XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" width="0" style="display:none;visibility:hidden">

Personal Data Processing Policy

The operator who processes personal data through https://casatimis.ro is IMPEX CRIS TIM SRL, a legal entity organized according to the applicable law, having its headquarters in Bucharest, Sectorul 1, Bucureştii Noi nr. 140, 1st floor, office E1.06, registration number in the Trade Register J40 / 9519/1991, CUI 1596921.

The operator IMPEX CRIS TIM SRL (hereinafter referred to as the “Operator”) may be contacted at the above-mentioned headquarters or at the e-mail address dpo@cristim.ro; tel .: 40 21 20 20 200, fax: 40 21 20 27 400.

The content of https://casatimis.ro is addressed exclusively to individuals who legally have reached the age of 18.

According to the requirements, Regulation no. 679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) and those of Law no. 190/2018 regarding the enforcement measures of this Regulation, CRISTIM has the obligation to administer safely and only for the specified purposes, the personal data provided by the users of the site https://casatimis.ro.

  1. PERSONAL DATA PROPERTY PROVIDED BY THE OPERATOR THROUGH THE SITE https://casatimis.ro:

The operator collects personal data on the basis of voluntary delivery by the data subjects (site visitors). The categories of personal data collected depend on the nature of the visitor’s intent to interact with the https://casatimis.ro site. We process the information you enter into the Site when:

1.1. Making an on-line reservation

For this purpose, we can collect the following categories of personal data: data required to make reservations (name, surname, e-mail address, telephone number); dates of the arrival / departure card (citizenship, home address, date of arrival); data necessary for the payment to be made (card type, credit / debit card number, holder’s name, expiration date and security code); tourist arrival information (arrival date, departure date); information about the tourist’s car (registration number);

1.2. Acquiring an electronic voucher

For this purpose, we can collect the following personal data categories: name, surname, e-mail address, phone number, card type, credit / debit card number, holder’s name, expiration date, and security code;

1.3. Asking for an offer of accommodation or event organization;

For this purpose, we can collect the following categories of personal data: name, surname, e-mail address, phone number;

1.4. Subscribing to promotions, contests and campaigns by accessing the “Campaigns” section, under the conditions stipulated in the regulations for each event published by the Operator.

For this purpose, we can collect the following categories of personal data: for participants – name, surname, e-mail address, phone number, voice; for the winners – name and surname, home address, e-mail address, phone number, bank account, signature, photo and any other data necessary for the possession of the prize provided by the Operator;

1.5. Complaining about faults / suggestions regarding the quality of the services provided by the Operator or contact us in order to provide a service offer;

By completing the contact form by the data subjects, we can collect the following personal data categories: name, surname, e-mail address, phone number, county and any other personal data are provided by filling in the “Message” field available in this form.

The data provided voluntarily through the contact form is used to make the requested person’s request more efficient by filling in the “Message” field or, as the case may be, for contacting by e-mail / telephone about the requested offer.

The operator may collect other data involuntarily but do not lead to the unique identification of the target person (name of the file requested, browser type used, browser language used, type of operating system used, IP address of the computer used for site navigation, the date and time of the site visit, the amount of data transferred, the status of this ex-file transfer, the availability of the file, the possible content of the contact form and other technical parameters) provided by the Internet browser through which access is made to site and may be used by the Operator to improve the services / products offered to its clients. Such information will not, however, be used to identify site visitors and will not be made public otherwise than under the conditions described in this Privacy Policy;

2. THE PURPOSES AND THE THEMES OF PROCESSING

The operator processes the personal data provided through https://casatimis.ro for the following legal purposes and reasons:

– on the basis of the consent of the person concerned, to make on-line reservations, to sell electronic vouchers and to respond to the requests made on the site (by filling in the contact form according to the option expressed by the data subject);

– based on the user’s express consent for marketing purposes, for the delivery of newsletters in exclusively electronic format;

in legitimate interest, personal data collected involuntarily in order to understand the needs and expectations of customers and to improve the services / products offered.

By filling in the forms available on the https://casatimis.ro website or by inserting the e-mail address for marketing communications or giving consent for marketing purposes on any material made available by the Operator or a partner thereof collects consent for marketing purposes for the Operator, each user has expressed his consent to the Operator to process his or her personal data in accordance with the purposes stated in this Privacy Policy, in compliance with the provisions of Regulation no. 679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) and the national provisions in force and with those of Law no. 190/2018 on the measures implementing this Regulation;

The operator may disclose the personal data of visitors to https://casatimis.ro to authorized employees or other companies with whom they are in partnership to process them on behalf of the Operator but only under a confidentiality engagement on their behalf and only for the purposes stated herein, by which the third party guarantees that these data are kept secure and that the provision of such personal information is made according to the legislation in force, as follows: to the marketing services providers, to the service providers payment / bank or other services provided by companies with which we can develop joint programs for the market of our products and services, a website service provider.

The operator will disclose the personal information collected for the purposes specified in this document when required to comply with the law and / or at the request of the competent authorities; in order to implement the Terms and Conditions of Use; to protect the property rights or the security of the Operator, our customers or other individuals. This includes sharing information with other companies and organizations to protect and reduce the risk of fraud. These cases do not include selling, renting, sharing or otherwise disclosing personal identification information from customers for commercial purposes in violation of the terms and conditions set forth in the Terms and Conditions.

In the processing of personal data, the Operator will act legally, fairly and transparently. Data processing is done for determined, explicit and legitimate purposes. Data processing is appropriate and limited, only in relation to the need to achieve the purpose for which they were collected. Personal data will be retained only for the time required to meet the purposes for which it is processed, and processing will be done in an appropriate manner to ensure the security and integrity of the data.

If you do not wish to use the personal information we collect to allow the Services to be optimized or to allow third parties to personalize the ads we have displayed to you, please express your option in accordance with Section 4 of this document or proceed with uninstalling the appropriate cookies with the option to follow the steps outlined in the Cookies Policy.

In order to ensure the lawfulness of personal data processing, the Operator assumes responsibility for implementing appropriate technical and organizational measures to protect against unauthorized access, use, alteration or destruction of personal data in accordance with the applicable law on personal data.

3. THE RIGHTS OF INDIVIDUALS

On the basis of a written, dated, signed and dispatched application to the Operator’s address as described in point 1, you may exercise your legal rights as the data subject in accordance with the provisions of Regulation 679/2016, namely:

The right of access means the right of the data subject to obtain a confirmation from the Operator that personal data relating to the person in question is processed or not, and in case of an affirmative answer, access to the data will be obtained and information on how the data is processed.

The right to rectification refers to the correction, without undue delay, of inaccurate personal data. The rectification will be communicated to each recipient to whom the data was transmitted, unless this proves impossible or involves disproportionate efforts on the part of the Operator.

The right to delete / remove data (the “right to be forgotten”) means the right of the data subject to request that personal data be deleted without undue delay if one of the following reasons is applied: they are no longer necessary to fulfil the purposes for which they were collected or processed; the person in question decides to withdraw his consent and there is no other legal basis for the processing; the person in question opposes the processing and there are no legitimate reasons to prevail; personal data has been processed illegally; personal data must be deleted for compliance with a legal obligation; personal data was collected in connection with the provision of information society services.

The right to restrict the processing may be exercised if the accuracy of the data processed by the Operator is disputed, for a period that allows verification of the correctness of the data; processing is illegal and the person in question opposes the deletion of personal data, but instead calls for restriction; if the Operator no longer requires personal data for processing, but the person in question requests them for the establishment, exercise or defense of a right in court; if the person opposed to the processing for the period of time that it is verified that the legitimate rights of the Operator prevail over those belonging to the data subject.

The right to data portability refers to the right of the data subject to receive personal data in a structured format, which is currently used and can be read automatically, and the right to transmit these data directly to another operator, but only if this is feasible from a technical point of view.

The right to oppose the right of the site’s user to oppose the processing of personal data when processing is necessary to perform a task that serves a public interest or when the Operator’s legitimate interest is taken into account. Where the processing of personal data is for the purpose of direct marketing, the data subject is primarily entitled to oppose processing at any time.

The right to rectification refers to the correction, without undue delay, of inaccurate personal data. The rectification will be communicated to each recipient to whom the data was transmitted, unless this proves impossible or involves disproportionate efforts on the part of the Operator.

If the rights provided for in Regulation no. 679/2016 have been breached, any person concerned has the possibility to file a complaint with the National Authority for Personal Data Processing Supervision (A.N.S.P.D.C.P.).

Contact details of A.N.S.P.D.C.P. are the following: Bucharest, B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336; Telephone: + 40.318.059.211 / + 40.318.059.212; Fax: +40.318.059.602; E-mail: anspdcp@dataprotection.ro; Website: www.dataprotection.ro.

Storing personal data

Personal data are processed within the European Union. They are retained for a period appropriate to the purpose for which they were processed, and may not exceed 5 years from collection.

Changing the Privacy Policy

If a change to this Privacy Policy is required, the Operator will publish those changes to ensure correct and complete information on data processing.