The data controller who determines the purposes and means of processing your personal data shall be UAB NERINGA HOTEL (legal entity code 302547380, address Gedimino ave. 23, 01103 Vilnius, telephone No. +370 5212228, e-mail firstname.lastname@example.org).
Provision of Hotel Services
We may obtain your personal data upon your completion of an inquiry or booking form on our website, placing of an order to purchase our services or otherwise contacting us, completing a registration card and providing details upon arrival at the hotel, as well as communicating with us through social media and using hotel room lock cards. We may also receive your personal data indirectly through the online booking channel you use to make our hotel reservation.
If you order our hotel services, we shall retain the personal data you provide for a period of 10 years. The purpose of the data processing is the provision of hotel services and the basis is the performance of a contract concluded with you (Article 6 (1) (b) of the Regulation). If we do not receive the requested personal data, we shall not be able to provide the service.
Sending of Newsletters and Other Direct Marketing Activities
If you are our customer, have subscribed to our newsletter on our website or have otherwise expressed your willingness to receive direct marketing material, the personal data you voluntarily provide, including your e-mail address and telephone number, shall be used to provide you with information about goods and services, news, promotions, events or other direct marketing information through the abovementioned contact details, as well as through social networks, media channels and other similar electronic communication channels.
Direct marketing without consent shall be carried with your e-mail only if you are our customer. Such marketing shall be performed on the basis and in accordance with the law.
Your personal data shall be processed for direct marketing purposes for 2 years from the date of consent or termination of the relationship with you.
You will be provided with the possibility to opt out of direct marketing communications in every e-mail sent to you. You can also withdraw or revoke their consent by contacting the company’s contact details.
Administration of Complaints, Inquiries or Orders
If you have submitted a complaint, claim, inquiry or order by e-mail, in writing or otherwise, the personal data you voluntarily provide shall be processed for the purpose of administering this complaint, claim, inquiry or order.
If your complaint or claim relates to a potential dispute, possible damage, etc., as well as if a contractual relationship arises during the execution of the order, your personal data may be retained for a maximum period of 10 years. If the personal data relating to the complaint or claim are not relevant to the potential dispute, they shall be destroyed within a shorter period of time when the data is no longer necessary for such purpose.
The processing of your personal data shall be based on the expression of your free will, i.e. consent, however, in certain cases, the continued storage of the complaint may be based on a legal act.
Use of Social Networks
All information you provide on social media (including notifications, use of the Like and Follow fields, and other communications) shall controlled by the social network manager.
Our website has an account on the social network Facebook, the privacy notice of which is available at https://www.facebook.com/privacy/explanation.
We encourage you to read third-party privacy notices and contact service providers directly if you have any questions about how they use your personal information.
Provision of Personal Data to Data Recipients
Your personal data may be provided to the following:
- IT, server, mail, archiving, marketing, accounting, postal and courier service providers;
- notaries, bailiffs, attorneys, consultants, auditors, debt collection companies;
- law enforcement and supervisory authorities, courts, other dispute resolution bodies;
- potential or existing successors of our business or part of it or their authorised consultants or persons.
What are the personal data protection principles we follow?
The following principles apply to the collection and use of your personal data provided by you, as well as from other sources:
- Your personal data shall be processed in a lawful, fair and transparent manner (principle of legality, fairness and transparency);
- Your personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes (purpose limitation principle);
- Your personal data shall be adequate, relevant and only necessary for the purposes for which they are processed (data minimisation principle);
- The personal data processed shall be accurate and, where necessary, kept up to date (principle of accuracy);
- Your personal data shall be stored in a form that allows for the identification of the person for no longer than is necessary for the purposes for which your personal data are processed (principle of storage limitation);
- Your personal data shall be processed in such a way as to ensure adequate security of personal data through appropriate technical or organisational measures, including protection against unauthorised or unlawful processing of data and against unintentional loss, destruction or damage (principle of integrity and confidentiality).
Exercise of the Data Subject’s Rights
We hereby inform you that you have the following rights of the data subject: the right to be informed about the processing of your data; the right of access of your personal data; the right to have the data rectified; the right to have data deleted (the right to be “forgotten”); the right to restrict the processing of data; the right to data portability; the right to object to the processing of personal data where the processing is based on a legitimate interest; the right to submit a complaint with the State Data Protection Inspectorate.
In order to exercise the rights of your data subjects, it is necessary to establish your identity. Without identifying you, it shall not be possible to verify that the person whose personal data are being processed is really applying and your rights shall not be exercised.
An application for the exercise of rights received from you may be refused or a corresponding fee may be charged if the application is manifestly unfounded or excessive, as well as in other cases provided for by law.
If you would like to exercise your data subject’s rights or have other questions concerning the processing of your personal data, please contact the following contact details: email@example.com or provide/send it to the company at the address given at the beginning of this policy.