Privacy policy
This Privacy Policy defines how we, MANDALA TRAVEL SRL, collect, store and use your personal data when you access or interact with our website www.mandala-journeys.ro, and where we obtain or collect your data.
This Privacy Policy is applicable from January 1, 2020.
content
- Summary
- Details about our company
- What information do we collect when you visit our website
- What information do we collect when you contact us
- What information do we collect when you interact with our website
- What information do we collect when you place an order on our website
- Use of automated decision-making systems
- How we collect information about you from third parties
- Disclosure and additional uses of your data
- How long to store your data
- Securing your information
- Transfer of your data outside the European Economic Area
- Your rights to personal data
- Your right to object to the processing of data for certain purposes
- Sensitive personal data
- Changes to our privacy policy
- Juvenile confidentiality
Summary
This section summarizes how we obtain, store and use your data. This summary is intended only to provide an overview of the privacy policy. This section is not a complete description and it is necessary to read the additional chapters present in this document for completions.
- Data operator: MANDALA TRAVEL SRL
- How we collect or obtain information about you:
- when you provide the respective data (eg: by contacting us, by accessing, ordering or purchasing various Mandala Journeys services and products, by filling in the offer request form, by creating an account on the site, by registering in the company’s database to receive information marketing regarding our services and products, by filling in online or offline forms in order to register for advertising lotteries and events (eg fairs);
- when you access our site, some data is collected through cookies.
- What information do we collect: name, surname, telephone number, home address, e-mail address, series and no. identity card, series and no. passport, CNP, IP, date of birth, age of children, place of work, company name (if applicable), VAT registration number (if applicable).
- How we use your data: for business and administrative purposes (especially to contact you and to process the orders you place on our site), to fulfill our contractual obligations, to promote the goods and services and in connection with our legal rights and obligations.
- Disclosure of user data to third parties: the minimum necessary to fulfill our contractual obligations to you – hotel service providers, transportation, tourism, for the operation of the business, for compliance with legal obligations.
- Your data is not sold to third parties.
- How long your information is stored: no longer than necessary – depending on our legal obligations (eg to maintain accounting records), or any other basis on which we use the information (eg consent, contractual obligations , legitimate interests). Information about specific periods of user data storage can be found in the Duration of your data storage section.
- How your data is secured: by using technical and organizational solutions such as: storing information on secure servers, encrypting data transfers to and from our servers using SSL technology, encrypting payment transactions on the site using SSL technology, allowing access to your personal data only when necessary, encryption of personal data, encryption of emails, pseudonymization and / or anonymization of personal data.
- Use of cookies and similar technologies: we use cookies and similar information collection technologies, such as web beacons, on our website including essential, functional, analytical and targeting cookies. For more information, please access our cookies policy here: https://www.mandala-journeys.ro/politica-de-utilizare-cookie/
- Transfer of your personal data outside the European Economic Area: we will transfer your personal data outside the European Economic Area only if we are obliged to do so by law or in order to fulfill our contractual obligations to you – when we do this, we ensure that there are adequate protection measures, for example: the protection of personal data to partners outside the European Union is governed by standard contractual clauses for the transfer of personal data from the Community to third countries.
- Use of automated decision -making processes : we use automated decision -making processes in connection with our website, eg use of Web Analytics tools, cookies, web beacons or use of targeting cookies to show ads to people who visit our site on other websites (for example, by using the Google AdSense network).
- Your rights regarding your personal data:
- you have the right to access your data and receive information about its use
- you have the right to request the correction and / or completion of information (the right to rectification)
- you have the right to request the deletion of data
- you have the right to restrict the use of data
- you have the right to receive the data in a portable format
- you have the right to object to the processing of your data.
- you have the right to withdraw your consent for the processing of your data.
- you have the right to appeal to a supervisory authority
Details about our company
The data operator regarding our site is: MANDALA TRAVEL SRL, based in Bd. Bucuresti bl. 66 / 1D, ap. 52, Giurgiu, Giurgiu County. You can contact the data operator by writing to the address mentioned above or by e-mail to sayhello@mandala-journeys.ro.
If you have any questions about this privacy policy, please contact your data controller.
The information we collect when you contact us
We collect and use information from people who contact us in accordance with this section and the section entitled Disclosure and Additional Uses of Your Information.
When you send a message to the e-mail address displayed on our site, we collect your e-mail address and any other information you provide in that e-mail (such as your name, your e-mail number). phone and the information contained in any signature block in the e-mail).
Transferring and storing your information
We use a third-party email provider to store the emails you send us. Our email provider is ROMARG SRL. Its privacy policy is available here: https://www.romarg.ro/termeni-legali.html.
The e-mails you send us will be stored inside the European Economic Area on the ROMARG servers located in ROMANIA.
- Contact form
When you contact us using the contact form, we collect: name, surname, e-mail, phone number. We also collect any other information you provide to us when you complete the contact form in the comments field.
If you do not provide the information required by the contact form, you will not be able to send it and we will not receive your request, therefore we will not be able to respond.
The reason why it is necessary to perform a contract: if your message is about providing goods or services or taking action at your request before providing you with our goods and services (for example, providing information about such goods or services). goods and services); we will process your information to do so.
Transferring and storing your information
The messages you send us through our contact form will be stored inside the European Economic Area on the servers of the hosting provider – ROMARG SRL from Romania.
Their privacy policy is available here: https://www.prologue.ro/servicii/hosting/ and https://www.romarg.ro/termeni-legali.html
- Telephone
When you contact us by phone we do not collect your phone number and any information you provide to us during the conversation with us. We do not record phone calls.
The information we collect when you interact with our site
We collect and use data from people who interact with certain features of our website, in accordance with this section and the section entitled Disclosure and Additional Uses of Your Information.
Registration on our site
When you register and create an account on our site, we collect the following information: name, surname, e-mail address, telephone.
If you do not provide all the information required by the registration form, you will not be able to register or create an account on our website.
Legal basis for processing: our legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation).
Legitimate interest: registration and administration of accounts on our website to allow you to access the history of purchased services and invoices and the list of travel services preferences.
Transfer and store your data
The information you provide us through the registration form on our website will be stored in the European Economic Area on the servers of the web hosting service provider ROMARG SRL from Romania. Its privacy policy is available here: https://www.romarg.ro/termeni-legali.html
The information we collect when you place an order on our website
We collect and use information from persons placing an order on our website in accordance with this section and the section entitled Disclosure and Additional Uses of Your Data.
Information collected when you place an order
Necessary information
When you place an order for goods or services on our website, we collect: name, surname, date of birth, (data for other tourists for whom the reservation is made, including minor data), e-mail, telephone, billing address, name company (if applicable) – unique identification code and registration number in the Trade Register.
If you do not provide this information, you will not be able to purchase our goods or services on our site or enter into a contract with us.
Legal obligation: we have a legal obligation to issue you an invoice for the goods and services you have purchased from us, in which you are registered for VAT purposes and we request the mandatory information collected for this purpose by our payment form.
Legal basis for processing: our legitimate interests (Article 6 (1) (a) of the General Data Protection Regulation).
Legitimate interests: you agree to process any optional information you provide by sending this information to us, so that you are constantly informed about our offers and services.
Payment processing
After placing an order on our website, you will have to pay for the goods or services you have ordered. To process your payment, we use the EuPlatesc payment processor, which is a third party. Your payment will be processed by EuPlatesc. Payment can also be made by bank transfer, payment order and online reservations. The EuPlatesc payment processor collects, uses and processes your information, including payment information, in accordance with their privacy policies. You can access the privacy policies through the following links: https://www.euplatesc.ro/politica-de-confidentialitate.php,
Information collected or obtained from third parties
This section sets out how we obtain or collect information about you through third parties.
Information received from third parties
Generally, we receive information about you from third parties. Those third parties from whom we receive data about you are generally group companies, affiliates, business partners or individuals who purchase our services (and) on your behalf.
It is also possible that third parties with whom we do not have had no prior contact to provide us with information about you. The
information we obtain from third parties will generally be your name and contact details, but will include any additional information about you that will be provided to us.
Legal basis for processing: it is necessary to execute a contract or take action at your request to conclude a contract
The reason why it is necessary for the execution of a contract: if a third party has sent information about you (such as your name and e-mail address) to provide you with services, we will process the information to take measures at your request to conclude a contract with us (as applicable).
Legitimate interests: if a third party has disclosed information about you to us and you have not given your consent to the transmission of this information, we will have a legitimate interest in processing this information in certain circumstances.
For example, we will have a legitimate interest in processing your information to fulfill our obligations under the subcontract with the third party, if the third party has the main contract with you. Our legitimate interest is to fulfill our obligations under our subcontract.
Similarly, third parties may provide information about you to us if you have violated or could violate any of our legal rights. In this case, we will have a legitimate interest in processing this information to investigate and prosecute any such potential breach.
If we receive information about you by mistake
If we mistakenly receive information about you from a third party and / or do not have a legal basis for the processing of this information, we will delete your information.
Disclosure of your information to third parties
We disclose your information to third parties under certain circumstances, as shown below.
Providing information to third parties, such as Google Inc., Facebook. Google collects information by using Google Analytics on our website. Google, Facebook, uses this information, including IP addresses and cookie information, for various purposes, such as improving the quality of our services and your browsing experience. The information is collected by Google and Facebook anonymously.
Sharing your information with third parties, which are either related to or associated with the operation of our business, if necessary for us. These third parties include consultants, affiliates, business partners, independent contractors and insurers. Further information on each of these third parties is set out below.
- consultants
Occasionally, we obtain advice from consultants, such as lawyers, audit firms, public relations professionals, and sociological research firms. We will only share your information with these third parties if it is necessary to allow these third parties to provide us with relevant advice. Our consultants are in Romania.
- Business partners
Business partners are the companies we work with and which provide goods and services similar to those offered by us, which are complementary to our own business or which allow us to provide goods or services that we cannot offer ourselves. We share information with our business partners, if you have requested services that they provide, either independently or in connection with our own services and in order to fulfill our contractual obligations to you. Our business partners carry out their activity in the field of tourist, hotel and transport services. Our business partners are located in the European Union and outside the European Union.
For more information about the guarantees used when your information is transferred outside the European Economic Area, see the section of this privacy policy below entitled Transferring your data outside the European Economic Area.
- Independent contractors
Occasionally we use independent contractors in our business. Your information will be distributed to independent contractors only if it is necessary for them to perform the service we have contracted to perform in connection with our business.
Our independent collaborators are tourist guides or companions of groups or local representatives of the company in different tourist destinations.
- insurers
We will disclose your information to our insurers if necessary to do so, for example: if you opt for the insurance system when purchasing a tour package, or later, in connection with a claim or a possible request we receive / we do so or in accordance with our general disclosure obligations, in accordance with our insurance contract with them.
Our insurers are in Romania.
Disclosure and use of your information for legal reasons
Indication of possible criminal acts or threats to public safety to a competent authority
If we suspect that criminal or potential behavior has taken place, we will need, in certain circumstances, to contact a competent authority, such as the police. This could be the case, for example, if we suspect that a fraud or cybercrime has been committed or if we receive malicious threats or communications to us or to third parties.
In general, we will only need to process your information for this purpose, if you have been involved or affected by such an incident in one way or another.
How long to store your data
This section determines how long we keep the data collected. We have established specific retention periods where possible. If this was not possible, we established the criteria we use to determine the retention period.
Retention periods
Server logs : we keep the server logs information for a period of 6 months.
Information on orders placed: when you place an order for goods and services, we retain this information for six years from the end of the financial year in which you placed the order, in accordance with our legal obligation to keep records for tax purposes.
Correspondence: when you make a request or contact us for any reason, either by e-mail or through our contact form or by telephone, we will keep your information for as long as necessary or until your express request to delete your data. , which will be applied in conjunction with the legal obligations established in our task.
Criteria for establishing storage periods
In any other circumstances, we will retain your information only for as long as necessary, taking into account the following:
- the purpose and use of your information both now and in the future (for example, if it is necessary to continue to store that information in order to continue to fulfill our obligations under a contract with you or to contact you in the future;
- if we have a legal obligation to continue processing your information (such as any record keeping obligations required by law or relevant regulations);
- if we have any reason to continue processing the information (such as your consent);
- if we have a legitimate interest in continuing to process your data;
- the levels of risk, cost and responsibility involved in continuing to hold the information.
Securing your information
We take appropriate technical and organizational measures to secure your information and to protect it against unauthorized or illegal use and accidental loss or destruction, including:
- sharing and providing access to your data to the minimum necessary, subject to confidentiality restrictions, where appropriate and anonymously, whenever possible;
- use of secure servers for storing information;
- verifying the identity of any person requesting access to information before granting them access to information;
- use the Secure Sockets Layer (SSL) standard to encrypt any information you send us through any forms on our website;
- we transfer your data only through a closed system or through encrypted data transfers.
Sending information to us by e-mail
The transmission of information on the Internet is not entirely secure and if you send us information via the Internet (by e-mail or by any other means), you do so entirely at your own risk.
We cannot be liable for any expenses, loss of profit, damage to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to provide us with information by such means.
Transfer of your data outside the European Economic Area
Considering the object of activity of the company, in order to respect our contractual obligations that we assume towards you, respectively to ensure the tourist packages that you contract, we are obliged to transfer your personal data to our contractual partners, some of them based outside the EEA.
Your data will only be transferred outside the EEA when you purchase travel packages to destinations outside the EEA or when the passenger carriers of your choice are based outside the EEA.
Guarantees (protections) used: Contractual clauses for the transfer of personal data from the European Union to third countries – in accordance with Article 46 (92) (c) of the General Data Protection Regulation.
Your rights to personal data
Subject to certain restrictions, you have the following rights regarding your data that you can exercise by filling in the forms at https://mandala-journeys.ro/gdpr-solicita-informatii , or sending a request sent to Mandala Travel SRL at email address: sayhello@mandala-journeys.ro:
- to request access to your information and information regarding the use and processing of your information;
- request the correction or deletion of your data;
- to request the limitation of the use of your data;
- receive the information you have provided to us in a structured, commonly used and readable format by a device (for example, a CSV file) and the right to transfer that information to another data controller (including a third party data controller);
- object to the processing of your data for certain purposes (for more information, see the section below entitled “Your right to object to the processing of data for certain purposes”); and
- to withdraw your consent to the use of your data at any time we rely on your consent to use or process this information. Please note that if you withdraw your consent, this will not affect the legality of the use and processing of your data based on your consent before the time you withdraw your consent.
In accordance with Article 77 of the General Data Protection Regulation, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of residence, place of work or an alleged breach of the general data protection Regulation. .
For this purpose, in Romania, the supervisory authority is: www.dataprotection.ro
Verifying your identity if you request access to your information
If you request access to your information, we are required by law to use all reasonable steps to verify your identity before doing so.
These measures are designed to protect your information and to reduce the risk of identity fraud, identity theft or unauthorized general access to your information.
How to verify your identity
If we have adequate information about you in the database, we will try to verify your identity using this information.
If it is not possible to identify you based on this information or do not have enough information about you, we may require or certified copies of documents so we can verify your identity before you can provide access to your data
We can confirm the exact information we need to verify your identity in your specific circumstances if and when you make such a request.
Your right to object to the processing of data for certain purposes
You have the following rights regarding your data that you can exercise by writing to the email address sayhello@mandala-journeys.ro
- to object to our use or processing of information in order to perform a task in the public interest or in our legitimate interest, including the analysis or prediction of your conduct based on your information; and
- object to the use or processing of your data for direct marketing purposes (including any profile we involve in connection with this direct marketing).
You may also exercise your right to object to the use or processing of your data for direct marketing purposes:
- by clicking on the unsubscribe link contained at the bottom of any marketing email we send you and following the instructions that appear in your browser after you click on that link;
- sending an SMS message that contains only the word “UNSUBSCRIBE” in response to any marketing communication that we send by text message or by accessing the link indicated in the received SMS message; or
- sending an e-mail to sayhello@mandala-journeys.ro, asking us not to send marketing communications or by including the words “UNSUBSCRIBE”; or
- by filling in the form on the website https://mandala-journeys.ro/gdpr-solicita-informatii
- For more information on how you can object to the use of data collected through cookies and similar technologies, see our cookie policy, available here: https://mandala-journeys.ro/politica-de-utilizare-cookie /
Sensitive personal data
“Sensitive personal data” is information about an individual who discloses racial or ethnic origin, political opinions, religious or philosophical beliefs or membership in a union, genetic information, biometric information for the unique identification of an individual, health information or regarding the sexual life or sexual orientation of an individual.
In specific situations, we collect “sensitive personal data” on health, membership in a union and data of minors (name, surname, age, CNP, serial number and passport number).
Personal health data is provided to us by users when they have special requirements regarding the transport services or the accommodation services they are purchasing (for example: allergies – requesting a special menu at the hotel, disabilities – requesting a hotel with a ramp, etc. .
personal data on membership of a trade union process them as the basis of partnerships with trade unions, members of those unions can benefit from certain facilities and discounts.
the data minors process them for developing optimal conditions for services contracted by legal representatives of minors.
If, however, you inadvertently or intentionally provide us with other sensitive personal information, you will be deemed to have given us explicit consent to the processing of sensitive personal information in accordance with Article 9 (2) (a) of the General Regulation. on data protection. We will use and process your sensitive personal information for the purpose of deleting it.
Changes to our privacy policy
We periodically update and change our privacy policy.
Minor changes to our privacy policy
If we make minor changes to our privacy policy, we will update the Privacy Policy with a new effective date mentioned at the beginning. The processing of your information will be governed by the practices set forth in the new version of the Privacy Policy from its effective date.
Major changes to our privacy policy or the purposes for which we process your information.
If we make major changes to our privacy policy or intend to use your data for a new or different purpose from the purposes for which we originally collected it, we will notify you by email (if possible). or by posting an ad on our website.
We will provide you with information about the change in question and about the purpose and any other relevant information before we use your information for the new purpose.
Whenever necessary, we will obtain your prior consent before using your information for a purpose other than the purposes for which we originally collected it.
Juvenile confidentiality
We process data of persons under the age of 18, only with the consent of the legal representative, for the development in optimal conditions of the services contracted by the legal representatives of the minors.
We may receive information about people under the age of 18 through fraud or deception by a third party. If we are notified of this, as soon as we verify the information, when required by law, we will immediately obtain the consent of the legal representative to use this information or, if we cannot obtain this consent, we will delete the information from our servers. If you wish to notify us of the receipt of information about persons under the age of 18, please do so by sending an e-mail to sayhello@mandala-journeys.ro.