NEMO INVESTMENT VEHICLE S.A (referred to as “Radisson” or “we” or “Park Inn”) and all related entities need to collect and process personal data in order to effectively run their businesses and comply with legal obligations.
Radisson considers compliance with the obligations under data protection laws to be crucial to both its corporate values and the success of its business. Therefore, Radisson is committed to conducting business throughout the Europe, Middle-East and Africa (EMEA) region in accordance with all applicable data protection laws and regulations and in line with the highest standards of ethical conduct. This requires all individuals working for Radisson, its entities and hotels to ensure that, at all times, when they handle personal data in the context of their duties, they do so in accordance with the requirements of (EU) Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), the principles set forth in the data protection legislation applicable in Romania and in compliance with internal policies.
Personal data represents any information relating to an identified or identifiable natural person, and an identifiable person is that person that may be identified directly or indirectly, particularly by reference to an identification number or to one or more factors specific to its physical, psychological, mental, economic, cultural or social identity.
I. CATEGORIES OF PERSONAL DATA, PURPOSES AND GROUNDS FOR PROCESSING
In the context of your interaction with Radisson, you, as a natural person, may be subject to the data processing activities that we perform. We use your personal data in the following cases:
If you are our guest / client or potential client:
1.1. Providing the hospitality services
In order to provide our hospitality services (including via this website, e.g., for reservations for our hotels), we use your personal data consisting of: name and surname, gender, date of birth, citizenship, address, phone number, e-mail address or other contact information, ID, passport or other identification documents data (serial number, date of issuance, validity etc.), payment information (e.g., your credit card number if you make a hotel reservation online), signature.
Also, we may use your children personal data consisting of name and surname, date of birth, identification documents data for accommodation purposes.
If you make an online reservation via our websites or telephone for one of our restaurants we will process the following data: name, surname, telephone number, e-mail.
We rely in this case on the performance of our commitments (agreement) to you as grounds for the processing.
1.2. Communicating with you
We use your contact details such as address, email address and phone number in order to communicate with you with respect to our services (e.g., we use information to respond to your requests or questions or we may contact you about your account at Radisson). We also rely in this case on the performance of our commitments (agreement) to you as grounds for processing.
We may also use this information to communicate with you in order to get your feedback or to promote our campaigns/services. In this case we will rely on our legitimate interests (for phone calls) or your consent (for e-mails and SMS as per section. 1.5 below).
1.3 For loyalty programs
We collect guest stay and loyalty program information. For example, we collect information on the hotels where you have stayed, your dates of arrival and departure, goods and services purchased, special requests and service preferences. We collect information on your use of our loyalty programs, including how you earn and redeem points.
1.4 Data processing as obligation imposed by the law
In the context of providing our services, we may process some of your data, as referred at clause 1.1, based on a legal obligation imposed upon Radisson. In such case, the grounds for processing performed by Radisson is the legal obligation (e.g. reporting hotel guests` data to the Police). .
1.5 Sending direct marketing communications
We may also use your contact details in order to provide to you in electronic form (e.g., via text messaging, email, automatic telephone calls, social media) our direct marketing communications, but only if you have subscribed and, hence, given your prior, specific, free and informed consent to such processing. Direct marketing is opposed to marketing that is not specifically directed to you, such as an advertisement in a newspaper or leaflets handed out to you in a public square.
You can always withdraw your consent expressing thereby your option of not receiving our direct marketing communications in the future by clicking “Unsubscribe” when you receive the respective e-mail or by writing at our Data Protection Officer at: email@example.com.
If you are a representative, contact person or employee of our clients / potential clients
In all cases below, your data is provided either directly by you or by our client / potential client (e.g., your employer). The categories of data processed in this context are generally your name, position, e-mail, phone, fax, address, identification data, as well as other personal data provided to Radisson, as needed to fulfill the below purposes.
2.1. Providing our hospitality services
We use your relevant personal data in order to provide our client/potential client the services or information requested from us or to manage the relationship with our client/ potential client that you represent.
We rely in this case on the legitimate interest in providing our services according to our area of activity and managing the relationship with our clients.
2.2. Communicating with you
We use your contact details in order to communicate with you with respect to your requests and any other relevant hospitality services-related matters. We also rely in this case on the legitimate interest in providing our services according to our area of activity.
2.3 Data processing as obligation imposed by the law
In the context of providing our services, we may process some of your data, as referred at clause 2, based on a legal obligation imposed upon Radisson. In such case, the grounds for processing performed by Radisson is the legal obligation (e.g. reporting hotel guests` data to the Police).
2.4 Sending direct marketing communications
We may also use your contact details in order to provide to you in electronic form (e.g., via text messaging, email, automated telephone calls, social media) our direct marketing communications, but only if you have subscribed and, hence, given your prior, specific, free and informed consent to such processing. Direct marketing is opposed to marketing that is not specifically directed to you, such as an advertisement in a newspaper or leaflets handed out to you in a public square.
You can always withdraw your consent expressing thereby your option of not receiving our direct marketing communications in the future by clicking “Unsubscribe” when you receive the respective e-mail or by writing at our Data Protection Officer at: firstname.lastname@example.org
If you are our business partner (individual) or the representative, contact person, employee or other collaborator of our business partner
In all cases below, the data is provided either directly by you or by our business partner. The categories of data processed in this context are generally your name, position, e-mail, phone, fax, address, identification data, as well as other personal data provided to Radisson, as needed to fulfill the below purposes.
3.1. Maintaining our contractual relationship with our business partner
We use your relevant personal data in order to maintain the contractual relationship with our business partner. We rely in this case on the legitimate interest in ensuring that the contractual relationship is managed properly.
3.2. Communicating with you
We use your contact details in order to communicate with you with respect to any relevant business-related matters. We also rely in this case on the legitimate interest of ensuring that the contractual relationship is adequately carried out.
3.3 Data processing as obligation imposed by law
In the context of performing the agreement with our business partners, we may process some of your data based on legal obligations imposed upon Radisson. In such case, the grounds for processing is the legal obligation (e.g. reporting data for tax purposes to ANAF).
If you are our employee, including temporary worker, student or other individual performing internships in our hotels
The categories of data processed in the context of our relationship with you are: identification details (name, surname), address, gender, data and place of birth, birth certificate number, ID number, personal numeric code, driver’s license, passport or other similar identification document, citizenship, signature, data related to marital status, job title, professional experience, education and training history, images, performance history, salary and compensation history, work contact details (phone, e-mail, physical address), identification details of spouse (if applicable), identification details of children or other dependants (if applicable), bank account details, accidents at work, disabilities, health (including medical condition, health and sickness records), pregnancy, emergency contacts, login details, data related to the criminal records [please confirm and/or insert other types of data, as applicable].
We process your personal data for:
- the performance of your employment/ collaboration agreement (recruitment, general HR purposes related to the performance of the employment relationship/ mandate/ collaboration, where the case; training; payroll; travels; performance evaluations; check of the compliance with the internal policies and rules; facilitating the access to medical services / insurance services provided by various suppliers; fleet car management);
- for compliance with the legal requirements (health and security; archiving, surveillance of / physical security in Radisson spaces; ensuring the technical and organizational conditions for activities aimed at following the work discipline of the employees / collaborators (including by implementing a whistleblowing reporting line)[to be confirmed if this processing is applicable]; ensuring the security measures for the protection of employees’ data by implementing solutions aimed at preventing the unauthorized access to personal data and other information)
- for its legitimate interests (internal surveys within Radisson organization regarding the employee’s expectations/ satisfaction and related to other aspects relevant for the employment relationship)
If you are a job/internship applicant:
We use the personal data contained in the CVs we receive in order to assess the applicants’ qualifications for a position within Radisson, including in relation to our internship program. We base our processing on the grounds of entering into and performing of an employment relationship or temporary collaboration.
The categories of data processed in the context of our relationship with you are your name, e-mail, phone, fax, address, personal data included in CVs, education and training details, professional qualifications, as well as other personal data you may provide directly to us.
In some specific cases, we may process some sensitive data such as information contained in your criminal records or medical data pertaining to you. In these cases, we rely the processing on the legal obligation incumbent to Radisson.
If you are a visitor of our premises:
The categories of data processed in this context are your name and video image recorded by our video cameras installed on our premises for security reasons, as well as other personal data you may provide directly to us.
We use your personal data in order to ensure the security of our premises, assets and personnel. In this case, we base our data processing on our legitimate interest, namely the protection of such premises, assets and personnel.
If you are an event attendee or speaker:
The categories of data processed in this context are your name, gender, profession, age, where you work, as well as other personal data you may provide directly to us.
We use your personal data in order to register you at the event or to share such information with the public, should that be of public interest. We rely on our legitimate interest to organize the event if you are a user of our Internet website:
We use the personal data we collect from you when you visit our Internet site www.tasteofbucharest.ro, in order monitor the traffic and improve the content of the website. We base this data processing activity on our legitimate interest in ensuring the proper functioning of our Internet website, as well as its improvement.
If you use our website, we may collect information about the browser you’re using. We might look at what site you came from, or what site you visit when you leave us. We may collect your precise, real-time location using GPS, cell phone towers, Wi-Fi signals, and/or beacon technology (including Apple’s iBeacon), and/or future technologies. We might look at how often you use an app and where you downloaded it. We collect this information using the tracking tools described below and in compliance with applicable local law. For all above categories of data subjects, we may also process your data in the context of changes in structure or similar transactions involving any Radisson entity. In this case, the grounds for processing may be represented by the legal obligation (in case Radisson is legally obliged to disclose certain personal data to public authorities), the performance of the agreement concluded by Radisson in the context of such transaction (if you are a party to such agreement) or the legitimate interest of Radisson to carry out the transaction in the most effective manner (in the rest of the cases).
If you are our visitor of our websites (including this one):
II. PROVIDING THE PERSONAL DATA
When the data is required directly from you, Radisson kindly asks you to provide all categories of personal data we request in the aforementioned purposes, as otherwise we shall not be able to carry out our activity (including, among others, to provide you with our hospitality services).
III. COLLECTING INFORMATION IN DIFFERENT WAYS
We collect information:
- that you directly give to us. For example, if you make a reservation online, or enroll in one of our loyalty programs. We also collect information if you contact us or participate in a promotion.
- we collect information about you automatically. We use tracking tools such as browser cookies and web beacons to collect information from you. We collect information about users over time when you use this website.
- we get information about you from third parties. Where permitted by law, we may share information among entities within the Radisson group or we may get from other third parties with whom we do business. We may get information from persons acting on your behalf, for example if someone makes a reservation for you. We may also get information from social media platforms and advertising and analytics providers.
- we combine information. For example, we may combine information that we have collected offline with information we collect online, to the extent covered by the transactional purpose or your consent. Or we may combine information we get from a third party with information we already have.
IV. DISCLOSURE OF YOUR PERSONAL DATA
We might share information:
- within other Radisson entities unless legally prohibited. For example, we will share your information to facilitate reservations or to customize offers to your preference.
- with data processors that perform services on our behalf. For example, we share information with vendors who send emails and other communications for us. We also share information with companies that help us operate our sites or run promotions and advertisers and advertising networks that assist us in marketing and advertising our products and services. Some vendors may be located in a country other than where you live. We may also share information with analytics and search engine providers who act on our behalf.
- with our business partners unless legally prohibited. For example, we might share information with third parties who co-sponsor a promotion. Some of these partners may send you information about product or services by mail or email where legally permitted or based on your prior consent.
- in order to comply with the law or to protect ourselves, our clients or others. For example, we will share information to respond to a court order, or in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. Or, when required by law, we may share your information if you are the winner of a contest with anyone who requests a winner’s list. We may share information in order to enforce our site Usage Terms and Conditions or other agreements, and to protect the rights of others. We might share if we are investigating potential fraud. This might include fraud we think has happened during a promotion.
- with a successor to all or part of our business. For example, if part of our business or assets are sold, we may disclose user information as part of that transaction. You have certain choices about sharing and marketing practices.
V. DURATION OF PROCESSING
VI. YOUR RIGHTS
In your capacity as data subjects, the GDPR provides you with a series of rights including:
- the right of access – allowing you to obtain confirmation that your personal data is being processed by us and, if affirmative, the relevant details of such processing activities;
- the right to rectification – allowing you to rectify your personal data if inaccurate;
- right to erasure – allowing you to obtain the erasure of your personal data in certain cases (e.g., if the data is no longer necessary in relation to the purposes for which it was collected);
- right to restriction – allowing you to obtain the restriction of processing your personal data in certain cases (e.g., when you contest the accuracy of your personal data, for a period enabling us to verify such accuracy);
- the right to object – allowing you to object to further processing of your personal data within the conditions and limits set forth by law;
- right to data portability – allowing you to receive the personal data concerning you that you have provided to us, in a structured, commonly used and machine-readable format or to transmit this data to another data controller;
- right to withdraw consent – in cases where we process your data based on your consent;
- rights concerning automated decision-making – as a rule, you have the right not to be subject to an automated decision, if this produces legal effects over you or affects you in a similar way, to a significant extent. However, the law provides that in certain cases such automated decision-making are in order. In these instances, you will have the right to challenge the decision, to express your opinion and to obtain a verification from a human factor;
- right to file a complaint with the National Supervisory Authority for Personal data Protection.
We are happy to ensure your exercise of these rights.
You may exercise your aforementioned rights and find out more about such rights by filing with us, as data controller, a written request at Radisson Blu Bucharest, Calea Victoriei nr. 63-81, sector 1, Bucharest or by e-mailing us at email@example.com
You also have the right to file a complaint with the data protection authority.
We are committed to always treat your requests with the utmost attention and address any queries you may have in the shortest time possible.