PRIVATE DATA PROTECTION

This Privacy Policy defines the way in which we, S.C. SMART TOURS SRL, collect, store and use your personal data when you access or interact with our website www.smarttours.ro/en and from where we obtain or collect your data.

This Privacy Policy shall come into force as of 23 May 2018.

Contents

Summary
Our Company Details
What kind of information do we collect when you visit our website?
What kind of information do we collect when you contact us?
What kind of information do we collect when you interact with our website?
What kind of information do we collect when you place an order on our website?
The use of automated decision-making mechanisms
How do we collect information about you from third parties?
Disclosure and additional uses of your data
Data retention
Data security
The transfer of your data outside the European Economic Area
Your personal data rights
Your right to object to the processing of your data for specific purposes
Sensitive personal data
Amendments to our Privacy Policy
Minor children’s privacy
Copyright

Summary

This section summarizes the manner in which we obtain, store and use your data. The sole purpose of this summary is to provide an overview of the privacy policy. This section is not a full description, and the additional chapters in this document need to be read for additional information.

Data Controller: S.C. SMART TOURS SRL
The manner in which we collect or obtain data about you:
- when you provide the respective data (e.g.: when you contact us, when you access, order or purchase various services or goods provided byS.C. SMART TOURS SRL, by filling out the quotation form, by setting up an account on our website, by registering your company with our database in order to receive marketing information regarding our services and goods, by filling out the forms online or offline for the registration with advertising baffles and events (e.g.: fairs), by filling out the loyalty card issue form;
- when you access our website, certain data are collected via cookies; and
- from third parties: tour operators and resellers
The information we collect: surname, name, telephone number, home address, e-mail, IP, company name (if applicable), VAT registration number (if applicable).
How we use your data: for business and administrative purposes (especially in order to be able to contact you and process the requests you place on our website), in order to comply with our contractual commitments, promote our goods and services and in relation to our legal rights and obligations.
Disclosure of users’ data to third parties: the minimum required to fulfil our contractual commitments towards you for the operation of the business, for the observance of our legal obligations.
Your data are not sold to third parties.
Data retention term: for as long as required only – depending on our legal obligations (e.g. to maintain accounting records), or depending on any other grounds based on which we use the information (e.g.: consent, contractual commitments, legitimate interest). Information regarding the specific users’ data retention terms is available under “Data retention”.
How are your data secured: using technical and organizational solutions such as: the storage of information on secured servers, the encryption of data transfers to and from our servers using the SSL technology, the encryption of the payment operations on the website using the SSL technology, permitting the access to your personal data only when and if required, the personal data encryption, email encryption, pseudonymization and/or anonymization of personal data.
Use of cookies and similar technologies: we use cookies and similar information collection technologies, such as web beacons, on our website, including essential, functional, analytical and targeting cookies. For additional information, please review our cookie policy.
The transfer of your personal data outside the European Economic Area: we will only transfer your personal data outside the European Economic Area if we are bound to do so under the law or if required in order to fulfil our contractual commitments towards you. – if we do so, we make sure suitable protection measures are available, such as: the personal data protection by our partners outside the European Union is regulated by standard personal data clauses for the transfer of personal data from the EC to third party countries.
The use of the automated decision-making systems: our website uses automated decision-making systems, such as: Web Analytics tools, cookies, web beacons or the use of targeting cookies to display advertising materials for our website visitors on other websites (e.g., using the Google AdSense network).
Your rights regarding your personal data:
- you are entitled to access your data and to receive information regarding the use thereof
- you are entitled to request the update and/or supplementation of information (right to rectification)
- you are entitled to request the erasure of the data (the right to be forgotten)
- you are entitled to restrict the use of the data
- you are entitled to receive the data in a portable format
- you are entitled to oppose the processing of your data
- you are entitled to withdraw your data processing consent
- you are entitled to turn to a supervisory authority
Sensitive personal data: we collect what is commonly known as “sensitive personal data”, e.g.: data on trade union membership. For further information, please see the main section entitled “Sensitive personal data”.

Our Company Details

The data controller for our website is: S.C. SMART TOURS SRL headquartered at Str. 13 Decembrie 31, Brasov, Romania. You may contact the data controller at the previously mentioned mail address or by sending an email to dpo@smarttours.ro.

If you have questions regarding this privacy policy, please contact the data controller.

What kind of information do we collect when you visit our website?

We collect and use the website visitors’ information according to this section and to the section entitled Disclosure and additional uses of your data.

Information on the Web server log

Our website is hosted by a third-party web server, referred to as DATACORE SOLUTION SRL, their privacy policy being available here: https://www.namebox.ro/politica-confidentialitate/ .
Our website server automatically registers the IP address you use to access our website, as well as other information regarding your visit, such as the pages you access, the information you request, the date and hour of your inquiry, the source of access to our website (e.g., website or the URL (link) that referred you to our site) and the browser and operating system version.

The use of the information in the website server log for IT security purposes

Our provider collects and stores the server logs to guarantee the IT network security. This includes the analysis of the log file, in order to help identify and prevent the unauthorized access to our network, the distribution of malware codes, the forecasting of DDOS and other cyber-attacks, by detecting unusual or suspicious activities.
Unless we investigate a suspected or potential criminal activity, we do not undertake and we do not authorize our provider to make any attempts to identify you based on the information collected via the served logs.
Legal processing grounds: observance of the legal obligations we are subjected to (article 6 paragraph (1) letter (c) of the General Data Protection Regulation).
Legal obligation: the registration of our website access using server log files is a technical measure meant to guarantee a suitable security level, in order to protect the information collected from our website according to article 32 paragraph (1) of the General Data Protection Regulation.

Cookies and similar technologies

Cookies are data files that are sent from a website to a browser in order to register user information for various purposes.

We use cookies on our website, including essential, functional, analytical and targeting cookies and web beacons. For additional information on the use of cookies, please review our cookie policy.

You may refuse some or all cookies we use on our website by changing your browser settings or you can deactivate non-essential cookies using our cookie control tool, but in case you refuse cookies, the website might not operate properly or some of its features may not be available. For additional cookie information, including on changing your browser settings, see www.allaboutcookies.org or review our cookie policy.

Information we collect when you contact us

We collect and use information from the people contacting us according to this section and to the section entitled Disclosure and additional uses of your data.

Email

When you send messages to the e-mail posted on our website, we collect your e-mail address and any other information you might provide in that e-mail (such as your name, your phone number and the information included in any e-mail signature lines).
Legal grounds for processing: our legitimate interests (article 6 paragraph (1) letter (f) of the General Data Protection Regulation).
Legitimate interest: In order to answer the questions and messages we receive and keep records of the correspondence.
Legal grounds for processing: required in order to perform a contract or to initiate the contract commitment process upon your request. (article 6 paragraph (1) letter (b) of the General Data Protection Regulation).
Reason for which it is required under a contract: in case your message concerns the provision of goods or services or the enforcement of measures upon your request before we provide our goods and services (e.g., the provision of information on such services), we will process your information to do that).

Transfer and storage of your information

We use a third-party email client to store the emails you send to us. Our email supplier is Microsoft – Office 365. Their privacy policy is available here: https://privacy.microsoft.com/en-us/privacystatement.
The e-mail you send to us will be stored within the European Economic Area on the Microsoft Office 365 servers in Austria.

Contact form

When you contact us using the contact form, we collect: your surname, name, email and phone number. Moreover, we collect any other information you might provide to us when you fill out the remarks field of the form.
If you do not provide the information requested in the contact form, you will not be able to send it and we will not receive your request. Hence, we are not going to be able to answer it.
Legal grounds for processing: our legitimate interests (article 6 paragraph (1) letter (f) of the General Data Protection Regulation).
Legitimate interest: in order to answer the questions and messages we receive and keep records of the correspondence.
Legal grounds for processing: required in order to perform a contract or to initiate the contract commitment process upon your request. (article 6 paragraph (1) letter (b) of the General Data Protection Regulation).
Reason for which it is required under a contract: in case your message concerns the provision of goods or services or the enforcement of measures upon your request before we provide our goods and services (e.g., the provision of information on such services), we will process your information to do that).

Transfer and storage of your information

The messages you send to us via our contact form will be stored within the European Economic Area on the hosting supplier’s servers – Datacore Solution SRL in Romania and/or on the email service supplier’s servers – Microsoft – Office 365 in Austria.
Their privacy policy is available here: https://www.prologue.ro/servicii/hosting/ and https://privacy.microsoft.com/en-us/privacystatement

Telephone

When you contact us by phone, we collect your phone number and any other information that you may provide during your conversation with us. We do register phone calls.
Legal grounds for processing: our legitimate interests (article 6 paragraph (1) letter (f) of the General Data Protection Regulation)
Legitimate interest: to answer the questions and messages we receive and keep records of the correspondence.
Legal grounds for processing: required in order to perform a contract or to initiate the contract commitment process upon your request. (article 6 paragraph (1) letter (b) of the General Data Protection Regulation).
Reason for which it is required under a contract: in case your message concerns the provision of goods or services or the enforcement of measures upon your request before we provide our goods and services (e.g., the provision of information on such services), we will process your information to do that).

Transfer and storage of your information

Information on your call, such as your telephone number and the date and hour of your call, is processed by our telephony service provider, Orange Romania, headquartered in Romania. Their privacy policy is available here:
https://www.orange.ro/termeni-si-conditii/#politicaconfidentialitate.

Mail

In case you contact us by mail, we will collect all the information you provide to us in any mail communications you might send to us.
Legal grounds for processing: our legitimate interests (article 6 paragraph (1) letter (f) of the General Data Protection Regulation)
Legitimate interest: to answer the questions and messages we receive and keep records of the correspondence.
Legal grounds for processing: required in order to perform a contract or to initiate the contract commitment process upon your request. (article 6 paragraph (1) letter (b) of the General Data Protection Regulation).

Reason for which it is required under a contract: in case your message concerns the provision of goods or services or the enforcement of measures upon your request before we provide our goods and services (e.g., the provision of information on such services), we will process your information to do that).

Information we collect when you interact with our website

We collect and use the data from people interacting with certain features of our website, according to this section and to the section entitled Disclosure and additional uses of your data.

Newsletter

If you subscribe to our newsletters to receive information on our promotions, events or competitions via the subscription form or any other form based on which you can express your database registration consent, we collect your surname, name and e-mail address.
Legal grounds for processing: your consent (article 6 paragraph (1) letter (a) of the General Data Protection Regulation).
Consent: you express your consent to receive our newsletter by subscribing for it, following the steps above.

Transfer and storage of your data

We use Mail Chimp, a third-party service provider, to send our newsletter and manage our emailing list. Their privacy policy is available here: https://mailchimp.com/legal/privacy/
The information you send to us in order to subscribe to our newsletter will be stored within the European Economic Area on our provider’s servers.

The use of the web beacons and similar technologies in e-mails

We use technologies such as web beacons (small graphics files) to measure our e-mail output, such as the delivery rates, the opening rates and the click and unsubscribe rates, links the customer has interacted with. We will use web beacons to measure newsletter interactions.
For more information on the manner in which we use web beacons in our newsletter e-mails, please see our cookie policy.
For more information on our newsletter provider and on the use of web beacons, please see our privacy policy available here: https://mailchimp.com/legal/privacy/

Registering with our website

When you register and setup an account on our website, we collect the following information: surname, name, e-mail, telephone number.
In case you do not provide all the information requested in the registration form, you will not be able to register or setup an account on our website.
Legal grounds for processing: our legitimate interests (article 6 paragraph (1) letter (f) of the General Data Protection Regulation).
Legitimate interest: the registration and management of the accounts on our website so as to allow you to access the history of the purchased services and of the invoices in the product preference list

Transfer and storage of your data

The information you provide to us via the registration form on our website will be stored in the European Economic Area on the servers of our web hosting service provider, Datacore Solution SRL in Romania. Their privacy policy is available here: https://www.prologue.ro/servicii/hosting/

Information we collect when you interact with our website

We collect and use information from people placing an order on our website according to this section and to the section entitled Disclosure and additional uses of your data.

Marketing communications

Upon checkout, you can opt in/out of receiving our marketing communications.

Transfer and storage of your information

We use a third-party service to manage our emailing list: Mail Chimp
The information you send to us to subscribe for our newsletter will be stored in the European Economic Area on the servers of the third party emailing list manager in Romania.

The use of the web beacons and similar technologies in e-mails

We use technologies such as web beacons (small graphics files) to measure our e-mail output, such as the delivery rates, the opening rates and the click rates.
For additional information on the way in which we use web beacons in our e-mails, see our cookie policy.

Our goods and services

You can register for receiving marketing communications regarding our goods and services via email, SMS, phone and web posts, by filling the form and ticking the box confirming your consent to receive such communications.
We will only send marketing communications regarding our goods and services if you subscribe for them.

Legal grounds for processing: consent (article 6 paragraph (1) letter (a) of the General Data Protection Regulation).
Consent: you grant us your consent to send you information on our goods and services by registering for such information according to the steps above.

Information collected or obtained from third parties

This section describes the manner in which we obtain or collect information concerning you, through third parties.

Information received from third parties

Generally, we receive information concerning you from third parties. Those third parties from whom we receive information concerning you generally are group companies, affiliates, business partners or persons purchasing our goods (also) on your behalf.
Moreover, third parties we have had no prior contact with might provide us with information concerning you.
The information we obtain from third parties will generally comprise your name and the contact details, but it will also include any additional information concerning you that they might provide to us.
Legal grounds for processing: required under a contract or in order to take measures upon your request to conclude a contract (article 6 paragraph (1) letter (b) of the General Data Protection Regulation).
Reason for which it is required under a contract: in case a third party sent information about you (such as your name and email address) in order to provide services, we will process information in order to take measures upon your request to conclude a contract with us (as applicable).
Legal grounds for processing: consent (article 6 paragraph (1) letter (a) of the General Data Protection Regulation).
Consent: in case you requested a third party to disclose to us information concerning you and the purpose for which such information is disclosed is unrelated to the fulfilment of a contract or to a service we provide to you, we will process your information on the basis of your consent, requesting the relevant third party to disclose your information to us.
Legal grounds for processing: our legitimate interests (article 6 paragraph (1) letter (f) of the General Data Protection Regulation).
Legitimate interests: in case a third party has shared with us information concerning you and you have not expressed your written consent with regards to the disclosure of such information, we will hold a legitimate interest to process such information under certain circumstances.

For instance, we will hold a legitimate interest in processing your information to fulfill the obligations deriving from the subcontract with the third party, in case the third party has concluded the main contract with you. Our legitimate interest is to fulfill our obligations as stipulated in our subcontract.

Similarly, third parties may send us information about you in case you have infringed or could infringe any of our legal rights. In this case, we will hold a legitimate interest in processing this information in order to investigate and monitor any such possible infringement.

In case we receive information concerning you by mistake

In case we receive information concerning from a third party and/or we do not hold a legal basis for the processing of such information, we will erase it.

Information we obtain from third parties

Under certain circumstances (e.g., in order to check the information we hold on you or in order to obtain the missing information we need to provide a service), we will obtain your data from certain publicly accessible sources, both from within and from outside the EU, such as institutions/public authorities.
Under certain circumstances, we will also obtain data about you from private sources, both from within and from outside the EU, such as: insurance companies. Such data will only be processed based on your explicit consent.
Legal grounds for processing: required under a contract or in order to take measures upon your request to conclude a contract (article 6 paragraph (1) letter (b) of the General Data Protection Regulation).
Reason for which it is required for the conclusion of a contract: in case you have concluded a contract or you have requested us to conclude a contract with you under certain circumstances, we will obtain information about you from publicly available sources, in order to help us understand your business and provide you with services that abide by a standard that is sufficient for you. For instance, we will obtain and/or check the e-mail address on your website if you request us to provide information via e-mail and we do not have it or need to confirm your e-mail address.
Legal grounds for processing: our legitimate interests (article 6 paragraph (1) letter (b) of the General Data Protection Regulation).
Legitimate interests: under certain circumstances, we will hold a legitimate interest to obtain information on you from public and private sources. For instance, if you infringed or we suspect that you have infringed any of our legal rights, we will hold a legitimate interest to obtain and process information about you from these sources, in order to investigate and monitor any suspected or potential infringement.
Legal grounds for processing: consent (article 6 paragraph (1) letter (a) of the General Data Protection Regulation).
Consent: we might obtain information from third parties, in case you agreed to the disclosure of such data to us, expressing your consent in this regard, for instance, by ticking a box saying that you agree to have your information shared with us.

The use of automated decision-making mechanisms

We use automated decision-making mechanisms on our website. We do not believe that this has any legal effects for you or similarly affects you.

You are entitled to oppose our use of automated decision-making and profiling mechanisms described in this section. You can do that by waiving cookies and similar technologies, according to the method described in the relevant section herein. In case you do not want us to process your actual IP address (generally, the IP address assigned by the Internet Service Provider), when you visit our website, you may use a virtual private network (VPN) or a free service, such as Tor.

Additional information on the use of cookies and similar technologies (including the legal basis for the use thereof) and how to waive them is available in the cookie policy, at: https://www.moto24.ro/pagini-utile/politica-cookie-uri.html

Automated decision-making mechanisms

The automated decision-making systems are technology-based decision-making mechanisms (via a machine) without human involvement.

The use of automated decision-making mechanisms for advertising purposes

We automate the display of advertisements comprising our goods and services on other websites you visit using cookies. For additional information on the types of cookies we use, see our cookie policy.
Implied logic: the automatic display of ads to persons who visited our website helps enhance advertising efficiency and it is more cost-efficient to us as compared to manual display or other forms of publicity.
Meaning and sought consequences: cookies will be used in order to recognize the fact that you have visited our website for advertising purposes (except for the case in which you have blocked such cookies) and they will collect information on your online behavior.

You can oppose that by blocking this type of cookies via your browser settings. For additional information, please review our cookie policy.

Disclosure and additional use of data.

This section lays down the circumstances under which we will disclose your data to third parties and any other additional purposes for which we might use your data.

Disclosure of your data to service providers

We use a number of third parties to provide us with the services we require to carry out our activity or to help us carry out our business and who process your information for us, on our behalf, i.e.:

Telephony service providers
Email service providers
IT service providers
Website developers
Web hosting service provider(s)
Marketing service providers
Email marketing service providers

Your information will be shared with these service providers, where required in order to make available the service you requested, regardless of whether this request concerns the accessing of our website or the ordering of goods or services from us.

For security and competitiveness-related reasons, we do not display the identity of all our service providers. However, if you desire additional information on the identity of the service providers, please contact us directly, through our contact form available at https://smarttours.ro/en/contact-us/ and we will provide such information in case you have a legitimate interest to request it

Legal grounds for processing: our legitimate interests (article 6 paragraph (1) letter (f) of the General Data Protection Regulation).
Legitimate interest based on: in case we share your information with these third parties in a different context than as required under a contract (or following your request to do so), we will share the information with such third parties so as to allow us to efficiently manage and conduct our business.
Legal grounds for processing: required under a contract or in order to take measures upon your request to conclude a contract (article 6 paragraph (1) letter (b) of the General Data Protection Regulation).
Reason for which it is required under a contract: we might share your information with our service providers, so as to be able to fulfill our obligations deriving from the respective contract or to take the measures you have requested before concluding a contract with you.

Disclosure of your information to other third parties

We disclose your information to third parties under specific circumstances, as shown below.

The provision of information to third parties, such as Google Inc., Facebook. Google collects information through our use of Google Analytics on our website. Google, Facebook use this information, including the IP addresses and the cookie information for several purposes, such as improving the quality of our services and enhancing your browsing experience. The information is anonymously collected by Google and Facebook.
Legal grounds for processing: our legitimate interests (article 6 paragraph (1) letter (f) of the General Data Protection Regulation).
Legitimate interests: to enhance the quality of our services.

The sharing of your information with third parties that are either related to, or associated with the operation of our business, in case we require it. Such third parties include consultants, affiliates, business partners, independent contractors and insurers. Additional information for each of these third parties is shown below.
Legal grounds for processing: our legitimate interests (article 6 paragraph (1) letter (f) of the General Data Protection Regulation).
Legitimate interest: efficient management and operation of our business.

Consultants

We occasionally obtain advice from consultants, such as lawyers, audit companies, public relation professionals and sociology research companies. We will only share your information with third parties if required so as to allow them to provide us with relevant consultancy services. Our consultants are headquartered in Romania.

Business partners

Our business partners are the companies we work with and that provide goods and services similar to the ones we offer, which are either complementary to our own business or allow us to provide goods and services we cannot supply on our own. We share information with our business partners in case you requested services they provide, either independently, or in relation to our own services and in order to be able to fulfil our contractual obligations towards you.

For additional information on the guarantees implemented upon the transfer of your data outside the European Economic Area, see the section in the privacy policy below entitled the Transfer of your data outside the European Economic Area.

Independent contractors

We occasionally use independent contractors to conduct our business. Your information will only be disclosed to independent contractors if such disclosure is required in order for them to provide the service they were contracted for in relation to our business.

Insurers

We will disclose you information to our insurers if we need to do so, e.g.: if you opt for the conclusion of an insurance policy upon the purchase of a product or subsequently, with regards to a complaint or a possible request that we might receive/submit or according to our general disclosure obligations, in compliance with our specific insurance contract.

Our Insurers are headquartered in Romania.

Legal grounds for processing: our legitimate interests (article 6 paragraph (1) letter (f) of the General Data Protection Regulation).
Legitimate interest: efficient management and operation of our business.
Legal grounds for processing: required under a contract (or in order to take measures upon your request prior to the conclusion of a contract) (article 6 paragraph (1) letter (b) of the General Data Protection Regulation).
Reason for which it is required for the performance of a contract: we need to disclose the information to third parties (partners, insurers, etc.) in order to be able to abide by our contractual obligations towards you or in order to take measures upon your request before concluding a contract.

We do not display the identity of all other third parties with whom we may share information for security reasons and in order to maintain the competitive edge. However, if you desire additional information on the identity of such third parties, please contact us directly, through our contact form available at https://smarttours.ro/en/contact-us/ and we will provide such information in case you have a legitimate interest to request it and only in so far as we have shared the information with the respective third parties, for instance).

We will only disclose your information to either a potential or an actual seller or purchaser in the case of a business sale or purchase, of a merger or a similar actual or potential event.

Legal grounds for processing: our legitimate interests (article 6 paragraph (1) letter (f) of the General Data Protection Regulation).
Legitimate interest: We allow potential purchasers, sellers or similar parties to access the information in order to complete the envisaged transaction.

Disclosure and use of your information for legal reasons

The communication of possible criminal acts or threats against public safety to competent authorities

In case we suspect criminal or potentially criminal behaviors, under certain circumstances, we will need to contact a competent authority, such as the police. This could be the case if, for instance, we suspect a form of fraud or cyber-crime or in case we receive threats or ill-intended communications concerning us or a third party.
In general, we will only have to process your information to this end if you have been involved in or affected by such an incident one way or another.
Legal grounds for processing: our legitimate interests (article 6 paragraph (1) letter (f) of the General Data Protection Regulation).
Legitimate interest: to prevent crime or suspected criminal activity (such as fraud).

Regarding the enforcement or the potential enforcement of our legal rights

We shall use your information regarding the enforcement or potential enforcement of our legal rights, including, for instance, the information exchange with debt collecting agencies, in case you do not pay the amounts you owe as due under the contract. Our legal right may be contractual (if we concluded a contract with you) or non-contractual (such as the legal rights we hold pursuant to copyright or tort law).
Legal grounds for processing: our legitimate interests (article 6 paragraph (1) letter (f) of the General Data Protection Regulation).
Legitimate interest: to protect our legal rights and to take measures in order to protect our legal rights.

Regarding a dispute or a legal or potentially legal procedure

We might need to use your information in case we are involved in a dispute with you or with a third party, for instance, to solve the dispute or as part of the mediation, arbitration, a court order or similar proceedings.
Legal grounds for processing: our legitimate interests (article 6 paragraph (1) letter (f) of the General Data Protection Regulation).
Legitimate interest: the settlement of disputes and possible disputes.

In order to permanently comply with the laws, regulations and other legal requirements

We shall use and process your information in order to comply with the legal obligations we are subjected to. For instance, we might need to disclose your information on the basis of a court order or of summons, if applicable.
Legal grounds for processing: compliance with a legal obligation (article 6 paragraph (1) letter (c) of the General Data Protection Regulation).
Legal obligation: legal obligations to disclose information, incumbent upon us pursuant to domestic or international normative acts (for instance, an international agreement Romania has adhered to).
Legal grounds for processing: our legitimate interests (article 6 paragraph (1) letter (f) of the General Data Protection Regulation).
Legitimate interest: in case legal obligations are part of another country’s laws and they have not been transposed in the legal framework of Romania, we hold a legitimate interest to abide by such obligations.

Data retention

This section lays down the collected data retention term. Where feasible, we have set specific data retention terms. If such terms could not be set, we have established the criteria we use to determine the retention period.

Retention terms

Server logs: we keep the server log information for 6 months.
Information regarding the orders placed: when you place a goods and services order, we keep this information for six years as of the end of the financial period during which you have placed your order, according to our legal obligation to keep records for tax purposes.
Correspondence: when you submit a request or contact us for any reason whatsoever, either via e-mail or via our contact form, or by phone, we will keep your information for as long as required or until you submit an express data erasure request, which will be complied with, in the light of our legal obligations.
Newsletter: we keep the information you have used to register for our newsletter for as long as you are subscribed to it (until you unsubscribe) or until we decide to waive our newsletter service.

Criteria based on which the retention terms are set

Under any other circumstances, we will only keep your information for as long as required, considering the following:

the purpose and use of your information both currently and in the future (e.g., if we need to store that information in order to comply with our obligations based on a contract we have concluded with our or to contact you in the future);
if we have a legal obligation to continue processing your information. (such as any obligations to keep records imposed by the relevant laws or regulations);
in case we hold any legal grounds to continue processing your information (such as your consent);
in case we hold a legitimate interest to further process your data;
risk, cost and responsibility levels associated to the further retaining of information.

Data security

We implement suitable technical and organizational measures to secure your information and protect you against unauthorized or illegal use and accidental loss or destruction, including:

the disclosure and access to your information to the minimum required extent, subject to the privacy limitations, where required and anonymously, whenever possible;
the use of secured data storage servers;
the verification of the identity of any person requesting access to your information before granting them such access;
the use of the Secure Sockets Layer (SSL) standard to encrypt any information you might send us through any forms available on our website);
we only transfer your data through a closed system, on the basis of a contract.

Information you send to us by e-mail

The sharing of information via internet is not entirely secure and, should you choose to share information with us via internet (email or any other means), you do so on your own risk.
We shall not be held liable for any kind of expenditure, loss of profit, reputation, damages, debt or any other form of loss or prejudice you might incur or following your decision to share information with us via such means.

The transfer of your data outside the European Economic Area

Your data shall not be transferred outside EEA.

Safeguards (protections) used: Contractual clauses governing personal data transfers from the European Union to third party countries – according to article 46 paragraph (92) letter (c) of the General Data Protection Regulation.

Your personal data rights

Subject to certain limitations, you hold the following rights with respect to your data, which you can enforce at all times by sending a written application to S.C SMART TOURS SRL at the address Str. 13 Decembrie 31, Brasov 500030, Romania or via email, at dpo@smarttours.ro.

to request access to your information and information regarding the use and processing of your information;
to request the correction or erasure of your data;
to request the limitation of use of your data;
to receive the information you have sent to us in a structured, commonly used and machine-readable format (e.g., CSV file) and the right to have the respective information transferred to another data controller (including a third party data controller);
to object against the processing of your data for specific purposes (for additional information, see the section below entitled “Your right to object against the processing of your data for specific purposes”); and
to withdraw your consent regarding the use of your data at all times, in case we rely on your consent in order to use or process such information. Please bear in mind that, in case you withdraw your consent, this shall not affect the lawfulness of the use and processing of your data on the basis of your consent prior to such withdrawal.

According to article 77 of the General Data Protection Regulation, you are further entitled to submit a complaint with a supervisory authority, especially from the member state where you reside or work should you suspect an infringement of the general protection provisions in the Regulation.

To this end, the Romanian supervisory authority is: www.dataprotection.ro

Verification of your identity in case you request to access your information

In case you request to access your information, we are bound under the law to make use of all reasonable measures in order to verify your identity before granting you such access.
These measures are designed to protect your information and to minimize the identity theft or the general risk of unauthorized access to your information.

How do we check your identity?

In case we hold suitable information about you on file, we will try and check your identity based on this information.
If we cannot identify you based on such information or in case we do not hold sufficient information about you, we might request copies or certifications of certain documents, in order to be able to confirm your identity before we can grant you access to your data.
We will be able to confirm the exact information we need to check your identity depending on your specific circumstances and on the time when you submit such a request.

Your right to object to the processing of your data for specific purposes

You hold the following rights with respect to your data, which you can enforce by contacting TEMPO CONSULT SRL in writing at the address Str. 13 Decembrie 31, Brasov 500199, Romania or via email, at dpo@moto24.ro

to object to the use or processing of your information by us for public interest purposes or for our legitimate interest, including the analysis or prediction of your behavior based on your information; and
to object to the use or processing of your data for direct marketing purposes (including any profile we might involve in relation to this direct marketing).

You can also exert the right to object to the use or processing of your data for direct marketing purposes:

by clicking the unsubscribe link in the lower part of any marketing email we might send to you and following the instructions displayed on your browser page, after you click the respective link;
by sending an SMS containing only the word “UNSUBSCRIBE” in response to any marketing communication we might send to you via text message or by accessing the link mentioned in the received SMS; or

For more information on the manner in which you may object to the use of the data collected via the cookie modules and similar technologies, please review our cookie policy.

Sensitive personal data

“Sensitive personal data” is data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership, genetic data, biometric data processed solely to identify a human being, health-related data, data concerning a person’s sex life or sexual orientation.
Under specific circumstances, we collect “sensitive personal data” regarding the health condition, the trade union membership and other minors’ data (surname, name, age, personal identification number, passport series and number).
The health-related personal data are provided to us by the users in case they have special requests regarding the transportation or the accommodation services they purchase (e.g.: allergies – special hotel menus, disabilities – wheelchair ramp hotels, etc.)
The personal data regarding the trade union membership are processed because, on the basis of such capacity, members can benefit from certain facilities and discounts.
The minors’ data are processed in order to allow us to properly provide the services contracted by the legal representatives of the minors.

In case you willingly send sensitive personal data, we shall construe such willful dispatch as your explicit consent to process your sensitive personal data according to article 9 paragraph (2) letter (a) of the General Data Protection Regulation. We will use and process your sensitive personal data for erasure purposes.

Amendments to our privacy policy

We periodically update and amend our privacy policy.

Minor amendments to our privacy policy

In case we bring minor amendments to our privacy policy, we will update the Privacy Policy with a new enforcement date mentioned in the introductory part thereof. Your information will be processed based on the practices stipulated in the new Privacy Policy issue, as of the effective date thereof.

Major amendments to our privacy policy or to the purposes for which we process your information.

In case we implement major amendments to our privacy policy or we intend to use your data for a new purpose or for a different purpose than the one we initially collected it for, we shall notify you by email (if possible) or by posting an announcement on our website.
We will provide information on the respective amendment and on the purpose thereof and any other relevant information before we start using the information for the new purpose.
Whenever required, we shall obtain your prior consent before we use your information for a different purpose than the one we initially collected it for.

Minor children’s privacy

We process data belonging to people under the age of 18 only with the legal representative’s consent, for the optimum provision of the services contracted by the legal representatives of the minor children.

We might receive information concerning people under the age of 18 by third-party fraud or deceit. If we become aware of such situations, immediately after confirming the information, if so required under the law, we will immediately obtain the legal representative’s consent for the use of such information or, in case such consent cannot be obtained, we will delete the information from our servers. In case you want to notify us on the receipt of information concerning persons under the age of 18, please do so by sending an e-mail to dpo@smarttours.ro.

For details on the processing of personal data by SMART TOURS SRL, you can access the website www.smarttours.ro/en privacy policy section.

PRIVATE DATA PROTECTION

About Us

Why Romania

Useful Links

Instagram

PRIVATE DATA PROTECTION

WHY CHOOSE ROMANIA AS YOUR NEXT DESTINATION 7 REASONS TO VISIT ROMANIA

VISIT TRANSYLVANIA: DISCOVER THE MAGICAL NATURE AND ITS WILDLIFE

MARAMURES: THE HEART OF RURAL ROMANIA

You don't have permission to register

Cookies Usage Policy

What is a ‘cookie’?

What are the advantages of cookies?

What is the life of a cookie?

What are third-party cookies?

How can I stop cookies?

Changes and updates to this cookie policy