DECLARATION ON THE PROCESSING OF PERSONAL DATA
Travel For Senses website wishes to inform you about the processing of your personal data in the context of visiting this website.
Protecting the personal data of Travel For Senses customers and keeping them safe is one of the important concerns of Travel For Senses and agents, partners, subcontractors involved in providing services.
Personal data means both non-personal data and personal data – information about an identified or identifiable individual. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifying element, including, but not limited to:
(i) name, first name, address, e-mail, telephone (eg fixed, mobile, fax);
(ii) financial information (eg income, etc.);
(iii) various information required or required by service-specific product / service-specific authorities;
(iv) information resulting from video / audio monitoring if the Customer visits one of the locations where the Travel For Senses services / products are provided or contact support services;
(v) the signature;
(vi) any other information resulting from the processing of Travel For Senses (eg customer segmentation according to different criteria, the unique identifier generated at the Travel For Senses level for each individual customer, specific information about services / products offered Travel For Senses, etc.) and any other information that is required for Travel For Senses;
(vii) the iP or the activities performed when browsing our site or using Travel For Senses applications / services.
Personal data processing means any operation or set of operations that is performed on personal data by automated or non-automatic means such as collecting, recording, organising, storing, adapting or modifying, extracting, consulting, using, disclosing third parties by transmission, dissemination or in any other way, joining or combining, blocking, archiving, deletion, destruction, etc.
COLLECTION OF INFORMATION
Information is collected in the process of providing services / products to users or potential users. The main sources of information are:
- Forms used to provide services, data provided when using Travel For Senses websites or applications, other means of communication, questionnaires that users or potential users of services accept (without being obliged to accept ) to complete upon our request other documents that users or potential users provide at our request;
- Transactions between Travel For Senses and its agents / partners and between them and users of the service; 3. external sources – to fulfil specific obligations (competent institutions, public registers, electronic databases, information available in social media and on the Internet, or third-party abilities, possessing such information, such as but not limited to to the following: the National Trade Register Office, the portal of courts in Romania administered by the Ministry of Justice, other personal data providers, etc.).
We collect the following data:
TravelForSenses.com collects personal data from its users in three ways:
directly from the user;
traffic data from the user’s browser;
Personal data collected directly.
A1. When you access TravelForSenses.com or when you create an account or place an order we can ask for your name, surname and / or email address as well as other data required for contracting, delivery or billing.
These data are kept for a period of 3 years after the termination of the contract (this
being the general prescription period). The invoice data is kept for 10 years (where it is
legal tax obligation).
If you do not give us this data, we will be unable to honor your order.
A2. When you access the assistance services, we can ask you for an email address or phone number. We reserve the right to record any communication made for TravelForSenses.com assistance services in order to improve our services. We will notify you before the communication begins that it may be registered.
These data are used, for example, for the purpose of contacting you to resolve it
your claim / request
We may also request other data that may constitute personal data only to the extent that it is
are necessary for these purposes.
A3. Also, when subscribing to our newsletter, please give us an email address to personalise your communication to you.
This data is retained until your consent is revoked or until your activity shows us that you are no longer interested in our communication.
- Traffic data
When you visit a website, regardless of the device you use, you disclose certain information about you, such as your IP address, your visit time, where you went to our sites, the visited pages. TravelForSenses.com, like other operators, records this information for a certain amount of time. TravelForSenses.com uses external traffic analysis services such as Google Analytics.
These data are used exclusively by TravelForSenses.com to improve our site and services, but also to ensure our site’s security:
– Navigation data (IPs), which automatically logs in when a user visits the site and is used to collect anonymous statistical information about the use of the site, to see the correct functioning in full security;
– cookies – per session and fixed
If you want to receive information about Travel For Senses products and services through the online store www.TravelForSenses.com, please subscribe to our newsletter by specifying your email address.
THE PURPOSE OF PERSONAL DATA PROCESSING
The purposes for which Travel For Senses processes personal data are:
The purpose of collecting personal data is for marketing activities for your own needs TravelForSenses.com;
Identifying users / potential users via the means of communication (eg telephone, e-mail, post, internet, fixed or mobile applications that the Client accesses to use the services provided);
Identifying users / potential users to meet the legal obligations of Travel For Senses to provide services;
Monitoring operations and running services and providing support services for users / potential users;
Creating or analysing profiles for service improvement and surveying as well as for performing any other type of service promotion and / or marketing or general advertising;
Performing internal analyses (including statistical analyses) both on services and on the portfolio of users / potential users, for providing, improving and developing services, as well as conducting market studies and analyses on the specific field;
Solving any procedural and / or legal situation in connection with the provision of services or the interest of the company;
Archiving in both physical and electronic format of documents related to the provision of services and / or correspondence with users / potential users;
Reporting to state institutions in accordance with the applicable Travel For Senses legal regulations (eg regulatory authorities and legal authorities).
THE REASON OF PERSONAL DATA PROCESSING
Travel For Senses processes personal data for the purposes outlined above, based on the following grounds:
Execution of the contract and preliminary steps for this contract (Article 6 (1) b GDPR) – for the data collected through the order form or the data received as a result of the customer service;
Legal Obligations (Article 6 (1) c GDPR) for billing data required;
Consent (art 6 (1) of the GDPR) for marketing data for site visitors (e.g. subscription to newsletter, marketing cookies, etc.);
The legitimate interest (art 6 (1) f GDPR for the data used for marketing for current customers (according to art 506/2004 art 12 (2)) of TravelForSenses.com, the security of your TravelForSenses.com site (recital 49 GDPR) and internal data used to optimise your TravelForSenses.com site (anonymous or using a pseudonym, as the case may be).
IS IT OBLIGATORY TO USE DATA COMMUNICATION? WHAT ARE THE CONSEQUENCES IN CASE OF DENIAL?
The processing of personal data required by users and potential users by Travel For Senses for the provision of services is considered strictly necessary for the provision of services in accordance with the legal provisions and Travel For Senses procedures. Refusal to provide such data makes it impossible for us to provide the services. The user may choose not to process his data for direct marketing purposes.
DESTINATION OF PERSONAL DATA
In order to achieve the above-mentioned purposes, the company may transmit the Clients, where strictly necessary, to the following categories of third parties:
regulatory authorities and legal authorities
contractual partners (eg company agents, auditors, consultants, etc.), some also having the capacity of persons empowered by the operator to process personal data.
These contractual partners also carry out their business activity in Romania, and they may be provided with your personal data to be used within the limits of the obligations they have assumed towards the company. The personal data we disclose to the persons empowered by us with their processing are limited to the minimum necessary personal data for the purpose of performing the respective services and, at the same time, we ask them not to use personal data for any other purpose.
We make every effort to ensure that all the entities we work with store your personal data safely and securely. Also, some of them are operators who also carry out their commercial activity in Romania, such as agents of payment services.
Some of them are third parties who do not have the role of processing personal data but can access them in order to fulfil their obligations or interact with the company, such as technical maintenance companies, financial auditors or service providers legal services.
The above-mentioned personal data may be made available or transmitted to third parties in the following situations: (i) public authorities, auditors or institutions with components in control activities on the services, activities or assets of the company, which request the company provide information, based on the legal obligations incumbent on the company; (ii) to meet a legal requirement, including those relating to the provision of services, or to protect the rights and assets of our company or other entities or persons, such as courts of law; (iii) third party acquirers, to the extent that the activity of the company would (totally or partially) be transferred and the personal data to the persons concerned would be part of the assets representing the object of the transaction. Also, for the purpose of processing above, we may provide your personal data to companies belonging to the Travel For Senses group, companies that will be subject to the company’s instructions regarding the processing of your personal data. For more information visit: https://www.TravelForSenses.com.
TRANSFER OF PERSONAL DATA OUTSIDE THE COUNTRY
In the context of the operations described above, Customer’s personal data may be transferred to countries within the European Union (“EU”) or the European Economic Area (“EEA”) outside the country. We hereby inform Clients that any transfer made by the Company to an EU or EEA Member State will comply with the legal provisions of the General Data Protection Regulation no. 2016/679 adopted by the European Parliament (“GDPR”).
DURATION OF THE PROCESS
We will only store Customer’s personal data for the period of time required to achieve the processing purposes as outlined above and in compliance with applicable legal regulations including, but not limited to, archiving provisions.
WHAT TO BE INCLUDED WITH PERSONAL USERS ‘DATA WHEN HANDLING PROCESSING
After the period of processing mentioned above expires and the company no longer has any legal or legitimate interest in processing your personal data, personal data will be erased in accordance with the company’s procedures, which may involve archiving, anonymization , destruction.
AUTOMATIC DECISION-MAKING PROCESS AND PROFILE CREATION
The personal data mentioned herein can be subjected to automated decision-making processes, including creation / deletion of profiles.
SECURITY OF PERSONAL DATA PROCESSING
The company constantly assesses and improves the security measures implemented to ensure the processing of personal data in safe and secure conditions.
Measures taken to ensure the security of personal data
Users who have access to the personal information database can only access the database with their account name and password (after 3 wrong password entries, the account is blocked). All users are required to keep confidentiality of the data they have access to, and each session end in the database will close the session;
Users access personal data only to fulfil their service duties;
Any operation of collecting and / or modifying personal data by users is permanently recorded (user registration, date, time and type of change); also logs and logs of all users to the database;
the printing of personal data is done only by the users authorised for this operation and only for the purposes required by the laws in force (invoices, merchandise accompanying notes, commercial contracts).
The company’s headquarters is equipped with an alarm system, and personal data is stored electronically in secure, password-protected files. Paper-based information is kept in special dossiers, to which only employees of the company have the right to confidentiality.
THE RIGHTS OF THE PERSON CONCERNED WITH THE PROCESSING OF PERSONAL DATA
In the context of processing the personal data of users / potential users, the person concerned has the following rights:
Right to information – art. 13 and 14 GDPR. Allows the data subjects to know, from the time they are collected, how the data will be used, to whom they will be disclosed or transferred, what rights the data subjects have on the processed data, etc .;
Right of access to processed personal data – art. 15 GDPR. Allows the person to obtain from Travel For Senses a confirmation that personal data are processed or not, and, if so, access to that data and other useful information;
Right to rectification or deletion of data – art. 17 GDPR. Allows the person to obtain from Travel For Senses the deletion / correction of their personal data without undue delay. There are, however, exceptions to this rule, such as: some data are processed to give the public the right to information; data is processed for statistical purposes or archiving purposes; data are processed to meet a legal obligation or are processed to establish or defend a right in court;
The right to request restriction of processing – 18 GDPR: You have the right to obtain restriction of processing in cases where: (i) you consider that processed personal data are inaccurate for a period of time allowing the operator to verify the accuracy of the personal data; (ii) processing is illegal, but you do not wish to delete your personal data, but restrict the use of such data; (iii) if the data controller no longer needs your personal data for the purposes mentioned above, but you need data to establish, exercise or defend a right in court; or (iv) you have opposed your processing for the length of time to verify that the legitimate grounds for the data controller override the rights of the data subject;
The right to data portability – 20 GDPR. Represents the right to receive the personal data you have provided Travel For Senses in a structured, commonly used and readable form, as well as the right to transfer that data to another operator, in where the processing is based on your consent or the execution of a contract and is done by automatic means;
The right to withdraw your consent for processing, when the processing is based on the consent, without affecting the legality of the processing carried out until that time;
The right to object to the processing of personal data – art. 21 GDPR – for reasons related to your particular situation, when processing is based on legitimate interest, as well as to oppose at any time the processing data for direct marketing purposes, including profile creation;
The right not to be the subject of a decision exclusively based on automated processing, including the creation of profiles, which produces legal effects that concern the data subject or similarly affects it to a significant extent;
The right to lodge a complaint with the National Authority for the Supervision of Personal Data Processing (ANSPDCP) and the right to appeal to the competent courts.
The data protection policy is based on the following data protection principles:
The processing of personal data will be done in a legal, correct and transparent manner;
Collection of personal data will only be done for specified, explicit and legitimate purposes, and the data will not be further processed in a manner incompatible with those purposes;
Collection of personal data will be appropriate, relevant and limited to the information required for the purpose of the processing;
Personal data will be accurate, and where necessary updated;
All necessary steps shall be taken to ensure that incorrect data is erased or corrected without delay;
Personal data will be kept in a form that allows identification of the person concerned and for a period no longer than the one in which personal data is processed;
All personal data will be kept confidential and stored in a manner that provides the necessary security;
Personal data will not be shared with third parties unless it is required for the purpose of providing services under agreements;
Persons concerned have the right to request access to, and rectification and erasure of personal data, impediment or restriction of data processing as well as data portability.
MODIFICATIONS TO THIS DECLARATION WITH REGARD TO THE PROCESSING OF PERSONAL DATA
Exercise of the above mentioned rights may be made at any time. In order to exercise these rights, we recommend that you use the forms that can be found on the website www.TravelForSenses.com or by sending an electronic notification to the following address: firstname.lastname@example.org