My Account

LOG IN
Cart : 0 Items - 0,00 lei Cart (0)
Cart : 0 Items - 0,00 lei Cart (0)

Menu

open-navigation
close-navigation
BOOK NOW

DATA PROTECTION

INFORMATION NOTICE

Personal Data Operator

The company Complex Mara SA, headquartered in Baia Mare, Bdul Unirii no. 11, registered with the Trade Register of Maramureș under no. J24/614/1995, with VAT number RO7769797, main activity code CAEN: 5510 – Hotels and other similar accommodation facilities, phone: 0262.226.660, fax: 0262.226.656, email: office@hotelmara.ro , as the personal data operator, hereinafter referred to as Complex Mara SA.

Considering the provisions of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (the General Data Protection Regulation, hereinafter “GDPR”)

In order to provide you with our services, including sending you offers related to tourism services such as accommodation, food and beverage, travel, body care and relaxation through our SPA center, as well as other leisure services that may be of interest to you, and also news, campaigns, and invitations to various events, it is necessary to obtain your explicit consent.

The GDPR Policy explains the practices of Complex Mara SA (hereinafter “Complex Mara SA”) regarding the application of GDPR provisions, as well as the rights you have concerning how your information is processed by our company.

To fulfill the above, Complex Mara SA collects, processes, and manages data and information, including personal data of clients or potential clients, as well as other groups of individuals such as guests interacting with us through various communication channels, business contacts via: the website www.hotelmara.ro , email addresses: office@hotelmara.ro , agentie@hotelmara.ro , contabilitate@hotelmara.ro , fax: 0262.226.656, and through our staff; as well as personal data provided by a third party or obtained from other sources, in accordance with Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and the free movement of such data.

In the course of our activity, to provide our online booking services, we use the services of Booking.com B.V., P.O. Box 1639; 1000 BP Amsterdam, The Netherlands; Phone: +40 (0) 37 37 88 020; VAT number: NL805734958B01; Registered in the Netherlands No.: 31047344; website: www.booking.com (hereinafter “Booking.com”). Reservations are processed through Booking.com, and the information you enter may include personal data such as your name, contact details, payment information, the names of guests traveling with you, and any preferences specified when making a booking. This information is shared with Booking.com.

We aim to process only the minimum data necessary to provide a high-quality service.

Definitions. For the purposes of Regulation (EU) 2016/679 on the protection of natural persons with regard to the free movement of such data:

- “Personal data” – any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

- “Processing” – any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

- “Controller” – the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.

- “Recipient” – a natural or legal person, public authority, agency, or other body to whom personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not considered recipients; the processing of such data by those public authorities is subject to applicable data protection rules in line with the purposes of the processing.

Lawfulness of Processing, Purpose, and Personal Data Policy

According to the provisions of Article 6 of the GDPR, processing is lawful if at least one of the following conditions applies:
a) The data subject has given consent to the processing of their personal data for one or more specific purposes;
b) Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract;
c) Processing is necessary for compliance with a legal obligation to which the controller is subject;
d) Processing is necessary to protect the vital interests of the data subject or of another natural person;
e) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, in particular when the data subject is a child.

Video Surveillance Complex Mara SA processes your personal data (image and voice) using video surveillance systems to protect persons and property owned by Complex Mara SA by monitoring access to the premises.

Categories of Personal Data These include personal identification and contact information such as name, surname, signature, phone number, address, email, and other communication data, as well as special personal data (e.g., national ID number, identity card). In accordance with Article 6(1)(a) of the GDPR, we may contact you or transmit your personal data for the purpose of carrying out the company’s activities and achieving its business objectives.

Your personal data will be used for the following purposes:

1. Reservations: Your personal data is used to complete and manage bookings made online or directly.

2. Customer Services: Your personal data is used to provide the necessary services, including: a) Hotel services related to accommodation,
b) Food and beverage services within the restaurant,
c) Body care and relaxation services provided in the SPA center,
d) Tourism services (travel, leisure, etc.),
e) Other related services.

In this context, we may issue offers, contracts, invoices, and other documents required to provide you with the best services or service packages. For certain products or services, automated profiling may be performed to assess risks according to legal regulations, so offers may be issued based on specific requirements or additional medical evaluations.

3. Marketing Activities: Your personal data may be used for marketing activities in accordance with the law. If we use your personal data for direct marketing or communications regarding new products and services, bonuses, prizes, or other offers that may be of interest, you have the right to opt out through legal communication channels.

4. Other Communications: In certain situations, we may contact you by email, post, phone, or SMS, depending on the contact information you share with us.

Reasons for communications: a) To respond to and resolve requests made by you, b) To complete an online booking, we may send an email with the necessary information to finalize your reservation.

5. Analysis, Improvement, and Research: To improve the functionality and quality of our services, we may involve a third party to perform research and analysis on our behalf. We may share or disclose the results of such research, including with third parties, in an anonymized form.

6. Security, Fraud Detection, and Prevention: We use information, which may include personal data, to prevent fraud and other illegal activities, as well as to investigate and detect fraud. Personal data may be used for risk assessment and security purposes, including user authentication. For these purposes, personal data may be shared with third parties such as law enforcement authorities in accordance with applicable law and external consultants. Security camera recordings may be stored for up to 30 days for these purposes.

7. Legal Reasons: In certain cases, we may need to use the information provided, which may include personal data, to resolve legal disputes or complaints, conduct investigations, comply with regulations, enforce agreements, or respond to legal requests from authorities as required by law.

Where necessary, in accordance with applicable law, we will obtain your consent before processing your personal data for direct marketing purposes.

Data Protection Measures: The controller, Complex Mara SA, implements appropriate measures to protect personal data processed within its information system.

Data Subject Rights:

Under Regulation (EU) 2016/679, data subjects have the following rights:

a) Right to information and access (Articles 13–15): You have the right to obtain information about the personal data we process. The first provision of information is free of charge. If you request additional copies of information already provided, a reasonable fee may apply to cover administrative costs. Manifestly unfounded, excessive, or repeated requests may not receive a response.

b) Right to rectification (Article 16): You have the right to request the correction of inaccurate or outdated personal data and to complete incomplete data.

c) Right to erasure (“right to be forgotten”) (Article 17): In certain cases, you may request the deletion or destruction of your data. This right is not absolute, as we may be required to retain data for legal or regulatory reasons. Your data cannot be deleted if processing is necessary for:
- Exercising the right to freedom of expression and information;
- Compliance with a legal obligation;
- Public interest reasons in the field of public health;
- Archiving purposes in the public interest;
- Establishing, exercising, or defending legal claims;
- Other cases imposed by law.

d) Right to restriction of processing (Article 18).

e) Right to data portability (Article 20).

f) Right to object (Article 21): You may object to the processing of your personal data when the processing is based on a legitimate interest.

g) Right to withdraw consent: You may withdraw your consent to the processing of your personal data when the processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

h) Right to object to marketing: You can opt out of direct marketing communications at any time, including via email.

Data Retention and Transfer

Complex Mara SA may retain processed data for various periods considered reasonable, in accordance with the purposes outlined above. We keep your personal data only for as long as necessary to achieve the purpose for which we hold it, to meet your needs, or to comply with legal obligations.

To determine the retention period for your data, we use the following criteria:

- When you purchase services from us, we retain your personal data for the duration of the contractual relationship and thereafter according to financial-accounting regulations, generally for 10 years.

- If you participate in a promotional offer, we retain your personal data for the duration of the promotion.

- If you contact us for information, we retain your personal data for the time necessary to process your request, but no longer than 10 years from the date of the last correspondence.

- If you have given consent for marketing purposes, we retain your personal data until you request deletion or after a period of inactivity (without active interaction with our services). Data stored for direct marketing communications is removed from our records 10 years after the last interaction with you.

Disclaimer

The Complex Mara SA website and its activities may contain links to other websites and/or web pages not owned by Complex Mara SA. We do not assume any responsibility for the content of these sites and are not liable for any content, advertising, goods, services, software, information, or other materials available through them. Complex Mara SA is not responsible for loss of personal data or any negative effects on visitors’ or clients’ personal data, and cannot be held liable for moral or material damages caused by access to these external sites.

Contact

To exercise your rights mentioned above, or if you believe Complex Mara SA has violated your personal data or privacy, please contact us to resolve the issue and improve our services. You can submit a written, dated, and signed request:

At our office: Baia Mare, Bd. Unirii nr. 11
By email: office@hotelmara.ro
By fax: +40-262-226-656
By post: at the company’s address above

We will strive to respond without undue delay, and in any case within one month.

Additionally, under GDPR, you have the right to lodge a complaint (Art. 77) with the National Supervisory Authority for Personal Data Processing at Bd. G-ral Gheorghe Magheru nr. 28–30, Sector 1, Bucharest, postal code 010336, email: anspdcp@dataprotection.ro , or to seek legal remedy (Art. 79).

✓ Produs adăugat în coș!