Privacy policy
​
PROCESSING YOUR PERSONAL DATA
We aim to provide tourism services while also adhering to the highest professional standards in data protection legislation. Our commitment is to implement the highest standards of confidentiality and transparency regarding the personal data we process in our daily activities. Our core values are defined by the protection and complete transparency in the processing of your personal data within the delivery of our services.
The Personal Data Processing Policy outlines the categories of your personal data that we process, the methods and purposes for collecting this data, situations in which we may transfer personal data, as well as your rights and options in this regard. Additionally, the Personal Data Processing Policy details how we process personal data in managing customer relationships, most often to keep you updated on the latest offers.
Please also review the Terms and Conditions available at www.businesstravel.ro and the Cookie Policy (included in the Terms and Conditions), which details how we use cookies and other similar technologies on our website.
YOUR PERSONAL DATA CONTROLLER
The controller of your personal data is BUSINESS TRAVEL TURISM SRL, headquartered in Bucharest, Aleea Alexandru, no. 9A, sector 1, phone +4 021.231-5619, fax +4 021.231-5622, email office@businesstravel.ro, generically referred to as BUSINESS TRAVEL.
CATEGORIES OF PERSONAL DATA PROCESSED
The personal data we process may include:
• Contact information, such as your name, postal address, including your home address if you have provided it, business address, phone number, mobile number, fax number, and email address;
• Additional information processed in the context of a contractual relationship with BUSINESS TRAVEL or voluntarily provided by you, such as instructions given, payments made, and any other information regarding reservations or accessing BUSINESS TRAVEL offers;
• In the context of the services provided, we may also collect and process special categories of personal data, such as data on union membership, health data, etc.;
• Details of your visits to our offices or any other details regarding your interactions with us;
• Data resulting from your browsing on our website, collected through cookies and similar technologies, in accordance with BUSINESS TRAVEL’s Cookie Policy, such as:
• The date and time you accessed our services, the software or browser you used;
• Information about your computer’s operating system, such as language settings, your hardware - information about the screen resolution used;
• The location from which you access our site;
• Information about your access history and your activity on our website, specifically information about the pages you viewed, the time spent on the site or a particular page, or the areas of a particular page.
LEGAL BASES FOR PROCESSING PERSONAL DATA
Any operation involving the processing of your personal data will be carried out based on one of the following legal grounds:
• Processing is necessary for the conclusion or performance of a contract to which you are a party;
• Processing is necessary for compliance with a legal obligation of the controller;
• Processing is based on your consent;
• Processing is necessary to protect your vital interests or those of another natural person;
• Processing is necessary for the legitimate interests of BUSINESS TRAVEL or a third party (e.g., when processing is necessary for the performance of a contract to which your organization is a party), except where such interests are overridden by your fundamental rights and freedoms;
• In the case of special categories of data, processing will be carried out if, in addition to a general legal basis for data processing, the consent of the data subject has been obtained.
PURPOSES FOR PROCESSING YOUR PERSONAL DATA
We may use your personal data for the following purposes:
• Providing tourism services or related services;
• Managing and administering our contractual relationship with our clients;
• Complying with our legal obligations (such as reporting obligations to tax authorities);
• Managing security and access to our premises, managing the use of IT systems used by BUSINESS TRAVEL (e.g., website, data management platforms, communication systems), including preventing and detecting security threats, fraud, or other unauthorized or malicious activities;
• Complying with court orders and exercising and/or defending our rights and interests;
• Marketing activities - we use your email address to send you personalized newsletters about our products and services, with your consent. You can unsubscribe from marketing communications via email at any time by clicking the Unsubscribe button at the bottom of each newsletter you receive from us.
• Analyzing and improving our services and communications to you, including conducting customer surveys regarding the level of satisfaction with BUSINESS TRAVEL services (since we have a legitimate interest in continuously improving our services);
• For any purpose related to and/or ancillary to any of the above or any other purpose for which your personal data has been provided to us, in accordance with applicable law.
Additionally, with your consent, we may send you various communications through the channels you have approved to keep you updated on the latest travel offers, announcements, and other information about BUSINESS TRAVEL’s services, products, events, and projects, or other promotional events.
DISCLOSURE OF YOUR DATA
We may disclose your personal data to other service providers we work with to provide services, as well as other public authorities, entities indicated by you (who may be our client or a third party involved), or other entities in the context of providing BUSINESS TRAVEL services (such as insurance service providers, etc.). We will ensure that these disclosures are made in compliance with legal requirements regarding personal data processing.
For the processing of personal data, we may use authorized persons, such as IT solution providers necessary for business management, including accounting solutions, or online software necessary for site administration. We will enter into data processing agreements with all persons authorized to process personal data, which will include specific clauses to ensure they undertake the obligations to process personal data (including the obligation to delete or provide information about processed data upon request) in full compliance with applicable law and that they provide adequate protection for your personal data.
BUSINESS TRAVEL will not provide (by sale or rental) your personal data to third parties. We may disclose personal data to law enforcement authorities if required by law or strictly necessary to prevent, detect, or prosecute criminal acts and fraud, or if we are otherwise legally obligated to do so. We may also need to disclose personal data to competent authorities to protect and defend the rights or property of the company or the rights and property of our business partners.
TRANSFER OF YOUR PERSONAL DATA ABROAD
We may transfer your personal data to countries within the European Economic Area or to countries recognized by the European Commission as providing an adequate level of protection for personal data if such a transfer is necessary for processing in accordance with the Permitted Purposes described above.
In exceptional circumstances, if necessary to ensure BUSINESS TRAVEL services for the Permitted Purposes, we may transfer your personal data to third countries that have not been recognized by the European Commission as providing an adequate level of protection.
We will ensure that these international transfers are subject to appropriate safeguards (such as, based on Standard Contractual Clauses approved by the European Commission) as required by the General Data Protection Regulation (EU) 2016/679 or other applicable legal provisions. You may contact us at any time using the contact details below if you want more information about these safeguards.
UPDATING YOUR PERSONAL DATA
If any of the personal data you have provided to us changes, for example, if you change your first name, last name, or email address, or if you wish to cancel any request made to us, or if you become aware that we hold any incorrect personal data about you, please contact us by email at dpo@businesstravel.ro.
We will not be liable for any loss arising from incorrect, inauthentic, insufficient, or incomplete personal data that you provide to us.
HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
BUSINESS TRAVEL has implemented technical and organizational measures for organizing the process and specific criteria for processing your personal data (including according to our archiving procedures).
We will cease processing personal data when they are no longer reasonably necessary for the Permitted Purposes or when you withdraw your consent (if applicable), and:
• There are no legitimate and compelling reasons justifying further processing by BUSINESS TRAVEL (including BUSINESS TRAVEL’s legal obligation to continue storing the respective data) that override your interests, rights, and freedoms, or
• They are no longer necessary for the establishment, exercise, or defense of legal claims.
YOUR RIGHTS REGARDING THE PROCESSING OF PERSONAL DATA
Subject to certain legal conditions, you have the following rights concerning the processing of your personal data:
• The right to request a copy of the personal data we hold about you;
• The right to rectify any incorrect or incomplete personal data;
• The right to object to or restrict our use of your personal data;
• The right to withdraw your consent to data processing based on consent;
• The right to delete your personal data in situations where you have withdrawn consent, processing is no longer necessary, or the processing is contrary to the law;
• The right to data portability, allowing you to request that we transfer personal data to another entity/operator indicated by you;
• The right to withdraw your consent to processing based on consent. Withdrawing your consent will not affect the lawfulness of processing based on consent before its withdrawal. In cases where you withdraw your consent, BUSINESS TRAVEL will no longer process your personal data and will take appropriate measures to delete your personal data. However, BUSINESS TRAVEL may still process your personal data if there is another legal basis for such processing.
If we discover any breach of the personal data processing process that poses a risk to your rights and freedoms, we will inform the National Supervisory Authority for Personal Data Processing.
If the breach of the personal data processing process could in any way affect your rights and freedoms, you will be immediately informed of this breach.
If you wish to exercise your rights mentioned above,
please contact us using the following contact details:
• Address: Aleea Alexandru, no. 9A, sector 1, Bucharest, Romania
• Email: dpo@businesstravel.ro
• Fax: +40 21.231-5622
To comply with our legal obligations regarding data security and confidentiality, when you exercise one of your rights as a data subject, we may ask you to verify your identity by providing a copy of an identification document or any other necessary information to verify that the request comes from the relevant data subject.
We will consider any requests or complaints we receive and will respond within the legally required timeframes. If you are not satisfied with our response or believe that the processing is conducted in violation of applicable law, you may file a complaint with the data protection authority in Romania: National Supervisory Authority for Personal Data Processing – headquartered at Bd. Gheorghe Magheru no. 28-30, Bucharest, Romania.