General Data Protection Regulation consent

The protection of your personal data is important to us and, therefore, we are dedicated to protecting the privacy of our visitors accessing the www.lithea.net website, but also of those whose personal data were disclosed to us by third parties, or to which we had access from another source, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - "GDPR").

Kindly take your time and read the Policy herein below (herein after referred to as "PDP") in order to understand the manner in which your information will be dealt with ("personal data"). PDP explains the practices used by SC Tega SA, in enforcing GDPR provisions, but also your rights in connection with the manner in which your data is processed by SC Tega SA.

Personal data will always be processed by SC Tega SA in compliance with GDPR provisions, but also with any regulations governing personal data protection, applicable in each country in which SC Tega SA operates.

By means of this PDP, SC Tega SA wishes to inform the data subjects on the nature of personal data that we collect and process, as well as on the purposes for which it is processed. Furthermore, data subjects are also informed by means of the PDP on their rights.

What is personal data?

"Personal Data" means any information or pieces of information which may directly (for instance, your name) or indirectly (for instance, personal identification number) identify you. This means that personal data include items such as e-mail address, address, mobile telephone, user name, profile photos, personal preferences, user-generated content, financial information and information on the financial standing. It may also include single numerical identifiers, such as the IP address of your device, as well as browser cookies.

What does personal data processing mean?

"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Personal data controller

The personal data controller (herein after referred to as the "Controller") is SC Tega SA.

Data protection officer (DPO)

SC Tega SA, as controller, has appointed Bitai Zsuzsa as Data Protection Officer (herein after referred to as "DPO"), with the obligation to monitor the compliance with GDPR provisions in all data processing operations performed by the controller and to represent the controller before the data subjects and before the Supervisory Authority.

Data subjects may directly approach, at any time, DPO in connection with anything relating to this PDP, at the contact data below:

Name: Bitai Zsuzsa

Phone: 004 0267 310 123

E-mail: zsuzsabitai@tega.ro

Data processing principles

SC Tega SA undertakes to abide by the principles governing personal data processing (herein after referred to as the "Principles") set out in GDPR, with a view to making sure that all data is:

  1. Processed lawfully, fairly and in a transparent manner;

  2. Collected for specified, explicit and legitimate purposes;

  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

  4. Accurate and kept up to date;

  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;

  6. Processed in observance of the data subject’s rights, in a manner that ensures appropriate security of processing, so that it is integral, confidential and available.

Purposes for data processing

In order to conclude and execute contracts – In accordance with Article 6 paragraph (1) letter (b) of GDPR, personal data may be processed for the purpose of concluding or executing contracts. In order to be able to provide our products and services to you, we need to process personal data pertaining to you.

In order to fulfill legal obligations – in accordance with Article 6 paragraph (1) letter (c) of GDPR, personal data may be processed for the purpose of fulfilling legal obligations. We request several personal data, including, in certain cases, your personal identification number, with a view to fulfilling obligations imposed by tax authorities, in connection with billing and reporting to tax authorities.

For marketing purposes – In accordance with Article 6 paragraph (1) letter (a) of GDPR, personal data may be processed if the data subject expressed their consent to have their personal data processed for one or several specific purposes. Thus, in certain cases, your personal data will be used in order to send you marketing messages, offers, newsletters, future campaigns, invitations to various events.

For the purpose of conducting our business – In accordance with Article 6 paragraph (1) letter (a) of GDPR, personal data may be processed if the data subject gave their consent to have their personal data processed for one or several specific purposes. Accordingly, we may contact you or transfer your personal data in the course of our business. We will contact you whenever we deem that the data provided upon making a reservation in our facility is incomplete or in order to confirm that you maintain your reservation, until the check-in formalities.

Disclosure of personal data to third parties

The personal data processed by SC Tega SA may only be disclosed and/or transferred to third parties subject to your express consent in that respect, save where there is any legal/contractual obligation incumbent upon SC Tega SA to take that course of action.

Kindly keep in mind that, under certain circumstances, we may have an obligation to disclose your personal data to the partners with which SC Tega SA cooperates and/or to other third party service providers of SC Tega SA.

Automatic data processing. Cookies

The SC Tega SA website currently uses Cookie-type identifiers. In that regard, please review our Cookie Policy, available on our website, and you have the right to deactivate the Cookies, as stipulated in the policy.

Data storage period

SC Tega SA may store the processed data for various periods of time, deemed as reasonable, depending on the purposes specified herein above. We only keep you data for the period that is necessary to achieve the purpose for which the data was held, to satisfy your needs or to fulfill our obligations under the law.

In order to know for how long your data will be stored, we use the following criteria:

  • When purchasing products and services, we store your personal data for the duration of our contractual relationship, but also for a subsequent period, if there is a legal obligation in place for SC Tega SA to store such data;

  • If you take part in a promotion, we store your personal data for the duration of the promotional campaign;

  • If you contact us with a question, we store your personal data for the duration necessary to process your question, but no longer than 3 years since the last correspondence sent;

  • If you set up an account, we store your persona data until you request us to erase it or after a period of inactivity (no active interaction with us). In that regard, mention is to be made that data processed for this purpose will be erased 3 years after the last interaction with the account user (for instance, login into your account);

  • If you gave your consent for marketing purposes, we store your personal data until you unsubscribe or you request us to erase it or after a period of inactivity (no active interaction with out marks), as defined in accordance with local regulations and guidelines. In that respect, mention is to be made that data stored in our data bases for the purpose of direct marketing communication is erased from the records of such data bases 3 years after the last interaction with you;

  • If the cookie modules are stored on the computer, we will keep them for as long as necessary for them to reach their goals (for instance, for the duration of a session, in respect of shopping basket cookies or session ID cookies) and for a period defined in accordance with local regulations and guidelines. To that end, mention is to be made that data processed through cookie modules used in order to provide behavioral advertising online, to customize our services for you and to allow our content to be shared on social media websites (sharing buttons for website display), will be kept for a maximum period of 3 years after collection, in reliance upon your consent.

Your rights

In accordance with GDPR, you have a series of rights in connection with the personal data to be processed by SC Tega SA:

  • Right of access to the processed data – You have the right to access your personal data in our possession. The first delivery of information will be free of charge. If you require copies of the information already provided to you, we may charge a reasonable fee, in consideration of the administrative costs for the provision of information. Obviously ungrounded, excessive or repeated requests may remain unanswered.

  • Right to rectify the data – You have the right to request your data to be rectified, if inaccurate or obsolete and/or to supplement it, when incomplete. If you have an account, it might be easier to rectify your own data, by means of the "My Account" section.

  • Right to erasure ("right to be forgotten") – In certain cases, you have the right to have your data erased or destroyed. This is not an absolute right, because there may be cases when we are forced to keep your data for legal or judicial reasons.

  • Right to restriction of processing – You are entitled to request restriction of processing in connection with your data. This means that processing of your data is limited, so that we can preserve the data, but cannot use or process it. This right applies in specific circumstances set out in the General Data Protection Regulation, in particular:

    • the accuracy of the personal data is contested by the data subject (i.e., by you), for a period enabling the controller (i.e., SC Tega SA) to verify the accuracy of the personal data;

    • the processing is unlawful and the data subject (i.e., you) opposes the erasure of the personal data and requests the restriction of their use instead; the controller (i.e., SC Tega SA) no longer needs the personal data for the purposes of the processing, but they are required by the data subject (i.e., by you) for the establishment, exercise or defense of legal claims;

    • the data subject (i.e., you) has objected to processing based on lawful reasons by the controller (i.e., SC Tega SA) pending the verification whether the legitimate grounds of the controller (i.e., SC Tega SA) override those of the data subject (i.e., you)

  • Right to data portability – You have the right to move, to copy or to transfer the data you are interested in from our data base to another. This only applies to the data you provided to us, when processing relies on your consent or on a contract and is implemented by automated means.

  • Right to object – You may object at any time to the processing of your personal data, when such processing relies on a lawful interest.

  • Right to withdraw your consent at any time – You may withdraw your consent for the processing of your personal data when such processing relies on your consent. Withdrawing your consent will not impact the legality of processing performed in reliance upon your consent, before withdrawal thereof.

  • Right to file a complaint with the competent supervisory authority – You are entitled to file a complaint before the data protection supervisory authority in your residence or domicile country in order to object to the data protection practices provided by SC Tega SA.

  • Right to object to processing of your personal data for direct marketing purposes – You may unsubscribe or give up our direct marketing communications at any time. It is easier to do so by clicking the "unsubscribing" button in any e-mail or communication delivered by us.

  • Right to object to our processing of your personal data when we conduct actions for the public interest or our or third parties’ lawful interests – You may object at any time to processing of your personal data, when such processing relies on a lawful interest.

  • Right to deactivate Cookies – you have the right to deactivate the cookie modules. The Internet browser settings are usually set by default to accept cookie modules, however, you may easily adjust them by changing the settings of your browser. Many cookie modules are used to increase the degree of use or functionality of websites / software applications; consequently, by deactivating cookie modules, you could be prevented from using certain parts of the websites or our applications, as further detailed in the relevant Cookie table. Should you wish to restrict or to block all cookies set by our website/applications (an action that could prevent you from using certain sections of our website) or any other websites/applications, you may do so from the settings of your browser. The Help feature in your browser will show you how. For more information, please visit the following link: www.aboutcookies.org.

  • You may exercise any of these rights in connection with the personal data processed by SC Tega SA by sending a mere request to the DPO of SC Tega SA. In such a case, we might request a proof of your identity.

Judicial requests

We access, store and supply your information to regulatory authorities, law enforcing officers or other entities:

  • In reply to a legal request, when we believe, in good faith, that the law requires us to. Furthermore, we may comply with legal requests when we believe, in good faith, that the reply imposed by the laws applicable in the relevant jurisdiction impacts the users in that jurisdiction and complies with internationally-acknowledged standards.

  • When we believe, in good faith, that this is necessary in order to: detect, prevent and tackle acts of fraud, unauthorized usage of any material pertaining to us, infringement of our conditions or policies or any other offensive or illegal activities, to protect ourselves (including our rights, assets or materials), you and third parties, including during investigations or audits conducted by regulatory authorities or to prevent threatening death or personal injury. For instance, if relevant, we provide information to and receive information from third party partners in connection with the reliability of your account, in order to prevent fraud, abuse and other detrimental activities in and outside our materials.

  • The information we receive about you may be accessed and stored for a longer period of time when they are concerned in a judicial request or legal obligation, a governmental investigation, or investigations in connection with potential violations of our conditions or policies, or in other cases, with a view to precluding damages.

Relationships with other controllers

Depending on the context, we could find ourselves in the situation of absolutely needing to provide information to a higher level, both globally, and locally or abroad, to our partners and those with which we are involved in personal data transfer, in observance of GDPR, in view of providing services as professionally as possible. The information controlled by SC Tega SA could be transferred, delivered or stored and processed in EU or in countries other than your country of residence, for the purposes described herein. Such data transfers are necessary in our effort to supply services at the highest standard, but also to continue to provide our materials at the highest level of professionalism. We employ standard contractual clauses approved by the European Commission and rely on adequacy decisions issued by the European Commission in connection with certain countries, as the case may be, in relation to data transfers from EEA to the United States and to other countries.

Security of processing

SC Tega SA has in place technical and organizational measures for data processing, updated in line with GDPR requirements, aimed at protecting your personal data against any unauthorized access, unsuitable usage or disclosure, unauthorized alteration, accidental destruction or loss. All of SC Tega SA’s employees and partners, as well as any third parties acting in the name and on behalf of SC Tega SA are held under the obligation to observe the confidentiality of your information and the GDPR requirements, in compliance with PDP provisions.

Updates to the personal data protection and processing policy

Please keep in mind that this Policy may undergo regular changes to its content, by updating the www.lithea.net website.

How will we notify you on any amendments to this Policy?

We will deliver a notice before any amendments are made to this Policy and will allow you to review the revised PDP before choosing to continue to use our materials.

Please discontinue the use of the www.lithea.net website if you disagree with any such amendments. Furthermore, it is our recommendation to check this page for any update.

Contact

If you have any questions or concerns in connection with the manner on which we treat and use your personal data or wish to exercise any of your rights, please contact us.