As of 25.05.2018, the provisions of Regulation (EU) 2016/679 of the European Parliament and the Council on the protection of individuals with regard to the personal data processing and free circulation of such data and repealing Directive 95/46/EC (General Data Protection Regulation), and since we have consistently given special attention to the personal data we are processing, we wanted to maintain our commitment to ensure the protection of these data and the new regulatory framework.

We want every client of to be certain that we make every effort and allocate the necessary resources to comply with the obligation to provide guarantees related to the personal data processing, in compliance with the principles of legality, fairness and transparency.

Moreover, we want every Client to be fully informed about what personal data processing is and that is why we have prepared this document.

What are personal data?

In order to see if information enters the area of personal data we aimed our attention to the definition of the European legislator indicated in (EU) Regulation 2016/679: „any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

What personal data processing means?

We considered that a complete information of clients on what personal data processing is about can be achieved only if they fully understand the content of this concept.

Moreover, we have appreciated that it is our duty to point out the fact that the terminology of processing has an extremely wide spectrum because it embraces “operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”.

Who processes personal data (operator)?

The operator processing the personal data that the clients disclose to us via the website is AUTOROTATION SRL – Romanian legal entity, with the registered office in the city of Cluj-Napoca, 39A Buna Ziua Street, bl. E6C, entrance 1, 2nd floor, apt. 9, county of Cluj, registered at the Trade Registry Office nearby the High Court of Cluj with No. J12/4358/2016, Tax registration No. 36837178, bank account IBAN RO44BTRLRONCRT0376959101 opened at Banca Transilvania, phone 0721 715 333, e-mail, as the owner of the website.

What personal data do we process?

The personal data we process are those that customers communicate to us directly upon the completion of the reservation, namely: name, surname, e-mail address and telephone number. With respect to this way of collecting personal data, customers have control over the information they communicate to us.

In addition, from the wish to strictly comply with the requirements of personal data security and their processing, we have chosen that reservations made through should not impose the need for a user account and, at the same time, that the data collected are minimal, only those necessary to be able to contact our customers after booking.

What is the purpose of processing?

The purpose of the processing of personal data that clients provide to us when completing the booking form is mainly contacting them to confirm the reservation, informing the client of any circumstances that are relevant to his reservation, the conclusion of the lease.

We may process personal data obtained through and the booking form for the following purposes: advertising-marketing-advertising (e.g. sending you offers and promotions - via SMS or email), making your own necessary statistics developing services offered, assessing satisfaction or defending our legitimate interests.

How do we protect the security of your personal data?

We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures. We see our obligation to state that we cannot be responsible for the vulnerabilities of systems that are not under our control.

What are the clients’ rights (as aimed person)?

1. The right of access (Article 15) - the right to obtain confirmation from us that we process or not personal data of the client, and if so, provide access to these data as well as information on how they are processed;

2. The right to rectification (Article 16) - refers to the correction without delay of the inaccurate personal data;

3. The right to erase the data (Article 17)  - means that Client has the right to have the personal data erased without unjustified delay, in any of the following situations: they are not needed for the accomplishment of the purpose they were collected for; I denied the consent and there is no other legal basis for the processing; I oppose to processing data that were collected unlawfully; the data must be deleted in order to comply with a legal obligation; the collection was done by offering informational society services;

4. The right to restrict processing (Article 18) - can be exercised in the following cases: the accuracy of the personal data is disputed for a period of time to verify their correctness; processing is illegal but you do not want data to be erased but restricted; the operator no longer requires personal data for processing, but requires them to find, exercise or defend a right in court; if the client opposed the processing for the length of time to verify that the legitimate rights of the operator prevail over my rights;

5. The notification of the obligation to rectify or erase personal data or restrict processing (Article 19);

6. The right to data portability (Article 20) - refers to the fact that they can receive their personal data in a structured format, which can be read automatically and with the right to be sent directly to another operator;

7. The right to oppose (Article 21) - concerns the right to oppose the processing of data;

8. The right to inform the data subject about breaches of personal data security (Article 34).