i) information collected by various third parties (e.g. travel agencies, event organizers) and sent to Hagi Sport SRL (rooming list, guest list events);
j) data necessary to provide additional services;
k) reviews and opinions about our services;
l) any other information you choose to provide us.
Also, surveillance cameras and other security measures on our properties can capture or record images of guests in public places (such as hotel entrances, restaurants or hallways), as well as your location data (through the images captured by the surveillance cameras).
You can always choose what personal data you provide us. However, if you choose not to provide certain personal data, if the basis for our processingis the compliance with a legal obligation, contractual obligation or obligations to conclude a contract, we will be unable to provide you with certain services, for example: (i) if you do not want to disclose your full name, e-mail address or telephone number when making a reservation, we will not be able to make said reservation, or (ii) given that in the form you are required to fill in on arrival you will need to provide some mandatory personal data, should you choose not to fill in those mandatory fields, we will not be able to accommodate you.
If you are a potential employee
We collect the information sent through your CV and any other information submitted with your resume and / or provided during the interviews in which you participated.
If you are a visitor
We collect your name, surname, and your ID card’s series and number.
Surveillance cameras can also capture or record images of visitors in public places (such as the entries in the hotel or in restaurants or lounges).
If you are a user of our websites www.iaki.ro and www.iakispa.ro
No personal data is required to read the information on the websites.
However, for the technical operation of the portal, we collect the time and date when the website was accessed and the IP address that accessed it.
Some personal data is required for the use of some services (such as online bookings, job applications). For details, please refer to the sections corresponding to the operation done on the website.
If you are a representative or contact person of our suppliers or business partners
We collect your name, position, and any other data provided by you or the company that you represent.
If you are an employee
PERSONAL DATA OF MINORS
We protect the confidentiality of data from children under 16. In case you are under the age of 16, you must obtain the consent or permission of your parent or guardian for any personal data you provide.
SPECIAL CATEGORIES OF PERSONAL DATA
The term "special categories of personal data" refers to racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, and to the processing of genetic , biometric, health data or personal data on sex life or sexual orientation.
Generally, we do not collect sensitive information unless you want to disclose it. We can use the health data you provide to better serve and meet your special needs (e.g., to prepare food without including foods to which you are allergic, to provide access to people with disabilities).
For what purpose and on what basis is your personal data processed
If you are a client
a) Hotel/SPA and restaurant reservations, or requests for offer sent by you for certain events organized or that can be organized.
Purpose: we process your personal data (i) to make a reservation in the hotel / SPA / restaurant (ii) to respond to your requests for offers
Basis: conclusion of a contract
Purpose: we process your personal data for your registration / accommodation in our hotel.
Basis: Upon check in, according to the legal provisions in force, you are required to fill in a registration form containing the minimum data necessary to us to be able to accommodate you.
c) Client service (this service includes, inter alia: hotel shuttle service, concierge service, , cleaning service, laundry service, etc.)
Purpose: We process your personal data to provide you with a pleasant experience in accordance to your standards and the hotel’s.
Basis: Performance of the hotel service contract
Purpose: in order to provide customized services, some of your special preferences (e.g. whether you prefer rooms on the upper floors or the lower ones, whether you like a certain type of wine, etc.) are stored so that when you return, we will already know what you like
Purpose: we process your personal data to ensure that you have had a pleasant experience in our units.
Basis: our legitimate interests to constantly improve the services we offer and to provide services which are appropriate and in accordance with the standards of our customers.
Purpose: we process your personal data for marketing purposes, such as commercial newsletters and marketing communications on new products and services or other offers that we believe may be of interest to you
Basis: we rely on a legitimate interest in promoting our services by submitting the offers which we consider to be of interest to you (see "right to object" under "Your rights")
If necessary, in accordance with the applicable law, we will obtain your consent before processing your personal data for direct marketing purposes. In this case, we hereby notify you that you may at any time withdraw your consent to a processing for marketing purposes, in which case you will not receive any marketing communications from us.
We will include an unsubscribe link, which you can use if you do not want to receive any more messages from us.
Also, when organizing certain events in our hotels and restaurants, we may take some photos, and some of these could also be distributed in the online environment to show others what our events are like. In any case, because we respect your right to privacy, we will make efforts to avoid focusing on certain people and we will do everything in our power to inform you that photos will be taken (for objections to our photos, see “Right to oppose” in the “Your rights” section)
g) Other communications: by e-mail, mail, phone or SMS
Purpose: these communications are made for a specific reason such as: (i) to respond to your requests, (ii) if you have not completed an online reservation or a request for offers, we may send you an e-mail to remind you to complete the reservation, (iii) to inform you about how they were solved complaints and / or incidents occurred during your stay
Basis: our legitimate interests to provide services at the desired standard by addressing any claims / complaints and to ensure our full availability.
h) Analysis, improvement and research:
Purpose: To ensure a constant qualitative development of our services, we carefully analyze each complaint / suggestion from you so that we draw up statistical reports to identify problems and find the best solutions to remedy them.
Basis: We rely on our legitimate interest to provide services which meet your and IAKI Hotel’s standards.
If you are a visitor in our location
Purpose: We process your personal data for the protection of goods and people within our hotel.
Basis: our legitimate interest to ensure both the protection of customer property / hotel / staff and protection of the persons in the hotel.
If you are a user of our websites www.iaki.ro and www.iakispa.ro
Purpose: to monitor traffic in order to identify errors and / or any other website malfunctions
Basis: We base this data processing activity on our legitimate interest, namely to provide you with a fully functional website by fixing any errors, and to constantly improve our websites
If you are a representative or a contact person of our suppliers or business partners
Purpose: Conduncting contractual relations with suppliers and business partners.
Basis: performance of a contract.
If you are a potential employee
Purpose: assessing your application for employment.
Basis: conclusion of a contract
If you are an employee
a) Restructuring, internal reorganization or sale of assets or shares:
Purpose: Process your information for the above operations.
Basis: Our legitimate interest to carry out the operations, especially if they would be impossible in the absence of processing your data
However, we ensure that this possible processing will be carried out in accordance with this policy and by implementing measures to ensure the confidentiality of your data.
Purpose: We process personal data for the security of property and the physical integrity of persons.
Basis: we rely on our legitimate interests to protect your property and hotel’s as well as to protect the persons in our hotel.
c) Legal grounds:
Purpose: In some cases, must process information, which may include personal data, to resolve legal disputes or complaints, investigations and to comply with applicable legal regulations, to implement an agreement or in order to comply with requests from public bodies to the extent that these requests meet the legal requirements.
Basis: The reasons for the processing may be represented by a legal obligation (where we are legally required to disclose certain personal data to public authorities) or our legitimate interest to resolve potential disputes and / or complaints.
RECIPIENTS OF PERSONAL DATA
To provide you with the expected hospitality level and high-quality services, your data may be sent to our service providers and other third parties, as shown in detail below:
a) Providers: in order to provide the requested services, in some cases we will need to pass some of your personal data to the providers, and they have the capacity of processor and process the data in our name and behalf and in accordance with our instructions (e.g., software, IT, accounting services, medical services providers).
b) Group events or meetings: If you visit our hotels within a group or a conference, the information required for the planning of the meeting and event may be shared with the organizers of these meetings and events and, where appropriate, with the guests who organize or participate in the meeting or event.
c) Business partners: In some cases, we associate with with other companies to provide you with products, services or offers. For example, we can arrange for you to hire a caror we can intermediate optional services pastry and kitchen products that exceed our offer.
d) Authorities and / or public institutions: (i) compliance with legal provisions,, (ii) to respond to their requests, (iii) for reasons of public interest (e.g. national security). For example, according to the rules set out in Section " For what purpose and on what basis is your personal data processed " letter b) any hotel unit is obligated to send each client’s registration form that is to be completed upon arrival.
Your privacy is important to us, which is why, where possible, the transmission of personal data in accordance with the above shall be done only pursuant to a confidentiality agreement from the recipients in order to ensure that this data is kept safe and that such information is provided in accordance with applicable laws and applicable policies. In any case, we will always send to the recipients only the information strictly necessary to achieve that purpose.
PERSONAL DATA WE COLLECT FROM THIRD PARTIES
To provide you with the expected level of hospitality and the best level of service, we may collect information about you from our business partners and other third parties, as shown in detail below:
a) Business partners: such as card parteners, social networking services that are consistent with your own settings for these services, travel agencies, event organizers.
In any case, we ensure that your data collected from third parties will be processed under the same conditions as if it were collected directly from you. We will also collect only what is necessary for our purposes. (see Section “ For what purpose and on what basis is your personal data processed”).
In addition, when we first contact you, we will firstly let you know the source from which we obtained your personal data.
INTERNATIONAL TRANSFERS OF PERSONAL DATA (OUTSIDE THE EU/EEA)
We may transfer your data to our service providers and other third parties that may be based in countries other than the one you reside in,, and in some cases in countries outside the EU / EEA.
Although data protection laws in these countries may be different from those in your country, we will take the necessary steps to ensure that your personal data is processed in accordance with this policy and in accordance with applicable law.
DISCLOSURE OF THE PERSONAL DATA OF ANOTHER PERSON BY YOU
For how long do we keep your personal data?
Your personal data is retained for the full duration of the purposes detailed in this Policy, if a longer period of retention is not required or permitted by the applicable law.
We constantly review the need to keep your personal data, and to the extent that processing is no longer required and there is no obligation under the law to keep your personal data, we will delete / destroy your personal information as soon as possible and in such a way as to prevent subsequent recovery or reconstitution (e.g., we will delete / destroy all data of persons not hired after having been interviewed, unless there is a serious prospect of future employment).
If personal information is printed on paper, it will be destroyed in a way that eliminates it completely, and if it is stored on electronic media, it will be erased by technical means to ensure that the information can no longer be subsequently recovered or reconstituted.
What are your rights?
As the data subject, you are entitled to the following rights under GDPR:
a) Right of access: You may request (i) a confirmation that personal data is processed or not, and, if so, access to such data and information about the data, and (ii) a copy of your personal data we hold (Article 15 of the GDPR);
b) Right to rectification: You can inform us of any changes to your personal data or you may ask us to correct the personal data we hold about you (Article 16 of the GDPR);
c) Right to erasure ( "right to be forgotten”): In certain circumstances (such as (i) where data has been collected illegally, (ii) the date for data storage has expired, (iii) you have exercised the right to oppose, or (iv) data processing was done on a consent basis and you have withdrawn your consent), you may ask us to delete the personal data we hold about you (Article 17 of the GDPR);
d) Right to restriction of processing: In certain circumstances (such as when you are contesting the accuracy of such data or the basis of the processing), you may require us to restrict your data processing for a certain period (Article 18 of the GDPR);
e) The right to data portability: You have the right to ask us to send your personal data to third parties or directly to you (art. 20 of GDPR);
f) Right to object: In certain circumstances (such as the processing that has a legitimate interest as legal basis), you may request that we no longer process your data (Article 21 of the GDPR).
g) If we process your personal data based on your consent, you may withdraw this consent.
If we process your personal data based on your consent, you may withdraw this consent at any time. In this case, your data will no longerbe processed by us, unless a legal provision forces us to keep and archive it. In any case, we will inform you if there is such a legal requirement and we will indicate it expressly .
IS YOUR DATA SAFE?
We take your personal security seriously, which is why we have implemented important security measures necessary to protect against unauthorized access to data or unauthorized modification, disclosure or destruction. This requires an internal review of the data collection, storage and processing practices and of the security measures, as well as physical security measures to protect against unauthorized access to systems where we store personal data.
We also require our service providers and business partners to take all necessary steps to protect against unauthorized access to data or unauthorized modification, disclosure or destruction.
LINKS TO OTHER WEBSITES
QUESTIONS OR COMPLAINTS
If you have any questions or concerns regarding the processing of your personal data or if you wish to exercise any of the abovementioned rights, you are welcome to contact us using our contact form available on the website or by sending us an e-mail at the following address : firstname.lastname@example.org, and we will reply within 30 days of the receipt of the request.
We are also providing you with the contact details of our Data Protection Officer:
Name: Mirela Banioti
Phone number: 0241.831.025
Also, to the extent that you do not have electronic or do not want to use them, you can submit a written request at our registered office in Constanta, Bucharest B Hotel, Mamaia.
To the extent that you are not satisfied with the manner in which your request has been resolved, you may file a complaint with the National Supervisory Authority for Personal Data Processing.
To help you track the most important changes, we will include a history of the changes below to help you identify the changes to this Policy.