This information contains the obligations we undertake to protect your personal data. Please refer to this information whenever we ask your consent for the collection and processing of your data, as this policy may be updated according to the dynamics of our activities which may influence the processing of personal data, or according to changes in the legal rules governing the field of personal data protection.
The protection of personal data is guaranteed by the entry into force, on May 25, 2018, of the General Regulation on Data Protection no. 2016/679 (GDPR), Regulation applicable in all Member States of the European Union. The GDPR was adopted to replace the 1995 Directive 95/46/EC, the provisions of which were no longer in accordance with new modern electronic data processing systems and technologies, including personal data.
In Romania, by Law 190/2018, the application of the GDPR was established, including by adopting additional rules applicable in certain specific processing situations, in accordance with the provisions of Chapter IX of the GDPR, which allows EU Member States, within certain limits, to introduce additional rules designed to ensure the best possible protection of the right to privacy of European citizens.
In accordance with the legal obligations set out above, Edenland Park has developed and implemented a personal data processing policy designed to ensure the confidentiality and security of this type of data both in strict compliance with legal provisions and, in particular, in accordance with our desire to provide you quality services in conditions of maximum security and safety for you - including from the perspective of personal data protection. As part of our commitment to respect your rights regarding the personal data we request from you in order to participate in the activities we provide to you, we present below all the details regarding the data we collect, the ways we process them and most importantly, the rights you have and how you can exercise them.

Contact details of the controller

The personal data you provide to us are processed by SC Eden SRL, a company registered at the Trade Register under No. J28/15/1993, Administrator of Edenland Park located in str. Cantonului Nr. 12, Balotești, jud. Ilfov, Tel (+4)0733365262, (+4)0733365263, email [email protected].

Contact details of the data protection officer

Since the type of data processed and the ways in which we process this data impose the obligation to appoint a data protection officer, but also the desire to ensure greater protection of our customers' data, we have appointed in accordance with the provisions of Article 37 paragraph (6) of the GDPR, a data protection officer.
The appointed data protection officer can be contacted for any request regarding the personal data we process via our contact details.

Categories of data subjects and types of data processed

• our customers, are the main data subjects whose personal data we process. Specifically, any person aged 18 or older who wishes to participate in Edenland Park activities or who accompanies persons under the age of 18 and who participates in such activities are persons from whom we collect personal data in the manner described below.
• another category of persons from whom we collect and process personal data are our employees and collaborators, with whom we work together to provide you with the best services.

From all the categories of persons listed above, we collect and process the following types of data:

• contact data (surname, given name, phone, email address, social media ID or instant messaging systems) that will help us to communicate with you.
• data from Identity documents, which we request when you purchase from us various services that we provide. And we can obtain this data either at the Edenland Park cash desk directly from your Identity documents (by scanning them), or through the user account creation forms that are or will be available on the website https://edenland.ro, as our portfolio of services and activities expands.
  Regarding the scanning of Identity documents at the Edenland Park cash desk, we mention that we do not make or store photocopies of Identity documents. The scanning of the Identity document for collecting this type of data is done exclusively for the following purposes:
  • correct collection of data by eliminating possible typing or writing errors,
  • ensuring confidentiality, without the need to say these details aloud in the presence of others, or to make the Identity Card available to another person
  • reducing the waiting time, by eliminating the need to type these data or fill in printed forms.
• data requested by the SIEATR (Information System for Tourism Activity), as a result of the obligations imposed by the Tourism Act, which obliges the providers of any type of accommodation services to draw up an "accommodation form announcing the arrival and departure of tourists" which will must be entered into this computer system.
• photo / video image obtained through video surveillance systems, from any person who transits the area of action of the surveillance cameras installed for the purpose of physical protection and security. Regarding this type of data, we have visibly marked with specific indicators these areas, which are otherwise strictly reduced to those premises that must be protected according to the obligations imposed by Law 333 of 2003 on security and valuables and goods (cash dispensers, warehouses with goods of valuables, etc.).
• anonymous data, which is data we automatically obtain from all visitors to our website, and refer only to the type of computer system used to access the website (computer, tablet PC or phone), the geographical area from which the website is accessed, the most visited pages, cookies. These data do not allow us to identify you directly, which is why it is considered anonymous data.

Purpose, duration and legal basis of the processing of personal data.

Contact data is processed for the purpose of contacting you, either to respond to your requests using our contact details or to provide you with information about activities and promotions that you may enjoy in Edenland Park. We process these data pursuant to Article 6 paragraph (1) letter f) of the GDPR, and the duration of the processing is equal to the duration in which SC Eden SRL ensures the development of the activities in the park, or until you exercise a right that would restrict the processing of this type of data.
The data in the Identity documents are processed both for the purpose of protection and good management of the equipment that we provide for the activities you choose, as well as for the record of voucher tickets that can be purchased through the website. This type of data is used to correctly identify the beneficiaries of this type of material or valuable goods, as well as due to the legal obligations regarding the preparation of payment documents and other documents associated with accommodation activities, which are regulated by Law 275/2018 (Tourism Act). We process these data pursuant to Article 6 paragraph (1) letter (a), (b), (c) and (f) of the GDPR and in compliance with the safeguards provided by Article 4 of Law 190/2018, in the situations of processing a national identification number (such as PIN, ID Series and Number, etc.). The duration of the processing of this type of data is a maximum of 3 years from the last purchase made at the Edenland Park cash desk or through the online payment systems available on the website https://edenland.ro, which is equal to the limitation period for most types of commercial contracts concluded on the Romanian territory.
The data collected through video surveillance systems are processed in order to prevent incidents that may affect the values and assets managed by SC Eden SRL on the territory of Edenland Park, this obligation being established by Law 333/2003. Since the physical security risk assessment to which Edenland Park is exposed has established the need for video surveillance of access to areas where the valuables and assets of Edenland Park are handled, managed and stored, the legal basis for this type of processing is Article 6 paragraph (1) letter (c) of the GDPR, and the period for processing such data shall not exceed 30 days. Anonymous data helps us to continuously improve our website, according to the elements that interest our visitors the most. The legal basis for the processing of this type of data is ensured by Article 6 paragraph (1) letter (f) of the GDPR and their processing time shall not exceed 3 years. Another purpose for which we may process your data is for the advertising of our services, in which case, if you are or may be involved in such processing, we will ask for your written consent informing you of all the details specific to a such data processing.
We do not use your personal data to make decisions based solely on automated calculations, or on personal profiles and which may produce legal or similar effects that may affect you in one way or another.

Obligation to provide data.

You are under no obligation to provide us with your contact information.
On the other hand, the possibility to participate in activities in Edenland Park is conditioned by your consent to provide data that we collect under the legal obligation (in connection with accommodation services or physical protection of premises and prevention of physical security incidents including through the use of video surveillance systems) or collected from the legitimate interest of the company, regarding the protection of the equipment that we make available to our customers.
We are also unable to turn off video surveillance systems because we have the obligation, according to the physical security risk assessment prepared according to the provisions of Law 333/2003, to keep these systems on continuously. But if you want to object/prevent) such processing, you can avoid the areas of action of the cameras, as they are marked accordingly.


Security or personal data processed

In order to ensure the security of the processed data, especially when the processing is performed by means of electronic equipment (computers, laptops, etc.), we have developed and implemented technical and organizational measures for the protection of our electronic systems.
Thus, we place particular emphasis on ensuring the confidentiality of your data, restricting to the bare minimum the number of people who have access to it, and other employees who will support you with the equipment and services we provide, will have access only to a code by which your data is anonymized, this code being the one on the basis of which they will know how to correctly identify what they have to provide you, without having access to your data.
Last but not least, the use of computers and other computer systems of the company for the processing of personal data, is done in strict compliance with security policies that describe how unauthorized access to your data is prevented, the means by which their integrity is ensured and, last but not least, how they can be restored in situations where various incidents beyond our control would affect the equipment through which they are processed.


Data made available to third parties

We never make and will never make your personal data available to third parties on our own initiative.
In certain situations and only in connection with the services we provide to you, it may be necessary to provide data about you to third parties, such as:

• the situation in which the data is requested by the State authorities (Prosecutor's Office, Police, Courts, etc.), based on the powers they have, in which case we will provide, in accordance with the provisions of Article 5 paragraph (1) letter (c) and Article 6 paragraph (1) letter (c) of the GDPR, only those data that are requested from us.
• the data is made available to collaborators, in order to provide services related to the activities we provide to you, such as:
  • electronic payment services;
  • transport or courier services or logistics operators employed by Edenland Park;
  • services specific to marketing or market research campaigns on behalf of Edenland Park;
  • IT services providing technical support necessary for the operation and maintenance of Edenland Park's IT systems and website;
  • services or equipment that you request from Edenland Park and that are provided by partners and collaborators;
  • maintenance and warranty services engaged by Edenland Park and through which your data may be incidentally accessed

In such cases, we provide only the data strictly necessary for the provision of the services in question, or even anonymous data - where possible. Moreover, we always make sure that the partners to whom we make such data available assume to us at least the same data protection obligations that Edenland Park assumes to you. Thus, before receiving personal data from us, our partners will accept processing conditions at least equivalent to those set out in this information, through contractual documents concluded according to the provisions of Article 26 or Article 28 of the GDPR.

Cross-border data processing

We do not collaborate with partners in the European Union or outside the Union who would require access to your personal data. The cloud storage services we use allow both encryption and communications to and from data storage servers, so that neither the providers of these services nor other third parties can access your personal data.

Rights of data subjects through processing

With regard to the personal data we process, you may at any time exercise your rights under the GDPR by sending a written message to the postal address or e-mail addresses of Edenland Park or the Data Protection Officer. The message must contain your contact details as well as the request you send us regarding personal data. Requests must be sent in your own name or as a parent or legal representative of a minor, and only with reference to personal data of an individual. As the provisions of the GDPR or other rules governing the field of personal data do not apply to the processing of data relating to a legal person, please do not ask us for requests related to the processing of this type of data (which refers to a legal person).
Also, according to the provisions of Article 12 paragraph (2) of the GDPR, anonymous data cannot be subject to the exercise of the rights provided by the GDPR, which is why we also ask you not to send us requests in connection with the processing of such data as it will be impossible for us to identify the data directly concerning you and to implement your requests.
The rights you can exercise in the ways described above are: /p>

• right of access - you have the right to obtain confirmation from us that we hold personal data directly concerning you, as well as details of the ways in which we process this data. According to the provisions of Article 15 paragraph (3) of the GDPR, all information you request from us in our databases (and which directly concerns you) will be provided free of charge once a year and for an administrative fee, for additional requests;
• right to rectification - you have the right to ask us to rectify the data concerning you, or to complete them, - when changes occur, free of charge, whenever necessary, taking into account the purpose for which we process their data and which may, therefore, no longer be in line with your interests when the data we hold is no longer up to date.
• right of data erasure - when you consider that the processing of data is no longer necessary for the purposes for which it was collected, you wish to withdraw your consent - then the processing is done exclusively with your consent, or when you want to object certain forms of processing, you have the right to request the deletion of personal data directly concerning you. In such situations, we will give immediate effect to your request, but, subject to the provisions of Article 17 paragraph (3) of the GDPR which refers to the condition that there are no other legal provisions obliging us to process or keep for certain minimum periods of time the personal data of those with whom Edenland Park has carried out commercial or contractual activities (such as for example, obligations imposed by commercial, tax or labour law).
• right to data portability - refers to your right that can be exercised if you provide us with your personal data in a structured format (such as databases or electronic file), and based on this right, you can request us to transmit this format to other operators indicated by you;
• the right to object or restrict certain forms of processing – this is your right to object or restrict certain forms of processing, such as profiling, processing for marketing purposes and any other processing we perform pursuant to Article 6 paragraph (1) letter (f) of the GDPR, in the legitimate interest of Edenland Park for the proper conduct of the activities we carry out, their expansion or the number of customers.

In accordance with Article 12 paragraph (3) of the GDPR, we will respond within a maximum of one month to any request you make to us in connection with the rights listed above, showing you how we handled your request or the (legal) reasons that prevented us from processing your request (in whole or in part).
When you consider that our answer is not in accordance with the legal provisions, you have the right to file a complaint to the National Authority for the Supervision of Personal Data Processing (ANSPDCP), according to the details mentioned on their website, https://dataprotection.ro.

This document was last updated in April, 2022.