INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA

The following information is designed to inform you of the aspects regarding the processing of your personal data and your rights regarding this processing in accordance with the General Regulation 2016/679 on data protection (“GDPR”) and the national legislation in force.

1. General information

We, the company – ProGreen Solutions bv – we represent the operator in accordance with the GDPR. The contact details of the Data Protection Officer of the Company are e-mail: caroline@progreensolutions.be.

2. Purpose of processing and categories of processed data:

The company processes your personal data for the following purposes:

  • for the purpose of providing products / providing services in the field of tourism
  • in order to fulfill the legal obligations of the Company;
  • for the purpose of pursuing the legitimate interests of the Company;
  • for the following purposes, all regarding the tourism field, to the extent that you have agreed with each of them:
  • Providing information on commercial offers
  • Providing information about the Company’s events
  • The provision of accommodation services, both in the country and abroad, in accommodation units of different categories, according to the classification criteria of each country, criteria that may differ from those in Romania;
  • Provision of reservation services and issuance of plane tickets on domestic and international flights;
  • The provision of services for the organization of other tourist and protocol services at the request of the beneficiary;
  • Provision of event organization services
  • Provision of specialized tourist assistance services
  • Providing travel medical insurance services
  • The provision of passenger transport vehicle rental services
  • Provision of courier services for issued travel documents
  • Participation in opinion polls regarding the Company’s products and services regarding the degree of customer satisfaction

For these purposes, the following categories of data may be processed:

  • Name and surname, personal code, date of birth, gender, identity document, function, address, e-mail, landline and/or mobile phone numbers, fax number;
  • Your contact with us, such as an email, notification, message request or other record of contact with us;
  • Information about your account, such as dates of payments due or received, account numbers or other information related to your account or that is included in our customer relationship management portal;
  • Your preferences for certain products, services and lifestyles when you tell us what they are or when we assume what they are, based on how you request the provision of services by ProGreen Solutions bv;
    See the Cookies section for details on what we collect using cookies, web beacons and other technologies, including advertising data;
  • Information we obtain from other sources, such as public or private authorities, fraud prevention agencies, and other data providers.
  • This includes demographic data, interest data, and online browsing behavior.
  • History of offering advantages, discounts, discounts to reward customer loyalty.
  • The level of services provided to you – for example, operational problems and other events that may affect our services;
  • Responses to invitations and confirmations of participation in events
  • Sensitive personal data discloses your racial and ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic data, biometric data, health data or data related to life or sexual orientation.

ProGreen Solutions bv does not intentionally collect sensitive personal data from you in order to store it.

The personal data we process is mainly your identification, transactional, financial, demographic, location or other personal data that we collect directly from you or from other sources when you become our customer or when you use our services .

The legal basis of the processing

The legal basis for the collection and processing of your data for each of the purposes mentioned above is:

  • The supply or service contract to which you are a party or your request before the conclusion of a contract for which we received your consent;
  • The Company’s legitimate business interests, for example, preventing fraud, maintaining the security of our services, direct marketing and improving our services. Whenever we rely on this legal basis to process your data, we assess our commercial interests to ensure that these do not override your rights. In addition, in some cases you have the right to object to this processing. The legitimate interest of the Company to allow us to exercise the rights provided by law in our favor, to take legal action against any illegal activity or that damages the Company
  • Compliance with a mandatory legal requirement, for example, accounting and tax requirements, which are subject to strict internal policies (such as retention periods), procedures, and your right to restrict the use of your data, which control the scope of our services that will be provided;
  • In addition, to the extent that you have agreed, your consent. The processing of personal data based on consent represents an additional purpose to the processing of personal data in order to execute the contract to which you are a party and does not condition the supply/performance of contractual services.

We will collect your personal data when, for example:

  • Purchase or use any of our products and services;
  • You register for a particular product or service;
  • You contact us through various channels, or request information about a product or service;
  • You have given permission to other companies, such as our business partners or associates, as well as our third party suppliers or contractors, to share information with us about you;
    When your personal data is public; or

You are the customer/beneficiary of a commercial activity that we purchase/provide.

We also collect information from certain organizations where appropriate and to the extent we have legal grounds to do so. These include fraud prevention agencies, business directories, verification/control agencies, billing agencies and contracted service providers.

The categories of recipients to whom the collected personal data may be disclosed:

In order to achieve the goals set out above, we use the following categories of product and service providers/authorities:

  • suppliers directly/indirectly involved in the supply of products and services in the field of domestic and international tourism;
  • state authorities (including fiscal authorities);
  • accountants, auditors, legal experts, lawyers or other such external advisers of the Company or to third parties who provide products and services to the company (providers of security services, IT systems, financial consultants)
  • the Company’s suppliers directly/indirectly involved in the marketing and promotion process.

3. Duration of storage

We will retain your information, which may include personal data, for as long as necessary to provide services to you, comply with applicable laws, resolve disputes with any party, and otherwise, if necessary, to enable us to conduct our business, including to detect and prevent fraud or other illegal activities.

For example, we have the obligation to keep documents related to financial transactions 10 years after the end of the financial year in which they were processed.

All personal data we hold will be subject to this Privacy Policy. If you have a question about a specific retention period for certain types of personal data that we process about you, please contact us via the contact details included below.

4. Your rights

The Regulation gives the persons whose personal data are processed a series of rights. Thus, in addition to the currently existing rights, we also find the right to data portability and the right to delete data. In short, the rights you have:

The right to withdraw at any time a given consent in order to stop a data processing that is based on your consent. The withdrawal will not affect the legality of the processing based on the consent granted before the withdrawal, for the execution of a contract, in order to fulfill a legal obligation or for the purpose the pursuit of our legitimate interests.

The right of access – means that you have the right to obtain a confirmation from us as to whether or not we are processing your personal data and, if so, you have access to that data and information on how this data is processed.

The right to data portability – refers to the right to receive personal data in a structured format, currently used by us and which can be read automatically, but also to the right for these data to be transmitted directly to another operator, if this this is technically feasible.

The right to opposition – refers to your right to oppose the processing of personal data when the processing is necessary for the performance of a task that serves a public interest or when it considers a legitimate interest of the operator. When the processing of personal data is aimed at direct marketing or processing based on express consent, you have the right to oppose the processing at any time.

The right to rectification – refers to the correction, without undue delay, of inaccurate personal data. The rectification will be communicated to each recipient to whom the data were sent, unless this proves impossible or involves disproportionate efforts.

The right to data erasure (“the right to be forgotten”) – means that you have the right to request the erasure of personal data, without undue delay, if one of the following reasons applies: it is no longer necessary to fulfill the purposes for which they were collected or processed; you withdraw your consent and there is no other legal basis for the processing; you object to the processing and there are no other legitimate reasons that prevail; personal data were processed illegally; personal data must be deleted to comply with a legal obligation; personal data were collected in connection with the provision of information society services.

The right to restrict processing – can be exercised if the person disputes the accuracy of the data, for a period necessary to verify the correctness of the data; the processing is illegal, and you object to the deletion of personal data, requesting the restriction instead; if ProGreen Solutions bv he no longer needs the personal data for the purpose of processing, but the person requests them for establishing, exercising or defending a right in court; if the person has objected to the processing for the period of time in which it is checked whether the legitimate rights of the operator prevail over those of the respective person.

The right to file a complaint – complaints regarding the processing of personal data can be addressed to the National Authority for the Supervision of Personal Data Processing.

To exercise these rights, as well as for any additional questions regarding this information or regarding the Company’s use of personal data, please contact our data protection officer, choosing any of the communication methods described below.

You can contact us:

Additional details as well as possible updates of this information regarding the protection of your data – you can find on the Company’s web page – Data Protection section