Privacy Policy Edenland Park

Privacy Policy for personal data collected and processed by Edenland Park 

This information contains the obligations we undertake to protect your personal data.

Please refer to this information whenever we ask for your consent to the collection and processing of your data, as this policy may be updated according to the dynamics of our activities, which may also influence the ways in which we process personal data, or according to changes in the legal rules governing the field of personal data protection.

The protection of personal data is guaranteed by the entry into force, as of 25 May 2018, of the General Data Protection Regulation No. 2016/679 (GDPR), which is applicable in all Member States of the European Union. The GDPR was adopted to replace Directive 95/46/EC of 1995, whose provisions were no longer in line with new modern systems and technologies for electronic processing of data, including personal data.

In Romania, by Law 190/2018, the application of the GDPR was established, including the adoption of additional rules applicable in certain specific processing situations, in accordance with the provisions of Cap. IX of the GDPR which allows EU Member States, within certain limits, to introduce additional rules aimed at ensuring the best possible protection of European citizens’ right to privacy.

In accordance with the legal obligations outlined above, Edenland Park has developed and implemented a personal data processing policy designed to ensure the confidentiality and security of this type of data both in strict compliance with the legal provisions and, above all, in line with our desire to provide you with quality services in conditions of maximum safety and security for you – including from the perspective of personal data protection.

As part of our commitment to respecting your rights with regard to the personal data we request from you in order for you to participate in the activities we make available to you, we present below all the details about the data we collect, the ways in which we process it and, above all, the rights you have and how you can exercise them.

Contact details of the controller

The personal data you provide us with are processed by SC Eden SRL, a company registered with the Trade Register under No. J28/15/1993, administrator of Edenland Park located at str. Cantonului Nr. 12, Balotești, jud. Ilfov, Tel (+4)0733365262, (+4)0733365263, email [email protected] .

Contact details of the data protection officer

Since the type of data processed and the ways in which we process this data make it mandatory to appoint a data protection officer, and in order to ensure greater protection of our customers’ data, we have appointed a data protection officer in accordance with Article 37(6) of the GDPR.

The designated Data Protection Officer can be contacted for any queries relating to the personal data we process via our contact details.

Categories of data subjects and types of data processed

  • our customers, are the main data subjects of the processing of personal data. More specifically, any person aged 18 years or older who wishes to participate in Edenland Park activities or who accompanies persons under 18 years of age and who participate in these activities, are persons from whom we collect personal data in the ways described below.
  • another category of persons from whom we collect and process personal data are our employees and collaborators, with whom we work to provide you with the best possible service.

From all the categories of persons listed above, we collect and process the following types of data:

  • contact data (name, surname, phone, email address, social network ID or instant messaging systems), which will help us to relate to you.
  • data from identity documents, which we request when you purchase from us various services we make available to you. And we can obtain this data either at the Edenland Park cashier directly from your identity documents (by scanning them), or through the user account creation forms that are or will be available on the website , as our portfolio of services and activities expands.

Regarding the scanning of identity documents at the Edenland Park cashier’s desk, we do not make or store photocopies of identity documents. The scanning of identity documents for the purpose of taking this type of data is done exclusively for the following purposes:

  • correct processing of data by eliminating possible typing or writing errors,
  • ensuring confidentiality by not having these details spoken aloud in the presence of other persons, or having the identity document made available to another person,
  • reducing waiting time by eliminating the need to type these details or fill in printed forms.
  • data required by the SIEATR (Information System for Tourism Activity), as a result of the obligations imposed by the Tourism Act, which obliges providers of any type of accommodation service to draw up an ‘accommodation form for announcing the arrival and departure of tourists’ to be entered into this computer system.
  • photo/video images obtained by video surveillance systems of any person passing through the area of action of the surveillance cameras installed for the purpose of physical protection and security. With regard to this type of data, we have visibly marked with specific indicators these areas, which are otherwise reduced strictly to those premises that must be protected according to the obligations imposed by Law 333 of 2003 on the security of valuables and goods (cash dispensers, warehouses with valuables, etc.).
  • anonymous data, which is data that we automatically obtain from all visitors to our website, and only refers to the type of computer system used to access the site (computer, tablet PC or phone), the geographical area from which the site is accessed, the most frequently visited pages, cookies. This data does not allow us to identify you directly, which is why it is considered anonymous data.

Purpose, duration and legal basis of the processing of personal data.

Contact data are processed for the purpose of dealing with you, either to respond to your requests that you address to us, using our contact details, or to send you information about activities and promotions that you can benefit from in Edenland Park. We process this data pursuant to Art. 6 paragraph (1) letter f) of the GDPR, and the duration of the processing is equal to the duration for which SC Eden SRL ensures the activities in the park, or until you exercise a right that would restrict the processing of this type of data.

The data in the identity documents are processed both for the purpose of protection and good management of the equipment that we provide you for the activities you choose, and for the record of the ‘voucher’ value tickets that can be purchased through the site. This type of data is used to identify as correctly as possible the beneficiaries of this type of material or valuable goods, as well as due to the legal obligations regarding the preparation of payment documents and other documents associated with accommodation-type activities, which are regulated by Law 275/2018 (Tourism Act). We process this data pursuant to Art. 6 paragraph (1) letter (a), (b), (c) and (f) of the GDPR and in compliance with the safeguards provided for by Art. 4 of Law 190/2018, in situations of processing of a national identification number (such as CNP, ID series and number, etc.).The duration of the processing of this type of data, is a maximum of 3 years from the last purchase made at the Edenland Park cash desk or through the online payment systems available on the website , which is equal to the limitation period for most types of commercial contracts concluded on the Romanian territory.

The data collected by means of video surveillance systems are processed for the purpose of preventing incidents that may affect the values and assets managed by SC Eden SRL on the territory of Edenland Park, this obligation being established by Law 333/2003.Since the assessment of the physical security risks to which Edenland Park is exposed has established the need for video surveillance of access to the areas where Edenland Park’s valuables and assets are handled, managed and stored, the legal basis for this type of processing is Art. 6 (1) letter (c) of the GDPR, and the processing period of such data is a maximum of 30 days.

Data of an anonymous nature helps us to continuously improve our website according to the elements that interest our visitors most. The legal basis for the processing of this type of data, is provided by Art. 6 (1) letter (f) of the GDPR, and the duration of their processing is a maximum of 3 years.

Another purpose for which we may process your data is for the advertising of our services, in which case, if you are or may be involved in such processing, we will ask for your written consent informing you of all the details specific to such data processing.

We do not use your personal data to make decisions based solely on automated calculations, or on personal profiling and which produce legal or similar effects that are likely to affect you in any way.

Obligation to provide data.

You are under no obligation to provide us with your contact details.

On the other hand, the possibility to participate in activities in Edenland Park, is conditional on your consent to provide data that we collect out of legal obligation (in connection with accommodation services or physical protection of premises and prevention of physical security incidents including through the use of video surveillance systems) or collected out of the legitimate interest of the company, regarding the protection of equipment that we make available to our customers.

We are also unable to turn off video surveillance systems as we are obliged, under the physical security risk assessment prepared in accordance with the provisions of Law 333/2003, to keep these systems on continuously. But if you want to prevent such processing, you can avoid the areas where the cameras are in operation, as they are marked accordingly.

Security of personal data processed

In order to ensure the security of the data processed, especially when the processing is carried out by means of electronic equipment (computers, laptops, etc.), we have developed and implemented technical and organisational measures to protect our electronic systems.

Thus, we place particular emphasis on ensuring the confidentiality of your data, restricting the number of people who have access to them to the strict minimum necessary, and the other employees who will support you with the equipment and services that we provide will only have access to a code that anonymises your data, this code being the one on the basis of which they will know how to correctly identify what they need to provide you with, without having access to your data.

Last but not least, the use of the company’s computers and other information systems for processing personal data is done in strict compliance with security policies that describe how unauthorised access to your data is prevented, the means by which their integrity is ensured and, last but not least, how they can be restored in situations where various incidents beyond our control would affect the equipment through which they are processed.

Data made available to third parties

We never make, and will never make, your personal data available to third parties on our own initiative.

In certain situations and only in strict connection with the services we provide to you, it may be necessary to make data about you available to third parties, such as:

  • the situation in which the data is requested by State authorities (Public Prosecutor’s Office, Police, Courts, etc.) on the basis of their powers, in which case we will provide, in accordance with the provisions of Art. 5(1) letter (c) and Art. 6 (1) letter (c) of the GDPR, only those data that are requested from us.
  • The data is made available to collaborators, for the provision of services related to the activities we provide to you, such as:
  • electronic payment services;
  • transport or courier services or logistics operators employed by Edenland Park;
  • services specific to marketing campaigns or market research on behalf of Edenland Park;
  • IT services providing the technical support necessary for the operation and maintenance of Edenland Park’s IT systems and website;
  • services or equipment which you request from Edenland Park and which are provided through partners and collaborators;
  • maintenance and warranty services engaged by Edenland Park and through which your data may be incidentally accessed

In such situations, we only make available data that is strictly necessary for the provision of the services in question, or even anonymous data – where possible. Furthermore, we always ensure that the partners to whom we make such data available assume at least the same data protection obligations towards us as Edenland Park assumes towards you. Thus, before receiving personal data from us, our partners will accept processing conditions at least equivalent to those set out in this information, through contractual documents concluded in accordance with the provisions of Article 26 or Article 28 of the GDPR.

Cross-border data processing

We do not collaborate with partners in the European Union or outside the European Union that would require access to your personal data.

The cloud data storage services we use allow both encryption of data and communications to and from the data storage servers, so that neither the providers of these services nor other third parties can access your personal data.

Rights of data subjects through processing

With regard to the personal data we process, you may at any time exercise your rights under the GDPR by sending a written message to the postal address or email addresses of Edenland Park or the Data Protection Officer. The message should contain your contact details as well as your request for personal data. Requests should be made on your own behalf or as a parent or legal representative of a minor, and only in relation to personal data of a natural person.

As the provisions of the GDPR or other rules governing the processing of personal data are not applicable to the processing of data relating to a legal person please do not send us requests relating to the processing of this type of data (relating to a legal person).

Also, under the provisions of Article 12(2) of the GDPR, anonymous data cannot be subject to the exercise of rights under the GDPR, which is why we also ask you not to send us requests for the processing of such data as it will be impossible for us to identify the data directly concerning you and to implement your requests.

The rights you can exercise in the ways described above are:

  • right of access – you have the right to obtain confirmation from us that we hold personal data directly relating to you and details of the ways in which we process this data. Under the provisions of Article 15(3) of the GDPR, any information you request from our databases (and which directly concerns you) will be provided free of charge once a year and for an administrative fee for additional requests;
  • right to rectification – you have the right to ask us to rectify data concerning you, or to add to it, – when changes occur, free of charge, whenever necessary, taking into account the purpose for which we process your data and which may therefore no longer be in line with your interests when the data we hold is no longer up to date.
  • right to erasure of data – where you consider that the processing of data is no longer necessary for the purposes for which it was collected, you wish to withdraw your consent – then the processing is carried out only with your consent, or where you wish to object to certain forms of processing, you have the right to ask us to erase the personal data directly concerning you. In such cases, we will promptly comply with your request, but subject to the requirement of Article 17(3) of the GDPR which refers to the condition that there are no other legal provisions obliging us to process or retain for certain minimum periods of time the personal data of those with whom Edenland Park has conducted commercial or contractual activities (such as, for example, obligations imposed by commercial, tax or employment law).
  • right to data portability – this refers to your right that can be exercised if you provide us with your personal data in a structured format (database or electronic file format), and on the basis of this right, you can ask us to transmit this format to other operators indicated by you;
  • right to object to or restrict certain forms of processing – this is your right to object to or restrict certain forms of processing, such as profiling, processing for marketing purposes, and any other processing that we carry out under Article 6(1) letter (f) of the GDPR, in the legitimate interest of Edenland Park for the proper conduct of the activities we carry out, their expansion or the number of customers.

Under the provisions of Article 12(3) of the GDPR, we will respond within a maximum of one month to any request you make to us in relation to the rights listed above, telling you how we have dealt with your request or, the (legal) reasons that prevented us from acting on your request.(in part or in full).

Where you consider that our response is not in accordance with the legal provisions, you have the right to lodge a complaint with the National Authority for the Supervision of Personal Data Processing (ANSPDCP), as detailed on their website, .

This document is last updated in September, 2021.