top of page

Privacy Policy

Blue Sky Resort Eforie SRL, with its registered office in Constanta Municipality, Veniamin Costache Street, No. 33, Constanta County, with a working point at Meduzei Street No. 1, Eforie Nord, Constanta, 905350, registered at the Trade Registry Office under number J13/925/2018, Tax Identification Number (CUI): RO39184200, email: bskyeforienord@gmail.com, phone number: +40739914704 (hereinafter referred to as "the company," "the platform," or "the operator") is a personal data operator.

This policy aims to inform data subjects about the conditions under which their personal data is processed by the company. This policy applies to all specific activities of the company carried out through the website www.blueskyhoteleforienord.com.

The use of the services provided by the company is possible only after acknowledging these policies.

The platform is not intended for minors under 16 years of age and cannot be used by them.

Definitions

Within this agreement (as well as its annexes and other related documents), the terms mentioned will have the meanings specified below:

  • "contract" – the contract concluded between the parties and its annexes;

  • "personal data of the beneficiary/legal representative/conventional representative" – all personal data, regardless of their form or medium, which are: i) provided either by the beneficiary, their legal representative, or conventional representative, ii) provided, sourced, or brought to attention in writing or verbally by the insurer of the vehicle subject to repair, another directly involved insurer, or by public institutions/authorities/entities (police stations, prosecutors’ offices attached to courts, courts, etc.);

  • "services" – the services provided by the provider in accordance with the purpose of the contract;

  • "supervisory authority" – an independent public authority established by a member state with competence to supervise the protection of personal data in the EU, within whose jurisdiction the provider, as an operator, has its registered office and processes personal data, or a person authorized by the provider;

  • "processing" – any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;

  • "operator" – the legal entity, as in this case the provider, or an individual who, alone or together with others, determines the purposes and means of processing personal data;

  • "person authorized by the operator" – a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the operator;

  • "consent" of the data subject – any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, agree to the processing of their personal data;

  • "personal data breach" – a breach of security leading, accidentally or unlawfully, to the destruction, loss, alteration, or unauthorized disclosure of personal data transmitted, stored, or otherwise processed, or unauthorized access to such data;

  • "regulation" – Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

General Provisions

As we value the confidentiality of your information, the operator undertakes to comply with the provisions of this policy, as well as the provisions mentioned in the regulation and the rules provided by domestic law regarding the processing, security, and confidentiality of personal data.

If we modify this policy, we will notify you on this page and inform you via email or through our platform. If you do not agree with our data privacy policy or any amendments to it, you may close your account by accessing the account settings and selecting account deletion, or you may request the deletion of your personal data from the platform.

Purpose, Duration, Nature, Scope, and Type of Personal Data

Purpose of Processing

Processing the data of individuals who complete one of the contact forms on the website www.blueskyhoteleforie.com or contact us by phone, for the purpose of requesting more details or a specific offer for a property being promoted.

Duration of Processing

The processing of personal data will be carried out: for the duration of the reservation but no longer than 3 years from the start of processing upon receipt of the request or its retrieval from third-party websites.

Nature of Processing

The processing of personal data is carried out based on the performance of our specific activities, based on the contractual relationship between us or based on a legitimate interest.

Legal Basis for Processing

  • Execution of the contract;

  • Legal obligation;

  • Legitimate interest;

  • Consent.

Type of Personal Data

Individuals using the platform to post advertisements or whose advertisements are retrieved from similar public platforms:

  • Name and/or surname;

  • Email address;

  • Phone number;

  • Operating system version, unique identifiers;

  • Location from which the advertisement is posted via the Internet Protocol (IP) identification of the device used;

  • User sessions, to store language selection preferences and provide relevant advertisements through the use of cookies;

  • (Possibly) financial data that may include bank account and payment card details (issuing bank, card validity, cardholder, etc.).

Legal and/or conventional representatives of clients:

  • Identification data (name, surname, position);

  • Contact details (residence, phone number, email address).

Categories of Data Subjects

From whom we collect data:

  • From the data subject when the data is provided directly, for example, when you complete a contact form on the website www.blueskyhoteleforie.com;

  • From third parties such as Google when we receive information regarding the use of our platform.

Sensitive Personal Data

Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information, and genetic and biometric data. We do not collect any information about beliefs, sex life or orientation, political opinions, trade union membership, health information, genetic or biometric data, or criminal records.

In accordance with tax and accounting legislation, we may be required to collect data that could be considered sensitive, such as the Personal Identification Number (CNP), bank account, and bank card details (including the issuing bank, card validity, card user). The processing of such data may only occur if we are required to do so by a legal provision.

Legal Basis for Using Personal Data

The provider will process personal data for the purpose of:

  • Fulfilling obligations in accordance with the request of the user who contacted us via the contact form or by phone from the website www.blueskyhoteleforie.com;

  • When there is a legitimate interest of the company, this legitimate interest not overriding your legitimate interests;

  • When we have obtained your consent for sending advertising messages via email or SMS, other than messages directly related to your interest.

Processing Frequency and Methods

Processing of this data occurs:

  • At the time of completing a contact form on our website;

  • At the time of concluding a contract;

  • If necessary for our legitimate interests (or those of a third party) and your fundamental interests and rights do not override those interests;

  • If we need to comply with a legal or statutory obligation;

  • When we send you a notification via SMS or email;

  • When we receive information about your visits and interaction with services provided by other entities when you visit services of other providers that include advertisements, cookies, or similar technologies.

Consent

Given the information outlined in this policy, it follows that we generally do not process sensitive personal data as defined by the regulation, and therefore your express consent is not required.

By completing a contact form on the website or making a phone call through the platform, we consider it your legitimate interest to receive periodic updates from the company via SMS or email regarding advertisements that may be of interest to you. If at any time you believe your legitimate interest has changed and you no longer wish to receive periodic updates, you always have the option to express your preference to stop receiving those messages.

Furthermore, regarding the sending of communications to you via email or text message, you have the right to opt out of receiving updates from us at any time by sending an email to bskyeforienord@gmail.com.

We will obtain your express consent before sharing your personal data with any third party or for sending messages for marketing purposes outside your legitimate interest.

You can ask us, or third parties, to stop sending marketing messages at any time by sending an email to bskyeforienord@gmail.com or by using the unsubscribe function in the message content.

Change of Purpose

The provider will only use personal data for the purpose for which it was obtained, unless it is reasonably necessary to use it for another purpose and the reason is compatible with the original purpose. If you wish to learn more about how processing for the new purpose is compatible with the original purpose, please email us at bskyeforienord@gmail.com.

If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and explain the legal grounds for processing.

We may process your personal data without the consent or notification of the beneficiary, legal representative, or conventional representative if this is necessary and/or permitted by law.

Disclosure of Your Personal Data

We may share or disclose your personal data with the third parties listed below:

  • Tourism agencies;

  • Pynbooking reservation platform;

  • Service providers offering IT and system administration services;

  • Professional consultants, including lawyers, auditors, accountants, and insurers providing consultancy services necessary for our activities;

  • Tax and customs administration, regulatory bodies, and other authorities based in Romania that require reporting of processing activities in certain circumstances (e.g., police stations, prosecutors’ offices attached to courts, courts, etc.).

We require all third parties to whom we transfer data to respect the security of your personal data and process it in accordance with the law. We will allow these third parties to process your personal data for the specified purposes and in accordance with legal provisions only if we receive assurances regarding the legality and compliance of personal data processing.

International Transfers

We do not transfer your personal data outside the European Economic Area (EEA).

Data Security

The provider has implemented appropriate security measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorized manner. We also limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know such data. They will process your personal data only on our instructions and are subject to a duty of confidentiality.

We have implemented procedures to address any suspected personal data breach and will notify you and any competent regulatory authority of a breach when we are legally required to do so.

We may store your data in physical or electronic format. In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Legal Rights

In addition to what is mentioned in this policy, in certain circumstances, the data subject has certain rights under data protection laws regarding their personal data. These include:

Right of Access
You can ask us to:

  • Confirm whether we are processing your personal data;

  • Provide you with a copy of that data;

  • Provide you with other information about your personal data, such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it, what rights you have, how you can make a complaint, where we got your data from, and whether we have carried out any automated decision-making or profiling, to the extent that this information has not already been provided in this policy.

Right to Rectification
You can ask us to rectify inaccurate personal data. We may seek to verify the accuracy of the data before rectifying it.

Right to Erasure (Right to Be Forgotten)
You can ask us to erase your personal data, but only if:

  • It is no longer necessary for the purposes for which it was collected; or

  • You have withdrawn your consent (where the data processing was based on consent); or

  • Following a successful right to object (see "Objection" below); or

  • It has been processed unlawfully; or

  • A legal obligation to which the company is subject must be complied with.

We are not obliged to comply with your request to erase your personal data if the processing of your personal data is necessary:

  • For compliance with a legal obligation; or

  • For the establishment, exercise, or defense of legal claims.

There are a few other circumstances in which we are not obliged to comply with your erasure request, although these two are likely the most common circumstances in which we would refuse such a request.

Right to Restriction
You can ask us to restrict (i.e., retain without using) your personal data only when:

  • Its accuracy is contested (see Rectification), to allow us to verify its accuracy; or

  • The processing is unlawful, but you do not want it erased; or

  • It is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise, or defend legal claims; or

  • You have exercised your right to object, and verification of overriding grounds is pending.

We may continue to use your personal data following a restriction request if:

  • We have your consent; or

  • To establish, exercise, or defend legal claims; or

  • To protect the rights of another natural or legal person.

Right to Data Portability
You can ask us to provide your personal data in a structured, commonly used, machine-readable format, or you can request that it be "ported" directly to another data controller, but only when:

  • The processing is based on your consent or on the performance of a contract with you; and

  • The processing is carried out by automated means.

Right to Object
You can object to any processing of your personal data that has "our legitimate interests" as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests.

Once you have objected, we have the opportunity to demonstrate that we have compelling legitimate interests that override your rights and freedoms.

Right to Lodge a Complaint
You have the right to lodge a complaint with the national supervisory authority for personal data processing. Please try to resolve any issues by discussing them with us first, although you have the right to contact the supervisory authority at any time.

Right to Withdraw Consent
You have the right to withdraw your consent where the company processes personal data based on it.

The data subject will not pay a fee or any other charge to access their personal data (or to exercise any of the other rights). However, the company, as the operator, may charge a reasonable fee if the request is manifestly unfounded, repetitive, or excessive. Alternatively, the provider may refuse to comply with the request in these circumstances.

The company has the right to request certain information to confirm the identity of the data subject making the request and to securely provide the personal data (or to exercise any of the other rights). This is a security measure to ensure that personal data is not disclosed to persons who have no right to receive it. We may contact you to request additional information regarding your request to expedite our response.

The company will make every effort to respond to all legitimate requests within one month. Occasionally, it may take longer than a month if the provider’s request is particularly complex or the data subject has made multiple requests. In this case, the provider will notify you and keep you updated.

Keeping in Touch

The first point of contact for all matters arising from this policy, including requests to exercise data subject rights, is our data protection officer. The data protection officer can be contacted as follows:

If you have a complaint or are concerned about how we use your personal data, please contact us first, and we will attempt to resolve the issue as soon as possible.

Thank you!

bottom of page