JANCA SERVICES SRL , with headquarters in ROMANIA, CLUJ-NAPOCA, str. NICOLAE COLAN, nr. 8, ap. 7, Cluj County, as Data Controller (hereinafter referred to as the “Company” or the “Data Controller”), strictly complies with the legal provisions in force concerning the protection of individuals with regard to the processing of personal data and the free movement of such data. We undertake to process your personal data in accordance with Regulation (EU) 679/2016 (GDPR), as well as with any other applicable legislation on the territory of Romania.
The Company is the owner of the “onemillionnights.com” platform so that all information contained in this material is relevant and valid in relation to the activity on the “onemillionnights.com” platform, hereafter referred to onemillionnights.com or the Website.
To better understand our Data Protection Policy, we invite you to read this material. We reserve the right to periodically update and modify this Data Protection Policy (the “Policy”) without your prior consent and without being subjected to any individual or special notification procedure for the amendments implemented. In the event of any such change, we will display on our Website the updated version of the Data Protection Policy, and it is your responsibility to check the content of this Policy whenever you visit the Website to make sure you are aware of the latest version.
We are also available for information by email email@example.com phone (001) 413 – 367 5290 (normal rate number)
1. Who we are
JANCA SERVICES SRL, with headquarters in ROMANIA, CLUJ-NAPOCA, str. NICOLAE COLAN, nr. 8, ap. 7, Cluj County, registered with the Trade Register Office attached to Cluj Court under no. J12/248/2019, Tax Registration Number 40483974 is the Data Controller.
It is possible to convey the personal data you provide to affiliated companies and/or other partners and collaborators with whom we have established contractual relationships for the purpose of carrying out our activities and fulfilling legal obligations incumbent upon us. The transfer of personal data to third parties takes place on the basis of a confidentiality agreement and a commitment to data protection.
2. What kind of personal data we process
The personal data we process are: surname, first name, age, address, email address, phone number, bank account details, IP.
We also provide you with a special section on the Website dedicated to offering testimonials, or written materials, whether or not accompanied by the photo you personally upload to the Website or through affiliate social media Websites, or audio or video materials in which you expose your experience of the services on the Website and that can be used by the data Controller for the purposes of advertising, marketing and publicity of the Website, including through display on this Website, but also on other push channels.
When you visit the Website, we automatically collect certain information about your device, such as browser information, IP address, time zone, and some cookies installed on your device.
We use Google Analytics to help us understand how our customers use our Website – you can read more about how Google uses your personal information here: https://www.google.com/intl/ro/policies/privacy/. You can also opt out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Please also refer to the Cookies Policy section displayed on the Homepage of our Website.
We do not collect and process sensitive data, defined as such by GDPR. Data relating to your health, mental health, religious or sexual orientation, or other sensitive data you choose to disclose to the Advisor will be subject of communication between you and the Advisor you have chosen from the list on the Website and will not be published in any form whatsoever on the platform. We do not use in any way such information as you voluntarily disclose to Advisors. Your conversations with Advisors are archived under special platform protection conditions and deleted automatically after a 90-day period. Furthermore, we do not want to collect or process data of underaged persons.
We do not assume any responsibility regarding the data you choose to communicate directly to the Advisors during the discussions with them. We have no control over these discussions that exclusively address your relationship with the platform Advisors, we do not assume the role of Data Controller with respect to this information you provide directly to our Advisors and we are not responsible for how Advisors use the data you make available to them.
3. Purpose for which we process personal data
We request and process personal data:
- To make it possible to create your account on the Website and operate the Website
- To ensure the connection with the Advisor you have selected from the onemillionnights.com list to provide the services you have chosen on the Website
- To ensure the payment of the amounts of the services offered on our Website
- To send newsletters, invitations, materials related to our services, and information about events or programs that we organise or promote
- To provide answers to complaints
- To assess the services offered on the Website
- For sales and customer behaviour monitoring, administrative purposes, media, and the like,
- Submission of offers for goods and / or services.
4. Processing grounds
The Controller has the right to process personal data for the purposes listed above:
- Because data processing is required to enable the creation of the account, the operation of the Website and the access to the services offered on the Website (conclusion of the Remote Service Agreement), the payment of the costs related to the services and the provision of responses to complaints, if appropriate,
- Because you have given your express consent to this by ticking the corresponding boxes
If data processing is not required to conclude and perform our legal relationships, we will not process personal data for any of the above purposes unless we have your consent to that effect.
5. Data storage and personal data processing period
- We process and store personal data for the duration required to meet the purposes for which the data was collected and, in any case, the period required by applicable legal regulations.
We plan to review and update our database periodically so that we do not store data that is no longer needed for the purposes for which it was collected.
6. Data security measures
The Company shall ensure appropriate technical and legal measures to guarantee effective protection of the personal data of the persons providing such data.
We undertake to keep your personal data safe and take reasonable steps in this regard, including against unauthorised access, unauthorised use, destruction, loss or alteration of data.
We systematically train our employees about the importance of protecting personal data, we set up internal procedures to that end, and we also make every effort to ensure that our partners also manage the appropriate measures for the processing of personal data that can be accessed by them within our contractual relationships.
Furthermore, payments made through our Website, strictly for the services we provide to you, are performed under safe conditions, according to the security policies implemented by the providers of this service:
7. Data transmission to other people
It is possible to convey the personal data you provide to affiliated companies and/or other partners and collaborators with whom we have established contractual relationships for the purpose of carrying out our activities and fulfilling legal obligations incumbent upon us, such as: Information service providers, accounting services, legal services, marketing services, courier services, Internet and mobile telephony services, payment processors who are authorised by us to arrange payments, specialists in the field of activity in which we are active, contracted to provide you with a better quality of our services, and other such providers.
The transmission of data to third parties takes place subject to their abiding by confidentiality clauses agreed upon.
We may also transmit some of the personal data collected to the competent public authorities or institutions where the law so requires, or to the courts for defence purposes or upon their request.
Please also refer to the Cookies Policy section displayed on the Homepage of our Website.
Transferring personal data outside the country
In the context of the operations described above, your personal data may be transferred outside the country to countries within the European Union (“EU“) or the European Economic Area (“EEA“).
We hereby inform you that any transfer made by the Controller to an EU or EEA Member State will comply with the legal provisions of the General Data Protection Regulation no. 2016/679 adopted by the European Parliament (“GDPR“).
The personal data mentioned in this Information Note is not transferred to States that do not provide adequate protection for the processing of personal data. However, keep in mind that some of the Advisors you engage into discussions with may be located outside the EU or the EEA. By selecting these Advisors, you assume that your personal data will be known by them.
8. What are your rights regarding the personal data you provide us
We are committed to ensuring the security of personal data by adopting appropriate technical and organisational measures, according to state-of-the-art standards. The platform is aligned with GDPR requirements and uses encryption and data security technology at the level used by banking institutions.
We secure and observe the rights established by applicable law.
The right to information – you can request information and details about your personal data processing activities. We are available in: ROMANIA, CLUJ-NAPOCA, str. NICOLAE COLAN, nr. 8, ap. 7, Cluj County, by email at firstname.lastname@example.org or at phone number (001) 413 – 367 5290 (normal rate number)
We are careful to ensure that you have the right to receive clear, transparent, comprehensible and accessible information about how we process your data, including details of your rights in this respect, which are also presented in this document.
The right to rectification – if you find that your personal data we are processing is incorrect, incomplete, inaccurate, you can correct or supplement it by menas of a simple rectification request sent to email@example.com
The right to delete data (“the right to be forgotten”) – you can obtain data deletion if processing was not legal or in other cases provided by law. Data deletion can occur in any of the following situations:
- We no longer need personal data to fulfil any of the purposes for which we have previously processed it;
- You withdraw your consent based on which we have previously processed it and there is no other legal basis for future processing;
- You oppose data processing when we process data for direct marketing purposes (including, profiling for direct marketing purposes),
- You oppose data processing based on our legitimate interest and we cannot demonstrate that we have legitimate reasons that justify processing and that prevail over your interests, rights and freedoms;
- Personal data is processed contrary to law;
- Personal data must be deleted to comply with our legal obligations.
We will be able to decline your request for deletion if:
(a) We must comply with legal obligations to keep the data;
(b) If the data is necessary for us to establish, exercise or defend our rights in court.
The right to restrict the processing – you may request restriction of processing in cases where:
- You challenge the accuracy of the data for a period that allows us to verify the correctness of the data;
- Processing is illegal, but you oppose the deletion of personal data, but instead request restriction;
- Where the Controller no longer requires personal data for processing, but you ask us to find, exercise or defend a right in court or before arbitration bodies;
- If you have opposed processing, for the timeframe when it is ascertained whether our legitimate rights prevail over your rights.
The right of opposition – you can oppose to, in particular, data processing that is based on our legitimate interest.
The right to data portability – you may receive, under certain conditions, the personal data you have provided us in a format that can be read automatically, or you may request that the data be transmitted to another controller
The right to file a complaint – you can complain about the way your personal data is processed to the National Supervisory Authority for Personal Data Processing (ANSPDCP). Contact details and ANSPDCP information can be found on http://www.dataprotection.ro/.
The right to withdraw consent – in cases where processing is based on your consent, you can withdraw it at any time. Withdrawal of consent will only have effect for the future, processing prior to the withdrawal remains valid;
The right not to be subject to automatic or profiling decisions related to automated decisions: you can ask for and get the human intervention for the processing or you can express your own point of view on this type of processing
You may exercise these rights, individually or collectively, by simply sending a request to: ROMANIA, CLUJ-NAPOCA, str. NICOLAE COLAN, nr. 8, ap. 7, Cluj County, by email at firstname.lastname@example.org or at phone number (001) 413 – 367 5290 (normal rate number)
10. Data of minors
We do not want to collect or process data of persons who are under the age of 18. Please do not create an account on our Website and provide us with no information if you are under the age of 18.