GDPR

Information note / Privacy policy

  1. General information

  2. PHOTOHOTEL SRL is aware of the importance of your personal data and respects the right of protecting your personal data that we process, for all the natural persons interacting with the company - according to the EU Regulation no.679 / 2016 (‘GDPR’). This privacy policy concerns both personal data that we get through the website www.photohotel.com, any other electronic means of communication (social media), and data collected outside the electronic environment (such as by telephone or in physical form), including information received from our partners (such as recruitment companies / HR). The personal data collected and processed by our partners fall within the scope of their own privacy policies. This policy does not apply to practices that PHOTOHOTEL SRL does not own, control or manage in any way. If you do not agree with our privacy policy, please do not use our site or provide us with personal data. For any questions or requirements regarding the personal data we process from you, please contact us by email at dataprotection@photohotel.com .

  3. Definitions

  4. According to Regulation 679/2016 (GDPR), the terms below are defined as follows:

    • Data subject: The natural person to whom personal data are processed.
    • Personal data: Any information about a natural person (the data subject) identified or identifiable directly or indirectly (by reference to an identifier).
    • Processing: Any operation or set of operations performed on personal data, with or without the use of automated means.
    • Operator: The natural or legal person, the public authority, the agency or another body which, alone or together with others, establishes the purposes and the means for processing personal data.
    • Trustee: The natural or legal person, public authority, agency or other body that processes personal data on behalf of the operator.
    • Consent: Any manifestation of free, specific, informed and unambiguous agreement of the data subject by which the person accepts, by a declaration or an unequivocal action, that the concerned personal data are processed.
  5. In short

  6. We may collect personal data from you:

    • Directly - data you provide to us by contact, email, telephone or physical form (name, email address, telephone number and other details you communicate to us).
    • Indirectly - by means of observed data, such as the server traffic report (IP, geographical location, information from cookies and other information that are inherent to Internet use).

    We will process personal data only for the purposes set out below and we will not process the data for purposes incompatible with those stated. We process personal data from you in the following situations:

    As a website visitor:

    By accessing our website you allow programs that help its operation to collect certain personal data related to you.

    Categories of data processed, the basis and purpose of their processing:
    Data from the interaction with the website (IP, location, data from cookies).

    We process this data based on our legitimate interest in analyzing the audience and improving the website as structure and content, to improve the relevance of information we provide and to protect us from cyber-attacks.

    The purposes of these processes:
    • continuous improvement of our services,
    • ensuring the website's functionality and optimization
    • investigating and settling any fraud or security incidents
    Data origin

    These data are personal data observed from your interaction with our website.

    The need to provide them and the consequences if you do not provide them
    For a better understanding of the situation, we can divide this information into two categories:
    • Information on which the operation of the website depends. The provision of this data is mandatory, as it allows access to and use of the website. If you did not provide this data you would not be able to access or use the website.
    • Information for website traffic optimization. In order to give us this information you can express your consent in the cookie management application.
    We do not collect information for promotional, re-marketing or email marketing campaigns.
    Transfer to third parties, other countries and security measures

    You will have access to this data: our web hosting provider, Google.
    The servers on which this data is stored are located in the European Union territory or are part of https://www.privacyshield.gov/welcome , guaranteeing the processing of personal data according to GDPR.

    Security measures. We have implemented security measures to reduce the risk of security incidents such as:
    • controlling the access in the physical space of our headquarters
    • securing electronic access, by: implementing „strong passwords” policies, IT security software, firewall, data protection training for employees, obligations of confidentiality imposed to employees
    • imposing security measures on third parties through contractual commitments with them.
    Retention period

    We do not store data from cookies. These files are stored on your browser and you can delete them anytime you want.
    The information we have access to for a defined period (5 years) contains statistical data on the traffic on our site, from the people who give us access to analytics cookies and we can only access it through Google Analytics

    The existence of automatic decisions and profiling

    We do not make any automatic profiling and do not take decisions following the automatic profiling of the processed data. However, external analytics and reporting services (Google Analytics) may use your data for complex automated profiling processes. To avoid this situation, we recommend one of the following options:

    • Cancel the acceptance for analytics and marketing cookies in our cookie management application
    • Cancel the acceptance of cookies directly from your browser or browse the Internet in the 'incognito' mode provided by your browser

    Joining the PHOTOHOTEL School

    The moment you choose to send us a CV or express your interest in working with us, you provide us with some personal data related to you, your abilities, your educational and professional background. We need this information to be able to contact you and to evaluate you for possible collaboration.

    Categories of processed data, the basis and purpose of their processing
    • Contact details (name, first name, email address, phone number, city).
    • Other personal data (date of birth, marital status, photo, Facebook page)
    • History of studies and work experience.
    • Skills and abilities (CV data, answers to the questionnaire’s questions)

    We process this data both on the basis of our legitimate interest in choosing the right candidates, and on the basis of your consent for retaining the data and in the case we do not cooperate, but would like to be contacted later. The purpose of processing these data is to recruit people for PhotoHotel school and to subsequently recruit the candidates to one of the partner locations.

    Data origin

    These data are provided directly by you, by the following means:

    • Uploaded directly to our website
    • CV sent through recruitment applications, email or directly to our company headquarters
    • Completed questionnaires for employment.
    • Data provided during the interviews for employment
    Without providing this data, we will not process it.
    The need to provide them and consequences if you do not provide them

    We believe that we need this data to be able to make an informed decision to select the right candidates for the position we want to hire. If you do not want to provide this data we will not be able to consider you for the recruitment process.

    Transfer to third parties, other countries and security measures

    This data will be able to reach our partners with whom we collaborate in order to hire you in one of the locations where PhotoHotel operates. These partners are located in the European Union and comply with the GDPR provisions.
    Security measures. We have implemented security measures to reduce the risk of security incidents such as:

    • controlling the access in the physical space of our headquarters
    • securing electronic access, by: : implementing „strong passwords” policies, IT security software, firewall, data protection training for employees, confidentiality obligations imposed to employees
    • we only work with providers who are committed to complying with GDPR or are part of the Privacy Shield.

    We may transfer personal information to the Prosecutor's Office, the Police, the Courts and other state authorized bodies, based on and within the limits of the legal provisions and as a result of expressly formulated requests.

    Retention period
    We will keep this data for a period of 5 years for the candidates who were accepted after which they will be anonymized.
    We will keep this data for the candidates who were rejected until the selection process is completed or, if they have given their consent, we will keep the data for one more year after the interview for further contact.
    The existence of automatic decisions and profiling

    We do not make any automatic profiling and do not make decisions following the automatic profiling of the processed data. Your experience, knowledge, situation and answers to the questions in the questionnaire will be part of a process of individual evaluation of the candidates, after which we will determine different skills or abilities.

  7. Your rights

  8. According to GDPR provisions, all data subjects benefit the following rights:
    • The right of data access. You have the right to access your personal data to verify the legality of the processing or to find out what personal data are being processed. If we process personal data related to you, you may request to receive this data.
    • The right to correction. If we process your personal data and they are inaccurate, you can request their correction.
    • The right to delete data or the ‘The right to be forgotten’. You may request the deletion of your personal data, and we have the obligation to comply with this request in cases where this data is not necessary to fulfill the purposes for which we process your personal data, in the case you withdraw your consent on which the data processing is based.
    • The right to restrict the processing. You may request a restriction on the processing of your personal data. In this case, we will not delete your personal data but we will stop processing them.
    • The right to data portability. Legal persons have the opportunity to transfer their personal data from one operator to another or to request to use them for their own purposes.
    • The right to object. You may object to the processing of personal data for purposes such as direct marketing or other purposes based on the legitimate interest of the operator such as profiling.
    • The right to not be subjected to a significant automatic decision. You have the right to not be the subject of a decision based solely on automatic processing which could have significant legal effects or could affect you in a significant way.
    • In addition to these rights, you have the right to withdraw your consent at any time wherever applicable.

    To exercise the rights in the above list, please contact us by email at dataprotection@photohotel.com. At the moment we can only accept written requests because we cannot deal with verbal requests in a timely manner without first analyzing the content of the request and without first identifying you.

    What should your request for data access contain?

    It is important to ensure that the requests come from you to reduce the security risks of your personal data. For this reason, please contact us with the same email you previously used to communicate with us. In some cases, we will ask for more information to identify you.

    The personal data you will provide to us for this purpose will only be used to verify your identity and will not be kept longer than necessary for this operation.

    You also have the right to call the supervisory authority (ANSPDCP - http://www.dataprotection.ro/) with reference to how your personal data is being processed by SC PHOTOHOTEL SRL.

  9. Changes to our privacy policy

  10. Any change in the privacy policy will result in the publication of a new version of it. In case we will make any major changes to our privacy policy, you will be notified once you access our site.

  11. Contact information

  12. For any questions or requirements regarding the personal data we process from you, please contact us by email at dataprotection@photohotel.com.