Privacy policy
  1. INTRODUCTION
    In its daily operational activities, RS LUXURY TRANSFER uses data regarding natural persons and/or companies, which concern:
    Clients (contact persons,contacts and companies)
    Existing, former, and prospective employees
    Natural persons (contacts) with other interested parties (e.g., EETT)
    In collecting and using this data, the company is subject to legislative regulations that control the conduct of these activities and the safeguards that must be implemented for its protection. The purpose of this policy is to define the relevant legislation and describe the steps of RS LUXURY TRANSFER to ensure compliance with it.
    This control applies to all systems, people, and processes that constitute the company’s information systems, including members of the board of directors, executives, employees, suppliers, and other third parties who have access to RS LUXURY TRANSFER systems.
  2. GENERAL DATA PROTECTION REGULATION (GDPR)
    2.1 General Data Protection Regulation (GDPR)
    Many of our programs and websites allow you to send us an email. We will use the information you provide to respond to your inquiry. We will send you only general information via email. We must remind you that email may not be secure from interception. Therefore, we recommend not sending sensitive personal data (such as your social security number) to us via email. If the communication via email you want to send is highly sensitive or includes information such as bank account, credit card, or social security number, you should instead send it via mail. Another alternative may be submitting data through a secure website, if available.
    The new General Data Protection Regulation(GDPR – EU 2016/679) and updated e-Privacy Regulations are the most significant legislations affecting how RS LUXURY TRANSFER carries out information processing activities. It is the management’s intent of RS LUXURY TRANSFER to ensure that its compliance with GDPR and other relevant legislative acts is clear and demonstrable at all times.
    RS LUXURY TRANSFER reserves the right to make at its own discretion any amendments to this Policy at any time and without any special notice to this effect. The new version of this Privacy Policy shall come into effect upon posting of the same on the website. Continuing our sevices, the client confirms its consent to comply with the terms and conditions of the Policy in its current version. RS LUXURY TRANSFER recommends the Clients to review the Policy more often in order to make sure that the Clients understand the terms, while using the RS LUXURY TRANSFER services. If the Client does not agree with the terms of the Policy amended by RS LUXURY TRANSFER, he/she shall not be entitled to use the RS LUXURY TRANSFER services.
    2.2 Definitions
    According to the Regulation, the following definitions apply.
    Defined as:
    “Personal Data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
    “processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
    “controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
    2.3 Principles Governing the Processing of Personal Data
    The fundamental principles on which the GDPR is based and which govern the processing of personal data are:
    2.3 a.Personal data must:
    be processed lawfully, fairly, and in a transparent manner in relation to the data subject (“lawfulness, fairness, and transparency”),
    be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes shall not be considered incompatible with the initial purposes (“purpose limitation”),
    be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”),
    be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified (“accuracy”),
    be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes subject to implementation of the appropriate technical and organizational measures required by the Regulation in order to safeguard the rights and freedoms of the data subject (“storage limitation”),
    be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).
    2.4 The Data Controller’s Responsibility and Accountability
    The RS LUXURY TRANSFER ensures compliance with all these principles both in the processing it currently performs and in the context of introducing new processing methods such as new Information Technology systems.
    RS LUXURY TRANSFER supports the exercise of data subjects’ rights under the GDPR, which are:
    The right to be informed
    The right of access
    The right to rectification
    The right to erasure
    The right to restriction of processing
    The right to data portability
    The right to object
    Rights regarding automated decision-making and profiling.
    Each of these rights is supported by the appropriate procedures of RS LUXURY TRANSFER (GDPR-DOC-21 Data Subject Request Procedure) which allow the necessary actions to be taken within the time limits set by the GDPR.
    2.5 Consent
    If not necessary for a permissible reason under the GDPR, explicit consent must be obtained from a data subject for the collection and processing of their data. Transparent information about the use of personal data must be provided to data subjects at the time consent is obtained, explaining their rights regarding their data, such as the right to withdraw consent. This information must be provided in an accessible format, written in clear language, and free of charge. If personal data is not obtained directly from the data subject, then this information must be provided within a reasonable period after obtaining the data and certainly within one month.
    2.6 Privacy by Design and by Default
    RS LUXURY TRANSFER has adopted the principle of privacy by design and by default (in accordance with Article 25 of the GDPR) and will ensure that the design of all new or significantly changed systems that collect or process personal data undergoes appropriate privacy considerations, including conducting one or more impact assessments related to data protection (GDPR-DOC-07 Data Protection Impact Assessment Procedure).
    The data protection impact assessment will include:
    Examination of how personal data is processed and for what purposes
    Assessment of whether the proposed processing of personal data is both necessary and proportionate to the purpose(s)
    Assessment of risks to individuals during the processing of personal data
    Identification of technical and organizational measures necessary to address identified risks and demonstrate compliance with the law
    Applications must follow the principle of data minimization, as well as data quality, and include the ability to delete data after the period required for processing purposes. They must also allow for the implementation of all necessary technical security measures to protect data from accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure, or access, and any other form of unlawful processing according to the GDPR-DOC-16 Data Retention and Protection Policy. Techniques such as data minimization, encryption, and pseudonymization should be considered where applicable and appropriate.
    2.7 Transfer of Personal Data
    Transfers of personal data outside the European Union are carefully reviewed before the transfer takes place, and assurances for personal data in the recipient country are accepted by the European Commission.
    2.8 Data Processes and Privacy Policy Oversight
    The Data Processes and Privacy Policy Oversight provides its services as an external advisor covering responsibilities of the Data Protection Officer for which there is no clear obligation for RS LUXURY TRANSFER to appoint according to the GDPR. RS LUXURY TRANSFER does not perform “large-scale processing of special categories of personal data” as required by Article 37.1.g of the GDPR to appoint a Data Protection Officer. The Data Processes and Privacy Policy Oversight is required to have the appropriate level of knowledge and can be either an internal resource or assigned to an appropriate service provider (GDPR-DOC-05 GDPR Roles Responsibilities and Duties and GDPR-DOC-09 GDPR Capability Development Process).
    2.9 Data Breach Notification
    RS LUXURY TRANSFER’s policy must be fair and proportionate when considering actions to inform affected parties about personal data breaches. According to the GDPR, when a breach occurs that is likely to result in a risk to the rights and freedoms of individuals, the relevant Data Protection Supervisory Authority (DPSA) will be notified within 72 hours. This is done in accordance with GDPR-DOC-15 Information Security Incident Handling Process, which outlines the overall process for handling information security incidents.
  3. COOKIES
    3.1. The website of the RS LUXURY TRANSFER uses “cookies”. By using this website, the Client agrees with the placement of cookies in his device under the terms of this Agreement. If the Client doesn’t agree with the using cookies by the Company, the User need either to customize respectively the settings of his browser for Control or Disabling of the cookies in his device or not to use this website and exit it.
    3.2. Cookies management
    Most web browsers are preset to accept cookies. The Client may change settings to block the cookies by the browser or to get notifications, when such files are sent to the device. There are several ways to manage cookies. Read the browser manual please to learn more about how to adjust or change the browser settings.
    Please keep in mind that some personal services can’t be delivered to the Client and the User selecting such settings can’t get a full access to all sections of the website.
  4. ADDITIONAL TERMS AND CONDITIONS
    The terms of this policy apply to all websites of the RS LUXURY TRANSFER without regard to how the user gets access to the network. by accessing the website the user agrees with the terms of policy each time the user visits the site with any device.