x
personal info
privacy agreement
Send

PRIVACY POLICY

Respecting the right to protection of personal data and the right to privacy is one of the basic tasks of BIT SOFT SA (”BITSOFT”).
Thus, we take all necessary measures to process your personal data in accordance with the principles established by the applicable data protection legislation in Romania, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation - “GDPR”).
The personal data, within the meaning of this Privacy Policy and as defined by GDPR, is any information about an identified or identifiable individual; an identifiable individual is a person who can be identified, directly or indirectly, in particular by reference to an identifier, such as an identification number, location data, or even an online identifier.
The processing of personal data is made by: Bit Soft SA based in Bucharest, 7 Dr. Radovici Ion Street, registered at the Trade Register under number J40 / 21722/1994, UIC RO 6520428.
The company BITSOFT is a personal data operator within the meaning of the GDPR, i.e. it establishes the means and purposes of processing personal data.

• Principles of processing personal data
• What kind of personal data do we process?
• Personal data of minors
• Special data
• For what purpose and on what basis do we process your personal data?
• To whom do we convey your personal data?
• Do we collect personal data from third parties?
• Do we transfer your data outside the EU / EEA?
• Providing the personal data of other individuals by you
• How long do we keep your personal data?
• What are your rights?
• Are your data safe?
• Links to other websites
• Questions or complaints
• Changes in policy
________________________________________________________________________

PRINCIPLES ON WHICH DATA PROCESSING IS BASED WITHIN BITSOFT
• The processing of personal data is carried out lawfully, fairly, and in a transparent manner;
• The collection of personal data is carried out only for specified, explicit and legitimate purposes, and the data is not further processed in a manner incompatible with those purposes;
• The collection of personal data is appropriate, relevant and limited to the information required for the purpose of processing;
• Personal data will be accurate and, where necessary, updated;
• All necessary measures shall be taken to ensure that incorrect data is deleted or corrected without delay;
• All personal data is processed and stored in a manner that ensures its confidentiality and security;
• Personal data are not shared with third parties unless necessary for the purpose of providing services under agreements or for the purpose of fulfilling legal requirements.

WHAT KIND OF PERSONAL DATA DO WE PROCESS?
- If you are a representative or contact person of our current or potential clients, as well as a representative or contact person of our suppliers or business partners
We collect the surname, given name(s), phone number, e-mail address, position, as well as any other data provided by you or the company represented by you.
You can choose anytime which personal data you want to provide. However, if you choose not to provide certain personal data, if the basis of our request is the compliance with a legal requirement, contractual obligations or obligations required to conclude a contract, we will not be able to provide you certain services; e.g. if you do not want to communicate us your surname, given name(s), e-mail address and position when you call the technical support service offered by BITSOFT, we will not be able to provide you the required technical assistance.
- If you are a current or potential client of our clients and business partners
During the performance of the concluded contracts and in order to fulfil the undertaken obligations, we may access certain categories of personal data belonging to individuals who are clients and potential clients of the hotels and restaurants we work with.
It is also possible, at the request of our clients, to provide hosting services for certain databases containing the personal data of individuals who are clients and potential clients of the hotels / restaurants we work with.

The categories of data we may process to fulfil our contractual obligations are:
a) Data required for making reservations (for example: surname, given name(s), e-mail address, phone number);
b) The data included in the arrival-departure record, required under the national law (e.g. nationality, address, date of birth);
c) Banking card details (card type, credit/debit card number, holder's name, expiration date, and security code);
d) Information on client’s stay, including the dates of arrival and departure, special requirements, preferences;
e) Information you provide about your marketing preferences;
f) Personal data you provide to register and subscribe to the newsletter;
g) Information about the vehicles that you might bring on the property of the hotel / restaurant (e.g. registration number);
h) Data collected from the access cards (entry and exit time);
i) Information collected by various contractual partners (travel agencies, event organizers) and sent to the hotel / restaurant (rooming list, event guest list);
j) Data necessary to provide additional services, as appropriate;
k) Reviews and opinions about the hotel / restaurant services;
l) Any other information you choose to provide us or our clients with.
- If you are a potential employee
We collect information from your resume, as well as any other information submitted with your resume and / or communicated at the interviews.
For more information, please please refer to the recruitment notice.
- If you are a visitor to our location
The surveillance cameras can capture or record visitors’ images in public places (such as the entrances inside the BITSOFT premises).
- If you are a user of our websites www.bit-soft.ro and www.bitsoftsolutions.com
No personal data is required to read the information on the website. However, for the technical operation of the portal, we collect the time and date of accessing the Internet website and the IP address from which our website was accessed.
Some personal data are required to use certain services (e.g. online bookings, job vacancies). For details, please refer to the appropriate section for the operation used on the website.
- If you are an employee
Please read the Employee Privacy Policy brought to your attention at the time of employment and available at any time at the Human Resources Department.
________________________________________________________________________

SPECIAL DATA
The term “special data” refers to racial or ethnic origin, political opinions, religious confession, philosophical beliefs or membership of trade unions, as well as the processing of genetic data, biometric data or data on health, sex life or sexual orientation.
Although we do not collect special categories of personal data, it is possible that, during the performance of a contract concluded with a BITSOFT client and at his/her request, to have to access his/her computer systems (e.g. hotel management software) to fulfil the contractual obligations. During this visit, we may have contact with such personal data categories, but they will not be retrieved or processed for any purpose other than the performance of the contract concluded with a BITSOFT client.
________________________________________________________________________

FOR WHAT PURPOSE AND ON WHAT BASIS DO WE PROCESS YOUR PERSONAL DATA?
- If you are a representative of the current or potential clients of BITSOFT
a) Communication with you in case of inquiries sent by you regarding certain services and products offered by BITSOFT.
Scope: We process your personal data to respond to your inquiries.
Grounds: Conclusion of a contract
b) Resolving support vouchers following your requests.
Scope: We process your personal data to respond to your requests.
Grounds: Performance of a contract
c) Keeping the history of interactions between you and BITSOFT
Scope: In order to provide good quality services, the history of your interactions with BITSOFT is stored at least during the performance of the contract, so that, when you come back with a new request, we will be able to adapt our work procedures to effectively solve your situation.
Grounds: Performance of a contract
d) Feedback
Scope: We process your personal data to make sure you have had a satisfactory experience following the interaction with BITSOFT.
Grounds: Our legitimate interest in continuously improve our services and provide services that best match our clients’ standards.
e) Marketing
Scope: We process your personal data for marketing purposes, such as commercial newsletters and marketing communications on new products and services or other offers that we think might be of interest to you.
Grounds: We rely on the legitimate interest in promoting our services by submitting the offers we consider to be of interest to you (please see “The right to oppose” in “Your Rights” section)
If necessary, in accordance with the applicable law, we will obtain your consent before processing your personal data for direct marketing purposes. In this case, we hereby notify you that you will be able to withdraw your marketing consent at any time, in which case you will not receive any more marketing communications from us.
We will include a unsubscribe link that you can use if you do not want to receive any further messages from us.
f) Other communications: by e-mail, mail, phone or SMS.
Scope: These communications will be made for a specific reason, such as: (i) to respond to your inquiries, (ii) if you have not completed an inquiry/contract, we may send you an email to remind you to complete the procedure in question, (iii) to inform you of the manner in which the complaints and/or incidents occurred during the performance of the contract have been settled.
Legal ground: Our legitimate interest in providing services at the desired standards by resolving any claims / complaints and ensuring you of our full availability.
g) Analysis, improvement and research
Scope: To constantly ensure the qualitative evolution of our services, we take care to analyse all your complaints / suggestions, in order to draw up statistical reports to identify the problems and find the best solutions to remedy them.
Grounds: We rely on our legitimate interest in providing services compliant with your standards and BITSOFT’s.
- If you are a visitor to our location
Scope: We process your personal data to protect the assets and persons within the BITSOFT’s premises.
Grounds: Our legitimate interest in ensuring either the protection of property or the protection of people within our premises.
- If you are a user of our websites www.bit-soft.ro or www.bitsoftsolutions.com
Scope: Traffic monitoring to identify errors and/or any other website malfunctions.
Grounds: We base our data processing activity on our legitimate interest, i.e. to provide you with a fully operational website by repairing any error, as well as by continuously improving it.
- If you are a representative or contact person of our suppliers or business partners
Scope: Developing contractual relationships with our suppliers or our business partners.
Grounds: Performance of a contract.
- If you are a potential employee
We collect information from your resume as well as any other information submitted with your resume and / or the interviews you have submitted.
For more information, please refer to the recruitment notice.
Scope: Evaluation of your job application.
Grounds: Conclusion of a contract.
- If you are an employee
Please read the Employee Privacy Policy brought to your attention at the time of hiring, which is available at any time at the Human Resources Department.

For all the above categories of people, we may process your data in the context of the following activities:
a) Restructuring, internal reorganization or sale of assets or shares
Scope: We process your data to perform the above mentioned operations.
Grounds: Our legitimate interest in performing the operations, especially if they would be impossible to be performed without the processing of your data.
However, we assure you that this possible processing will be carried out in accordance with this policy and by implementing a measure able to ensure the confidentiality of your data.
b) Security
Scope: We process personal data for the security of goods and the physical integrity of the individuals.
Grounds: We rely on our legitimate interest in securing the protection of your property and the hotel’s, as well as the protection of people within our premises.
c) Legal grounds:
Scope: In some cases, we need to process the provided information which may include personal data, in order to resolve legal disputes or complaints, for investigations and compliance with applicable legal regulations, to implement an agreement or to comply with the public authorities’ requests, to the extent that these requests meet the requirements of the law.
Grounds: The reasons for processing may be a legal requirement (if we have the legal obligation to disclose certain personal data to the public authorities) or our legitimate interest in resolving any disputes and / or complaints.
________________________________________________________________________

TO WHICH PEOPLE DO WE CONVEY YOUR PERSONAL DATA?
To provide you the expected hospitality and high-quality services, your data may be sent to our service providers and other third parties, as detailed below:
a) Suppliers: In order to provide the requested services, in some cases we will need to convey some of your personal data to the providers, and they will be empowered to process the data on our behalf and in accordance with our guidelines (e.g. suppliers of software, IT, accounting services, medical services).
b) Business partners and collaborators: In some cases, we associate with other companies to provide you the products, services or offers you have requested. For example, we can conclude a contract with a third party providing hosting services.
c) Public authorities and / or institutions: (i) to comply with legal provisions; (ii) to respond to their requests; (iii) for reasons of public interest (e.g. national security).
The privacy of your data is important to us, so that, wherever possible, the communication of personal data in accordance with the above is done only on the basis of a confidentiality commitment signed by the recipients, guaranteeing that the data is kept safe and that this information is provided in accordance with applicable laws and policies. In any case, we will always send to the recipients only the information strictly necessary for the purpose in question.
________________________________________________________________________

DO WE COLLECT PERSONAL DATA FROM THIRD PARTIES?
To provide you the expected hospitality and the best level of services, we may collect information about you from our business partners and other third parties, as detailed below:
a) Business partners: such as card partners, social networking services that are consistent with your own settings for these services, partner recruitment websites for employment.
In any case, we ensure that your data collected from third parties will be processed under the same conditions as if they were collected directly from you. Similarly, we will collect only what is necessary for our purposes (please see the Section “FOR WHAT PURPOSE AND ON WHAT BASIS DO WE PROCESS YOUR PERSONAL DATA?”).
Moreover, when we contact you for the first time, we will let you know, first of all, the source from which we obtained your personal data.
________________________________________________________________________

DO WE CONVEY YOUR PERSONAL DATA OUTSIDE THE EU / EEA?
We may convey your data to some suppliers located in countries other than the one you are located in and, in some cases, in non-EU / EEA countries.
Although data protection laws in these countries may differ from those applicable in your country, we will take the necessary measures to ensure that your personal data is processed in accordance with this policy and applicable law.
________________________________________________________________________

PROVIDING THE PERSONAL DATA OF OTHER INDIVIDUALS BY YOU
If you provide us the personal data of other individuals, please previously inform them about this disclosure and how their personal data are going to be processed, as described in this privacy policy.
________________________________________________________________________

HOW LONG DO WE KEEP YOUR PERSONAL DATA?
Your personal data is retained throughout the purposes detailed in this policy if a longer period of retention is not required or permitted by the applicable law.
We constantly review the need for your personal data to be retained, and to the extent that the processing is no longer required and there is no obligation to retain your personal data, we will delete / destroy your personal information as soon as possible and in a way that it can no longer be recovered or reconstituted (for example, we will delete / destroy all data of people who have not been hired after the interviews, unless there is a serious prospect of future employment).
If personal information is printed on paper, it will be destroyed in a way that eliminates it completely, and if it is stored on electronic storage media, it will be deleted by technical means to ensure that the information can no longer be recovered or reconstituted at a later date.
________________________________________________________________________

WHAT ARE YOUR RIGHTS?
As being the data subject, you will benefit from the following rights provided by GDPR:
a) The right to access: you may request (i) a confirmation that your personal data are processed or not, and, if so, the access to, and information about these data, and (ii) a copy of your personal data we hold (Article 15 of GDPR);
b) The right to rectification: you may inform us about any changes in your personal data or you may ask us to correct the personal data we hold about you (Article 16 of GDPR);
c) The right to deletion (“the right to be forgotten”): in certain circumstances (such as (i) the data was collected illegally, (ii) the data storage limit has expired, (iii) you have exercised the right to oppose, or (iv) the processing of the data was done on the basis of consent and you have withdrawn your consent), you may ask us to delete the personal data we hold about you (Article 17 of GDPR);
d) The right to restrict processing: in certain circumstances (such as when you dispute the accuracy of such data or the lawfulness of the processing), you may ask us to restrict your data processing for a certain period (Article 18 of GDPR);
e) The right to data portability: you may ask us to send your personal data to a third party or directly to you (Article 20 of GDPR);
f) The right to opposition: in certain circumstances (such as the processing whose legal ground is the legitimate interest), you may ask us to no longer process your data (Article 21 of GDPR).
g) If we use your personal data based on your consent, you have the right to withdraw this consent.
If we use your personal data based on your consent, you may withdraw this consent at any time. In this situation, your data will no longer be processed by us, unless a legal provision compels us to keep and archive it. In any case, we will let you know if there is such a legal provision and we will indicate it expressly.
______________________________________________________________________

IS YOUR DATA SAFE?
We take care of your personal security seriously, so we take important security measures necessary to protect against unauthorized access to data or unauthorized modification, disclosure or destruction of data. This requires internal revisions of the security measures and data collection, storage and processing practices, as well as physical security measures to protect against unauthorized access to the systems where we store personal data.
We also require our service providers and business partners to take all necessary measures to protect against unauthorized access to data or unauthorized modification, disclosure or destruction of data.
______________________________________________________________________

LINKS TO OTHER WEBSITES
Our website contains links to third-party websites. Please note that we do not assume any responsibility for the collection, use, storage, sharing or disclosure of data or information by such third parties. If you use or provide information on third-party websites, the terms and privacy policy of those websites apply. We encourage you to read the privacy policy of the websites you visit, before providing personal data.
The use of BITSOFT’s internet services within our premises is subject to the terms of use and privacy of Internet providers. You can access these terms and policies by using the links found on that service’s login page or by visiting the Internet provider’s website.
________________________________________________________________________

QUESTIONS OR COMPLAINTS
If you have any questions or concerns regarding the processing of your personal data, or if you wish to exercise any of the above rights, you are welcome to contact us using our Contact Form available on the website or by sending an email to the following address: privacy@bit-soft.ro, and we will respond to you within 30 days of receipt of your request.
Also, insofar as you do not have electronic means or do not wish to use them, you may submit a written request to the address of our registered office in Bucharest, 7 Dr. Radovici Ion Street, Sector 5.
To the extent that you are not satisfied with the manner in which your application has been resolved, you may file a complaint with the National Supervisory Authority for Personal Data Processing.
________________________________________________________________________

POLICY CHANGES
This privacy policy may change from time to time in accordance with the changes to data policy laws or on the basis of changes to our services or organizational arrangements. If we make any material changes, we will publish a link to the revised policy on our homepage.
If we make significant changes that will impact your rights and freedoms (for example, when we start processing your personal data for purposes other than those specified above), we will contact you before starting this processing.
To help you tracking the most important changes, we will include a change history below, in order to recognize the changes made to this policy.

Last updated: 12th December 2018