CONTENTS:

1. When is it applied?
2. What is the purpose of this policy?
3. What is personal data?
4. For what purpose do we collect them?

• CONTRACTUAL Goals
• FUNCTIONAL Goals
• MARKETING Goals

5. How do we collect them?
6. What rights do you have?

• Right of access
• The right to change and delete
• The right to restrict the processing
• The right to data portability (export)
• The right not to be subjected to an automatic action
• The right to file a complaint

7. To whom do we disclose the data?
8. How do we secure data security?
9. What are the retention periods?
10. How do we deal with minors?
11. What do we do about security incidents?
12. What records do we keep?

1. When is it applied?
The Privacy Policy applies to the personal data of those who wish to become, are or have been Nordic Tours SRL' s customers, including data collected, used or disclosed while using our company's website, available at https://www.romania-tours.ro/. When referring to "Romania Tours", "us" or "our company" in this statement, we refer to Nordic Tours SRL.
You can manage your consent to the purposes for which personal data will be used by sending an e-mail to info@romania-tours.ro, you can write to us at Str Maria Hagi Moscu, nr 1, ap 4 Sector 1, cod postal: 011153, Bucharest or by accessing the administration panel at: https://www.romania-tours.ro/gdpr/profile.
This policy is valid from 25.05.2018
 

2. What is the purpose?
When using our site, we entrust some of your personal data. We understand this and we appreciate it. Through everything we do, we strive to protect them and give you the best control over them.
The Privacy Policy will help you understand what personal data we collect about you, how we use your personal data, and what options you have on your use of it.
We are committed to maintaining the accuracy, privacy and security of your personal data. In order to be consistent with the legislative changes and/or the practical realities we are confronted with, we reserve the right to adjust this policy at any time, and the changes become mandatory from the moment they are posted on the site.
 

3. What is personal data?
We want you to understand clearly what "personal data" is.
Personally personalized data is information about an identified or identifiable person. Examples of such data: name, surname, address, phone number, email, cookie, computer IP address, mobile device IDs, web browser information such as the browser type and browser language), the actions you make on our website etc.

4. For what purpose do we collect them?
Personal data is collected for the effective conduct of business relationships in order to provide you with the best services to permanently improve the functionality of our site or to bring you attention to advertisements and promotions relevant to you.
We limit the personal data that we collect to what is relevant for their particular processing. We do not process your personal data in ways that are incompatible with the purposes for which the information was collected or subsequently authorized by you.

CONTRACTUAL (mandatory) data - to begin the process of engaging in a contract and to actually carry out the business relationship.
We can collect data (name, surname, phone, email etc.) so we can answer your questions about our products and services (including by using a dedicated CRM sales solution) so that we can organize the actual processing and delivery of your orders. This data is collected through dedicated forms like: contact, request offer, request consultancy etc. These data are collectively referred to as "contract data". Without them, your order can not be picked up (for example: we do not know how to answer questions) and cannot be processed (for example, you can not issue tax documents to collect the value of the products etc.). You will not be able to use our services or products using our site without providing this data.
Customers can not give up receiving emails related to the processing, execution and delivery of the order (or other processes associated with it).
The legal basis for the processing of these data is our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).

FUNCTIONAL DATA - for the best experience in using the site
It is possible to collect direct data (name, surname, phone, email etc.) to ensure a better experience in using the site. The data is collected through site forms like.
These data are collectively referred to as "data for functional purposes".
You can collect the indirect data you can use to create a more structured website (e.g., Analytics reports, etc.). This data helps us to see visitors navigating the site, browsing volume and other useful information relevant to improving the site to give you the best browsing experience.
All of these features are designed to provide you with the best information and acquisition options.
If you do not agree to the use of data for this purpose, you can not benefit from these features.
The legal basis for collecting these data is consent (Article 6 (1) (a) of the General Data Protection Regulation).

MARKETING data - for a better structured site, relevant advertising and social media information
Personal data such as direct (name, surname, phone, email, etc.) or indirect data (cookies, computer IP address, location, mobile device IDs etc.) is collected.
Direct data is collected for subscriptions to the newsletter (newsletters, commercial offers, etc.). If you do not wish to receive such materials, you can access the "unsubscribe" link at the bottom of our company's marketing emails.
Cookies are data files that are sent from a website to a browser to record user information for different purposes. We use cookies and similar technologies. For more information, please refer to the page on our cookie policy site.
The data can also be used to display ads tailored to your wishes (eg Google Remarketing, Facebook Pixel, etc.). You may be able to show ads on the products you were interested in or viewed.
These data we call generic "data for marketing purposes".
The legal basis for collecting these data is consent (Article 6 (1) (a) of the General Data Protection Regulation).

5. How do we collect and manage your consent?
When you interact with our site, we offer you the ability to grant and withdraw at any time the consent to the use of your data.
We offer site visitors and customers who provide personal data the means to choose how we use this data. Consent to the processing of personal data may be required when launching a form, and any other purpose that involves giving consent by accessing a general control panel cumulatively or individually, on each category of data or purpose or other technical means created for that purpose.
You will be able to explicitly give your consent to the purposes for which the personal data will be used and to manage it later, in accordance with the regulations in force.

6. What rights do you have?
We make every effort to guarantee your rights in accordance with applicable law.
You have the right to access your personal data. Consequently, if necessary, we give you access to the personal data we hold about you. We also offer you the opportunity to choose whether you want to receive offers and promotions from us, but also to correct, modify or delete your information.
We may limit or deny access to personal data if the efforts or costs of providing access would be disproportionate to the risks to your privacy, or if the rights of others than you would be violated. Other reasons for refusing or limiting access may include restrictions imposed by applicable law or other similar, legitimate issues.
You have the right to modify and delete your personal data, especially incomplete or inaccurate data, for example, if some of the personal data you have provided (phone number, e-mail address, empowered person etc. .) are no longer up to date.
We take reasonable steps to ensure that the personal data we process is viable and accurate for the intended, complete and updated. In this regard, we rely on you to update and correct your personal data to the extent it is necessary for the purposes for which it was collected or subsequently authorized by you.
Requests to access, modify, or delete information will be processed within 30 days.
You have the right to restrict the processing, to oppose the processing of your personal data and to request the rectification, updating or deletion of the data under the law. This right may be exercised at any time, free of charge and without justification, except for those data for which processing is a legal obligation.
You have the right to request portability (export) of your personal data. We may limit or deny the portability of personal data if the efforts or costs of providing access are disproportionate to the benefits of the case.
You have the right not to be subject to an automatic decision.
You have the right to submit a complaint to the National Supervisory Authority for Personal Data Processing (A.N.S.P.D.C.P.), as well as to address the court, in accordance with the legal provisions in force.

7. To whom do we disclose your data and where do we transfer it?
We work with courier companies, authorized payment processors and Internet companies: Google, Facebook, etc. - all this, for the best experience with our site.
We may share your personal data with our contracted service providers for the processing and delivery of orders (such as payment processors, courier providers, etc.) to improve our website experience (eg, Google Analytics etc.) or marketing, advertising and advertising services (Google, Facebook, Mailchimp, etc.) as well as for other purposes: accounting, law, consulting, affiliates, business partners etc. Disclosure is based on the fact that the services required to run our business can not be performed by us. We make every effort to have a confidentiality commitment from them guaranteeing that these data are kept secure and that the provision of this personal information is made in accordance with applicable law. If our hosting service providers, newsletter senders or similar services are transferred outside of European Economic Area (EEA), efforts are being made to ensure adequate safeguards.

We may disclose your personal data either through law prescriptions, lawsuits, litigation and / or requests from public and governmental authorities in your country of residence or outside. We may also disclose personal information about you if we determine that disclosure is reasonably necessary to ensure compliance with our terms and conditions or to protect our operations or users. Relevant information can also be found in ads related to specific data processing activities.

We may also transfer personal data in the case of an audit, or in the case of the sale or total or partial transfer of our business or assets (including merger, acquisition, joint venture, reorganization, dissolution or liquidation).

8. How do we secure data security?
The security of your data is important to us. We make every effort to do this.
We take reasonable and appropriate measures to protect personal data from loss, misuse and unauthorized access, disclosure, modification and destruction, taking into account their nature. We take all internal measures to identify and ensure the security of information, the measures being regularly checked and adapted to the state of the art. Our company uses renowned service providers in the market (eg hosting services, software development services, marketing solutions, etc.) to achieve this goal.

9. What is the retention period?
We keep the information as legal and as long as you agree.
The storage of personal data is made over the periods of time specified by the legislation in force in order to maintain records related to the activities carried out, to protect the rights to justice and to exercise other rights according to the law and the concluded contracts, the fulfillment of the possible archiving requirements in accordance with legal provisions. The personal data required to benefit from the features of our site and the promotional activities are stored for an indefinite period of time until your account is deleted.

10. How do we deal with minors?
We DO NOT provide services and DO NOT deliver goods to minors except in express cases provided by law.
Our company DOES NOT track in its data processing activities, the processing of personal data of minors under the age of 16. We do not direct promotional marketing activities directly to minors.
Any person providing us personal data warrants that he /she is major, or has full exercise capacity. However, if a personal data processing process is performed for a person who is not a major person, we will stop processing these data with the knowledge of this fact.
Any processing of the personal data of minors is carried out in accordance with legal requirements and in strictly determined cases. Minors under the age of 14 may purchase services, solicit and receive communications from our company only if they have the consent of their legal representative or tutor, according to the law.

11. What do we do about security incidents?
Informing you and the authorities is the first step. Remedying the situation is our priority.
If a personal data breach occurs, we will notify the competent data protection authorities within 72 hours, depending on the degree of risk to the client or site visitor. Affected customers or site visitors will also be notified about the violation.
We will take all necessary steps to remedy the situations you have encountered in order to protect your rights.

12. What records do we keep?
We keep records to demonstrate compliance with the requirements of this policy.
We will keep relevant records about:
a. the purpose of processing personal data;
b. categories of data subjects and personal data processed;
e. where possible, the expected retention periods for different categories of personal data;
f. a general description of the security measures used to protect personal data;
g. exercising your rights.