Privacy Policy

Privacy Policy

This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as "data") in the context of the provision of our website at www.bookingtravel.info (hereinafter referred to as "Platform") operated by S.C Booking Travel International S.R.L. of Street. Banul Udrea, number. 2, Bucharest, Romania, acting as the data controller.

We attach great importance to the security of your data and compliance with applicable data protection regulations. The collection, processing and use of personal data is subject to the provisions of Romania`s Law No. 190/2018 (“the GDPR Implementation Law”) and the General Data Protection Regulation (GDPR).

Accuracy

It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.

What are the categories of data subjects?

Customers, interested parties, visitors, and users of the platform, business partners. In the following, we refer to the data subjects collectively as "users".

What are the purposes for processing?

Provision of the platform, its contents, and functions.
Provision of contractual services, service, and customer care.
Answering contact enquiries and communication with users.
Marketing, advertising, and market research.
Security measures.

What are the relevant legal bases for processing your data?

The following informs you about the legal basis of us processing your data and unless the legal basis is not specifically mentioned, the following applies:

Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose.
Contract – This is where we process your information to fulfill a contractual arrangement, we have made with you.
Answering your business enquiries – This is where we process your information to reply to your messages, e-mails, posts, calls, etc.
Legitimate Interests - This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way. Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.
Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime.

Data Protection Principles

All personal data must be:

processed lawfully, fairly and in a transparent manner in relation to the data subject;
collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes subject to appropriate safeguards, and provided that there is no risk of breaching the privacy of the data subject.
adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
accurate and where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay;
kept in a form which permits identification of data subjects for no longer than necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures required by the Regulation in order to safeguard the rights and freedoms of the data subject;
processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures;

What are your rights?

You have a number of rights; these rights are standardized in the GDPR and include:

the right to information (Art. 15 GDPR),
the right to rectification (Article 16 GDPR),
the right to erasure (Article 17 GDPR),
the right to restriction of data processing (Article 18 GDPR),
the right to data portability (Article 20 GDPR),
the right to object to data processing (Article 21 GDPR),
the right to revoke any consent you have given (Art. 7 (3) GDPR), and
the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR).

The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal Personal Data about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it.

We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your Personal Data.

Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject.

We encourage you to get in touch if you have any concerns with how we collect or use your personal data. You do however also have the right to lodge a complaint directly with the National Data Protection Commission, their contact details are as follows: The National Supervisory Authority For Personal Data Processing 28-30 G-ral Gheorghe Magheru Bld., District 1, post code 010336, Bucharest, Romania; Telephone number: +40318059211, Fax: +40318059602, E-Mail; anspdcp@dataprotection.ro, Web: www.dataprotection.ro.

Types of data processed

· Inventory data (e.g., personal master data, names or addresses).

· Verification Data (e.g., proof of identity, proof of address).

· Contact data (e.g., e-mail, telephone numbers).

· Content data (e.g., text input, property data, photographs, videos).

· Usage data (e.g., web sites visited, interest in content, access times).

· Payment Data (e.g., when you pay for services)

· Meta/communication data (e.g., device information, IP addresses).

Categories of data subjects

Visitors and users of the platform (Hereafter, we also refer to the data subjects collectively as "users").

How we use information

The main reason we use your information is to provide and improve our services. We also use your information to protect you and to provide you with advertisements that may be of interest to you.

· to provide our services to you;

· to provide you with customer support and respond to your inquiries;

· to complete your transactions;

· to communicate with you about our services;

· to improve our services and develop new services;

· to conduct research and analysis of user behavior to improve our services and content (e.g., we may decide to change the look and feel or even substantially modify a particular feature based on user behavior);

· to develop new features and services;

· to prevent, detect and respond to fraud or other illegal or unauthorized activities;

· to address ongoing or perceived misconduct;

· to perform data analysis to better understand these activities and develop countermeasures;

· to retain data related to fraudulent activity to prevent recurrence;

· to ensure compliance with laws;

· to comply with legal requirements;

· to assist law enforcement; and

· to enforce or exercise our rights.

Security measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input, disclosure, ensuring availability and segregation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, deletion of data and response to data compromise. Furthermore, we already take the protection of personal data into account in the development and selection of hardware, software, and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings.

For security reasons and to protect the transmission of confidential content that you send to us as the provider, this platform uses TLS encryption (Transport Layer Security), or better known as SSL (Secure Sockets Layer), which is now obsolete. You can recognise the secure, encrypted connection to this platform by the identifier https:// of the entry in the URL line (address line) of the browser used and/or the green lock symbol. HTTPS stands for Hypertext Transfer Protocol Secure.

We would like to point out that data transmission on the Internet (e.g., when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Cooperation with processors, joint controllers and third parties

If, in the course of our processing, we disclose data to other persons and companies (order processors, jointly responsible persons or third parties), transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if a transfer of the data to third parties, such as to payment service providers, is necessary for the performance of the contract), users have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we disclose or transfer data to other companies in our group of companies or otherwise grant them access, this is done in particular for administrative purposes as a legitimate interest and, in addition, on a basis that complies with the legal requirements.

Transfers to third countries

If we process data in a third country or do so in the context of using third-party services or disclosing or transferring data to other persons or companies, this will only be done if it is done to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or allow data to be processed in a third country if the legal requirements are met. This means, for example, that the processing is carried out on the basis of special guarantees, such as the officially recognised determination of a level of data protection or compliance with officially recognised special contractual obligations.

Deletion of data

The data processed by us will be deleted or restricted in its processing in accordance with the legal requirements. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.

If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e., the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.

Data processing in relation to our services

Commercial and business services

We process data of our contractual and business partners, e.g., customers and interested parties in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractual), e.g., to answer enquiries.

We process this data to fulfill our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information as well as for business organization. We only disclose the data of the contractual partners to third parties within the scope of the applicable law to the extent that this is necessary for the aforementioned purposes or for the fulfillment of legal obligations or with the consent of the contractual partners (e.g., to participating telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisers, payment service providers or tax authorities).

Unless otherwise specified the purposes of processing are Contractual performance and service, contact requests and communication, office and organizational procedures, administration, and response to requests, visit action evaluation, interest-based and behavioral marketing. And, the Legal bases are Contractual performance and pre-contractual inquiries, Legal obligation, and our Legitimate interests.

Technical services

We process the data of our customers and Customers in order to enable them to select, purchase or commission the selected services. The required information is identified as such in the context of the order, purchase order or comparable contract conclusion and includes the information required for the provision of services and billing as well as contact information.

Administration, financial accounting, office organization, contact management

We process data in the context of administrative tasks as well as organization of our operations, financial accounting and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the data mentioned in these processing activities.

In this context, we disclose or transfer data to consultants, such as legal advisors or auditors, as well as other fee offices and payment service providers.

Furthermore, based on our business interests, we store information on suppliers, and other business partners, e.g., for the purpose of contacting them at a later date. This data, most of which is company-related, is generally stored permanently.

Data transfer to payment service providers

In order to fulfill the contract, we pass on your data to the company commissioned with the payment, insofar as this is necessary for the payment of our services. Depending on which payment method you select, we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the selected payment service provider. In some cases, the selected payment service providers also collect this data themselves. In this case, the privacy policy of the respective payment service provider applies. The legal basis for the data processing is contract.

The data processed by the payment services include the payment data mentioned above. The information is necessary to carry out the transactions. However, the customer data entered is only processed by the payment service providers and stored by them. Furthermore, we cannot exclude that data of the payment service provider is transmitted to credit agencies. In this regard, we refer to the terms and conditions and privacy policies of the respective payment service providers.

Data processing for the purpose of fraud prevention and optimization of our payment processes

Where applicable, we provide our service providers with further data, which they use together with the data necessary for the processing of the payment as our processors for the purpose of fraud prevention and optimization of our payment processes (e.g., invoicing, processing of contested payments, accounting support). This serves to protect our legitimate interests in our protection against fraud or in efficient payment management, which outweigh our interests in the context of a balancing of interests.

Legal defense and enforcement of our rights

The legal basis for the processing of your personal data in the context of legal defense and enforcement of our rights is our legitimate interest. The purpose of processing your personal data in the context of legal defense and enforcement of our rights is the defense against unjustified claims and the legal enforcement and assertion of claims and rights.

Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The processing of your personal data in the context of legal defense and enforcement is mandatory for legal defense and enforcement of our rights. Consequently, there is no possibility for you to object.

Use of customer data for direct marketing purposes

If you have provided us with your e-mail address when using our Services, we reserve the right to regularly send you e-mail offers for similar services. We do not need to obtain your separate consent for this. In this respect, the data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising. If you have initially objected to the use of your e-mail address for this purpose, we will not send you any e-mails.

You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying the responsible person named at the beginning. After receipt of your objection, the use of your e-mail address for advertising purposes will cease immediately. If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the marketing.

When you send a data subject access request

The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation.

The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfill the legally required accountability.

Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process.

You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.

Provision of our statutory and business services

We process the data of our members, supporters, interested parties, customers, or other persons, insofar as we offer them contractual services or act within the scope of existing business relationships, e.g., towards members, or are ourselves recipients of services and benefits. Furthermore, we process the data of data subjects on the basis of our legitimate interests, e.g., when it concerns administrative tasks or public relations.

The data processed in this context, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. In principle, this includes inventory and master data of the persons (e.g., name, address, etc.), as well as contact data (e.g., e-mail address, telephone, etc.), contract data (e.g., services used, contents and information provided, names of contact persons) and, if we offer services subject to payment, payment data (e.g., bank details, payment history, etc.).

We delete data that is no longer required to fulfill our statutory and business purposes. This is determined according to the respective tasks and contractual relationships. In the case of business processing, we retain the data for as long as it may be relevant for the processing of the business as well as with regard to any warranty or liability obligations. The necessity of retaining the data is reviewed every three years; otherwise, the statutory retention obligations apply.

Data processing in relation to our website

Log files

In principle, it is possible to use the Booking Travel website without providing personal data. When a page of our website is accessed and each time a file is retrieved, access data about this process is stored in a log file. The corresponding log file contains: Your IP address, the page from which the file was requested, the name of the file, the date and time of the request, the amount of data transferred, the access status (file transferred, file not found, etc.), a description of the type of operating system and web browser used. The stored data does not allow any conclusions to be drawn about your identity and is evaluated exclusively for statistical purposes.

The collection and processing of this data is carried out in order to enable the use of the website at all, on the basis of our legitimate interest, whereby our legitimate interest is the provision of our website. Incidentally, we store this aforementioned data, including the IP addresses, only in anonymized form and use it only in this anonymized form to analyze the use of the offer and the further development and optimization of our website in your interest. Our legitimate interest is the ongoing improvement of our platform in order to provide you with the greatest possible user comfort.

Hosting

To provide our website, we use the services of Romarg SRL who process the below-mentioned data and all data to be processed in connection with the operation of our website on our behalf. The legal basis for the data processing is our legitimate interest in providing our website.

Contacting Us

If you contact us and send us general enquiries the contact details you provide, will be stored, and used by us to fulfill the purpose associated with the transmission, e.g., to process your enquiry or in the event of follow-up questions.

The basis for this storage and use of your personal data is your consent which you give us by sending the contact form. Insofar as you provide us with your personal data for the purpose of responding to your questions, the entry of personal data is required as without this information, we cannot process your request.

You have the right to revoke your consent to the data processing described above at any time with effect for the future. In this case, we will no longer process your data. Your personal data will be deleted even without your revocation in any case if we have processed your request or if the storage is inadmissible for other legal reasons.

Cookies

During the use of our website, so-called "cookies", small text files, are stored on your computer. Such cookies register information about your computer's navigation on our website (pages selected, day, time and duration of use, etc.). A cookie is downloaded via a browser the first time you visit a website. The next time you visit this website with the same device, the browser checks whether a corresponding cookie is present (i.e., contains the website name). It sends the data stored in the cookie back to the website. Some cookies are important for the website's functionality and are automatically activated by us when a user visits. Our website also uses cookies to make it easier to use and to provide you with content tailored to your information needs.

You cannot be personally identified from any of the information we collect. The use of the cookies we use is necessary in order to be able to provide the platform of Booking Travel at all and, moreover, to be able to optimize it on an ongoing basis. The data processing in this context is therefore based on our legitimate interest. Our legitimate interest is to provide visitors to our website with a functioning online service and to make visiting and using the website as pleasant and efficient as possible.

For further information on cookies in general, please visit www.allaboutcookies.org and for further details on the cookies we use, please refer to our Cookie Policy.

Creating an account

Personal data will continue to be collected and processed if you provide it to us for the performance of a contract or when opening an account. Which data is collected can be seen from the respective input forms. Deletion of your account is possible at any time and can be done by sending a message to us. We store and use the data provided by you for the purpose of processing the contract. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after expiry of these periods, unless you have expressly consented to a further use of your data or a legally permitted further use of data has been reserved on our part.

Profile

As a registered user, you have the opportunity to create a user profile with just a few clicks and details. If you make use of the option, the relevant profile data you provide will be transferred to your profile. Of course, you can change the information at any time via the settings in your profile. When creating a profile, you can submit personal data such as your profile picture, property information, photos and images etc. Content and data are publicly viewable. You have choices about the information on your profile. You don’t have to provide additional information on your profile; however, profile information helps you to get more from our Services. It’s your choice whether to include sensitive information on your profile and to make that sensitive information public. Please do not post or add personal data to your profile that you would not want to be available. The legal basis for the processing of your personal data is the establishment and implementation of the user contract for the use of the service. We store the data until you delete your user account. Insofar as legal retention periods are to be observed, storage also takes place beyond the time of deletion of a user account.

Use of our Platform

If you wish to use the platform, you must register. The provision of the aforementioned data is mandatory. For these purposes, we use the e-mail address that is or will be stored in the customer master data for the purpose of the business relationship.

We process personal data of users for the purpose of using the Booking Travel platform and for the purpose of fulfilling the contract. The users can manage and change all information in the platform. If you use our platform, we store the data required for the fulfillment of the contract until final deletion of the access and/or after expiry of the statutory retention periods. For a longer period, the data could also be processed on the basis of our legitimate interest (legal defense, debt collection, etc.).

To prevent unauthorized access to your personal data by third parties, the connection is encrypted using TLS technology. When using the platform, we also collect data listed above. When using the platform, no cookies are stored on your computers. Only an encrypted token is stored in the browser, which essentially contains the name of the user and his or her rights. This data point is stored in the browser's internal memory and deleted there as soon as the user logs out. You can delete the token by setting your browser software accordingly.

Contacting others

Of course, we also process your chats and communications with other members as well as the content you publish, as necessary for the operation of the services. In addition to the information, you may provide us directly, we receive information about you from others. Members may provide information about you as they use our services, for instance as they interact with you or if they submit a report involving you.

We also share some members’ information with service providers and partners who assist us in operating the services. You share information with other members when you voluntarily disclose information on the service (including your profile). Please be careful with your information and make sure that the content you share is stuff that you’re comfortable being visible. If you choose to limit the audience for all or part of your profile or for certain content or information about you, then it will be visible according to your settings.

Icon links to social networks

We use small icons that refer to our website on third-party platforms (currently Facebook). These are hyperlinks in each case, so no data is transferred from you automatically, but only when you click on the icons and a new tab opens in your browser with the third-party website. When you visit one of our pages equipped with a Facebook plugin, a connection to Facebook`s server is established. This tells the Facebook server which of our pages you have visited. If you are logged into your Facebook account, you enable Facebook to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Facebook account. Facebook is used in the interest of an appealing presentation of our platforms.

Miscellaneous and Closing

Google Analytics

We use Google Analytics, a service provided by Google Inc. This means that the data collected can in principle be transmitted to a Google server in the USA, whereby the IP addresses are anonymized by means of IP anonymization so that an allocation is not possible. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can object to the collection and processing of this data by Google Analytics by setting an opt-out cookie that prevents the future collection of your data when you visit this website: http://tools.google.com/dlpage/gaoptout?hl=en. The legal basis for this processing is our legitimate interest.

Google Maps

We use the services of Google Maps provided by Google Inc to allows us to show you interactive maps directly and to enable you to use the map function conveniently. Google receives the information that you have called up the corresponding sub-page of our website and in addition, the data your location data will be transmitted. This takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. The legal basis for this processing is our legitimate interest Art. 6 para. 1 lit. f GDPR.

Google reCAPTCHA

We also use Google Inc.`s reCAPTCHA to check whether data input is made by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behavior of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. The legal basis for the data processing is our legitimate interest in operating a secure and spam free website.

YouTube Videos

On our website, we implement videos of the video portal "YouTube" of the company Google Inc.

Doing so, we use the "extended data protection mode" option provided by Google. When you call up a page that has an embedded video, a connection is established to Google's servers and in the process the content is displayed on the website by notifying your browser. According to Google's information, in "extended data protection mode" your data - in particular which of our Internet pages you have visited as well as device-specific information including the IP address - is only transmitted to the YouTube server in the USA when you watch the video. By clicking on the video, you consent to this transmission. If you are logged in to Google at the same time, this information will be assigned to your YouTube account. You can prevent this by logging out of your member account before visiting our website. The legal basis for the use of YouTube is your consent as well as our legitimate interest.

Children Data

Our platform is not intended for children, and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us, and we take the necessary steps to remove that information from our server.

External Links

Our platform contains links to the websites of other providers. We hereby point out that we have no influence on the content of the linked websites and the compliance with data protection regulations by their providers.

Changes and updates to the privacy policy

We kindly ask you to regularly inform yourself about the content of our Privacy Policy. We will amend the privacy policy as soon as changes to the data processing activities we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.

Concerns and Contact

If you have any concerns about a possible compromise of your privacy or misuse of your personal data on our part, or any other questions or comments, you can contact us.

Exercising your rights

If you would like to exercise any of our rights as set out above in the” What are your rights?” section above or have a complaint, please contact us. Any such request will be responded to within one month and we might require proof of identity to verify and process your request. For more information about these rights, please contact us using the following contact details:

S.C Booking Travel International S.R.L.

Street. Banul Udrea, number. 2,

Bucharest, Romania

Web: www.bookingtravel.info

E-Mail: support@bookingtravel.info

Facebook: https://www.facebook.com/profile.php?id=100063548055012

This Privacy Policy was last updated on Tuesday, 13 September 2022