Respecting the right to protection of personal data, as well as the right to privacy is one of the missions fully and consciously assumed by the staff and management of the Zenith– conference & spa hotel. The hotel is under MAMAIA RESORT HOTELS Ltd administration, having its office in the hotel’s building, Mamaia Resort, Constanta county. The company’s registration number at the Trade Register is J13 / 2955 / 18.08.2008, while the VAT operating code is RO 6312370.
We take all necessary steps to process your personal data in accordance with the principles established by the data protection legislation applicable in Romania, including the EU Regulation 2016/679 issued on 27 April 2016 by the European Parliament and Council. The regulation states the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing the Directive 95/46 / EC (“GDPR”).
Personal data means any information concerning an identified or identifiable individual (“data subject”). An identifiable individual is a person who can be identified, directly or indirectly, in particular by reference to an identification element, such as a name, an identification number, location data, an online identifier, or to one or many more specific elements, related to his physical, physiological, genetic, mental, economic, cultural or social identity.
Click on one of the links below to go to a specific section:
- Processing your data amid Covid-19 pandemic;
- What kind of personal data do we process?
- Personal data of individuals below the legal age of majority
- Sensitive data
- What is the purpose for data collecting and how do we process your personal data?
- Whom we share your personal data with?
- Do we collect personal data from third parties?
- Do we transfer your data outside the EU / EEA?
- Providing to us personal data of other individuals
- How long do we keep your personal data?
- What are your rights?
- Is your data safe?
- Links to other websites
- Questions or complaints
- Amendments to policy
PROCESSING YOUR DATA AMID COVID-19 PANDEMIC
INFORMATION NOTE REGARDING THE OBLIGATION TO CARRY OUT THE EPIDEMIOLOGICAL TRIAGE AT THE ENTRANCE TO THE ZENITH HOTEL
When entering the Zenith Hotel, we need to measure your body temperature. If it exceeds 37.3 ° C, your access will be denied.
This measure is mandatory according to Art. 13 of Law 55/2020, Art. 9 of Annex 3 of Decision 394/2020 and Section II of the Annex to Order 874/81/2020, thus having the obligation to perform epidemiological triage by checking the temperature of all individuals inside the hotel.
The result of the verification shall not be recorded nor kept. If you refuse to measure your temperature, we will not be able to allow you access to the hotel. Thank you for understanding.
INFORMATION NOTE REGARDING THE PROCESSING OF YOUR DATA IN THE CONTEXT OF MAKING A RESERVATION FOR OUR RESTAURANT
Starting with September 1 2020 we established a register for customer reservations. This obligation was established for the operators in the articles related to the Norms of Order 1493/2788/149/2020 Norms of Order, so that the basis for such processing is the fulfilment of a legal obligation, the aim being to facilitate the conduct of epidemiological investigations.
Thus, in order to make a reservation for our Restaurant after September 1 2020, we will ask you for your name, surname, telephone number or e-mail address and the number of people for whom you make the reservation. We will note these data in the register of table reservations, the storage time of these data being 16 days. The data may be transmitted to the competent Public Authorities and Institutions in accordance with the legislation in force. You can identify your rights provided by the GDPR in the dedicated section below.
WHAT KIND OF PERSONAL DATA DO WE PROCESS?
If you have been / are a hotel guest or a potential future guest
In compliance with your booking, we collect personal data as a result of most interactions with you, as well as in other aspects of our business.
The categories of personal data we collect are:
a) name and surname, e-mail address, serial number and identity card number, telephone number and address;
b) bank card data (card type, credit / debit card number, cardholder’s name, expiry date);
c) information about the client’s stay, including arrival and departure date, special requirements, special preferences;
d) the information you may provide about your consumer preferences, while participating in contests, raffles or certain promotional offers;
e) the personal data provided by you in order to enroll in our loyalty program;
f) photos / videos taken on different occasions within the property: hotel / restaurants / bars / spa / conference center / beach managed by the hotel;
g) information about the vehicles parked inside our property;
h) reviews and opinions regarding the services you received at the hotel;
i) any other types of information you choose to provide us.
Also, video surveillance cameras and other legal security measures located on the perimeter and inside our property can capture or record generic images of the spaces portraying guests in different public areas, such as: the entire perimeter of the property, parking, hotel entrances, restaurants, bars, SPA center, conference halls, reception area, swimming pool and beach. These records will be kept for the period required by law in order to provide on request chronological information to locate your presence in different spaces. By using the access cards in the room provided by the hotel reception, the system records each time you use the key; the information can be accessed only if needed, such as an investigation in case of disappearance of personal goods from the room you occupy, electromagnetic lock being scanned to find out which cards were used.
You can always choose what personal data you want to provide us. However, if you choose not to provide certain personal data (if the basis of our request is compliance with a legal obligation, contractual obligation or obligations required to conclude a contract) we may be unable to offer you certain services. Examples of services that may be undelivered: (i) In case of a booking request, if you do not wish to give us your name, surname, e-mail address or telephone number, we will not be able to confirm the booking. (ii) In case you refuse to fill in the arrival announcement form, or certain required fields, given that this form is a legal obligation when arriving at the hotel, we will not be able to accommodate you.
If you are a potential employee
We collect the information from the resume you sent as well as any other information submitted along with the resume / or during the interview.
If you are a visitor to our hotel
For the safety and comfort of all our guests, the visit of a person not accommodated in the hotel can be made only if there is personal confirmation and acceptance of the accommodated guest. Only after the confirmation of the accommodated guest can the visitor find out the room number and access is allowed, but only after collecting the name, surname, full address, series and the identity card number according to the information required and provided by law in the arrival announcement, if the visit is extended after at 18:00.
The procedure does not apply to visitors or customers in public areas of the hotel. The video surveillance and other legal security measures located on the perimeter and inside our property may capture or record generic images of the spaces in which there will probably appear individuals from different public areas, such as: the entire perimeter of the property, car accesses, hotel entrances, restaurants, bars, SPA center, event spaces, lobbies, reception area, swimming pool, beach and parking.
If you are a user of our website (www.zenithhotel.ro)
Simply accessing our site will not lead to the collection of your personal data unless you voluntarily enter certain data (eg online bookings, job applications, certain requests etc.).
However, as with any computer equipment, the time and date of web accessing and the IP address from which our website was accessed are collected.
If you are a representative or contact person of our suppliers or business partners
Within the ongoing contracts and current procedures we collect the name, surname, position, telephone number, e-mail address, as well as any other data provided by you or the company you represent in order to fulfill the contractual obligations assumed and for communications required.
If you are employed
PERSONAL DATA OF INDIVIDUALS BELOW THE LEGAL AGE OF MAJORITY
We do not request nor directly collect personal information about children under 18 personal, but only to their parents. In extreme cases, (e.g. when a child got lost from his parents), we try to find out the child’s full name, in order to identify the parents and inform them. We protect the confidentiality of all data obtained from children under 18 years of age, or from their parents. If you are under the age of 18, you cannot book or use accommodation without the presence of an adult in the same room. In order to benefit from services that involve the provision of personal information, children under the age of 18 must obtain the consent or authorization of the parents or guardian responsible for any provision of personal data.
The term “sensitive data” refers to data relating to racial or ethnic origin, political opinions, religious confessions or philosophical beliefs or trade union membership and storage related to genetic data, biometric data, health data or sexual life or sexual orientation data.
We do not collect sensitive information unless you wish to provide it to us. We may use your provided health information in order to offer you better services and meet your special requirements (for example, preparing a menu that avoids certain allergens, or providing access for people with disabilities, or offering an anti-allergic pillow).
Instead, access to the spa facilities can be made exclusively upon a written own statement regarding the good health status. If there is a medical aspect that you want us to be informed about, you will offer us the possibility to guide you to those activities that will no harm your health.
WHAT IS THE PURPOSE FOR DATA COLLECTING AND HOW DO WE PROCESS YOUR PERSONAL DATA?
If you are a customer
a) Hotel’s bookings, reservations for restaurant tables / bars / spa or in case of offer requests sent for certain events or organized groups
Purpose: we process your personal data (i) in order to book the requested service in the hotel / restaurants / bars / spa and (ii) to respond to your offer request.
Legal grounds: concluding a hotel service contract or confirming a definite booking.
b) Accommodation services
Purpose: we process your personal data in order to ensure accommodation in our hotel.
Legal grounds: while performing the check-in, according to the actual legal provisions (link), it is mandatory to fill in the arrival and departure announcement form that contains a minimum of necessary data that grants your accommodation and allows the service provider to issue the fiscal invoice upon provided information.
c) Guest relation / services provided to guests on site (housekeeping, breakfast, prepaid lunch, access to the spa, beach, parking, etc.)
Purpose: we process your personal data in order to provide you an enjoyable experience accordingly to our hotel standards.
Legal grounds: fulfillment of the hotel service contract.
Purpose: providing personalized services or fulfilling certain special requests (e.g.: upper or lower floor rooms, usually requested products/services, favorite meal type or wine, the type of massage usually requested) are stored so that when you return, we will already know what your preferences are.
Legal grounds: consent
e) Hotel reviews related to your last visit
Purpose: we process your personal data to ensure that you have had a pleasant experience in our hotel
Legal grounds: our legitimate interest is to constantly improve the services we provide to our customers
Purpose: We process your personal data for marketing purposes, such as regular pricing information or upcoming special offers, marketing communications about launching new products and services or discounts that may be of interest to you.
Legal grounds: we rely on the legitimate interest of promoting our services by submitting offers that we consider to be in your best interest since you are a loyal guest or you chose our property and we found out that you were satisfied with our services. (see “Right to Opposition” in the “Your Rights” Section).
If necessary, accordingly to our legislation, we will obtain your consent before processing your personal data for direct marketing purposes. In this case, we inform you that you will be able to unsubscribe by withdrawing your consent at any time, in which case you will not receive any marketing communication from us. We will include an unsubscribe link that you can use if you wish to stop receiving marketing campaigns from us.
Also, while organizing certain events within the hotel / restaurants / bars / SPA center / event center / beach we might capture generic photos of the ambiance, and some of these could be shared online on social media for marketing purposes. However, since we value guests’ right to privacy, we will make sure that these photos will not feature people in the foreground and that our guests are informed whenever we intend to take photos (for objections to our photos see “Right to Object” in the “Your Rights” section).
g) Other communications: via e-mail, mail, online applications, telephone or SMS
Purpose: these communications will be made for a specific reason such as: (i) responding to your requests; (ii) reminding you to conclude uncompleted online bookings or offer requests (iii) informing you about the resolution of your complaints and / or incidents that occurred during your stay.
Legal grounds: our legitimate interest is to provide services accordingly to the assumed standards, by promptly solving any requests or complaints with maximum availability.
h) Analysis, improvement and research:
Purpose: in order to ensure a constant quality level of our services, we cautiously analyze every suggestion or complaint from you that is why we issue statistical reports to identify problems, the degree of repetitiveness and to find the best solutions to remedy them.
Legal grounds: we rely on our legitimate interest to provide services that meet your hotel standards and expectations.
i) Images captured by surveillance cameras
Purpose: we process images captured by the surveillance cameras installed in our location so that we can enhance the protection of people and goods on site, as well as effectively investigate events that may have a negative impact on the security of property and individuals.
Legal grounds: legitimate interest in ensuring the protection of goods and people in our location.
If you are a visitor to our hotel
Purpose: after 18:00, we process your personal data accordingly to the legal provisions in order to be able to supply the necessary information to the authorities that verify the compliance with the general rules for the protection of persons and property within the hotel.
Legal grounds: our legitimate interest in limiting the access of unknown persons inside the property is to ensure the protection of individuals (customers/staff) and property goods
If you are a user of our website (www.zenithhotel.ro)
Purpose: traffic monitoring in order to identify errors and / or any other website malfunction
Legal grounds: our legitimate interest in date processing is to provide you with a fully functional website by repairing any errors, as well as by continuously improving it.
If you are a representative or contact person of our suppliers or business partners
Purpose: to develop contractual relations with our suppliers or business partners.
Legal grounds: contract execution
If you are a potential employee
Purpose: to evaluate your employment application.
Legal grounds: concluding a contract
If you are employed
We can process your data for all of the above categories also in relation with the following activities:
(a) Internal restructuring or reorganization. Sale of assets or shares/shares:
Purpose: We process your data to carry out the above-mentioned operations Legal grounds: the legitimate interest in carrying out the operations, especially if they would be impossible to be carried out without processing your data.
However, we assure you that any processing will be made accordingly to the legal provisions and by implementing a measure to ensure the confidentiality of your data.
Purpose: We process personal data to fulfill legal obligations regarding the protection of property and the integrity of individuals.
Legal grounds: we rely on our legitimate interest in ensuring the protection of your assets and those of the hotel, as well as the people’ security on the perimeter of our property.
(c) Legal reasons:
Purpose: In certain cases we must process the information provided that may include personal data, to resolve legal disputes or complaints, to investigate and comply with applicable legal regulations, to implement an agreement or to comply with requests from authorities to the extent that such requests meet the conditions imposed by law.
Legal grounds: the reasons for data processing might have a statutory requirement (if we have a legal obligation to disclose certain personal data to public authorities) or our legitimate interest in resolving any disputes and/or complaints to ensure that we always provide the highest quality services.
WHOM WE SHARE YOUR PERSONAL DATE WITH?
As detailed below, in order to provide you with high-quality services, we may share your information with our service providers or third parties:
a) Suppliers: in order to provide the requested services, in some cases we will need to submit some of your data to our suppliers that are authorized to process the data on behalf of hotel and in accordance with our instructions (such as software providers, IT, accounting services, medical services).
b) Group events or meetings: if you visit Zenith– conference & spa hotel along with a group or by participating at a conference, the information required for meeting and event planning can be shared with the organizers or if applicable, with guests attending the meeting or event.
c) Business partners: in some cases, we collaborate with other companies to provide you with products, services or offers. For example, we can arrange for you to rent a car or purchase tourist tours.
d) Co-sponsors of promotions: in some cases, we co-sponsor promotions, raffles, competitions or contests with other companies or we may provide prizes for lotteries and contests sponsored by other companies. If you participate in these competitions, we may submit your data to our sponsors or to third-party sponsors.
(e) Public authorities and/or institutions for: (i) for compliance with legal provisions, (ii) in order to respond to their requests, (iii) for reasons of public interest (e.g. national security). For example, according to the regulation set out in section ” WHAT’S THE PURPOSE FOR DATA COLLECTING AND HOW DO WE PROCESS YOUR PERSONAL DATA?” (.b), any hotel unit is obliged to daily transmit to the territorial police units the registration form for each guest who arrived on that day.
The privacy of your personal data is highly important to us that is why, when it is possible we request a non-disclosure agreement from the recipients. The agreement states that the recipients guarantee the security of the supplied personal data and that provision of such information is made in accordance with applicable legislation and policies. In any case, we will only share with the recipients the information strictly necessary to achieve that purpose.
DO WE COLLECT PERSONAL DATA FROM THIRD PARTIES?
To provide you with our best services, we may collect information about you from our business partners and other third parties, as detailed below:
a) Business partners: such as travel agencies (whom you contact for your stay in our hotel), card-issuing partners, social networking services (functioning upon the settings you agreed on), for these services or other third-party sources that are authorized by the law to provide us with your personal data.
b) Co-sponsors of promotions: in some cases, we co-sponsor promotions, raffles, competitions or contests with other companies or we may provide prizes for lotteries and contests sponsored by other companies. If you participate in these competitions, we may collect your data from our sponsors or to third-party sponsors.
In any case, we assure you that your personal data collected from third parties will be processed under the same conditions as if they were collected directly from you, accordingly to the legal procedures.
We will only collect the necessary data to accomplish our purposes. (see Section ” WHAT’S THE PURPOSE FOR DATA COLLECTING AND HOW DO WE PROCESS YOUR PERSONAL DATA?”).
In addition, when we will contact you for the first time, we will inform you on how we obtained your personal data.
DO WE TRANSFER YOUR PERSONAL OUTSIDE THE EU/EEA?
We do not transfer your data outside the EU/EEA.
PROVIDING TO US PERSONAL DATA RELATED TO OTHER INDIVIDUALS
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
Your data is stored exclusively serving the purposes detailed in this policy if a longer storage period is not required or permitted by applicable law (e.g. surveillance camera recordings will not be kept for more than 30 days).
We constantly review the need to keep your personal data stored. If data processing is no longer necessary and there is no legal obligation to maintain the data, we will destroy your information as soon as possible in a way that can no longer be recovered or reconstituted (for example, we will delete/destroy all data of candidates that were not hired following the interviews).
If personal information is printed on paper, it will be destroyed in a safe manner using a paper shredder, and if it is stored on electronic devices, it will be securely deleted to ensure that the information can no longer be recovered or reconstituted later.
WHAT ARE YOUR RIGHTS?
As a data subject you benefit from the following rights provided by the GDPR:
a) Right to information: you have the right to know the following information:
(i) the identity and contact details of the controller;
(ii) the purposes for which your personal data is processed, as well as the legal grounds for processing;
(iii) the types of data collected;
(iv) the recipients of your private data;
(v) the transfer of your private data;
(vi) the data storage period;
(vii) what your rights are, etc. (Articles 13 and 14 of the GDPR);
b) Right of access your data: you may request (i) confirmation that personal data is being processed or not and, if so, access to that data and information about it, as well as (ii) a copy of your personal data that we hold (Article 15 of the GDPR);
c) Right to rectification: you can inform us of any changes brought to your personal data or you may ask us to correct the information we hold about you. (Article 16 of the GDPR);
d) Right to erasure (“right to be forgotten”): in certain situations e.g:
(i) when data has been unlawfully processed;
(ii) the deadline for data storage data has expired;
(iii) you have exercised your right to object or (iv) the processing of the data is done on the basis of consent and you have withdrawn your consent), you may ask us to delete the personal data we hold about you. (Article 17 of the GDPR);
e) Right to restrict processing: in certain situations (such as where the accuracy of this data or the legality of the processing is disputed), you may ask us to restrict the processing of your data for a certain period of time (Article 18 of the GDPR);
f) Right to data portability: you can ask us to send you your data to third parties or directly to you. (Article 20 of the GDPR);
g) Right to objection: in certain situations, (such as processing on grounds of legitimate interest), you may ask us to stop processing your data. (Article 21 of the GDPR).
h) If we use your data, upon your consent, you have the right to withdraw it at any time.
IS YOUR DATA SAFE?
We treat the security of your personal data with serious caution that is why we take important measures against unauthorized access to data or unauthorized data modification, disclosure or destruction. This involves systematic monitoring of data collection, storage and processing practices and security measures taken against unauthorized access to systems where personal data are stored.
We also ask our service providers and business partners to take all necessary measures to protect against unauthorized access to data or unauthorized data modification, disclosure or destruction.
LINKS TO OTHER WEB SITES
QUESTIONS OR COMPLAINTS
If you have any questions or concerns about the processing of your data, please contact us. If you wish to exercise any of the above rights, you are welcome to contact our Personal Data Protection Officer using this Contact Form or by sending an email to the following address: firstname.lastname@example.org and we will reply to you within 30 days of receiving your request.
In addition, you can send us a written request via post mail to the address Zenith – conference & spa Hotel, 900001Mamaia Resort, Constanta County. For any further information, you can call us on 0241 609 609.
If you are not satisfied with the manner in which your request has been resolved, you can file a complaint with the National Supervisory Authority for Personal Data Processing.
AMENDMENTS TO POLICY
To help you track your most important changes, we will include a change history below to recognize changes to this policy.
Latest update: 12 December 2020