Our data protection policy and practice focuses on the proper processing, exchange and storage of personal information and at the same time ensuring confidentiality, integrity and availability.
- The processing of personal data will be done in a legal, fair and transparent manner;
- The collection of personal data will be done only for specified, explicit and legitimate purposes, and data will not be further processed in a manner incompatible with those purposes;
- The collection of personal data will be appropriate, relevant and limited to the information necessary for the purpose of the processing;
- All necessary steps will be taken to ensure that incorrect data is erased or corrected without any delay;
- Personal data will be kept in a form that permits identification of the data subject and for a period no longer than the one in which personal data is processed, depending on which kind of data is collected;
- All personal data will be kept confidential and stored in a manner that provides the necessary security;
- Personal data will not be shared with third parties unless it is required for the purpose of providing services;
- Individuals concerned have the right to request access to their personal data, to request the rectification and erasure of their personal data, to oppose or restrict data processing as well as the right to data portability.
Personal data means any information that may be linked to an identified or identifiable individual (subject person). Personal data includes all types of direct or indirect information (that is used in connection with other data) that relate to the subject, such as name, date of birth, addresses, e-mail addresses, telephone numbers etc.
1. Who are we?
|Organization Name||BMYGUIDE SRL|
|Trade Register Number||J08/496/2019|
|Unique Identification Code/ VAT code||40559983|
|Headquarters||Gardeniei Street 5, Ghimbav, Brasov County|
|E-mail Address||[email protected] / [email protected]|
Any questions about the use of your personal data should be addressed to the above contact data.
2. How do we use your information?
2.1. When you use our website
When using our website or app, we collect the following types of information.
Information you provide us directly:
- Your username, password and e-mail address when you register for a bmy.guide account. Profile information that you provide for your user profile (e.g., first and last name, phone number). This information allows us to help you or others be "found" on bmy.guide. Personal data is collected on registration (on the site/application registration page or received from services such as Facebook and Google). This feature can be changed in the settings page, and will only be displayed or sent to bmy.guide site/application (will not be sent to third parties).
- User Content (comments and other materials) that you post.
- Communications between you and bmy.guide. For example, we may send you service-related emails (e.g. account verification, changes/updates to features of our service, technical and security notices). Note that you may not opt out of Service-related e-mails.
We collect information about how you use our products, such as information about the types of content you are viewing or interacting with, the features you use, the actions you take, the people or accounts you interact with and the time, frequency, and the duration of your activities.
Information about transactions made through our services. If you use our products for purchases or other financial transactions, we collect information about that purchase or transaction. These include payment information such as your credit or debit card number and other card information, other account and authentication information, and billing, delivery, and contact information. Card payments are processed through the SSP, and a reference to the customer's payment card would be stored in accordance with PCI DSS compliance.
Location information. We use location information - such as your current location, where you live, where you like to go, and businesses and nearby people in order to deliver, customize and improve our services. This information can be based on items such as the exact location of the device (if you have allowed us to do so), IP addresses, and the information you provide by taking the photos or adding reviews (such as visits or events you are attending).
Photos and videos uploaded will be analysed by a third party analysis software in order to analyse and identify objects including, but not limited to scenery such as landmarks and more. We do not collect information about your facial characteristics. As a matter of fact, our software won’t allow you to upload photos that include faces because our aim is to provide reviews and information about places, scenery, landscapes etc. not people.
We use a number of cookies (first-party cookies) and (cookies) to allow the website and app to function, to collect useful information about users and to provide you with the best experience in using our services.
2.2. What are cookies?
Some of the cookies we use are strictly necessary for our site to work and we do not ask for your consent to use them in your computer. These cookies are listed below.
|Name of the Cookie||Purpose|
|XSRF-TOKEN (Essential)||Cookie name: XSRF-TOKEN
This cookie is written to help with site security in preventing Cross-Site Request Forgery attacks.
Expires at the end of the session.
|bmyguide_session (Essential)||Cookie name: bmyguide_session
This is used to hold information about your current visit with us. This cookie is essential to the functionality of the site.
Expires at the end of the session.
|BMG_BIFR_1_<TOKEN> (Essential)||Cookie name: BMG_BIFR_3D_<TOKEN>
This is a load balancing cookie necessary to be able to deliver the best experience for visitors.
Expires at the end of the session.
|CloudFlare (Essential)||Cookie name: __cfduid
The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.
Visit CloudFlare for more information. (https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-Cloudflare-cfduid-cookie-do)
However, for those cookies that are useful but not strictly necessary, we will always ask for your consent before placing them. These are the following:
|Name of the Cookie||Purpose|
2.3. Automated decisions, profiling and retention of data
We do not use the information you provide through the contact form to make automated decisions that may affect you. The website makes profiling which is used to generate statistics in order to display relevant content and also for targeting purposes.
There are no CRM records made through the site. CRM is an acronym for Customer Relationship Management. A CRM is a software product, a tool for continuous improvement of the customer relationship. It serves a modern business strategy that centres on the customer's needs and knowledge of his needs and requirements. The purpose of a CRM system is to manage unit-related customer or prospective information and to increase their satisfaction level.
We store the data as long as it is necessary to provide our services or until your account is deleted - whichever comes first. This is a case-by-case assessment that depends on factors such as the nature of the data, its purpose of collection and processing, and the relevant, legal or operational needs to keep such data.
When you delete your account, we will delete what you post, and will not be able to retrieve this later. If you do not wish to delete your account but want to temporarily discontinue use of our services, you have the alternative to disable your account. To delete your account at any time, visit our Settings section.
We keep emails coming from requests for two years, after which they are safely archived and kept for five years when we delete them. Also, other provided information is kept as long as you use our services. Afterwards, they are deleted.
2.4. The Newsletter Subscription
When you submit a subscription request to our newsletter, we ask for your email address. You will also tick a Commercial Communication Agreement that will briefly show you the categories of processed data, storage duration, and your rights.
We use this information to send you the latest news, projects and other related information.
By subscribing to the newsletter, the data is stored and processed until your consent is withdrawn. You can withdraw your consent at any time by sending a request via email or by clicking on the unsubscribe box at the end of each newsletter that we send you. Personal data collected is not disclosed to others.
3. Your Rights
You can ask us what information we have about you and ask us to correct it if it is not accurate. If we have asked for your consent to process your personal data, you may withdraw this consent at any time.
If we process your personal data to fulfill a contract or consent, you may ask us to provide you with a copy of the information in a readable format so that you can transfer it to another person.
If we process your personal data on the basis of consent or legitimate interest, you may request deletion of your data.
You have the right to ask us not to use your information for a while if you think we are not doing so legally.
Finally, in some circumstances, you can ask us not to make decisions that affect you by using your automated processing or profiling.
All of the rights stated above may be concluded as follows: the right of access to personal data, the right to rectification or erasure, the right to restriction of processing or the right to object to processing, and the right to data portability. Data portability implies your ability to ask us to transfer all data we hold to another person expressly indicated by you.
If you want to send us a request regarding your personal data by email, post mail or phone, use the contact information provided above in the Who we are section. We will respond to your requests within 30 days at most.
4. The right to Complain
If you have a complaint about your use of your information, we would prefer to contact us for firstly, so that we can amicably settle the request. However, you can also contact the National Supervisory Authority for Personal Data Processing through their website at http://www.dataprotection.ro/ or write to:
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, postal code 010336, Bucharest, Romania
5. Transferring personal data to a third country
We do not intend to transfer personal data to a third (non-EU) country or to an international organization. If this happens, you will be notified to that effect in order to give your consent or to provide you with appropriate safeguards that provide the same protection for the processing of your personal data.
6. Disclosure of Personal Data
Personal data will not be disclosed to third parties except when disclosure is required to provide our services. We occasionally sign contracts with other companies and business partners working on our behalf, such as technical companies for processing and delivering systems and technologies that develop our products and services, and in these cases we will disclose the necessary information. Service providers will be allowed to obtain only the personal data needed to deliver their services. We will not disclose personal data to third parties in order to allow them to market their products and services to our users or customers. If users do not want us to disclose personal data to these companies, they are kindly requested to contact us at the email address indicated above: [email protected] / [email protected].
In some cases, we may have to disclose personal data in response to requests from supervisors to meet legal requirements. We will also disclose personal information if required by law, for example to comply with a summons or other legal process, when we appreciate that data disclosure is required to protect our rights, our customers'/users` safety or the safety of others, the investigation fraud or in response to a request from public authorities.
7. Security of Processing the Personal Data Collected
We will process the data safely, apply and maintain appropriate technical measures to protect your personal data against accidental or unlawful destruction or loss, unauthorized alteration, disclosure or unauthorized access, especially when processing involves the transmission of data over a network as well as against any other form of illegal processing. Questions about personal data security can be sent to the email address indicated above: [email protected] / [email protected].
Specifically, the data on the website/app is collected securely through HTTPS over, at least, TLS v1.1, or higher, stored in BMyGuides databases.
All internal communication are encrypted and secure and all access to user data will be logged.
Possible marketing emails can only be sent with your express consent. This specific form of consent must be given freely, specifically and precisely informed. These requests are met when you opted to receive marketing emails (you have actively approved).
You will always have the right to object, on request and at no cost, to the processing of personal data for direct marketing purposes without having to provide concrete justification. Marketing emails contain information that we find interesting for you as well as cutting-edge news about our products and services.
8. Children's Privacy
This website is a general audience site, and we do not knowingly collect information about children. Should a child whom we know to be under 16 send personal information to us, we will use that information only to respond directly to that child to inform him or her that we must have parental consent before receiving his or her personal information.
We will update the version number and date of this document each time it is modified.
|Policy approval date||20/03/2019|
|The policy becomes operational from the date of||20/03/2019|
Our data protection policy and practices focus on the proper processing, exchange and storage of personal information while ensuring confidentiality, integrity and availability and we are trying to fully comply with the General Data Protection Regulation ("GDPR"), (Regulation (EU) 2016/679).
For any further questions regarding the way personal data is processed, please send us your requests by mail at our headquarters in Ghimbav, No.5 Gardeniei Street, Brasov County, Romania, telephone no. +40787878700 or to the e-mail address: [email protected] or [email protected].