Date of last update: 17.04.2022

This data collection policy describes the practices of personal data processing for the website PYBOOKING, as defined in the Terms and Conditions. This website is managed by S.C. PYNBOOKING NET SRL, which processes personal data as data controller, as explained in this document.

This data collection policy covers only the personal data collected by us, as a data controller. For the processing of personal data of PYNBOOKING’s Clients, as data controller, by S.C. PYNBOOKING NET SRL, as data processor, please refer to Annex 1 of the Terms and Conditions.

The purpose of this document is to inform you, the data subject, on what personal data we collect or process, how we will use these data, how we protect this data and who may have access to it, as well as your rights to your data, according to the provisions of the EU Regulation UE 2016/679 (GDPR).

PYNBOOKING offers software services (SaaS) for Hospitality business management, dedicated exclusively to legal persons.

In this context, applying the GDPR data minimization principle to the collected data, PYNBOOKING does not intentionally collect personal data from consumers/individuals, as data controller. PYNBOOKING will collect and process personal data from the representatives of the legal persons (Clients or potential clients), and especially their professional contact data.

Also, the entire activity to attract web visitors to PYNBOOKING web page is directed to legal persons and their representatives, but we may not guarantee the professional quality of all our web page visitors or to the persons that subscribe to the news from our website.

Therefore, we treat all this information as personal data and protect them as such, as described below, even if these could be personal data only in certain cases.

1. About us

S.C. PYNBOOKING NET SRL is a data controller by GDPR and has its contact address in Bucuresti, Boulevard Bulevardul Aviatorilor nr. 33, Et.4, Sector.1, is registered in the Romanian Trade Register no. J40/3490/2014, Fiscal Code (CUI) RO32956788, gdpr@pyn.ro known in this document as PYNBOOKING.

PYNBOOKING respects the current Romanian and European legislation on personal data protection and processes personal data only for the specified purposes below, as detailed:

The purpose of personal data processing is selling and providing the PYNBOOKING services (with all related activities, such as order processing, payment, invoicing, providing the service, etc.), customers support and marketing for PYNBOOKING own needs.

Your personal data will be used by PYNBOOKING only for the above-mentioned purposes and can’t be sold or rented to third parties.

The legal basis for these data processing is:
– Legitimate interest for the offers and contracting with the Clients and potential clients (legal persons) (art. 6 (1) f GDPR) – for personal data collected by order or contact form or data received from support services.
– Legal obligation (art. 6 (1) c GDPR) for personal data necessary for invoicing and other legal obligations for PYNBOOKING.
– Legitimate interest(art 6 (1) f GDPR for data processed for website security and data used for optimizing our website .
– Consent (art 6 (1) a GDPR) for personal data used for marketing and other purposes (e.g subscribing to our newsletter, marketing cookies, data collected when participating to offline events, registration of support phone calls, etc.)

2. Personal data collected

PYNBOOKING collects data from users in three ways:
directly;
from traffic data;
from cookies.

2.1. Personal Data collected directly

When you visit PYNBOOKING or when you place an order or create an account we will ask for your name, surname, email address or phone number, as well as other details for the company that you represent. Please remember that the account is made taking into consideration your professional status as a representative of a company, so we recommend to use your professional contact data, such as email or phone number.

All this data is being processed for a period up to 3 years after our contract with the legal entity ends or 10 years from its issuance in the case of invoices, starting with the date of closing the financial year (as this is a legal obligation).

When you contact our support services, we might ask for an email or phone number, as well as other details that are necessary solving the addressed issue. We reserve the right to record any communication for support, with your consent, that will be used for liability issues and improving our services. We will inform you before we start any voice communication that this may be recorded. These data are kept for different periods of time – depending on the type and subject of communication – but not for longer than one year from our last communication with you.

These data are being used to contact you, to gather the data needed for contract or invoice, as a contact person, and/or to solve a complaint/request from your side. We may also request other data which may be personal data only if they are specifically needed for these purposes.

If you do not provide this data, we will not be able to provide you with the specific service, account or to perform the requested action with our support services.

Also, when you subscribe to news on our website or to our newsletter, or when you complete a contact form on our website, we will ask you to provide a name and an email address, as well as other information necessary for personalizing our communication. These data are kept until you revoke your consent.

2.2. Traffic data

When you visit a website, your browser automatically reveals certain information, such as the IP address, date and time of the visit or the referral website that sent you to PYNBOOKING website. PYNBOOKING may record this kind of information for a limited period of time. We also use other external services of traffic analysis, such as Google Analytics. All these data are used exclusively by PYNBOOKING for website improvement or statistical purposes, but also for improving our web services and ensuring their security. Most of these data is being used only as aggregated data. The data is kept only as long as they are necessary for these purposes and we don’t use traffic data to identify persons behind an IP address. Duration of processing is 12 months from the date of the visit

2.3. Cookies

We must underline that cookies (and similar technologies) do not collect direct personal data (name or email) but may use in certain cases unique identifiers that, in case of third party cookies, may track a website visitor from one website to another.

PYNBOOKING uses first party cookies for identification or communication purposes, such remembering your language, communication sessions or setting, other details necessary for a correct functioning of our website, but also for optimizing our websites, including personification, or for marketing.

As regards other services outside PYNBOOKING which may place third party cookies when navigating PYNBOOKING, their purposes are for marketing, traffic analysis and other purposes, as indicated below:

Most browsers are configured to automatically accept cookies. However, you can decide to reinstall the browser or to set it up in order to notify you each time a cookie is placed or even to refuse cookies. If your browser is configured not to allow all cookies some sections of our website may not be correctly displayed.

If you would like to refuse cookies, go to your browser settings in order to delete or block cookies or install plug-ins which have this function. The current settings depend on the browser that you use:

Mozilla Firefox - http://support.mozilla.org/ro/kb/cookie-urile
Google Chrome - http://support.google.com/chrome/bin/answer.py?hl=ro&answer=95647
Microsoft Edge - https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
Safari - https://support.apple.com/kb/ph21411?locale=ro_RO

You may also use third party extensions on these browser that do block intrusive cookies. The following extensions seem to be the most popular on the market at this time: AdBlock Plus, Ghostery, Privacy Badger or uBlock. These data are being kept for different periods of time, established by each provider, but the maximum period is 24 months from the last visit.

3. Protecting your personal data

PYNBOOKING will do its utmost to protect your personal data against loss, incorrect usage, unlawful access and destruction, and it will take all reasonable precaution measures to protect the confidentiality of this data, including by adequate technical and organizational measures.

Your access to PYNBOOKING services and account is protected by your password. We recommend not to reveal this password to anyone. PYNBOOKING will never request your password in any unsolicited phone calls or emails. Only if you would pro-actively call our support services, we might ask to create a specific account with access rights on your account, that will be used for a limited amount of time – until the specific issue has been resolved. Moreover, if possible, please click on the “Disconnect/ Log off” button from your account for the online services offered by PYNBOOKING, at the end of each session. We also advise you to close the browser window or tab where you have been logged in the PYNBOOKING. These advises are meant to limit the risk of unauthorized access to personal data from or accessible in your account, when other persons may have access to your device.

4. Your rights

According to GDPR , you have the right to access to data, rectification, erasure, restriction of processing, objection to processing and right to data portability, if possible.

For any data processing based on consent, you have the right to withdraw the consent at any time.

You are not subject to decisions based solely on automated processing, including profiling, which may produce legal effects or similarly significantly affects them.

For exercising these rights, you may send a written request, dated and signed to gdpr@pyn.ro or to our contact page together with your specific request, as well as your contact data. We may want to ask supplementary data just in order to be sure that we don’t provide your data to another person.

You also have the right to lodge a complaint with a competent supervisory authority on data protection or in court.

5. Access to your personal data.

PYNBOOKING may use other IT companies to process the collected personal data. These companies are considered data processors and have strict contractual obligations to keep the confidentiality of the processed data and to offer at least the same level of security as PYNBOOKING.

All these data processors are in Romania, European Union or any other jurisdiction which offers adequate level of personal data protection according to European Union standards (art 45 GDPR) or other appropriate safeguards, including Standard Contractual Clauses (art 46.2 GDPR).

Due to confidentiality obligations and security requirements the specific information regarding the name and details for each processor used will be provided only according to the applicable law.

The following types of data processors are being used for these services:
hosting services;
sending email and email marketing services
marketing services
support tools services or contacting clients or prospective clients (chat, phone calls, email, etc.)

In special circumstances, PYNBOOKING may reveal your personal data when there is a specific legislation that foresees this aspect, when this is requested by a competent authority or when this is necessary to protect the rights and interests of PYNBOOKING (e.g for accountants, auditors, lawyers and other external consultants, where the activity implies the necessity to have access to the respective data.)

6. Personal data managed by Clients

As a data processor, PYNBOOKING also processes personal data collected or managed by our Clients using PYNBOOKING services. Also for these data we ensure the security of the processed data, as well as all the other obligations mandated by GDPR, using the same high standards.

For this purpose and for our role as data processor, it’s necessary to have a contract between us and our Clients, as foreseen by Art 28 GDPR, that you may find it in Annex 1 of the Terms and Conditions.

Other provisions

This data collection policy must be interpreted in connection with the Terms and Conditions PYNBOOKING and are subject to the applicable legislation in Romania, unless there are other applicable legislation which impose a different applicable law.

The present policy has been updated on 17.04.2022 and whenever it will be modified in the future, a new version will be made public on the first page of the website PYNBOOKING. This version of the policy is available at https://www.pynbooking.com/en/privacy-policy/