Privacy policy
+4 031 9641Monday - Friday 9 - 18
Print

Privacy policy

Privacy policy

Last update: 24.05.2018

 

Direct Booking privacy policy

This Privacy Policy defines how we, Direct Booking SRL, collect, store and use your personal data when you access or interact with our website and where we obtain or collect your data. Starting with May 25, 2018, the European Regulation 2016/679 (GDPR) becomes applicable.

This Privacy Policy is applicable from May 24, 2018

Contents:

  1. Summary
  2. Details about our company
  3. What information do we collect when you visit our website
  4. What information do we collect when you contact us
  5. What information do we collect when you interact with our website
  6. What information do we collect when you place an order on our website
  7. How we collect information about you from third parties
  8. Use of automatic decision-making systems
  9. Disclosure and additional uses of your data
  10. Duration of storage of your data
  11. Securing your information
  12. Transfer of your data outside the European Economic Area
  13. Your rights over personal data
  14. Your right to object to the processing of data for certain purposes
  15. Sensitive personal data
  16. Changes to our privacy policy
  17. Confidentiality of minors

 

______________________________________________________________________________________________________________________ 

1. Summary

This section summarizes how we obtain, store, and use your data. This summary is intended only to provide an overview of our privacy policy. This section is not a complete description and it is necessary to read the additional chapters present in this document for completions.

  • Data operator: Direct Booking SRL
  • How we collect or obtain information about you: when you provide the respective data (eg: by contacting us, by accessing, ordering or purchasing various services and products Direct Booking, by filling in the offer request form, by registering in the company's database for receive marketing information about our services and products
  • * when you access our site, some data is collected through cookies /politica-cookie-uri.aspx;
  • What information do we collect: name, surname, telephone number, home address, e-mail address, series and no. identity card, series and no. passport, CNP, IP, date of birth, age of children, company name (if applicable).
  • How we use your data: for business and administrative purposes (especially to contact you and to process the orders you place on our site), to fulfill our contractual obligations, to promote the goods and our services and in connection with our legal rights and obligations.
  • Disclosure of user data to third parties: the minimum necessary to fulfill our contractual obligations to you - hotel service providers, transportation, tourism, for the operation of the business, for compliance with legal obligations.
  • Your data is not sold to third parties.
  • How long your information is stored: no longer than necessary - depending on our legal obligations (eg to maintain accounting records), or any other basis on which we use the information (eg consent, obligations contractual, legitimate interests). Information about specific user data storage periods can be found in the Duration of your data storage section.
  • How your data is secured: by using technical and organizational solutions such as: storing information on secure servers, encrypting data transfers to and from our servers using SSL technology, encrypting on-site payment transactions using SSL technology, allowing access to your personal data only when necessary, encryption of personal data, encryption of e-mails, pseudonymization and / or anonymization of personal data.
  • Use of cookies and similar technologies: we use cookies and similar information collection technologies, such as web beacons, on our website including essential, functional, analytical and targeting cookies.
  • Transfer of your personal data outside the European Economic Area: we will transfer personal data outside the European Economic Area only if we are obliged to do so by law or in order to fulfill our contractual obligations to you - when we do this, we ensure that there are adequate protection measures, for example: the protection of personal data to partners outside the European Union is governed by standard contractual clauses for the transfer of personal data from the Community to third countries.
  • Use of automated decision-making processes: Direct Booking uses automated decision-making processes in connection with our website, eg: use of Web Analytics tools, cookies, web beacons or use of cookies targeting to display ads to people who visit our site on other websites (for example, by using Google AdWords or Facebook Ad networks).
  • Your rights regarding your personal data: Sensitive personal information: Direct Booking does not collect what is commonly referred to as "sensitive personal data", eg data on political affiliation, sexual orientation, etc. For more information, see the main section entitled "Sensitive Personal Information".

________________________________________________________________________________________________________________________

2. Details about our company

The data operator regarding our website is: Direct Booking SRL, with commercial headquarters in Bucharest, Calea Grivitei no. 180, ground floor (Coral Business Center), sector 1. You can contact the data operator by writing to the address mentioned above or by e-mail at office@directbooking.ro.

If you have any questions about this privacy policy, please contact your data controller.

________________________________________________________________________________________________________________________

3. What information do we collect when you visit our website

We collect and use information from website visitors in accordance with this section and the section entitled Disclosure and Additional Uses of Your Data.

Web server log information

We use our own servers to host our website. Our website server automatically records the IP address you use to access our website, as well as other information about your visit, such as accessed pages, requested information, date and time of request, source of access to the website. our website (for example, the website or URL (link) that referred you to our site), the browser and operating system version such as the offers viewed on the site and the orders placed on the site.

Use of information from website server logs for IT security purposes
We store server logs to ensure IT network security. This includes analyzing log files to help identify and prevent unauthorized access to our network, distributing malicious code, predicting DDOS attacks and other cyber attacks, by detecting unusual or suspicious activities. If we do not investigate suspicious or potential criminal activity, we do not and do not allow our provider to make any attempt to identify you based on the information collected through the server logs.

Legal basis for processing: compliance with the legal obligations to which we are subject (Article 6 (1) (c) of the General Data Protection Regulation).

Legal obligation: Registering access to our website using server log files is a technical measure to ensure an adequate level of security to protect the information collected from our website in accordance with Article 32 (1). of the General Data Protection Regulation.

Cookies and similar technologies

Cookies are data files that are sent from a website to a browser to record information about users for various purposes.

We use cookies on our website, including essential, functional, analytical and targeting cookies and web beacons. For more information on the use of cookies, see our cookie policy, which is available here /pookie-policy.aspx

You can reject some or all of the cookies we use on our website by changing your browser settings or you can disable non-essential cookies using our cookie control tool, but by rejecting them you can affect the operation of the website or some features of the website. For more information about cookies, including changing your browser settings, visit www.allaboutcookies.org or see our cookies policy.

________________________________________________________________________________________________________________________

4. The information we collect when you contact us

We collect and use information from people who contact us in accordance with this section and the section entitled Disclosure and Additional Uses of Your Information.

  • Email

When you send a message to the e-mail address displayed on our site, when you subscribe to the newsletter, when you request an offer and when you place an order on the site, we collect your e-mail address and any other information you provide. provided in that email (such as your name, phone number, and the information contained in any signature block in the email).

  • Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
  • Legitimate interest: To answer the questions and messages we receive and to keep track of correspondence.
  • Legal basis for the processing: it is necessary to perform a contract or to start the process of hiring a contract at your request (Article 6 (1) (b) of the General Data Protection Regulation).
  • The reason why it is necessary to perform a contract: if your message is about providing goods or services or taking action at your request before providing you with our goods and services (for example, providing information about such goods or services). goods and services); we will process your information to do so).

Transferring and storing your information

The e-mails you send us will be stored inside the European Economic Area on our servers.

  •  Contact form, newsletter subscription, booking form

\When you contact us using the contact form, we collect: name, surname, e-mail, phone number. We also collect any other information you provide to us when you complete the contact form in the comments field. If you do not provide the information required by the contact form, you will not be able to send it and we will not receive your request, therefore we will not be able to answer you.

  • Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
  • Legitimate interest: to answer the questions and messages we receive and to keep track of correspondence.
  • Legal basis for the processing: it is necessary to perform a contract or to start the process of hiring a contract at your request (Article 6 (1) (b) of the General Data Protection Regulation).
  • The reason why it is necessary for the execution of a contract: if your message is aimed at providing goods or services or taking action at your request before providing you with our goods and services (for example, providing information about such goods and services); we will process your information to do so.

Transferring and storing your information
The messages you send us through our contact form will be stored inside the European Economic Area on our servers.

  •  Phone

When you contact us by phone, we collect your phone number and any information you provide to us during the conversation with us. Direct Booking records phone calls to improve customer service.

  • Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation)
  • Legitimate interest: to answer the questions and messages we receive and to keep track of correspondence.
  • Legal basis for the processing: it is necessary to perform a contract or to start the process of hiring a contract at your request (Article 6 (1) (b) of the General Data Protection Regulation).
  • The reason why it is necessary for the execution of a contract: if your message is aimed at providing goods or services or taking action at your request before providing you with our goods and services (for example, providing information about such goods or services). goods and services); we will process your information to do so).

Your information transfer and storage

The information about your call, such as your phone number and the date and time of your call, is processed by our telephone service providers: Viva Telecom, all based in Romania.

  • Post

If you contact us by mail, we will collect all the information you provide to us in any postal communications you send us.

  • Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation)
  • Legitimate interest: to answer the questions and messages we receive and to keep track of correspondence.
  • Legal basis for the processing: it is necessary to perform a contract or to start the process of hiring a contract at your request (Article 6 (1) (b) of the General Data Protection Regulation).
  • The reason why it is necessary for the execution of a contract: if your message is aimed at providing goods or services or taking action at your request before providing you with our goods and services (for example, providing information about such goods or services). goods and services); we will process your information to do so).

________________________________________________________________________________________________________________________

 5. The information we collect when you interact with our site

We collect and use data from people who interact with certain features of our website, in accordance with this section and the section entitled Disclosure and Additional Uses of Your Information.

  1. Newsletter

When you subscribe to our newsletter to receive information about promotions, events or contests from us through the subscription forms or from any other form based on which you can express your consent to register in the database we collect name, surname , e-mail.

  • Legal basis for processing: your consent (Article 6 (1) (a) of the General Data Protection Regulation).
  • Consent: you give your consent to receive our newsletter, by signing up to receive it, using the steps described above. You can unsubscribe at any time later by accessing the link in the newsletter.

Transfer and storage of your data

We use a service provided by a third party to send our newsletter and to manage our e-mail list, MailAgent, Active Soft S.R.L. based in Str. Pierre de Coubertin, no. 3-5, Sector 2, Bucharest, Romania. Its privacy policy is available here: https://www.mailagent.ro/ro/politica-confidentialitate
The information you send to subscribe to our newsletter will be stored on our provider's servers.

Using web beacons and similar technologies in emails

We use technologies such as web beacons (small graphic files) to measure the performance of our emails such as delivery rates, opening rates and click rates and unsubscribe rates, links with which the customer interacted. We will use web beacons to measure interactions in a newsletter.

For more information about how we use web beacons in our newsletter emails, see our cookie policy.

For more information about our newsletter providers and the use of web beacons, see the privacy policy available here: https://www.mailagent.ro/ro/politica-confidentialitate

________________________________________________________________________________________________________________________

6. Placing a reservation or order on our website

When you place a request or reservation on our website, we collect the following information: name, surname, e-mail address, telephone, age, date of birth, identity card for invoicing. If you do not provide all the information required by the registration form, you will not be able to send the request or reservation to us.

  • Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
  • Legitimate interest: registration and administration of accounts on our website to allow you to access the history of purchased services and invoices and the list of travel services preferences.

Transfer and storage of your data

The information you provide us through the registration form on our website will be stored in the European Economic Area on our servers in Romania.

The information we collect when you place an order on our website

We collect and use information from people who place an order on our website in accordance with this section and the section entitled Disclosure and Additional Uses of Your Data.

Information collected when you place an order

Necessary information

When you place an order for tourist services on our website, we collect: name, surname, date of birth, (data for other tourists for whom the reservation is made, including minor data), e-mail, telephone, billing address, company name (if applicable) - unique identification code and registration number in the Trade Register. If you do not provide this information, you will not be able to purchase our goods or services on our site or enter into a contract with us.

  • Legal basis for processing: necessary for the performance of a contract (Article 6 (1) (b) of the General Data Protection Regulation).
  • Reason why it is necessary to execute a contract: we need the mandatory information collected through our verification form to determine who the contractor is and to contact you to fulfill our obligations under the contract, including sending receipts and order confirmations .
  • Legal basis for processing: compliance with a legal obligation (Article 6 (1) (c) of the General Data Protection Regulation).
  •  
  • Legal obligation: we have a legal obligation to issue you an invoice for the goods and services you have purchased from us, in which you are registered for VAT purposes and we request the mandatory information collected for this purpose by our payment form.

Optional information

Also, please express your consent if you wish to receive marketing communications from us. For more information, see the "Marketing Communications" section below.

  • Legal basis for processing: our legitimate interests (Article 6 (1) (a) of the General Data Protection Regulation).
  • Legitimate interests: you agree to process any optional information you provide by sending this information to us, so that you are constantly informed about our offers and services.

Payment processing

After placing an order on our website, you will have to pay for the tourist services you have ordered. To process your payment, we use third party payment processors: Libra Bank, Unicredit Bank and Banca Transilvania through Romcard. Your payment will be processed by those mentioned above. Payment can also be made by bank transfer, payment order or by payment directly at the Direct Booking office. The payment processor mentioned above collects, uses and processes your information, including payment information, in accordance with their privacy policies.

Transfer and storage of your information

Libra Bank, Unicredit Bank, Banca Transilvania, Romcard are located in the European Economic Area. The information regarding the processing of your payment is stored in the European Economic Area on the servers of Libra Bank, Unicredit Bank, Banca Transilvania and Romcard.

  • Legal basis for processing: necessary for the performance of the obligations arising from the contract with you (Article 6 (1) (b) of the General Data Protection Regulation).
  • The reason why it is necessary to execute a contract: to fulfill your contractual obligation to pay for the services you ordered from us.

Marketing communications

When sending a reservation or an order you will have the option to receive marketing communications from us.

Transferring and storing your information

We use a third party service to manage our email list: MailAgent, Active Soft S.R.L. based in Str. Pierre de Coubertin, no. 3-5 Sector 2, Bucharest, Romania. The information you send to subscribe to our newsletter will be stored in Romania on the servers of the third-party e-mail list administrator.

Using web beacons and similar technologies in emails

We use technologies such as web beacons (small graphic files) to evaluate the performance of our emails such as delivery rates, opening rates and click-through rates. For more information on how we use web beacons in our emails. For more information about our suppliers and the use of web beacons.

Our goods and services

You can register to receive marketing communications from us about our goods and services by e-mail, or by phone, by filling out the form on the site and checking the box indicating that you wish to receive such communications. We will only send you marketing communications about our goods and services if you sign up to receive them.

  • Legal basis for processing: consent (Article 6 (1) (a) of the General Data Protection Regulation).
  • Consent: You consent to send us information about our goods and services by signing up to receive such information in accordance with the steps described above.

________________________________________________________________________________________________________________________

 7. Information collected or obtained from third parties

This section sets out how we obtain or collect information about you through third parties.

Information received from third parties

Generally, we receive information about you from third parties. Those third parties from whom we receive data about you are generally business partners or individuals who purchase our services (and) on your behalf. It is also possible that third parties with whom we have had no prior contact may provide us with information about you. The information we obtain from third parties will generally be your name and contact details, but will include any additional information about you that will be provided to us.

  • Legal basis for the processing: it is necessary to perform a contract or take action at your request to conclude a contract (Article 6 (1) (b) of the General Data Protection Regulation).
  • The reason why it is necessary for the execution of a contract: if a third party has sent information about you (such as your name and e-mail address) to provide you with services, we will process the information to take measures at your request to conclude a contract with us (as applicable).
  • Legal basis for processing: consent (Article 6 (1) (a) of the General Data Protection Regulation).
  • Consent: If you have requested that a third party disclose information about you to us and the purpose of disclosing such information is not related to the performance of a contract or service by us to you, we will process the information the consent you give by requesting the third party in question to transmit the information to us.
  • Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
  • Legitimate interests: if a third party has disclosed information about you to us and you have not given your consent to the transmission of this information, we will have a legitimate interest in processing this information in certain circumstances.

For example, we will have a legitimate interest in processing your information to fulfill our obligations under the subcontract with the third party, if the third party has the main contract with you. Our legitimate interest is to fulfill our obligations under our subcontract.

Similarly, third parties may pass on information about you to us if you have violated or could violate any of our legal rights. In this case, we will have a legitimate interest in processing this information to investigate and prosecute any such potential breach.

If we receive information about you by mistake

If we mistakenly receive information about you from a third party and / or do not have a legal basis for the processing of this information, we will delete the information about you.

________________________________________________________________________________________________________________________

Information obtained by us from third parties

In certain circumstances (for example, to verify the information we hold about you or to obtain the missing information we need to provide you with a service), we will obtain data about you from certain publicly available sources, both from EU as well as outside the EU, such as institutes / public authorities. In certain circumstances, we will also obtain information about you from private sources, both in the EU and outside the EU, such as: insurance companies. This data will only be processed with your explicit consent.

  • Legal basis for the processing: it is necessary to perform a contract or take action at your request to conclude a contract (Article 6 (1) (b) of the General Data Protection Regulation).
  • The reason why it is necessary to conclude a contract: if you have concluded a contract or asked to conclude a contract with you in certain circumstances, we will obtain information about you from public sources to allow us to understand your business and provide services to a sufficient standard for you. For example, we will obtain and / or verify your e-mail address from your website if you ask us to send you information by e-mail and we do not have or need confirmation of your email address.
  • Legal basis for processing: our legitimate interests (Article 6 (1) (b) of the General Data Protection Regulation).
  • Legitimate interests: In certain circumstances, we will have a legitimate interest in obtaining information about you from public and private sources. For example, if you have violated or suspect that you have violated any of our legal rights, we will have a legitimate interest in obtaining and processing information about you from these sources to investigate and prosecute any suspected or potential breach.
  • Legal basis for processing: consent (Article 6 (1) (a) of the General Data Protection Regulation).
  • Consent: it is possible to obtain information from third parties, if you have agreed to communicate this data to us through, expressing your consent e.g. by checking a box that tells you that you want your information to be shared with us.

________________________________________________________________________________________________________________________

8. Use of automatic decision-making mechanisms

We use automatic decision-making mechanisms on our website. We do not believe that this has a legal effect on you or affects you in a similar way.

You have the right to object to our use of the automatic decision-making and profiling mechanisms described in this section. You may do so by waiving cookies and similar technologies in accordance with the method described in the relevant section of this privacy policy. If you do not want us to process your real IP address (usually the IP address assigned by your Internet Service Provider) when you visit our site, you may use a virtual private network (VPN) or a free service such as Tor .

You can find out more about the use of cookies and similar technologies (including the legal basis for their use) and how to opt out of them in the cookie policy, available here /politica-cookie-uri.aspx

Automatic decision - making mechanisms
Automatic decision-making mechanisms are those decision-making mechanisms by technological means (through a machine) without human involvement.

Use of automatic decision-making mechanisms for advertising
We automate the display of ads that contain our products and services on other websites that you visit by using cookies. For additional information about the types of cookies we use, see our cookie policy, available here /politica-cookie-uri.aspx
Logic involved: Automatic display of ads to people who have visited our site increases the effectiveness of advertising and is more economical for us than manual display or other advertising methods.
Significance and Expected Consequences: Cookies will be used to acknowledge that you have visited our site to display advertisements (unless you have blocked such cookies) and will collect information about your online behavior.

How to oppose: you can block these types of cookies by using your browser settings.

________________________________________________________________________________________________________________________

 9. Disclosure and additional use of your data

This section sets out the circumstances in which we will disclose your data to third parties and any other additional purposes for which we use your data.

Disclosing your information to service providers

We use a number of third parties to provide us with services that are necessary to run our business or to help us run our business and that process your information for us on our behalf, namely:

  • Telephone service providers
  • Email service providers
  •  IT service providers
  • Website developers
  • The web hosting service provider (s)
  • Marketing and advertising service providers
  • Provider of e-mail marketing services

Your information will be shared with these service providers, where necessary to provide you with the service you have requested, whether this request is for accessing our site or ordering goods and services from us.

We do not publicly display the identity of our service providers for security and competitive reasons. If you still want additional information about the identity of the service providers, please contact us directly through our contact form on the page /contactati-ne.aspx or by e-mail at office@directbooking.ro and we will provide you with such information. if you have a legitimate reason to request it.

  • Legal basis for processing: legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
  • Legitimate interest: if we share your information with these third parties in a context other than if it is necessary to perform a contract (or following your request to do so), we will share the information with you. such third parties to enable us to conduct and effectively manage our business.
  • Legal basis for the processing: it is necessary to perform a contract or take action at your request to conclude a contract (Article 6 (1) (b) of the General Data Protection Regulation).
  • The reason why it is necessary to perform a contract: we may share information with our service providers to enable us to fulfill our obligations under that contract or to take the steps you have requested before concluding a contract with you.

________________________________________________________________________________________________________________________

Disclosure of your information to third parties

We disclose your information to third parties under certain circumstances, as shown below.

Providing information to third parties, such as Google Inc., Facebook, Criteo, RTB. Google collects information by using Google Analytics on our website. Google, Facebook, Criteo, RTB use this information, including IP addresses and cookie information, for various purposes, such as improving the quality of our services and your browsing experience. The information is collected by Google, Facebook, Criteo, RTB anonymously.

  • Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
  • Legitimate interests: improving the quality of our services.

Sharing your information with third parties, which are either related to or associated with the operation of our business, if necessary for us. These third parties include consultants, affiliates, business partners, independent contractors and insurers. Further information on each of these third parties is set out below.

  • Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
  • Legitimate interest: the efficient functioning and management of our business.
  1. Consultants

Occasionally, we obtain advice from consultants, such as lawyers, audit firms, public relations professionals, and sociological research firms. We will only share your information with these third parties if it is necessary to allow these third parties to provide us with relevant advice. Our consultants are in Romania.

         2. Affiliates

Affiliates are the people or entities we work with to promote our business through various means. Affiliates will share information with us and we will disclose information to them if you have expressed an interest in our products or services and to perform our contractual obligations to you. Our affiliates are in Romania.

         3. Business partners

Business partners are the companies we work with and which provide goods and services similar to those offered by us, which are complementary to our own business or which allow us to provide goods or services that we cannot offer ourselves. We share information with our business partners, if you have requested services that they provide, either independently or in connection with our own services and in order to fulfill our contractual obligations to you. Our business partners carry out their activity in the field of tourist, hotel and transport services. Our business partners are located in the European Union and outside the European Union.

For more information about the safeguards used when your information is transferred outside the European Economic Area, see the section of this privacy policy below entitled Transferring Your Data Outside the European Economic Area.

        4. Independent contractors

Occasionally we use independent contractors in our business. Your information will be distributed to independent contractors only if it is necessary for them to perform the service we have contracted to perform in connection with our business. Our independent collaborators are tourist guides or companions of groups or local representatives of the company in different tourist destinations.

        5. Insurers

We will disclose your information to our insurers if necessary to do so, for example: if you opt for the insurance system when purchasing a tour package, or later, in connection with a claim or a possible request we receive / we do so or in accordance with our general disclosure obligations, in accordance with our insurance contract with them.

Our insurers are located in Romania and Austria.

  • Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
  • Legitimate interest: the efficient functioning and management of our business.
  • Legal basis for the processing: it is necessary to perform a contract (or to take action at your request before concluding a contract) (Article 6 (1) (b) of the General Data Protection Regulation).
  • The reason why it is necessary for the execution of a contract: we must transmit the information to third parties (partners, insurers, etc.) in order to fulfill our contractual obligations to you or to take action at your request before concluding a contract .

We do not display the identities of all other third parties with whom we may share information for security reasons and to maintain our competitive advantage. If you still want additional information about the identity of such third parties, please contact us by e-mail at office@directbooking.ro and we will provide such information if you have a legitimate reason to request and only if we have shared information with such third parties, for example).

We will disclose your information to a potential or actual buyer or seller in the context of a business sale or acquisition, a merger or a similar, actual or potential event.

  • Legal basis for processing: legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
  • Legitimate interest: We allow access to information with a potential buyer, seller or similar person to allow such a transaction.

________________________________________________________________________________________________________________________

Disclosure and use of your information for legal reasons

Indication of possible criminal acts or threats to public safety to a competent authority

If we suspect that criminal or potential conduct has taken place, we will need, in certain circumstances, to contact a competent authority, such as the police. This could be the case, for example, if we suspect that a fraud or cybercrime has been committed or if we receive malicious threats or communications to us or to third parties. In general, we will only need to process your information for this purpose, if you have been involved or affected by such an incident in one way or another.

  • Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
  • Legitimate interest: prevention of crime or suspected criminal activity (such as fraud).

In connection with the application or potential application of our legal rights

We will use your information in connection with the implementation or potential enforcement of our legal rights, including, for example, the exchange of information with debt collection agencies, if you fail to pay the amounts due when you are contractually obligated to do so. . Our legal rights may be contractual (if we have entered into a contract with you) or non-contractual (such as the legal rights we have under copyright or tort liability).

  • Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
  • Legitimate interest: to impose our legal rights and to take measures to ensure our legal rights.

In connection with a litigation or a legal or potentially legal procedure

We may need to use your information if we are involved in a dispute with you or a third party, for example, either to resolve the dispute or as part of mediation, arbitration or a court decision or similar process.

  • Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
  • Legitimate interest: settlement of disputes or possible disputes.

For continuous compliance with laws, regulations and other legal requirements

We will use and process your information to comply with our legal obligations. For example, we may need to disclose your information based on a court order or subpoena if we receive one.

  • Legal basis for processing: compliance with a legal obligation (Article 6 (1) (c) of the General Data Protection Regulation).
  • Legal obligation: the legal obligations to disclose information, established in our task by internal or international normative acts (for example in the form of an international agreement that Romania has signed).
  • Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
  • Legitimate interest: if the legal obligations are part of the laws of another country and have not been integrated into the legal framework of Romania, we have a legitimate interest to comply with these obligations.

________________________________________________________________________________________________________________________

10. Duration of storage of your data

This section determines how long we keep the data collected. We have established specific retention periods where possible. If this was not possible, we established the criteria we use to determine the retention period.

Retention periods

  • Server logs: we keep the server logs information for a period of 36 months or until the end of the contractual relationship.
  • Information on placed orders: when you place an order for goods and services, we will keep your information for as long as necessary or until your express request to delete your data, which will be applied in conjunction with the legal obligations established in the task. Our.
  • Correspondence: when you make a request or contact us for any reason, either by e-mail or through our contact form or by telephone, we will keep your information for as long as necessary or until your express request to delete your data. , which will be applied in conjunction with the legal obligations established in our task.
  • Newsletter: we keep the information you used to subscribe to our newsletter as long as you remain a subscriber (as long as you do not unsubscribe) or if we decide to cancel our newsletter service.

Criteria for establishing storage periods

In any other circumstances, we will retain your information only for as long as necessary, taking into account the following:

  • the purpose and use of your information both now and in the future (for example, if it is necessary to continue to store that information in order to continue to fulfill our obligations under a contract with you or to contact you in the future;
  • if we have a legal obligation to continue processing your information (such as any record keeping obligations imposed by law or relevant regulations);
  • if we have any reason to continue processing the information (such as your consent);
  • if we have a legitimate interest in continuing to process your data;
  • the levels of risk, cost and responsibility involved in continuing to hold the information.

________________________________________________________________________________________________________________________

11. Securing your information

We take appropriate technical and organizational measures to secure your information and to protect it against unauthorized or illegal use and accidental loss or destruction, including:

  • sharing and providing access to your data to the minimum necessary, subject to confidentiality restrictions, where appropriate and anonymously, whenever possible;
  • use of secure servers for information storage;
  • verifying the identity of any person requesting access to information before granting them access to information;
  • use the Secure Sockets Layer (SSL) standard to encrypt any information you send us through any forms on our website;
  • we transfer your data only through a closed system or through encrypted data transfers.

Sending information to us by email

The transmission of information on the Internet is not entirely secure and if you send us information via the Internet (by e-mail or by any other means), you do so entirely at your own risk. We cannot be liable for any expenses, loss of profit, damage to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to provide us with information by such means.

________________________________________________________________________________________________________________________

 12. Transfer of your data outside the European Economic Area

Considering the object of activity of the company Direct Booking SRL, in order to respect our contractual obligations that we assume towards you, respectively to ensure the tourist packages you contract, we are obliged to transfer your personal data to the partners our contracts, some of which are based outside the EEA.

Your data will only be transferred outside the EEA when you purchase travel packages to destinations outside the EEA or when the passenger carriers of your choice are based outside the EEA.

Guarantees (protections) used: Contractual clauses for the transfer of personal data from the European Union to third countries - in accordance with Article 46 (92) (c) of the General Data Protection Regulation.

________________________________________________________________________________________________________________________

13. Your rights over personal data

Subject to certain restrictions, you have the following rights regarding your data that you can exercise by sending an email to office@directbooking.ro, or by sending a written request sent to Direct Booking SRL at: Calea Grivitei nr 180 (Coral Business Center), ground floor, sector 1, Bucharest

  • request access to your information and information regarding the use and processing of your information;
  • request the correction or deletion of your data;
  • request a limitation on the use of your data;
  • receive the information you have provided to us in a structured, commonly used and readable format by a device (for example, a CSV file) and the right to transfer that information to another data controller ( including a third party data controller);
  • object to the processing of your data for certain purposes (for more information, see the section below entitled "Your right to object to the processing of data for certain purposes"); and
  • withdraw your consent to the use of your data at any time we rely on your consent to use or process this information. Please note that if you withdraw your consent, this will not affect the legality of the use and processing of your data based on your consent before the time you withdraw your consent.
  • the right to information (the operator is obliged to inform the data subject about the processing of his personal data);
  • the right to access data (including the exact procedure to be followed, the e-mail address used);
  • the right to intervene on the data (including the procedure or the possibility of remediation provided in the site);
  • any data subject has the right to obtain from the controller, free of charge, the rectification, updating, blocking or deletion of data whose processing is not in accordance with the law, in particular incomplete or inaccurate data;
  • the right of opposition (the data subject has the right to object at any time to the data concerning him being processed);
  • the right not to be subject to an individual decision taken on the basis of automatic processing; = the right to withdraw consent;
  • the right to go to court;
  • the right to data portability;
  • the right to lodge a complaint with the national personal data protection authority.

In accordance with Article 77 of the General Data Protection Regulation, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of residence, place of work or an alleged breach of the general data protection Regulation. .

For this purpose, in Romania, the supervisory authority is: www.dataprotection.ro

Verification of your identity if you request access to your information

If you request access to your information, we are required by law to use all reasonable steps to verify your identity before doing so.
These measures are designed to protect your information and to reduce the risk of identity fraud, identity theft or unauthorized general access to your information.

How to verify your identity

If we have adequate information about you in the database, we will try to verify your identity using this information.
If we are unable to identify you based on this information or if we do not have sufficient information about you, we may request copies or certificates of documents to verify your identity before we can give you access to your data.
We will be able to confirm the exact information we need to verify your identity in your specific circumstances if and when you make such a request.

_____________________________________________________________________________________________________________________

14. Your right to object to the processing of data for certain purposes

You have the following rights regarding your data that you can exercise by sending a written request to Direct Booking SRL, address: Calea Grivitei nr 180 (Coral Business Center), ground floor, sector 1, Bucharest by sending an e-mail to office@directbooking.ro

  • object to our use or processing of information in order to perform a task in the public interest or in our legitimate interest, including the analysis or prediction of your conduct based on your information;
  • object to the use or processing of your data for direct marketing purposes (including any profile we involve in connection with this direct marketing).

You may also exercise your right to object to the use or processing of your data for direct marketing purposes:

  • by clicking on the unsubscribe link contained at the bottom of any marketing e-mail we send you and following the instructions that appear in your browser, after clicking on that link;
  • by sending an e-mail to office@directbooking.ro, asking us not to send marketing communications. For more information on how you can object to the use of data collected through cookies and similar technologies, see our cookie policy -urile, available here /politica-cookie-uri.aspx

________________________________________________________________________________________________________________________

 16. Changes to our privacy policy

We periodically update and modify our privacy policy.

Minor changes to our privacy policy

If we make minor changes to our privacy policy, we will update the Privacy Policy with a new effective date mentioned at the beginning. The processing of your information will be governed by the practices set forth in the new version of the Privacy Policy from its effective date.

Major changes to our privacy policy or the purposes for which we process your information.

If we make major changes to our privacy policy or intend to use your data for a new or diffe rent purpose from the purposes for which we originally collected it, we will notify you by email (if possible). or by posting an ad on our website.We will provide you with information about the change in question and about the purpose and any other relevant information before we use your information for the new purpose. Whenever necessary, we will obtain your prior consent before using your information for a purpose other than the purposes for which we originally collected it.

________________________________________________________________________________________________________________________

17. Minors Confidentiality

We process data of persons under the age of 18, only with the consent of the legal representative, in order to carry out in optimal conditions the services contracted by the legal representatives of the minors.

We may receive information about people under the age of 18 through fraud or deception by a third party. If we are notified of this, as soon as we verify the information, when required by law, we will immediately obtain the consent of the legal representative to use this information or, if we cannot obtain this consent, we will delete the information from our servers. If you wish to notify us of the receipt of information about persons under the age of 18, please do so by sending an e-mail to office@directbooking.ro
The site is addressed exclusively to adults, who have reached the age of 18.