Oradea Destination Management Organization (abbreviated Visit Oradea or APTOR) is committed to protecting your privacy. Contact us at [email protected] if you have questions or problems regarding the use of your personal data and we will be happy to help you. By using this site and/or our services, you agree to the processing of your personal data as described in this privacy policy.
Definitions
● Personal data - any information about an identified or identifiable natural person.
● Processing - any operation or set of operations performed on personal data or personal data sets.
● Data subject - the natural person whose personal data are processed.
● Child - an individual under the age of 18.
Principles of data protection
We undertake to follow the following principles of protection and processing of personal data:
● Processing is legal, fair, transparent. Our processing activities have legal reasons. We always consider your rights before processing personal data. We will provide you with processing information on-demand.
● Processing is limited in scope. Our processing activities correspond to the purpose for which the personal data was collected.
● Processing is done with minimal data. We collect and process only the minimum amount of personal data necessary for any purpose.
● Processing is limited to a period of 10 years. We will not store personal data for longer than necessary.
● We will do our best to ensure the accuracy of the data.
● We will do our best to ensure the integrity and confidentiality of the data.
The rights of data subjects
The data subject has the following rights:
● The right to information - which means you need to know if your personal data is being processed; what data is collected, where it is obtained from and why and by whom it is processed.
● Right of access - meaning that you have the right to access data collected from/about you. This includes your right to request and obtain a copy of your personal data that was collected.
● Right to update/rectify - which means you have the right to request the rectification or deletion of your personal data, which are inaccurate or incomplete.
● Right of deletion - which means that in certain circumstances you may request that your personal data be deleted from our records.
● The right to restrict the processing - that is, if certain conditions apply, you have the right to restrict the processing of your personal data.
● Right to oppose the processing - in certain cases, you have the right to oppose the processing of your personal data, for example in the case of direct marketing.
● The right to oppose automatic processing - which means that you have the right to object to automatic processing, including profiling; and not be the subject of a decision based solely on automatic processing. This right can be exercised whenever there is a profiling result that produces legal effects that affect you or significantly affect you.
● Right to data portability - you have the right to obtain your personal data in an appropriate format or, if possible, to transfer directly from one processor to another.
● Right to file a complaint - if we deny your request under Access Rights, we'll give you a reason why. If you are not satisfied with the way your request has been handled, please contact us.
● Right to help from the supervisory authority - which means that you have the right to the help of a supervisory authority and the right to other remedies, such as claiming compensation.
● Right to withdraw consent - you have the right to withdraw any consent to the processing of your personal data.
The personal data we collect
The contact form on all pages of the site, placed in the footer area. These refer to the email address.
How we use your personal data
We use your personal data for:
● managing business relationships, identifying customer needs and meeting them with personalized communication solutions;
● fulfilling an obligation in accordance with the law or the contract;
● produce the reports and internal statistics of the association.
Based on the conclusion of a contract or the fulfilment of contractual obligations, we will process your personal data for the following purposes:
● to identify you;
● to provide you with a service or send/offer you a product;
● to communicate with you for sales or billing purposes;
● in the company's internal reports and statistics.
With your consent we will process your personal data for the following purposes:
● to send you newsletters and / or offers in various marketing campaigns;
● for other purposes for which we have requested your consent.
We process your personal data to fulfil the obligations arising from the law and / or to use your personal data for the options provided by law. We save your billing information and other information collected about you for as long as necessary, for accounting purposes or other obligations arising out of legal terms, but not more than 5 years.
We process personal data until:
● customers go off target;
● we decide by mutual agreement that we do not have a valuable collaboration
We will inform you of any further processing and purposes.
We will not disclose your personal data to third parties or public institutions unless we are legally obliged to do so. We may disclose your personal data to third parties if you have given your consent or if there are other legal reasons for doing so.
How we can secure your data
We do our best to keep your personal data safe. We use secure protocols for communication and data transfer (such as HTTPS). We use anonymization and pseudonymization where appropriate. We monitor our systems for possible vulnerabilities and attacks.
Even if we try our best, we cannot guarantee the security of the information. However, we undertake to notify the competent authorities of data protection breaches. We will also let you know if there is a threat to your rights or interests. We will do our best to prevent security breaches and to assist the authorities in the event of breaches.
Limiting the functionalities that can export data, communicate mass emails, etc.
Technology
We regularly update all the software applied in order to defend the known attack surfaces, at all levels (means used by colleagues, server operating systems, virtualization layer, guest operating system, application).
Our servers are located in one of the most secure data centres in Europe. We apply a redundant and scalable infrastructure that has no point/means whose failure would cause the service to stop.
Automatic encrypted backup of data that is ported to another data centre is performed daily to ensure the possibility of data recovery in case of emergencies.
Access protection
Physical access to infrastructure is extremely limited. In all cases, proper identification is required.
Network security
Data storage servers are separated from the outside world by multi-level firewalls. Only servers dedicated to loading balancing have an internet connection. Application servers and data storage servers operate on separate internal networks, the connection between them is provided by a firewall / intermediate load balancing level.
Clear data / test / integration/ development test environments operate on different networks.
The stored data is protected by alarm against intrusion and phishing attack. Unused services, protocols and software will be removed. All our software works from minimal bases, install only the necessary software.
The effectiveness of internal procedures and rules is monitored by external security audits.
Juvenile policy
We do not intend to knowingly collect information from minors.
Cookies and other technologies we use
We use cookies and / or similar technologies to analyse customer behaviour, to administer the site, to track user behaviour on the site and to collect information about users. This is done to personalize and enhance your experience with us.
A cookie is a text file stored on your computer. Cookies store information that is used to help sites function better. Only we can access the cookies created by our site. You can control browser-level cookies. Choosing to disable cookies may prevent the use of certain features.
We use cookies for the following purposes:
● Necessary cookies - These cookies are required in order to use some important functions on our site, such as login. These cookies do not collect personal information.
● Functionality cookies - These cookies provide functionality that makes the use of our service more convenient and makes possible more personalized features possible. For example, they may remember their name and email address in the comment forms, so you don't have to re-enter this information the next time you comment in the blog section of the site.
● Analysis cookies - These cookies are used to track the use and performance of our website and services
● You can remove cookies stored on your computer through your browser settings. Alternatively, you may control certain third-party cookies using a privacy-enhancing platform, such as optout.aboutads.info or youronlinechoices.com. For more information about cookies, visit allaboutcookies.org.
We use Google Analytics to measure traffic to our site. Google has its own privacy policy, which you can view here. If you'd like to opt-out of Google Analytics tracking, please go to the Google Analytics opt-out page.
Contact information
Supervisory Authority
Website: http://www.dataprotection.ro/
Email: [email protected]
Phone: +40 21 252 5599
APTOR – Oradea Destination Management Organization
Email: [email protected]
Address: Oradea Fortress, Building A, Piața Emanuil Gojdu No. 39-41