RFQ

Privacy

 

According to the Law no. 677/2001, beneficiaries of rapid access, intervention regarding the position of establishing an individual decision. At the same time, you can be opposed to the processing of personal care will be concerned and request intervention measures. In order to exercise its rights, the address can be addressed with a written request, data and signatures of the company S.R.L Hospitality Development Solutions. It is also acknowledged by a justified address. "

 

According to art. 12 of Law no. 677/2001, the persons concerned in the context of the processing of personal data, have the right to be informed about the following aspects:

  • the identity of the operator and its representative, if applicable - The operator of the character data is the company Hospitality Development Solutions S.R.L. through Simona Panait, the person designated to perform the operations on personal data;

  • any other information the supply of which is required by the disposition of the supervisory authority, taking into account the specifics of the processing: 

     

  • the data categories processed (if they are not collected directly from the data subjects) - personnel (first and last name, personal identification number (CNP, NIF, social insurance number), sex, date and place of birth, citizenship, data from civil status documents, telephone, fax, address, e-mail, profession, job, vocational training, economic and financial situation, habits, preferences, behavior, image, voice - by requesting a copy after BI / CI and completing a form);

  • the obligatory or optional character to provide the personal data - obligatory;

  • the existence of the right of access, of intervention on the data, of opposition to the processing of the data, of not being subject to an individual decision, the conditions for exercising these rights, as well as of the right to address the justice;

  • eventual transfer of data abroad - the information is not transferred abroad.

 

INFORMATION SECURITY POLICY

According to the provisions of Order no. 52/2002, the minimum security requirements for the processing of personal data that are the basis for the adoption and implementation by the operator of the technical and organizational measures necessary to maintain the confidentiality and integrity of the personal data, can be found in their own security policies and procedures. , which covers the following aspects:

User identification and authentication
The user means any person who acts under the authority of the operator, the authorized person or the representative, with a recognized right of access to personal databases. The users, in order to have access to a personal database, are designated by service decision. Each operator that operates on the personal database, performs these operations based on the personal password. Users have the obligation to maintain the confidentiality of the data and to respond accordingly to the operator. The operators authorize certain users to revoke or suspend an identification and authentication code, if their user resigned or was terminated, concluded the contract, was transferred to another service and the new tasks do not require access to personal data, has abused the received codes or if he will be absent for a long period established by the entity. Users' access to the manually performed personal databases will be based on a list approved by the management of the entity.

Type of access
Users access the personal data required only for the fulfillment of their duties. For this, access to personal data is made for: administration, introduction, processing, saving, etc. and for actions applied to personal data such as: writing, reading, deleting, as well as the procedures regarding these types of access. Programmers of personal data processing systems do not have access to personal data. The operator will allow programmers access to personal data after they have been transformed into anonymous data. The compartment that provides the technical support can have access to personal data for solving exceptional cases. Anonymous data will be used for the training of users or for the presentation of presentations. The employees who teach the training courses will use personal data during their own training. The operator will establish the strict ways by which the personal data will be destroyed. Authorization for this processing of personal data is limited to a few users.


Data collection
The operator designates authorized users for the operations of collecting and entering personal data in the computer system. Any modification of personal data can only be done by authorized users designated by the operator. For better administration, the operator takes the necessary measures for the information system to keep the data deleted or modified. Backup execution The operator will establish the time frame at which the backups of the personal databases, as well as the programs used for automated processing, will be executed. The users who run these backups are called by the operator, in a limited number. The backups will be stored in other rooms, in metal sockets with applied seal. The operator takes the necessary measures to ensure that access to the backups is monitored. Computers and access terminals Computers and other access terminals are installed in rooms with restricted access, in lockable rooms, and access to computers is done with passwords. The access terminals used in relation to the public, on which personal data appear, will be positioned so that they cannot be seen by the public and after a short period, established by the operator, in which they do not act on them, they will be hidden.

 

Telecommunication systems
The operator periodically checks the types of access for detecting malfunctions regarding the use of telecommunications systems. The telecommunications system will ensure that personal data cannot be intercepted or transmitted from anywhere or, as the case may be, the use of the encryption method for the transmission of personal data. Only the personal data strictly necessary will be transmitted through the telecommunications systems.

Staff training
The operator will conduct training courses for users with their information on the provisions of Law no. 677/2001 for the protection of persons with regard to the processing of personal data and the free movement of such data, to the minimum security requirements of the processing of personal data, as well as to the risks involved in the processing of personal data, depending on the specific activity of the user. Users who have access to personal data will be trained by the operator on their confidentiality. Users are forced to close their work session when they leave the workplace.

Using computers
In order to maintain the security of the processing of personal data (especially against computer viruses), measures are taken consisting of:

prohibiting the use by users of software programs that come from external or dubious sources;
informing users about the danger regarding computer viruses;
implementation of automated systems for virus detection and security of information systems
deactivating, as far as possible, the "Print screen" key, when personal data are displayed on the monitor, thus prohibiting their removal from the printer.
Data printing
The removal of personal data to the printer will be carried out only by users authorized for this operation by the operator. The operator will take the necessary measures to approve specific internal procedures regarding the use and destruction of these materials. At the same time, the operator will approve its own security system, taking into account the minimum security requirements of the processing of personal data, and depending on the importance of the personal data processed, will impose additional security measures.

 

Register for newsletter

Stay with us for the latest offers from our registered suppliers and the largest variety on second hand furniture and equipment, coming from 4&5 stars hotels and restaurants.