Who are we:
Our website address is: http://ro.getawaytravel.ro.
What personal data we collect and why we collect it:
Comments
When visitors leave comments on the site, we collect the data displayed in the comment form, as well as the visitor’s IP address and browser user agent string to help detect spam.
An anonymous string created from your email address (also called a hash) can be provided to the Gravatar service to see if you use it. The privacy policy of the Gravatar service is available here: https://automattic.com/privacy/. After your comment is approved, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Website visitors can download and extract any location data from images on the website.
Contact forms
Cookies
If you leave a comment on our website, you can choose to save your name, email address and website in cookies. These are for your convenience so you don’t have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is deleted when you close your browser.
When you sign in, we’ll also set some cookies to save your sign-in information and screen display options. Login cookies last two days and screen options cookies last one year. If you select “Remember”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie does not include personal data and simply indicates the post ID of the article you just edited. Expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (eg videos, images, articles, etc.). Embedded content from other websites behaves exactly the same as if the visitor had visited the other website.
These websites may collect data about you, use cookies, incorporate additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
Who we share your data with
How long we keep your data
If you leave a comment, the comment and its metadata are kept indefinitely. This is so that we can automatically recognize and approve any subsequent comments, rather than holding them in a moderation queue.
For users who register on our website (if any), we also store the personal information they provide in their user profile. All users can view, edit or delete their personal information at any time (except that they cannot change their username). Website administrators can also view and edit this information.
What rights you have over your data
If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we delete any personal data we hold about you. This does not include data that we are required to retain for administrative, legal or security purposes.
Where we send your data
Visitor comments may be checked by an automated spam detection service.
Your contact information
Additional Information
A. General considerations
Organizations and individuals that process personal data have the obligation to keep them in such a way as to ensure their confidentiality and security. These obligations are subject to the right to the protection of personal data, regulated by Regulation (EU) 2016/679.
Included, according to the jurisprudence of the European Court of Human Rights, in the content of the right to intimate family and private life, guaranteed by Article 8 of the Convention for the Protection of Human Rights and Fundamental Freedoms, the right to the protection of personal data has recently found its consecration , within the fundamental rights of the person, by art. 8 of the Charter of Fundamental Rights of the European Union, a fundamental legal instrument of the Union that acquired legal value through the entry into force of the Treaty of Lisbon.
In Romania, Regulation (EU) 2016/679 applies to the processing carried out:
• by means of an automated processing system (computer);
• on paper or in any other form of non-automated processing if they are part of a record system or are intended to be included in such a system;
• regardless of their form: photographs or video recordings of the image or voice recordings, biometric data.
Concepts:
• personal data – any information regarding an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more many specific elements, specific to his physical, physiological, genetic, psychological, economic, cultural or social identity; it is noted that only natural persons enjoy the right to the protection of personal data
• operator – natural or legal person, public authority, agency or other body that, alone or together with others, establishes the purposes and means of personal data processing;
• personal data record system – any structured set of personal data accessible according to specific criteria, be they centralized, decentralized or distributed according to functional or geographical criteria.
Principles related to the processing of personal data:
• processed legally, fairly and transparently towards the data subject (“legality, fairness and transparency”);
• collected for specific, explicit and legitimate purposes and are not subsequently processed in a way incompatible with these purposes; further processing for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes is not considered incompatible with the initial purposes (“purpose limitations”); adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”);
• accurate and, if necessary, updated; all necessary steps must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is deleted or rectified without delay (“accuracy”);
• kept in a form that allows the identification of the persons concerned for a period that does not exceed the period necessary to fulfill the purposes for which the data are processed;
personal data can be stored for longer periods to the extent that they will be processed exclusively for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, subject to the implementation of technical measures and organizationally appropriate provided in this regulation in order to guarantee the rights and freedoms of the data subject (“storage-related limitations”);
• processed in a way that ensures adequate security of personal data, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage, by taking appropriate technical or organizational measures (“integrity and confidentiality”).
Legality of processing:
Processing is legal only if and to the extent that at least one of the following conditions applies:
a) the data subject has given his consent for the processing of his personal data for one or more specific purposes;
b) the processing is necessary for the execution of a contract to which the data subject is a party or to take steps at the request of the data subject before concluding a contract;
c) the processing is necessary in order to fulfill a legal obligation incumbent on the operator;
d) the processing is necessary to protect the vital interests of the data subject or another natural person;
e) the processing is necessary for the performance of a task that serves a public interest or that results from the exercise of the public authority with which the operator is vested;
f) the processing is necessary for the purposes of the legitimate interests pursued by the operator or a third party, unless the interests or fundamental rights and freedoms of the data subject prevail, which require the protection of personal data, especially when the data subject is a child.
Special categories of data:
– the processing of personal data revealing racial or ethnic origin, political opinions, religious confession or philosophical beliefs or trade union membership and the processing of genetic data, biometric data for the unique identification of a natural person, health data or of data regarding the sexual life or sexual orientation of a natural person;
– the processing of the personal numerical code or other national identifier is limited;
• the processing of personal data related to the commission of crimes by the data subject or to criminal convictions, security measures or administrative or contraventional sanctions, applied to the data subject, can only be carried out by or under the control of public authorities.
The rights of the data subject
In accordance with the applicable legislation you benefit from:
– right of access;
– the right to rectification;
– the right to delete data;
– the right to restrict processing;
– the right to data portability;
– the right to opposition;
– the automated individual decision-making process, including the creation of profiles;
– the right to address complaints to the National Supervisory Authority;
– the right to an effective judicial remedy.
Transfers of personal data to third countries or international organizations are carried out, in principle, under the following conditions:
– Transfers based on a decision on the adequacy of the level of protection;
– Transfers based on adequate guarantees;
– Mandatory corporate rules.
B. The national supervisory authority
The guarantor of the right to the protection of personal data is the National Supervisory Authority for the Processing of Personal Data (ANSPDCP), with headquarters in Bucharest bld. General Gheorghe Magheru, no. 28-30, Sector 1. ANSPDCP was established by Law no. 102/2005 republished, the attributions of this institution being established. You can find more information here www.dataprotection.ro.
C. Processing of personal data by ro.getawaytravel.ro (Information)
ro.getawaytravel.ro, as a personal data operator, is constantly concerned with ensuring a high level of protection for individuals with regard to the processing of personal data they carry out and implicitly in compliance with the applicable European and national provisions.
ro.getawaytravel.ro processes your personal data by automated/manual means for the following purposes:;
• formulating actions and representation in court;
• organizing/running events;
In relation to the above purposes, our institution processes the following categories of personal data:
• Name and surname
• Citizenship
• Telephone/fax
• Home address/residence
• Email
• Series and number of the identity document
• Passport/driving license number
• Social or health insurance number
ro.getawaytravel.ro reserves the right to request other data necessary to fulfill its duties, strictly in accordance with the legal provisions.
The recorded information is intended for use by the operator/authorized operator and is communicated only to the following recipients: the operator, the data subject/his/her legal representatives, the judicial authority, criminal investigation bodies and other institutions empowered by law to request information.
D. The European legislative framework
– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (Regulation general data protection);
– Directive (EU) 2016/680 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data by the competent authorities for the purpose of preventing, detecting, investigating or prosecuting crimes or executing penalties and regarding the free circulation of this data and the repeal of the Council’s Framework Decision 2008/977/JAI;
– Directive 2002/58/EC of July 12, 2002 on the processing of personal data and the protection of confidentiality in the public communications sector (Directive on confidentiality and electronic communications).
National legislative framework
– Law no. 190 of July 18, 2018 on measures to implement Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation);
– Law no. 363 of December 28, 2018 regarding the protection of natural persons regarding the processing of personal data by the competent authorities for the purpose of prevention, discovery, investigation, prosecution and combating of crimes or the execution of punishments, educational and safety measures, as well as regarding the free movement of these data;
– Law no. 102 of May 3, 2005 regarding the establishment, organization and operation of the National Supervisory Authority for the Processing of Personal Data, republished, with subsequent amendments and additions;
– Law no. 506 of November 17, 2004 regarding the processing of personal data and the protection of private life in the electronic communications sector;
– ANSPDCP decision no. 128/2018 on the approval of the standardized form of the personal data security breach notification in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and its repeal of Directive 95/46/CE;
– ANSPDCP decision no. 133 of July 3, 2018 regarding the approval of the Procedure for receiving and resolving complaints;
– ANSPDCP decision no. 161 of 9 October 2018 regarding the approval of the Investigation Procedure;
– ANSPDCP decision no. 238 of December 18, 2019 regarding the amendment of annex no. 2 to the Investigation Procedure;
– ANSPDCP decision no. 174 of October 18, 2018 regarding the list of operations for which the assessment of the impact on the protection of personal data is mandatory;
E. Useful links:
http://dataprotection.ro/
https://edpb.europa.eu/edpb_ro
https://edps.europa.eu/
https://ec.europa.eu/info/law/law-topic/data-protection_ro
https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/index_en.htm