top of page

GDPR

GDPR POLICY Introduction:

Beyond Lifestyle Srl, a Romanian Company with VAT No. RO46813745 and Registration No. J40/17913/2022, based at Splaiul Unirii 96, Bucharest, Romania, is a mainly membership-based travel agency and concierge service in Romania, a European Union member country. This policy outlines how the Company collects, processes, and protects personal data in compliance with Romanian and European Union data protection laws, including the General Data Protection Regulation (GDPR).

1. Data Collection:

The Company collects personal data from its members, potential members or one-time clients to provide a range of tailored travel and concierge services. The data collected may include but is not limited to:

- Full Names
- Member Appearances/Photos
- Passport Photos
- ID Photos
- Email Addresses
- Phone Numbers
- Personal ID Numbers
- Credit Card Information
- Personal Numbers (e.g., Frequent Flyer Cards) - Food Preferences
- Age

2. Data Usage:

The Company processes personal data for the following purposes:- Membership Accession/Onboarding
- Tailored travel itinerary planning based on member personal preferences.

- Dining and Nightlife Reservations

- Commercial Flight Bookings, including check-in.

- Luxury Hotels & Resorts Bookings, with on-the-go adjustments.

- Local Activities suggestions when member is on a trip booked by us.

- Chauffeur Bookings in 50+ Countries.

- Yachts, Cruises, and Speedboat Bookings.

- Private Jets & Helicopters arrangements.

- Luxury Car Rentals.

- Meet & Greet Airport Services.

- Villa Bookings.

- Any other service requested by the member.
 

3. Data Sharing:

The Company may share personal information with specific providers/suppliers who assist in delivering the services listed above. These providers include, but are not limited to:

- Trengo, Monday.com, Booking.com, Amadeus, Magic Holiday, Symphony Hub, Go Global, Travel Brands SA, Microsoft (Outlook), Local Airlines and Hotels

4. Data Protection:

The Company is committed to safeguarding personal data and employs appropriate security measures to protect it against unauthorized access, disclosure, alteration, and destruction. This includes encryption, access controls, and regular security assessments.

5. Data Retention:

Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected. The Company will periodically review and securely dispose of data when it is no longer needed.

6. Data Subject Rights:

Members have the following rights regarding their personal data:

- Right to access: Members can request access to their personal data.

- Right to rectification: Members can request corrections to their personal data.

- Right to erasure: Members can request the deletion of their data under certain circumstances.

- Right to restrict processing: Members can request limitations on data processing.

- Right to data portability: Members can request their data in a structured, machine-readable format.

- Right to object: Members can object to the processing of their data.

- Right not to be subject to automated decision- making.
 

7. Consent:

The Company will obtain explicit consent from its members before collecting and processing their personal data for any purpose.

8. Data Protection Officer:

The Company has appointed a Data Protection Officer (DPO) responsible for ensuring GDPR compliance. The DPO can be reached at [legal@beyondclub.ro/xpbeyond.com].
 

9. Breach Notification:

In the event of a data breach, the Company will notify the affected individuals and relevant authorities as required by law.
 

10. Review and Update:

This GDPR Policy will be reviewed and updated regularly to reflect changes in regulations, technology, and business practices.
 

Contact Information:

For inquiries or to exercise your data protection rights, please contact our Data Protection Officer at [legal@beyondclub.ro/xpbeyond.com].
 

Effective Date:

This GDPR Policy is effective from 01.11.2023

bottom of page