We are committed to ensuring the privacy and protection of your data. personal and we want to be completely transparent about the situations, purposes and ways in which we carry out our processing activities.
When we ask you for personal data, we will in particular ensure that it is adequate, relevant and limited to what is necessary in relation to the specified, explicit and legitimate purposes of the processing.
We pay particular attention to your rights. and respond to your requests when you need additional information.
WHO ARE WE AND HOW CAN YOU CONTACT US?
We are PROMPT REAL ESTATE SOLUTIONS SRL, a legal entity of Romanian nationality, with registered office in Timiș county, Avram Imbroane street no. 56, Timișoara township, Romania registered at the Timiș Commercial Registry under no. J35/801/2014, with CUI 32965190. (“Amazonia Aquapark”, “We”).
When we process your data based on purposes and means of processing established by us, we are a Personal Data Controller and we are responsible for meeting all legal requirements regarding the processing of your data. personal.
Our registered office is located in Romania, Timiș county, Avram Imbroane street no. 56, Timișoara town.
We carry out our activity at the address of the work point in Timiș county, Avram Imbroane street no 56, Timișoara locality (Amazonia Aquapark).
Our data protection officer works at the address of the work point and can be contacted by email at: email@example.com
You can contact us both by post/courier and by email, at the mentioned addresses.
Visit and use our services, within the premises of Amazonia Aquapark as well as in adjacent spaces such as: parking lots, offices, transit areas, technical storage spaces, etc.;
Access and use the Amazonia Aquapark website (www.amazonia.ro) and related subdomains.
Interact with us through online communication channels such as website, email, social networks, or other methods;
You are a supplier, customer or other type of legal entity with whom Amazonia Aquapark has contractual relations;
Other situations mentioned in the Information Notes.
In the same context, we can also refer to you as “Data Subject”.
WHAT IS THE SOURCE OF PERSONAL DATA?
WHAT IS THE LEGAL FRAMEWORK UNDER WHICH WE PROCESS YOUR DATA?
We process your personal data in accordance with national and European provisions on the protection of personal data, in particular:
Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. (hereinafter referred to as GDPR);
Directive 2002/58/EC on the processing and protection of personal data in the electronic communications sector.
Law no. 190/2018 on measures to implement Regulation (EU) 2016/679 of the European Parliament and of the Council;
We will also take into account:
Recommendations of the Supervisory Authority regarding the Processing of Personal Data or other authorized institutions.
Any other national and European legal regulations that we are required to comply with regarding the processing of your data.
WHY DO WE PROCESS YOUR DATA?
The purposes for which we may process your data are varied.
In general, we process your personal data when necessary to provide you with Amazonia Aquapark products and services under a contract, to customize and adapt to your needs. these products and/or services or to fulfill our legal obligations arising from our activity (e.g. tax obligations, keeping and archiving supporting documents, communication with the authorities, etc.), or when necessary to defend our legitimate interest.
Legitimate interest refers to:
Ensuring the protection of health and safety of individuals;
Preventing and combating crime and fraud;
Ensuring the guarding and protection of people, goods and values of Amazonia Aquapark;
Prevention of financial losses;
Recovery of damages;
Defending your rights in court;
Securing computer networks;
Provide and improve Amazonia Aquapark products and services;
Follow the necessary internal and legal procedures regarding incident/accident management;
Taking the necessary steps to identify you, when necessary;
Protecting the image of Amazonia Aquapark;
Drawing up reports and analyses resulting from our work;
Promotion of Amazonia Aquapark products and services;
Promote events and marketing campaigns;
Promote the image of Amazonia Aquapark and the group it belongs to;
Ensuring visitor compliance with the Amazonia Aquapark Rules of Operation and Conduct;
Handling your requests;
Providing technical support;
Other similar situations.
The processing of your data by us or other third parties for the situations mentioned above will always be carried out on the basis of a rigorous analysis of the necessity of the processing and the fact that it will not unduly affect fundamental rights and freedoms.
We will also use consent as a legal basis whenever we process your data based on your permission. that you give in advance in various situations. (registration for the Amazonia Aquapark Newsletter, participation in surveys, etc.). Where we rely on this legal basis, you always have the right to withdraw your consent at any time. The withdrawal of consent does not affect the legality of the processing carried out on the basis of the consent before its withdrawal.
Please see our information notices for detailed information on the legal bases and purposes that are used in relation to the processing of your data.
WHO ELSE HAS ACCESS TO YOUR DATA?
Your data may also be disclosed to other third parties such as IT service providers, payment processors, financial and accounting service providers, marketing service providers, health and safety service providers, web application and tools providers, website developers and mobile applications, market research providers, recruitment service providers, consultants, lawyers, legal advisors, auditors, or other similar entities.
We disclose your data. to them only when necessary, taking into account the risks and applying appropriate safeguards.
Some of these categories of recipients may process your data for their own purposes or in accordance with legal requirements imposed on them by the authorities. In this context, they acquire the quality of Data Operator for the processing activities carried out, becoming directly responsible for compliance with data protection laws.
Others will only process personal data at our request and for our purposes, based on prior instructions. They are considered our data processors for processing your data. personal data.
We only use trusted agents who provide sufficient guarantees to implement appropriate technical and organizational measures so that the processing of your data comply with the requirements of data protection legislation. Processing your data personal data by our agents is always carried out only after we have ensured that all legal requirements necessary for the protection of this data are met.
It is also possible to transmit your data to authorities or certain State institutions, only when we are obliged by law to do so or when we have a well-founded legitimate interest.
INTERNATIONAL DATA TRANSFER
As a rule, the data we collect about you. are processed on the territory of Romania, but also within the European Union, where the same legal provisions on data protection apply.
Your data they can also be transferred to countries that offer an adequate level of protection (e.g. the United Kingdom of Great Britain and Northern Ireland), according to the decision on the appropriate level adopted by the European Commission. In other words, transfers to these destinations are considered as safe as transfers between European Union member countries. Transfers made under these conditions do not require special authorisations.
HOW DO WE PROTECT YOUR DATA?
We make continuous efforts to protect your data throughout its lifetime, to prevent, eliminate or reduce the risks posed by processing activities.
Our data protection team consists of data and information security experts, data protection officers and legal specialists who together define and implement appropriate strategies, policies and procedures for the protection of your data. personal.
Our privacy and data protection program ensures that all measures necessary to meet legal requirements are effectively addressed by implementing policies and procedures adapted to the specifics of our activity.
We regularly train our employees referring to their field of activity and the risk represented by the activity carried out by them.
Through the information security program, we particularly promote techniques such as pseudo-mining and encryption of personal data.
We consider the risks and impact that a potential security incident may have on your rights and freedoms, so we have implemented procedures that help prevent, remedy or mitigate the impact on the privacy of your personal data should such a risk materialize.
We carry out data protection impact assessments whenever a certain processing activity may pose a risk to your fundamental rights and freedoms, before we start processing your data.
We impose special conditions on all our authorised representatives before we pass on your data to them. personal data in accordance with data protection laws.
We ensure data protection from the moment of conception and by default throughout the processing, when we implement new IT systems or new processing activities.
We have appointed a data protection officer who monitors the compliance of our personal data processing activities in accordance with legal requirements.
We keep records of the processing activities that fall under our responsibility as a personal data controller.
We have limited the retention of personal data in accordance with legal requirements and our legitimate interests, and we ensure its safe destruction.
We regularly audit IT systems in order to improve security measures ensuring an optimal level of security, in accordance with the technological development of the market.
WHAT ARE YOUR RIGHTS?
Under the conditions laid down in the data protection laws, as a data subject, you have the following rights:
The right of access to data, i.e. the right to obtain confirmation from us about the processing of personal data and details of processing activities.
The right to rectification, i.e. the right to have inaccurate/unjustified personal data corrected and incomplete data completed;
The right to erasure of data without undue delay, (“right to be forgotten”), if, under the conditions provided for by data protection laws.
The right to restrict processing, to the extent that you dispute the accuracy of the data, the processing is unlawful and you object to the deletion, requesting instead the restriction of their use, or when we no longer have any purpose to process your data, but you you request them for the establishment, exercise or defence of a legal claim or when you object to the processing of data for the time necessary to confirm the legitimate interests invoked by us.
The right to data portability to another controller, under the conditions laid down by law.
The right to object to processing at any time, free of charge and without any justification, when the data is processed for direct marketing purposes or when the processing is based on one of our legitimate interests invoked, unless we can demonstrate that there are legitimate and compelling reasons that justify said processing.
The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you. or similarly affects you to a significant extent, subject to the exceptions set out in data protection laws.
The right to withdraw your consent at any time of processing.
The right to address a supervisory authority if you consider that the processing of your personal data is not in line with your rights. personal data violates data protection laws.
HOW CAN YOU EXERCISE YOUR RIGHTS?
If you wish to exercise any of your rights in relation to the processing of your data. If you have any questions about your personal data, need clarification or would like further information, please contact our Data Protection Officer by email at firstname.lastname@example.org.
We will follow up your request. no later than 30 calendar days from the date of registration of the application. Given the complexity and the number of requests, we can extend this period by another two months. We will always inform you in advance of any such extension, together with the reason for the delay.
Depending on the nature of the request, where the information you provide is insufficient to identify, investigate and resolve your request, we may request additional information from you.
Before responding to any request, we will always ensure that we have sufficient data to ensure that you are the owner of the data that is the subject of the request. If we cannot identify you, we may refuse to provide you with requested information that may not belong to you.
We may also refuse to comply with your requests if you ask us for the same information repeatedly, excessively or without legal basis.
OTHER DATA CONTROLLERS WHO MAY PROCESS YOUR DATA
Within Amazonia Aquapark your data may also be processed by other data controllers with whom you may interact in various situations:
Providers of medical services and products, if their activity is managed by a legal entity other than Prompt Real Estate Solutions SRL.
Taxi companies, when using computer systems located in the reception area to transmit orders.
Press, when we allow them access to conduct interviews for journalistic purposes.
Contractual partners to whom we allow access to conduct events, TV productions, product and service promotions for their own purposes.
Any natural or legal person who carries out professional activities deciding the purposes and means of processing in relation to your data. personal.
Any other natural or legal person who processes data for their own purposes within Amazonia Aquapark with or without our authorisation.
The data controllers mentioned above are fully responsible for fulfilling all legal obligations towards you. under data protection laws.
Visit this page regularly to make sure you always have up-to-date information.