The protection of your personal data is very important for the Travel Agency TALE TRAVEL SRL (hereinafter referred to as “Agency” or “operator”), a Romanian legal entity, based in Str. Cuza Voda 72, registered at the Trade Register Office under no. J13 / 217/2016, having CUI 35540577. We want you to be properly informed about the manner and purposes of how the Travel Agency TALE TRAVEL SRL processes your personal data.
The purpose of this Security Policy for the Processing of Personal Data (hereinafter referred to as the “Security Policy”) is to establish the appropriate technical and organizational measures and responsibilities of TALE TRAVEL SRL employees, with responsibilities for processing personal data and / or, as the case may be, of the empowered persons, for fulfilling the obligations regarding the guarantee and protection of the fundamental rights and freedoms of the natural persons, especially of the right to intimate, family and private life, regarding the processing of personal data.
If you notice any errors in the provision of personal data concerning you, please inform us as soon as possible, using any of the means indicated in section 7 of this Security Policy.
- Principles of personal data processing
1.1. Personal data are processed by TALE TRAVEL SRL, in good faith and in accordance with the legal provisions in force.
1.2. Personal data are collected by TALE TRAVEL SRL for well-defined, explicit and legitimate purposes, and further processing will not be incompatible with these purposes.
1.3. Personal data are adequate, relevant and not excessive in relation to the purpose for which they are collected and subsequently processed.
1.4. Personal data is not stored by TALE TRAVEL SRL for a longer period than is necessary to achieve the purposes for which it was collected.
1.5. TALE TRAVEL SRL has taken appropriate technical and organizational measures to protect personal data against accidental or illegal destruction, loss, modification, disclosure, unauthorized access or any other form of illegal processing, as well as regarding the deletion or rectification of inaccurate or incomplete data from the point of view of the purpose for which they are collected and for which they will be subsequently processed.
- Data categories and purpose of use of personal data
2.1. The personal data referred to in this Security Policy include identification elements such as name and surname, name and surname of legal representatives, sex, date and place of birth, citizenship, telephone / fax, domicile / residence address, address e-mail, personal numerical code, series and number of the identity card / passport, bank details or similar, which serve to identify you or the persons who represent you or who you represent.
2.2. TALE TRAVEL SRL will collect, use and process the personal data offered only for the processing and confirmation of airline ticket reservations, accommodation, meals, rent-a-car, packages, tourist or city break, etc., received based on online orders. lines made by you, as well as for the issuance of any financial-accounting documents. Some of this data may be communicated to the contractual partners involved in the actual provision of tourism services after we have previously taken all necessary measures to ensure that they comply with Regulation (EU) 2016/679 on the protection of individuals with regard to concerning the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (General Data Protection Regulation).
2.3. TALE TRAVEL SRL will not collect, use, process and provide personal data provided by you for purposes such as advertising, marketing and publicity, statistics, organization of courses, seminars, other events (including delegations, conferences and fairs)., Without your express consent explicitly and unequivocally.
2.4. The collection and processing of personal data of minors by TALE TRAVEL SRL will be done only with the explicit consent of parents or other legal representatives.
- General rules
3.1. This Security Policy establishes technical and organizational measures implemented by TALE TRAVEL SRL, in order to fulfill the obligations regarding the confidentiality and security of the processing performed within its activity. Minimum security requirements consider a complex of technical, IT, organizational, logistical measures and procedures that ensure a minimum level of security of processing, according to Regulation (EU) 2016/679 on the protection of individuals with regard to processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation).
3.2. TALE TRAVEL SRL has adopted adequate technical and organizational measures to protect personal data against accidental or illegal destruction, loss, modification, disclosure, unauthorized access or any other form of illegal processing. In this regard, is designated, at the level of TALE TRAVEL SRL, a person responsible for compliance with the provisions of Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Protection Regulation).
3.3. In order to fulfill the related legal provisions and in order to satisfy the requirements of keeping data and information safe, TALE TRAVEL SRL has elaborated and implemented organizational and technical measures oriented on certain directions of action:
– User identification and authentication;
– Type of access;
– Data collection;
– Computers and access terminals;
– Access files;
– Staff training;
– Telecommunication systems;
– Use of computers;
– Data printing.
- Specific procedures
4.1. User identification and authentication
By user is meant any person acting under the authority of TALE TRAVEL SRL or the person authorized by TALE TRAVEL SRL, with a recognized right of access to personal databases.
In order to gain access to personal data, users must identify themselves.
In the case of automated processing, the identification is made by authentication in the computer systems of TALE TRAVEL SRL. Authentication is done by entering unique authentication data, consisting of user account (username) and password.
The passwords are character strings, adequate from the point of view of security in terms of length and composition, according to the IT security policy of TALE TRAVEL SRL. When entering passwords, the typed characters are not clearly displayed on the monitor. According to the IT Security Policy of TALE TRAVEL SRL, passwords must be changed periodically.
The operator has implemented a computer system that automatically denies a user access after a predetermined number of incorrect password entries.
Any user who receives access to the personal database is informed that they must maintain the confidentiality of the authentication data and be accountable to the operator.
TALE TRAVEL SRL has established a procedure for administration and management of user accounts, provided by the IT Security Policy of TALE TRAVEL SRL. In accordance with its provisions, clear rules are established for granting, respectively cancellation of the rights and ways of accessing the user account.
4.2. Type of access
The users can access only the personal data necessary for the fulfillment of the attributions assigned by TALE TRAVEL SRL. For this, the types of access are established according to functionality (administration, introduction, processing, saving, etc.) and according to actions applied on personal data (writing, reading, deletion), as well as the procedures regarding these types of access.
The programmers of personal data processing systems have access to personal data based on a strictly confidentiality agreement signed with TALE TRAVEL SRL, exclusively in cases where this is necessary, each operation being documented.
The department that provides technical support may have access to personal data to resolve incidents and problems in the use of computer systems.
Computers and servers that contain databases of personal information are located in rooms with controlled access. Documents containing personal data such as those considered special categories of data are kept in rooms with restricted access.
The operator has established strict ways in which personal data will be destroyed.
4.3. Computers and access terminals. Data collection
TALE TRAVEL SRL designates authorized users for the operations of collection, introduction and processing of personal data in a computer system or in a manual system.
Any modification of personal data can only be made by authorized users designated by the operator.
The operator took measures for the information system to record who made the change, the date and time of the change. For a better administration, the operator has implemented measures for the information system to keep the data deleted or modified.
4.4. Execution of backups
The computer system performs a daily, automatic backup of the databases, for a possible data recovery, in case of loss, destruction or malfunction of the computer systems.
TALE TRAVEL SRL establishes the time interval at which the backups of the personal databases will be executed, as well as of the programs used for the automated processing. Users who perform these backups are called by the operator in a limited number. The backups are stored in a safe box with restricted access, located in a different room from the one in which the backup is performed.
Computers and other access terminals are installed in rooms with controlled access, which can be locked. If the computers are open and they are not operated for a given period, set by the operator, the work session closes automatically.
Users are trained so that databases with personal information are closed, in cases when they are open, if there are unauthorized persons around.
The servers that host the databases can only be accessed in a controlled way, based on access rights.
4.5. Access files
TALE TRAVEL SRL takes measures that any access to the personal database to be registered in an access file (called log for automatic processing) or in a register for manual processing of personal data, established by the operator.
The information registered in the access file or in the register will be:
– identification code (username for manual personal databases);
– the name of the accessed file (file);
– the number of registrations made;
– type of access;
– the code of the executed operation or the used program;
– date of access (year, month, day);
– time (hour, minute, second).
For automatic processing this information will be stored in a general access file or in separate files for each user.
The operator is obliged to keep the access files for at least 2 years, in order to be used as evidence in case of investigations. If the investigations are prolonged, these files will be kept until the completion of the investigations and any actions related to them.
The access files must make it possible for the operator or the authorized person to identify the persons who have accessed personal data without a specific reason, in order to apply sanctions or notify the competent bodies.
4.6. Telecommunication systems
TALE TRAVEL SRL, through the authorized users, periodically controls the authentications and the types of access for the detection of some dysfunctions regarding the use of telecommunication systems. Only strictly necessary personal data will be transmitted through telecommunication systems.
4.7. Staff training
Users who have access to personal databases are instructed on the provisions of Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95 /46/CE. (General Data Protection Regulation).
Users are forced to log out when they leave work.
4.8. Using computers
In order to maintain the security of personal data processing (especially against computer viruses) TALE TRAVEL SRL has taken the following measures:
– banned the use by users of software programs that come from insecure sources;
– users do not have administrator rights on computers, therefore they cannot install software without announcing the department that provides technical support;
– licensed software is used;
– users were trained on the IT Security Policy of TALE TRAVEL SRL and other general IT operating policies, including the danger posed by computer viruses;
– computers are protected with antivirus programs;
– the user’s activity is monitored and his access to printers is restricted
4.9. Data printing
The printing of personal data will be done only by the designated users and only for the purpose specified in these rules.
- The rights of persons whose personal data are collected and / or processed
According to Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Regulation on the protection of data benefiting from the following rights regarding the processing of personal data concerning you:
5.1. The right to information
You have the right to obtain from TALE TRAVEL SRL, at least the following information, unless you are already in possession of the respective information:
- a) the identity of the operator and his representative, if applicable;
- b) the purpose for which the data is processed;
- c) additional information, such as: recipients or categories of recipients of the data; if the provision of all required data is mandatory and the consequences of refusal to provide them; the existence of the rights provided by this law for the data subject, in particular the right of access, intervention on data and opposition, as well as the conditions under which they may be exercised, the intention of the operator to transfer personal data to a third country or organization International; the period for which the personal data will be stored or if this is not possible, the criteria used to establish this period.
- d) any other information whose provision is imposed by order of the supervisory authority, taking into account the specifics of the processing.
5.2. The right to access data
You also have the right to obtain from TALE TRAVEL SRL a confirmation on the fact that the personal data are or are not processed, being able to obtain, upon request and free of charge for one request per year, a copy of the data subject to processing.
5.3 The right to intervene on the data
At the same time, you have the right to obtain from the operator, upon request and free of charge, the rectification, updating, blocking or deletion of data whose processing is not in accordance with the law, especially of incomplete or inaccurate data.
5.4 The right to restrict data processing in the following cases:
– the data subject disputes the accuracy of the data, for a period that allows the operator to verify the accuracy of the data;
– the processing is illegal, and the data subject opposes the deletion of personal data, requesting instead the restriction of their use;
– the operator no longer needs the personal data for the purpose of processing, but the data subject requests them for the ascertainment, exercise or defense of a right in court;
– the data subject objected to the processing, for the time interval in which it is verified whether the legitimate rights of the operator prevail over those of the data subject;
5.5.The right to data portability;
Upon request, you have the right to receive personal data concerning you in a structured format and to be able to transmit them to another operator.
5.6 The right to go to court
At the same time, you have, according to art. 18 of Law no. 677/2001, the right to go to court for the defense of any rights guaranteed by law, which have been violated.
To exercise these rights, you can address a written request, dated and signed, submitted using the contact details indicated in section 7 of this Security Policy.
- Disclosure of personal data to third parties
The collected data are disclosed to third parties only if TALE TRAVEL SRL is covered by a legal obligation in this regard.
- In case of accidental breach of personal data security, TALE TRAVEL SRL undertakes:
- a) to notify the competent Supervisory Authority of any violation of the security of personal data, within a maximum of 72 hours from the date on which it became aware of it.
- b) to keep documents referring to all cases of personal data security breach, which include a description of the factual situation in which the personal data security breach took place, its effects and the remedial measures taken. This documentation allows the supervisory authority to verify compliance with this article.
- c) to communicate to the data subject any breach of personal data security, without unjustified delays, especially when the breach is likely to generate a high risk for the rights and freedoms of the natural person.
For requests or questions regarding this Security Policy, please contact TALE TRAVEL SRL, as follows:
Str. Cuza Voda 72, Constanta
Tel: +40 770 679 844
- Final provisions
This document is completed with the entire set of security procedures regarding the processing of personal data approved by the management of TALE TRAVEL SRL, including the IT Security Policy of TALE TRAVEL SRL.
This Security Policy for Personal Data Processing was adopted today, 07.12.2020, in Constanta.