Send a request

Submit

PRIVACY POLICY

Respect for the right to the protection of personal data, as well as for the right to privacy is one of the fundamental missions of S.C. Editura Adevărul S.A (Caro Club Hotel)

Thus, we take all the necessary steps required to process your personal data in accordance with the principles established by the applicable data protection law in Romania, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).

Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

The processing of personal data shall be carried out by: Editura Adevărul S.A., with registered office at Str. Barbu Văcărescu nr. 164A, Clădirea C6, Camera 2, Sector 2, Bucharest, registered with the Trade Register under no. J40/5921/1991, sole registration code RO1581157.

The Company Editura Adevărul S.A. is a controller of personal data within the meaning of GDPR and establishes the means and purposes of processing of personal data.

Click on one of the links below to jump to a specific section:

  • What kind of personal data do we process?
  • Personal data of minors
  • Special data
  • For what purposes and on what basis do we process your personal data?
  • To whom do we forward your personal data?
  • Do we collect personal data from third parties?
  • Do we transfer your data outside the EU/EEA?
  • Provision by you of the personal data of other individuals
  • How long do we keep your personal data?
  • What are your rights?
  • Is your data safe?
  • Links to other websites
  • Questions or complaints
  • Changes to the policy

____________________________________________________________________________________________________________

WHAT KIND OF PERSONAL DATA DO WE PROCESS?

If you are a client or a potential client

We collect personal data in the course of our interactions with you, as well as as part of the other aspects of our activity. The categories of data we are processing are the following:
a) data needed for making reservations (e.g. given name, surname, e-mail, telephone);
b) data related to the hotel registration sheet, required under national law (e.g. citizenship, address, date of birth);
c) bank card details (card type, credit/debit card number, holder's name, expiry date and security code);
d) information about the customer’s stay, including date of arrival and departure, special requirements, preferences;
e) information about the vehicles that you are likely to bring to our property, e.g. registration number ;
f) information collected by various contractual partners (travel agents, event organisers) and sent to Editura Adevărul S.A. (rooming list, guest list for invite-only events);
g) data necessary for the supply of additional services, where necessary;
h) reviews and opinions on our services;
i) any other type of information you choose to provide.

Likewise, surveillance cameras and other security equipment on our properties may also capture or record guests’ images in public places (such as hotel entryways, restaurants or lobbies) and your location data (via the images captured by the surveillance cameras).

You can always choose what personal data you would like to provide. However, if you choose not to provide certain personal data although our request is aimed at the compliance with a legal obligation, a contractual obligation or an obligation required for signing a contract, we will be unable to provide certain services, for example: (i) if you do not want to give your name, first name, email address or phone number when trying to make a reservation, we will not be able to make the reservation, or (ii) considering the fact that on the hotel registration sheet that you need to fill out upon checking-in to our hotel you will need to enter certain personal data required by law, should you refuse to fill out those mandatory fields, we will not be able to accommodate you in the hotel.

If you are a prospective employee

We collect the information included in your CV, and any other information submitted together with your CV and/or during the interviews.

If you are a visitor to our location

We collect the name, surname, series and number of the identity document.
Likewise, surveillance cameras may also capture or record visitors’ images in public places (such as hotel entryways, restaurants or lobbies).
If you are a user of our website http://www.hotelcaro.ro
No personal data is required for reading the existing information on the website.
However, for the purposes of the technical operation of the portal, we collect the time and the date of access to the website, as well as the IP address that accessed our website.
Some personal data are needed for the use of certain services (for example, online booking , job opportunities apps). For details, please refer to the section of the operation used on the website.

If you are a representative or a contact person of our suppliers or business partners

We collect the name, surname, position, and any other data provided by you or by the company that you represent.

If you are an employee


Please read the Employee Privacy Policy provided to you upon employment and available at any time at the Human Resources Department.
____________________________________________________________________________________________________________

PERSONAL DATA OF MINORS

We protect the confidentiality of data obtained from children under 16 years of age. If you are under the age of 16, you need to get your parents or legal guardian's consent or authorisation for any personal data provision.
____________________________________________________________________________________________________________

SPECIAL DATA

The term ‘special data’ refers to racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership and the processing of genetic data, biometric data, data concerning health or data relating to sexual life or sexual orientation.
In general, we do not collect special data unless you wish to provide the same.
____________________________________________________________________________________________________________

FOR WHAT PURPOSES AND ON WHAT BASIS DO WE PROCESS YOUR PERSONAL DATA?

If you are a customer
a) Reservations for hotel, restaurant and/or spa, or event inquiries made by you for organised events or events that may be organised.
Purpose: we process your personal data (i) to make a booking for you at our hotel/restaurant/spa and (ii) to reply to your inquiries.
Basis: entering into a contract
b) Check-in
Purpose: we process your data for your registration at/accommodation in our hotel.
Basis: when accommodated, according to the legislation in force, you are required to fill out the Hotel Registration Sheet which contains a minimum of data needed to accommodate you.
c) Client service (the service in question refers, inter alia, to: the hotel service, the concierge service, the cleaning service, the laundry service, etc.)
Purpose: we process your personal data to ensure that you have the best possible experience in accordance with your standards and the hotel’s standards.
Basis: the performance of the Hotel Services Contract.
d) Profiling
Purpose: for the provision of personalised services, certain special preferences you may have (for example, if you prefer the rooms at the upper or lower floors, if you like a particular type of wine, etc.) are stored in such a way that, when you return, we will know what you like
Basis: consent
e) Feedback:
Purpose: we process your personal data to make sure that you have had a pleasant experience with our units.
Basis: our legitimate interest is to continuously improve our services and provide services as adequate as possible and in line with our customers’ standards.
f) Marketing:
Purpose: we process your personal data for marketing purposes, such as commercial newsletters and marketing communications concerning new products and services or other offers that we believe could be of interest to you.
Basis: we rely on the legitimate interest to promote our services by sending the offers that we consider to be of interest to you (see the ‘Right to object’ of the ‘Your rights’ section).
If necessary, according to the applicable legislation, we will get your consent before processing your personal data for direct marketing. In that regard, we would like to inform you that you may at any time withdraw consent as to the processing for marketing purposes, in which case you will not receive any marketing communication from us.
You will also find an unsubscribe link, which you can use if you don't want to receive any more messages from us.

Likewise, when organising certain events in our hotel or restaurant, some photos might be taken, and some of those photos may also be distributed online for others to have an image on how our events look like. In any case, because we take account of your right to privacy, we will do our best to inform you that photos are going to be taken (for objections against our photos see the ‘Right to object’ of the ‘Your rights’ section).
g) Other communications: by e-mail, by post, by telephone or by the SMS
Purpose: these communications will be made for a specific reason, such as: (i) responding to your requests, (ii) if you have initiated, but have not completed an online booking or an inquiry, you will send an email to remind you to complete your booking, (iii) informing you about how your complaints and/or incidents that have arisen during your stay have been handled.
Legal Basis: our legitimate interest to deliver services to a desired standard by addressing potential demands/complaints and to assure you of our entire willingness.
h) Analysis, improvement and research:
Purpose: to ensure a constant evolution of the quality of our services, we are looking at each of your complaints/suggestions, and we are drawing up statistical reports to identify the problems and find the best solutions to solve them.
Basis: we rely on our legitimate interest to deliver services in line with your standards and the Club Hotel’s standards.

If you are a visitor to our location

Purpose: we process your personal data to ensure the protection of your belongings and the protection of people in our hotel.
Basis: our legitimate interest to ensure both customer/hotel/staff belongings protection and the protection of people in the hotel.

If you are a user of our website (http://www.hotelcaro.ro)

Purpose: traffic monitoring to identify errors and/or any other malfunction of the website.
Basis: this data processing activity is based on our legitimate interest to provide you with a fully functional website by repairing any errors and continuously improving it.

If you are a representative or a contact person of our suppliers or business partners


Purpose: carrying out contractual relations with our business suppliers or partners.
Basis: the performance of a contract.

If you are a prospective employee

Purpose: assessment of your job application.
Basis: the execution of a contract.

If you are an employee

Please see the Employee Privacy Policy provided to you upon employment and available at any time at the Human Resources Department.

For all categories of persons above, we can also process your data in the context of the following activities:
a) Restructuring, internal reorganisations or selling of assets or shares:
Purpose: we process your data for carrying out the above-mentioned operations.
Basis: the legitimate interest in carrying out the operations, especially as such could not be carried out without processing your data.
However, please be assured that any such processing will be carried out in accordance with this policy and by implementing measures to ensure the confidentiality of your data.
b) Security:
Purpose: we process personal data for the safety of goods and the physical integrity of people.
Basis: we rely on our legitimate interest to ensure protection of your belongings and of the hotel's assets, as well as the protection of people within the perimeter of our hotel.
c) Legal reasons:
Purpose: in certain cases we have to process the information provided, which may include personal data, in order to resolve legal disputes or complaints, conduct investigations, and comply with applicable legal regulations, implement an agreement or comply with requests from public bodies to the extent that such requests fulfil the requirements laid down by law.
Basis: the reasons for processing may be a legal obligation (should we have a legal obligation to disclose certain personal data to the public authorities) or
our legitimate interest in resolving any disputes and/or complaints.
____________________________________________________________________________________________________________

TO WHOM DO WE FORWARD YOUR PERSONAL DATA?

In order to ensure the expected level of hospitality and provide services of high quality, your data may be sent to the company’s head office. Also, we provide your data to our service providers and other third parties, as detailed below:
a) Suppliers: with a view to providing the requested services, in some cases, we will need to send some of your personal data to suppliers, who are processors and process the data in our name, on our behalf and in accordance with our indications (such as software providers, IT, accounting services, medical services).
b) Group events or meetings: if you are visiting our hotel as part of a group or as a participant in a conference, the information requested for the planning of the meeting and of the event can be shared with the organisers of such meetings and events and, if appropriate, with guests who organise or attend the meeting or event.
c) Business partners: in some cases, we work in partnership with other companies to provide you with products, services or offers. For example, we can arrange the leasing of a car or optional pastry and kitchen services for products that are not in our offer.
d) Public authorities and/or institutions for: (i) compliance with legal provisions, (ii) responding to their request, (iii) reasons of public interest (e.g. : national security). For example, under the rule set out under the Section ‘FOR WHAT PURPOSES AND ON WHAT BASIS DO WE PROCESS YOUR PERSONAL DATA’, subparagraph (b), any hotel unit is required to send each customer’s hotel registration sheets daily.

The confidentiality of your data is important for us and, where possible, the transmission of personal data as described above shall be carried out only on the basis of a confidentiality commitment of the recipients, ensuring that such data is kept secure and that the provision of such information is done in accordance with the legislation in force and the applicable policies. In any case, we will send each time only information strictly necessary for the achievement of the respective purpose.
____________________________________________________________________________________________________________

DO WE COLLECT PERSONAL DATA FROM THIRD PARTIES?

To offer you the expected level of hospitality and provide you with the best service level, it is possible to collect information on you from our business partners and other third parties, as detailed below:
a) Business partners: such as card partners, social network services that are in line with your settings for these services, travel agents, event organisers

In any case, please be assured that your data collected from third parties will be processed under the same conditions as if they were collected directly from you. In addition, we will collect only what is necessary for our purposes. (see Section ‘‘FOR WHAT PURPOSES AND ON WHAT BASIS DO WE PROCESS YOUR PERSONAL DATA?”).

In addition, when we will contact you for the first time, we will inform you firstly from where did we obtain your personal data.
____________________________________________________________________________________________________________

DO WE TRANSFER YOUR DATA OUTSIDE THE EU/EEA?

We can transfer your data to some providers that will be based in countries other than your country and — in some cases — in countries outside the EU/EEA.
While the data protection laws of these countries may differ from those in your country, we will take the necessary steps to ensure that your personal data are processed in conformity with this policy and in line with the applicable law.
____________________________________________________________________________________________________________

PROVISION BY YOU OF THE PERSONAL DATA OF OTHER INDIVIDUALS

If you provide us with the personal data of other individuals, please notify them prior to such disclosure and inform them on the way in which their data are to be processed, as described in this privacy policy.
____________________________________________________________________________________________________________

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

Your personal data are kept for the whole period of attainment of the purposes detailed in this policy, if a longer retention period is not required or permitted by the applicable law.
We are constantly reviewing the need for the retention of your personal data, and to the extent that processing is no longer necessary and that there is no obligation imposed by law to keep your personal data, we shall delete/destroy your personal information as soon as possible and in such a way that they can no longer be retrieved or reconstructed (for example, we will delete/destroy all data of persons who have not been employed following the interviews, if there are no serious prospects for employment in the future).
Where personal information is paper printed, it shall be destroyed in a manner which ensures that it is completely removed, and if it will be saved on electronic media, it shall be erased through technical means to ensure that the information is no longer recovered or reconstituted subsequently.
____________________________________________________________________________________________________________

WHAT ARE YOUR RIGHTS?

As data subject, you have the following rights as provided by the GDPR:

a) Right of access: can you request (i) a confirmation whether or not personal data is being processed, and if so, access to, and information about, and (ii) a copy of your personal data (Article 15 of the GDPR);
b) Right to rectification: you can inform us of any change in relation to your data or ask us to correct your personal data. (Article 16 of the GDPR);
c) Right to erasure (“the right to be forgotten”): in certain situations (e.g. (i) when data has been collected unlawfully, (ii) the time limit for storing the data has expired, (iii) you have exercised the right to object or iv) the data processing is performed on the basis of consent and you withdrew your consent), you can ask us to delete your personal data. (Article 17 of the GDPR);
d) Right to restrict processing: under certain circumstances (e.g. if you challenge the accuracy of these data or the lawfulness of processing), you may ask us to restrict your data processing for a certain period (Article 18 of the GDPR);
e) Right to data portability: you may ask us to send your personal data to a third party or directly to you. (Article 20 of the GDPR);
f) Right to object: in certain situations (e.g. processing having as a legal basis the legitimate interest) you may ask us to no longer process your data. (Article 21 of the GDPR).
g) If we use your personal data based on your consent you are entitled to withdraw your consent.

If we use your personal data based on your consent you are entitled to withdraw your consent at any time. In that case, your data will no longer be processed by us, unless a legal provision obliges us to retain and archive the same. In any case, we will inform you if there is any such legal provision and we shall specifically indicate it.
____________________________________________________________________________________________________________

IS YOUR DATA SAFE?

We are taking your personal security seriously, which is why we take important security measures to ensure protection against unauthorised access to data or against unauthorised alteration, disclosure or destruction of data. This involves internal reviews of the practices of collecting, storing and processing data and security measures, and physical security measures for protection against unauthorised access to systems storing personal data.
We also request our service providers and business partners to take all the necessary measures to ensure protection against unauthorised access to data or against unauthorised alteration, disclosure or destruction of data.
____________________________________________________________________________________________________________

LINKS TO OTHER WEBSITES

Our website contains links to websites owned and operated by third parties. Please note that we do not take responsibility for the collection, use, retention, sharing or disclosure of data or information by such third parties. If you use or provide information on third party websites, the privacy policy and terms of those websites shall be applicable. You are advised to read the privacy policy of the websites you are visiting before sending personal data.

The use of Internet services offered by Caro Club falls under the terms of use and the privacy policy of Internet providers. You can access these terms and policies by using the links available on the authentication page of the respective service or by visiting the website of the internet provider.
____________________________________________________________________________________________________________


QUESTIONS OR COMPLAINTS

If you have any questions or concerns about the processing of your personal data, or if you want to exercise any of the rights mentioned above, you can always contact us by sending an e-mail to the following address: [email protected] and we will respond to you within 30 days after receipt of the request.
Also, to the extent that you do not have electronic means or you do not want to use them, you can make a written request addressed to our registered office situated at Str. Barbu Văcărescu nr. 164A, Clădirea C6, Camera 2, Sector 2, Bucharest.
If you are not satisfied with the way in which your request was handled, you may lodge a complaint with the National Supervisory Authority for Personal Data Processing.
____________________________________________________________________________________________________________

CHANGES TO THE POLICY

This privacy policy may be modified from time to time in accordance with changes in the legislation relating to data policy or changes to our services or organisation. Once such changes are actually implemented, we will publish a link to the revised policy on our website’s homepage. If we will make significant changes that will have an impact on your rights and freedoms (for example, when we start processing your personal data for purposes other than those mentioned above), we will contact you before starting such processing.
In order to help you track the most important changes, we will include a track record for changes to this policy below.


Last update: 23 July 2018

Check availability
Subscribe to our newsletter to receive our latest offers
Subscribe
Direct booking advantages

Book directly from this website to get the best prices and more!

Find out more
HOTEL CARO ESTE MEMBRU FIHR
Awards
Social
Phone +40-21-208 61 00
Fax +40-21-208 61 20
Address 164A Barbu Văcărescu Blvd. 2nd District, 020285 Bucharest, Romania