We are very pleased to have you as potential customers / clients / visitors / subscribers of the services offered by the ISSA Resort hotel, operated and managed at the location in Turda, Aleea Durgău no. 6A, Cluj County, by the company ISSA RESORT SRL, with headquarters at Str. Dealul Viilor, no. 10, Turda, Cluj County, Romania, registered in the Trade Register under no. J2014000435126, tax identification code RO32783407, hereinafter referred to as “the Company”.
The hotel (email:info@issaresort.ro) located in Turda, Aleea Durgău no. 6A, Cluj County, website www.issaresort.ro, phone +40 732 000 110, offers and carries out hotel accommodation, food & beverage, event organization, fitness and body maintenance, spa, treatment, and relaxation services.
Protecting the personal data of potential customers / clients / visitors / subscribers of our services is very important to us.
ISSA RESORT SRL is a data controller in the meaning of Article 4(7) of Regulation (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and the repeal of Directive 95/46/EC (hereinafter “GDPR”).
Hereby, we inform you that the Company collects and processes, in full or in part, as a data controller, the following categories of personal data of potential customers / clients / visitors / subscribers of our services:
We collect your personal data from contact forms, reservation forms, check-in and check-out forms, forms of entry/exit, payment forms (bank card / bank transfer / vouchers / tickets / gift cards), documents related to service provision, access cards, via email, phone, social media platforms, website, contracts, forms and documents used in the relationship with you.
For personal data of other persons that you provide to us in relation to the services offered / provided by the Company, which we process in relation to these services, it is your responsibility to ensure that those persons have been correctly and fully informed and that their consent has been obtained for processing activities, if such consent is required.
The Company processes the above personal data for the following purposes:
(i) concluding and performing the service contract with you, including any correspondence related to this relationship,
(ii) fulfilling its pre-contractual and contractual obligations (reservation process, other services depending on your choices etc.),
(iii) ensuring hotel services (accommodation, meals, etc.) and any other services requested by you,
(iv) fulfilling any legal obligation applicable to the Company (for example: accounting, fiscal, emergency situations, legal obligations applicable to hotel service providers),
(v) exercising or defending the legitimate rights and interests of the Company (e.g. client relations management),
(vi) internal evaluation, control of processes, activities performed by the Company,
(vii) internal audit, financial audit and other reporting required by law or relevant obligations (e.g. compliance),
(viii) promoting the Company, its activities,
(ix) monitoring security of persons, spaces, assets (video surveillance in some interior/exterior areas: parking, reception, halls, yard etc.) for safety,
(x) performing statistical and archival operations requested by authorities, if applicable,
(xi) providing statistics,
(xii) direct marketing / advertising / contests / measuring satisfaction / campaigns organized by the operator, if you have expressed consent to receive commercial messages via email / SMS / phone regarding the Company’s services.
The legal basis for processing for each of the purposes above consists of one or more of:
(i) processing is necessary for performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract — Art. 6(1)(b) GDPR,
(ii) fulfilling a legal obligation of the controller — Art. 6(1)(c),
(iii) the legitimate interest of the Company — Art. 6(1)(f),
(iv) the data subject’s consent — Art. 6(1)(a), when applicable.
The retention period of personal data by the Company is the time necessary to fulfill the processing purposes, in compliance with applicable laws, and for any applicable legal term, and thereafter according to financial-accounting and archival norms, and for the statute of limitations protecting the Company’s legitimate interests. If the Company determines that it has a legitimate interest or legal obligation to continue processing your personal data for other purposes, you will be informed accordingly.
If there is a legal obligation to archive, data will be archived fully/partially according to legal provisionsWe are very pleased to have you as potential customers / clients / visitors / subscribers of the services offered by the ISSA Resort hotel, operated and managed at the location in Turda, Aleea Durgău no. 6A, Cluj County, by the company ISSA RESORT SRL, with headquarters at Str. Dealul Viilor, no. 10, Turda, Cluj County, Romania, registered in the Trade Register under no. J2014000435126, tax identification code RO32783407, hereinafter referred to as “the Company”.
The hotel (email:info@issaresort.ro) located in Turda, Aleea Durgău no. 6A, Cluj County, websitewww.issaresort.ro, phone +40 732 000 110, offers and carries out hotel accommodation, food & beverage, event organization, fitness and body maintenance, spa, treatment, and relaxation services.
Protecting the personal data of potential customers / clients / visitors / subscribers of our services is very important to us.
ISSA RESORT SRL is a data controller in the meaning of Article 4(7) of Regulation (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and the repeal of Directive 95/46/EC (hereinafter “GDPR”).
Hereby, we inform you that the Company collects and processes, in full or in part, as a data controller, the following categories of personal data of potential customers / clients / visitors / subscribers of our services:
We collect your personal data from contact forms, reservation forms, check-in and check-out forms, forms of entry/exit, payment forms (bank card / bank transfer / vouchers / tickets / gift cards), documents related to service provision, access cards, via email, phone, social media platforms, website, contracts, forms and documents used in the relationship with you.
For personal data of other persons that you provide to us in relation to the services offered / provided by the Company, which we process in relation to these services, it is your responsibility to ensure that those persons have been correctly and fully informed and that their consent has been obtained for processing activities, if such consent is required.
The Company processes the above personal data for the following purposes:
(i) concluding and performing the service contract with you, including any correspondence related to this relationship,
(ii) fulfilling its pre-contractual and contractual obligations (reservation process, other services depending on your choices etc.),
(iii) ensuring hotel services (accommodation, meals, etc.) and any other services requested by you,
(iv) fulfilling any legal obligation applicable to the Company (for example: accounting, fiscal, emergency situations, legal obligations applicable to hotel service providers),
(v) exercising or defending the legitimate rights and interests of the Company (e.g. client relations management),
(vi) internal evaluation, control of processes, activities performed by the Company,
(vii) internal audit, financial audit and other reporting required by law or relevant obligations (e.g. compliance),
(viii) promoting the Company, its activities,
(ix) monitoring security of persons, spaces, assets (video surveillance in some interior/exterior areas: parking, reception, halls, yard etc.) for safety,
(x) performing statistical and archival operations requested by authorities, if applicable,
(xi) providing statistics,. After the processing is complete, data will be deleted or destroyed depending on the storage medium or may be anonymized.
Access to the personal data may be granted to other companies in Romania and/or abroad for internal administrative purposes, for protecting the rights, interests and assets of the Company, and/or to fulfill legal requirements, where applicable, some of these companies acting as processors on behalf of the Company in relation to certain processing activities.
All necessary measures are taken in relation to this access / provision to ensure an adequate level of protection, no matter where the data is transferred. We ensure that processing principles and conditions from Articles 44 et seq. GDPR are respected to guarantee an adequate level of protection in all cases. A suitable level of protection may be ensured, among others, through standard contractual clauses.
The personal data described above may also be disclosed to the following recipients: the data subject, their legal representatives, representatives of the operator, processors/representatives, contractual partners (auditors, IT, technical maintenance, fiscal, financial, archiving, mail distribution, compliance, legal services such as lawyers, notaries etc.), subcontractors, clients — within the limits of obligations assumed with respect to the operator. Where the Company has a legal obligation, personal data may be disclosed to public authorities / institutions / public bodies (courts, investigative authorities, tax authorities, municipalities, supervisory authorities).
Also, personal data may be sent to external service providers, clients and suppliers, if necessary for providing a given service or managing business relations.
If personal data are transferred to a country outside the European Economic Area, we ensure that Articles 44+ GDPR conditions are satisfied to ensure adequate protection — e.g. transfer to countries recognized by the European Commission as providing adequate protection; or transfer subject to data transfer mechanisms or safeguards as required by GDPR.
The above personal data are not subject to automated decision-making, including profiling.
In the context of personal data processing, you benefit from the following rights: right to information, right of access, right to rectification, right to erasure (“right to be forgotten”), right to restriction of processing, right to data portability, right to object, right not to be subject to an automated decision, right to file a complaint with a supervisory authority, right to an effective judicial remedy, right to withdraw consent if given.
For more information on how to exercise these rights, you can send a written, signed and dated request to the email data.protection@issaresort.ro, and if there are questions regarding any aspect of personal data protection.
The Company constantly evaluates and improves security measures implemented to ensure that personal data are processed in safe and secure conditions.
This information notice may be updated, amended, improved at any time, and a modified / updated / improved version will be brought to your attention via our website www.issaresort.ro.