Privacy and Data Policy

PRIVACY POLICY

Last Updated: 23 March 2026

This Privacy Policy informs you about how we collect, use, transfer, and protect your personal data. The processing of personal data is carried out in accordance with EU Regulation 2016/679 (General Data Protection Regulation – GDPR) and applicable national laws.

1.WHO WE ARE

QUINTUS SRL, hereafter referred to as “the Company” or “We”.

Contact Details:

  • Address: Strada Trandafirilor nr. 57-59, 545500 Sovata, Mureș County, Romania
  • Email: gdpr@hotelcrystal.ro
  • Phone: +40 365 450 350

2.HOW WE PROCESS YOUR PERSONAL DATA

The Company, as data controller, processes personal data of:

  • Job applicants
  • Employees
  • Individual clients
  • Representatives of corporate clients
  • Contracted partners and collaborators
  • Any other natural persons interacting with the Company

Personal data is processed in a way that is:

  • Lawful, fair, and transparent
  • Collected for specified, explicit, and legitimate purposes
  • Adequate, relevant, and limited to what is necessary
  • Accurate and up-to-date
  • Stored in a form that allows identification only as long as necessary
  • Secured against unauthorized access, loss, destruction, or damage

3.WHAT PERSONAL DATA WE COLLECT AND WHY

Recruitment / Job Applications:

  • Name and surname
  • ID / Passport number
  • Gender
  • Address
  • Bank account information
  • Email and phone number

Service Contracts / Partnerships:

  • Name, surname, ID/Passport number, gender, address, bank account, email, phone

Website Visitors:

  • Cookies and similar technologies may collect:
    • IP address
    • Browser type
    • Location
    • Pages visited
    • Time spent on the website
    • Network
    • Device

Marketing Communications:

  • Sent only with explicit consent
  • Email used solely for this purpose
  • Option to unsubscribe at any time

4.LEGAL BASES FOR PROCESSING

We process your personal data based on:

  • Performance of contracts
  • Compliance with legal obligations
  • Your consent
  • Legitimate interests of the Company (e.g., employee safety, legal claims)

5.DATA RETENTION PERIOD

Personal data is stored only for as long as necessary to fulfill the processing purposes or as required by law (e.g., accounting, archiving).

6.WHO WE SHARE YOUR DATA WITH

We do not disclose your personal data to third parties except:

  • Authorities and public institutions (legal obligation or legitimate interest)
  • Contracted partners providing services such as web hosting, website maintenance, or online marketing
  • Third parties where you have given explicit consent

EEA (European Economic Area):

  • The EEA consists of the EU member states plus Iceland, Liechtenstein, and Norway
  • Any transfer of personal data outside the EEA is carried out in compliance with GDPR and legal safeguards

7.SECURITY MEASURES

The Company implements appropriate technical and organizational measures to ensure a high level of security and protection of personal data. These include security technologies, internal policies, procedures, audits, and controls.

8.YOUR RIGHTS

Under GDPR, you have the following rights:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right not to be subject to automated decision-making, including profiling
  • Right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (dataprotection.ro) or courts

Contact for exercising rights or inquiries:

  • Email: gdpr@hotelcrystal.ro
  • Phone: 0365401269
  • Contact Person: Ionel Orza
  • DPO services are provided externally by GDPRComplet