Privacy policy

Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, in this document – GDPR, Regulation or GDPR) was adopted by the European Parliament and the Council of the European Union on 27 April 2016 and its provisions are directly applicable as of 25 May 2018. This Regulation expressly repeals Directive 95/46/EC, thus replacing the provisions of
Law No 677/2001 (now repealed).
The Regulation is directly applicable in all Member States, protecting the rights of all individuals within the European Union. From a substantive point of view, the Regulation applies to all controllers processing personal data. The Regulation does not apply to the processing of personal data relating to legal persons and, in particular, to undertakings having legal personality, including the name and type of legal person and the contact details of the legal person.
Personal data are defined as any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Identity of the operator
In view of Article 4(7) of the Regulation, which defines the notion of “controller” as the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data, the controller processing personal data through this website is CIURTIN OCTAVIAN PETRU PFA, with registered office in Sat Margau nr.324, jud. Cluj, registered at the Trade Register Office F12/424/2016, with CUI 35947520, legally represented by Ciurtin Octavian Petru, with contact details ciurtin.octavian@yahoo.com, 0756 321 857.

Collection of personal data
What personal data is collected
The operator of this website collects, stores and processes the following personal data of/about you: first and last name or company name, contact details (such as e-mail, telephone, fax), IP, CNP/CUI, for the purpose of contacting you, creating reservations and booking contracts.

Obtaining Consent
For the processing of personal data to be lawful, the GDPR requires that it is carried out for a legitimate reason, such as the performance or conclusion of a contract, the fulfilment of a legal obligation, or on the basis of the data subject’s prior valid consent. In the latter case, the controller is required to be able to demonstrate that the data subject has consented to the processing. Consent given under Directive 95/46/EC remains valid if it meets the conditions set out in the GDPR.
Consent must be given by an unequivocal statement or action which constitutes a freely expressed, specific, informed and clear expression of the data subject’s agreement to the processing of his or her personal data. Where the consent of the data subject is given in the context of a statement, in electronic or written form, which also refers to other matters, the request for consent must be presented in a form that clearly distinguishes it from the other matters, and may even be done by ticking a box. For the processing of personal data to be lawful, the GDPR requires that it is carried out for a legitimate reason, such as the performance or conclusion of a contract, the fulfilment of a legal obligation, or on the basis of the data subject’s prior valid consent. In the latter case, the controller is required to be able to demonstrate that the data subject has consented to the processing. Consent given under Directive 95/46/EC remains valid if it meets the conditions set out in the GDPR.

Copyright © Mărgău Retreat Apuseni. All rights reserved. Developed by Nessave Solutions.