Privacy Policy

Site Privacy Policy

1. General information

SC AVB Road Design SRL with headquarters in county Mures, Reghin, B-dul Unirii, bl 36, ap 19, having CIF 35653720, registered with Reg. Com. with no. J26/225/2016 hereinafter referred to as AVB Road Design, as the owner, administrator of https://transylvania6days.ro/, respects the privacy and security of the processing of personal data of each person who visits and or uses the services offered by this website and undertakes to protect the data and their personal information. This document refers to the https://transylvania6days.ro/ website, hereinafter referred to as “website”.

Regulation 2016/679 on the protection of personal data with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, in this document – GDPR, Regulation or RGPD) was adopted by the European Parliament and the Council of the European Union on April 27, 2016, its provisions being directly applicable starting from May 25, 2018. This Regulation expressly repeals Directive 95/46/CE, thus replacing the provisions of Law no. 677/2001.

The regulation is directly applicable in all EU states, protecting the rights of all individual persons located on the territory of the European Union. From a material point of view, the Regulation applies to all operators who process personal data. The Regulation does not apply to the processing of personal data concerning legal entities and, in particular, enterprises with legal personality, including the name and type of legal entity and the contact details of the legal entity.

Personal data is defined as any information regarding an identified or identifiable individual person (“data subject”). An identifiable individual person is a person who can be identified, directly or indirectly, in particular by reference to an identification element such as a name, identification number, location data, online identifier, specific to his physical, physiological, genetic, psychological, economic, cultural or social identity.

The processing of personal data involves any operation or set of operations performed on data or sets of personal data, with or without the use of automated means, such as collection, registration, organization, structuring, storage, adaptation or modification, extraction , consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, deleting or destroying them.

2. Collection of personal data

Personal data collected by this website

  • Name, surname
  • Home and/or residence address
  • Contact details (such as email, telephone or fax)
  • IP address
  • Bank account, transaction data relating to purchased products (if applicable)

3. Obtaining Consent

Overview

In order for the processing of personal data to be legal, the GDPR requires that it be carried out on the basis of a legitimate reason, such as the execution or conclusion of a contract, the fulfillment of a legal obligation, or on the basis of the valid consent previously expressed by the “data subject”. In this case, the operator is required to be able to prove that the person in question has given his consent.

The granting of consent must be achieved by an unequivocal statement or action that constitutes a freely expressed manifestation, and may even be achieved by ticking an acceptance box.

Contact form or registrations

If you send us questions or register through the forms available on the site, we will collect the data entered in the form, including the contact data you provide, in order to respond to your questions or requests.

Contact by email, phone, social media or fax

If you contact us by email, phone, social media or fax, your request, including all the personal data you will provide, will be stored and processed for the purpose of solving your request.

Registration on the website (if the platform allows this)

If the platform allows registration on this site, the data entered by you will be used and processed for the purpose of using the respective service or functions for which you have registered. The mandatory data requested at registration must be provided by you in full, otherwise the registration operation will be rejected.

https://transylvania6days.ro/ does not knowingly or intentionally collect data about minors and does not offer services to minors.

4. The purpose of processing the collected data

Part of the data collected on this site is used to:

  • Providing the services we offer for your benefit (for example, to solve problems of any nature related to our products and services, to provide support services, for invoicing, etc.)
  • Optimal functioning and optimization of this website (statistical and analytical)
  • Advertising and promotion activities in the online environment
  • Transmitting commercial information via email or sms regarding the services offered
  • To defend our legitimate interests

We will keep and process the data you provide until:

  • request data deletion is received in writing or the consent is revoked
  • the purpose for data storage is no longer valid

The provision of data for any of the above situations is necessary for the use of the services and or the conclusion of a contract between you and https://transylvania6days.ro/. The refusal to provide the data results in the impossibility of developing the contractual relations between the client and https://transylvania6days.ro/.

5. Storage and encryption of collected data

Hosting

Personal data registered on this website are stored on the servers of ROMARG SRL. The processing of the data provided and stored complies with the legal provisions of the EU GDPR, Article 6, Paragraph 1, Letters A, B and F.

Regardless of the purpose for which personal data is processed, the principles of legality, fairness and transparency are respected, but also that the personal data processed are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

For more information on the processing of personal data by ROMARG SRL, please visit https://www.romarg.ro, the section that describes the privacy policy.

We comply with the obligations according to article 28 of the EU GDPR, by choosing an external service provider that offers sufficient guarantees for the implementation of appropriate technical and organizational measures, so that the processing complies with the requirements set out in the regulation.

This site uses SSL encryption for security reasons and to protect the transmission of confidential information.

Any mandatory legal provisions, in particular those relating to mandatory data retention periods, are not affected by the above.

The processing of personal data is carried out in accordance with the provisions of the European Union General Data Protection Regulation.

6. Cookies

This site uses cookies. They do not harm your devices and do not contain viruses, but have the role of contributing to an easier, more efficient and safer use of the site. They are small text files that are saved on your device and are saved by the browser you use.

Your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.

Other cookies (such as, for example, those used to analyze your browsing behavior on this site) are also stored and will be treated separately. Details about these cookies here: https://transylvania6days.ro/en/cookies-policy

The server of this site automatically collects and stores the information that your browser automatically transmits to us through log files. These can be:

  • Browser type and version
  • Operating system used
  • The URL of the page that originally generated the request to display the current page or object (Referrer URL)
  • The host name of the accessing computer
  • Temporal data regarding server access
  • IP address

7. Advertising / Analysis, plugins and applications used on the site

It is possible that our website may temporarily or permanently use the following applications, plugins or software installed for advertising/analysis purposes and or to ensure the proper functioning of the website:

  1. YouTube, application operated by Google. If you visit a page on our website where a YouTube plug-in has been integrated, a connection to the YouTube servers will be established. Consequently, the YouTube server will be notified which of the pages have been visited by you, placing specific cookies with the help of which it will be possible to obtain information about the visitors of our website. For more information on how YouTube handles user data, see YouTube’s Data Privacy Policy at: https://policies.google.com/privacy?hl=en. 
  2. Google Fonts. This site uses Web Fonts provided by Google to ensure the consistent use of fonts for texts on this site. When you access a page on this website, your browser will load, as a result of establishing a connection with Google’s servers, the web fonts necessary for the correct display of text and fonts. For more information on how Google Web Fonts handles user data, see Google’s available Privacy Policy: https://policies.google.com/privacy?hl=en
  3. Google reCaptcha. The purpose of reCAPTCHA is to determine whether data entered on our site (for example, information entered in a contact form) is provided by a human user or an automated program. To determine this, reCAPTCHA analyzes the behavior of website visitors based on a variety of parameters. This analysis is automatically triggered as soon as the website visitor enters the website. For this analysis, reCAPTCHA evaluates a variety of data (e.g. IP address, time the website visitor spent on the website or user-initiated cursor movements). The data tracked during these analyzes is sent to Google. reCAPTCHA analyzes run entirely in the background. Site visitors are not alerted that an analysis is in progress. Google reCatpcha uses Standard Contractual Clauses as an adequate data protection guarantee, in accordance with the level of protection guaranteed by the GDPR. For more information, see Google’s Data Privacy Statement at the following links: https://policies.google.com/privacy and https://policies.google.com/terms?hl=en 
  4. Google Analytics, is a Google web traffic analysis service (and or Google Analytics Remarketing service, in combination with Google AdWords and Google DoubleClick, functions that enable the connection of advertising target groups). Google Analytics uses so-called cookies. Cookies are text files that are stored on your device and that allow an analysis of the use of the website by users. The information generated by the cookie about your use of this website is usually transferred to a Google server in the United States, where it is stored. For more information, see Google’s Data Privacy Statement here: https://support.google.com/analytics/answer/6004245 
  5. Google Ads and Google Conversion Tracking. This is an online program of Google Inc. With Google Ads, we use a tool called “conversion tracking”. If you click on an ad published by Google, a cookie will be placed for conversion tracking purposes. These cookies expire after the term set by Google here https://policies.google.com/privacy?hl=en and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google will be able to recognize that the user has clicked on an ad and has been connected to this page.
  6. Facebook Pixel. An integration to measure conversion rates that allows the analysis of the activity of website visitors coming from Facebook. This tool allows tracking the activity of page visitors after they have been connected to the provider’s website after clicking on a Facebook ad. This makes it possible to analyze the effectiveness of Facebook ads for statistical and market research purposes and to optimize future advertising campaigns. For the operators of this site, the data collected is anonymous. We are not in a position to reach any conclusions about the identity of the users. However, Facebook archives the information and processes it so that the connection to the respective profile is possible, and Facebook is able to use the data for its own promotional purposes in accordance with the Facebook Data Usage Policy. The operators of this site have no control over the use of this data. In Facebook’s data privacy policies, you will find additional information about protecting privacy at: https://www.facebook.com/about/privacy/. You also have the option to disable the “Custom Audiences” marketing feature in the Ad Settings section under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must first log in to Facebook. If you do not have a Facebook account, you can disable user-based advertising through Facebook on the website of the Interactive Digital Advertising Alliance: https://www.youronlinechoices.com/uk/your-ad-choices.

     

The storage of cookies by the tools mentioned above and their use is based on Article 6, paragraph 1, letter F of the GDPR. The operator of this website has a legitimate interest in analyzing user patterns in order to optimize both the services offered and the operator’s advertising activities.

The transmission of personal data to the USA and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. For more information on these Clauses, we recommend accessing https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

For more information and data protection regulations, see Google’s data privacy policies at: https://policies.google.com/technologies/ads?hl=en

Data regarding the Google archiving period of cookies can be consulted here: https://support.google.com/analytics#topic=1008008

8. E-commerce / online payments

Ecommerce

We process personal data as long as it is necessary to conclude or modify a contractual relationship with our company/the company that manages this website, respecting the provisions of Article 6, paragraph 1, letter B of the GDPR. Thus, we process (collect, record, structure, store, modify, extract, etc.) personal data from the moment of accessing this website only for the purpose of facilitating access to our products or services and/or to collect their consideration. The data of our customers will be deleted after a period of 3 years (personal data processed for the purpose of executing the assumed contractual obligations) or 10 years (in compliance with the provisions of the Accounting Law no. 82/1991).

Online payments

During the purchase process of the products sold through this website (if applicable), your bank details are safe! The companies we collaborate with in order to process online payments use secure encryption methods, the data being transmitted through high security connections to the financial units. So the data provided by you for making payments are not transmitted to third parties and are not saved in databases.

Depending on the payment processor we use when you purchase a product from our site, before doing so you have the opportunity to consult the Privacy Policy of that processor at the time of check-out, and before entering any personal or banking data on the platform.

With regard to the transfer of personal data by the online payment processor, it will only be carried out when it is necessary for the provision of services or to comply with certain obligations of the respective processor as an online payment service provider, in order to complete the payment. The legal basis for data processing is highlighted in Article 6, paragraph 1, letter A and Article 6, paragraph 1, letter B and F of the EU GDPR.

9. User rights

Your rights regarding personal data and the means of exercising them are: the right to information, the right to access, the right to rectification, the right to delete data, the right to restrict processing, the right to data portability, the right to opposition, the right to submit complaint and to address the courts respectively the right to withdraw consent.

10. Records of processing activities and the DPO (“data protection officer”)

According to the GDPR Regulation, the operator or the person authorized by the operator should keep, for a reasonable period, records of the processing activities under his responsibility. Thus, these records will include all the following information:

  • the name and contact details of the operator
  • the purposes of the processing
  • description of categories of data subjects and categories of personal data;
  • the categories of recipients to whom the personal data were or will be disclosed;
  • if applicable/possible:
    • the expected deadlines for the deletion of different categories of data
    • a general description of technical and organizational security measures
    • transfers of personal data

The obligation detailed above does not apply to an enterprise or organization with less than 250 employees, unless the processing it carries out is likely to generate a risk for the rights and freedoms of the data subjects, the processing is not occasional or the processing includes special categories of data or personal data relating to criminal convictions and offenses.

For any information or clarifications regarding the operation of this website, please contact us on the following details

  • Name: Adrian
  • e-mail: adrian@transylvania6days.ro
  • Phone: 0749 593 321


Technical and organizational measures

Taking into account the current state of technology, the context and purposes of the processing, as well as the risks to the rights and freedoms of individual persons, the operator implements appropriate technical and organizational measures to ensure that, by default, only personal data that are necessary for each specific purpose of the processing.

Notification of the supervisory authority in the event of a breach of personal data security

Pursuant to Article 33, paragraph 1, of the GDPR, if there is a breach of the security of personal data, we will notify the National Supervisory Authority for the Processing of Personal Data without undue delay and, if possible, within no more than 72 hours from the date we became aware of it.

Informing the individual about the data security breach of personal data

Referring to the provisions of article 34, of the GDPR, if the violation of the security of personal data is likely to generate a high risk for the rights and freedoms of individual persons, we will inform the individual without unjustified delay regarding this violation, except in situations such as described in the article.

Other

https://transylvania6days.ro/ maintains an online presence on networks, social platforms and or applications to communicate with customers and potential customers in order to inform them about the products and services offered. When visiting any of these networks, sites or applications, the processing terms and conditions of the operator of those applications apply. We also process the data communicated to us on these applications and social networks. Our website may include Social Media features, such as Facebook, Twitter and Google Share buttons, etc… These features fall under the Privacy Policy of the companies that provide them.

The website may also contain links to other external websites. We do not control and are not responsible for the content or practices of other sites. This Privacy Policy does not apply to those websites, as they are under the control of their own Privacy Policies.

Conclusion

This policy regarding the processing of personal data is generated in accordance with the provisions of Romanian Regulation no. 679/2016 on the protection of individual persons with regard to the processing of personal data and on the free movement of such data, but also with the other applicable national legal provisions.

We reserve the right to make any additions or changes to this policy. We recommend consulting the Policy regularly for correct and up-to-date information regarding the processing of personal data.

For more details on this GDPR Policy, as well as to exercise any of the aforementioned rights, a written notification can be sent to the contact details mentioned above.

This document is valid for an indefinite period.

Updated: 2023.03.02