Privacy policy

1. Introduction
2. Legal Context
3. Data Protection Officer
4. How do we process Personal Information?
5. Type of information we process
6. What do we do with your information?
7. To whom do we share your personal data?
8. Newsletter subscribers
9. Personal data storage
10. Your Rights
11. Personal data security
12. Changes to the privacy policy
13. Third-party sites
14. About cookies
15. Site security
16. Questions, notices, complaints

1. Introduction

This privacy notice sets out how TATIS TRAVEL group of companies is committed to respecting the privacy of your personal data.

We will treat all personal data you provide as confidential and will process only the information permitted by the applicable law. This privacy notice describes the policies and practices Tatis Travel on the collection and use of your personal data and sets your privacy.

The confidentiality of information is a permanent responsibility and we will therefore update this Privacy Notice from time to time as we undertake new privacy practices or adopt new privacy policies. With regard to the processing of consent-based data (as described below), we will notify you of any changes and we will request your additional consent.

The purposes of data collection are hotel and tourism services, insurance and reinsurance services and electronic communications services.

We say that we will not request or receive information of any kind from children under 16 years of age.

2. Legal Context

According to the requirements of Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the "GDPR Regulation") applicable from May 25, 2018, we have the obligation to safely and for the specified purposes only use the personal data you provide us by using our site in accordance with the provisions of the GDPR Regulation.

For more details on the content of this legal framework, please visit the following link:

https://eur-lex.europa.eu/legal-content/RO/TXT/?uri=CELEX%3A32016R0679

3. Data Protection Officer

We have appointed a Data Protection Officer for all aspects of personal data protection, and you can contact the Data Protection Officer on all matters relating to your data processing and the exercise of your rights in accordance with the applicable legal provisions, especially if you have any questions or concerns about how we process your personal data. The email address you can contact your data protection officer is: contact@tatistravel.com.

4. How do we process Personal Information?

Personal Information may be collected either through or by electronic means, which includes, without limitation, the use of our websites tatistravel.com (including all other websites and/or landing pages), electronic mail, text, voice, sound, or image messages, or through non-electronic means, which includes, without limitation, the capturing of Personal Information on hard copy documents.

When using our websites, your Personal Information may be collected either actively where you or your appointed agent provide us with certain Personal Information or inactively where we collect information from you that you have not actively provided. See below for a more detailed discussion.

Active Information Collection:

Active information collection refers to instances where you have directly provided us with Information, such as when you submit an enquiry in respect of a specific product or service, when you subscribe to our newsletter, or complete a questionnaire and provide us with your personal details which may include (without limitation) first name, last name, e-mail address, country of residence, as well as your preferred dates of travel.

Inactive Information Collection:

Inactive or passive Information collection refers to instances where we collect certain Information which you have not actively (i.e. knowingly) provided, which Information we may obtain through the use of certain technologies such as Cookies, Web Beacons, Embedded Scripts, or Mobile Device identifiers when you visit our websites. Information obtained in this regard cannot be linked to you as a person (i.e. non-personally identifiable information) which information may include the type of web browser you use, the operating system you use, the date and time of your visit to our websites, the specific pages you may have visited, and the address of the website which you have visited prior to entering our websites. Tatis Travel does not link non-personally identifiable information with personally identifiable information.

5. Type of information we process

We need to collect, use, and disclose personal information to perform our duties as a travel agent, namely, making and managing travel bookings on behalf of our customers. During the course of our relationship, we may collect the following:

We process the following information collected by means of electronic submission or physical forms (as may be applicable):

Active Information:

• Your name and surname
• Your gender, age group, and weight
• Physical address
• Your e-mail address
• Your telephone and mobile number
• Your Identity and/or passport number
• Your company details
• Your passport nationality, issue date, and expiry date
• Your personal opinion, views, interests, and preferences
• Your emergency contact details
• Your medical requirements, and
• Your dietary and special requirements

Inactive Information Collection:

• The type of web browser you use
• The operating system you use
• The date and time of your visit to our websites
• The specific pages you may have visited, and the address of the website

We do not receive or process credit card information and use recognized and respected Paygate portals to securely receive credit card payments. We do not have access to any credit card information.

Personal data you provide about other individuals:

• We use personal data about other individuals provided by you, such as those people on your booking.
• By providing other people’s personal data, you must be sure that they agree to this and you are allowed to provide it. You should also ensure that, where appropriate, they understand how their personal data may be used by us.

6. What do we do with your information?

Personal Information will only be used in accordance with this Policy or as specifically disclosed to you and/or brought to your attention at the time you provide the Personal Information.

The Personal Information will be processed by us (or third parties approved by us), pursuant to and for the following purposes:

• Verifying your identity;
• Transmitting and receiving correspondence in relation to our services or products, including the preparation of itineraries and submission of quotes;
• Transmitting marketing material as specifically requested by you;
• Processing payments, refunds, and the like;
• Facilitating delivery of the services or the products;
• To monitor and analyze your conduct in respect of the Websites and/or services for research and statistical purposes;
• For compliance and risk purposes;
• Tailor make marketing and promotional material which we believe may be of relevance and interest to you;
• To personalize and enhance your online and guest experience;
• To recognize you as a repeat guest and to acknowledge your loyalty and preferences from past bookings as well as deal with any inquiries, correspondence, concerns, or complaints you have raised;
• To conduct market and / or academic research to identify potential markets and trends, to develop new products and services and to improve the nature of the products and/or services;

We may share your Personal Information with our subsidiaries or third-party service providers in order and only to the extent necessary to render supporting and / or ancillary services or products to facilitate our service or product delivery to you, which service providers will be required to comply with / adhere to the same principles (as may be applicable) contained in this policy when processing your Personal Information.

We will not sell, transfer, share, or otherwise permit access to your Personal Information with any third parties other than as described in this Policy.

Please note that we reserve the right to transfer, or otherwise share without restriction aggregated, de-identified, and other non-personally identifiable information as contemplated in this Policy.

We further reserve the right to use or disclose your Personal Information to comply with applicable laws, regulations, legal processes, and law enforcement inquiries, as required by litigation, to take precautions against liability, and protect the security and integrity of our Websites and the safety of its users.

7. To whom do we share your personal data?

We may share your information with the following entities:

• Primary suppliers: hotels, guides, transfer providers, car rental, and activity providers who fulfill your travel reservation
• Third parties who provide services on our behalf, business analytics, and fraud prevention
• As required or authorized by applicable law, and to comply with our legal obligations

8. Newsletter subscribers

Should you wish to subscribe to our newsletter, we will, from time to time, send you promotional emails about Tatis Travel special offers or other information using the email address which you have provided.

Whilst we love to keep in touch with our customers to share conservation victories, exciting products, and exceptional services, we do not contact our customers via email, short message service (SMS) / text, or similar electronic solutions for marketing purposes unless they have provided us with their consent to do so. Such engagement shall at all times be limited, be relevant, and we trust be of interest to you as our guest.

Please note that you can unsubscribe from this list at any time should you wish to by selecting the “unsubscribe” button at the bottom of the newsletter, or by emailing us your request contact@tatistravel.com or selecting the unsubscribe link at the bottom of every email you receive from us.

9. Personal data storage

All Personal Information provided to us will be stored on our secure servers.

The personal data we process based on your consent will be retained for an unlimited period of time (or until consent is revoked), unless the applicable legal requirements provide otherwise and this is necessary for the purpose of processing.

If you have not given us your consent for data processing or have revoked the agreement, we will store only minimum data about you (full name, contact details, references, and notes) for reporting statistics and reporting needs or to the extent justified based on another legal basis, such as our legitimate interest.

Without prejudice to the other provisions of this section, we will keep information and documents (including electronic documents) containing personal data:

• to the extent that we are obliged to do so by law.
• where the information / documents are relevant to any current or potential legal proceedings.
• to establish, exercise, or defend their legal rights (including the provision of information to others for the purpose of fraud prevention).

10. Your Rights

The GDPR Regulation gives certain rights to the data subjects. You have the right to access and rectify (correct) the recording of your personal data processed by us if these are inaccurate. You may ask us to delete or terminate the processing, subject to certain exceptions. You can also ask us to stop using your data for direct marketing purposes. You have the right to file a complaint with the data protection authority if you have concerns about how we process your personal data. When technically feasible, we will be able - upon your request - to provide your personal data or send it directly to another operator.

If access cannot be provided within a reasonable timeframe, we will provide you with a date when the information will be transmitted. You may also request additional information about: the purpose of the processing, the categories of personal data concerned, which was the source of the information, and how long it will be stored.

If you wish to execute any of these rights, please contact our Data Protection Officer at contact@tatistravel.com at any time.

WARNING! Please exercise your rights wisely and keep in mind that abuse of rights may make you accountable.

The contact details of the national authority for personal data protection are as follows:

National Authority for the Supervision of Personal Data Processing

Address: Bucharest, G-ral. Gheorghe Magheru no. 28-30, sector 1, postal code 010336

Website: http://www.dataprotection.ro

E-mail address: anspdcp@dataprotection.ro

Phone: +40.318.059.211; +40.318.059.212

Fax: +40.318.059.602

11. Personal data security

To protect the confidentiality of your personal data and information through the use of this website, we will maintain physical, technical, and administrative safeguards.

We update and test our security technology continuously. We restrict access to your personal data only to those employees who need to know that information to provide you with benefits or services. In addition, we instruct our employees about the importance of confidentiality and maintaining the confidentiality and security of your information.

If a personal data leak occurs, we will do everything to eliminate it and assess a leakage risk level in accordance with our privacy policy. If it is found that leakage may result in physical, material, or non-material harm to you (for example, discrimination, identity theft, fraud, or financial loss), we will contact you without undue delays, unless the law provides otherwise. All our steps will be taken in full cooperation with the competent supervisory authority.

12. Changes to the privacy policy

We may update this information document from time to time by publishing a new version on this website.

Given that privacy laws, state organ interpretations, supervisor recommendations change and improve from time to time, this notice of confidentiality and conditions of use is expected to change. We reserve the right to modify at any time, for any reason and without notice, this information document. Any changes to our privacy policy will be displayed on this page so that you are aware of our policies. The provisions contained in this document supersede all previous ads or statements about our privacy practices and the terms and conditions governing the use of this website.

13. Third-party sites

On our marketing material or websites, you may see references or links to websites that are owned and/or managed by third parties which third parties are unrelated to Tatis Travel (“Third Party Websites”), which Third Parties Websites are specifically excluded from this Policy.

These Third Party Websites have separate and independent privacy policies applicable to their respective websites, services, and/or products and may follow different practices in the processing and securing of your Personal Information.

You are strongly advised to read the privacy policy of each Third Party Website you engage with before providing your Personal Information as we cannot accept any liability should the Third Party Website process your Personal Information in any unlawful manner.

We, therefore, make no warranties or representations and bear no responsibility or liability whatsoever regarding any services and/or products offered, promoted, and/or advertised on Third Party Websites and/or services and/or products rendered by any third party which may have been accessed or used through or by means of our websites and/or their associated services.

14. About cookies

As is true for most websites, this site automatically collects certain information and stores them in log files. These include Internet Protocol (IP) addresses, the geographic location of your computer or device, browser type, operating system, and other information about visiting this site, such as viewed pages. This information is used to improve this website and, thanks to this constant improvement, to better serve our users. Your IP address can also be used to diagnose problems with our server, administer this site, analyze trends, track user browsing on a site, and collect demographic information to help us understand visitors' preferences and needs.

This site also uses cookies. For more details on cookies, please visit the user information document on the presence of cookies on the site.

15. Site security

We cannot guarantee that data transmissions on the Internet can be 100% secure. As a consequence, we cannot secure or guarantee the security of the information you submit, and you understand that any information you transfer to Tatis Travel is at your own risk. However, Tatis Travel uses site security measures in line with best practices to protect your website, emails, and mailing lists.

These measures include technical, procedural, monitoring, and tracking measures designed to protect data from improper use, unauthorized access, or disclosure, loss, alteration, or destruction of data.

We are aware that there may be mistakes or unauthorized program inaccuracies that almost every website, service, or user encounters. In these situations, our goals are to move quickly to isolate the problem, ensure or restore proper functionality, and minimize the inconvenience to our users.

If necessary, Tatis Travel will notify the competent authorities about these incidents of use or unauthorized intrusion on Tatis Travel.

16. Questions, notices, complaints

If you have any questions about your personal information or if you wish to exercise your rights or have concerns or complaints, please contact us by sending an email to the Data Protection Officer at contact@tatistravel.com.

If you do not want us to use the information you have provided, please email us at contact@tatistravel.com with the title "Do not use my data" and your name.

To update or correct your personal information, please contact your Data Protection Officer at contact@tatistravel.com.