PRIVACY POLICY

PRIVACY POLICY

G. Samukienė personal enterprise, legal entity code: 152583975, registered office address: Vytauto 54, Palanga (hereinafter – the Company), respects the privacy of its guests and stakeholders, and protects your personal data when providing accommodation services. The Company processes and maintains the data submitted at the time of your registration in a fair and lawful manner. By using the services of the www.ramybepalanga.lt website, the individual confirms that he / she has read, understood and accepted this Privacy Policy. If you have any questions in relation to the processing of your personal data, please e-mail us to palanga@vilaramybe.lt

1. General provisions

This Privacy Policy (hereinafter referred to as the Policy) shall govern, among other things, the collection, processing and storage of personal data by the Company as the Data Controller.

The Company provides accommodation and room rental services. In order to provide these services, the Company manages personal data under the legal bases specified in the Policy as well as for the purposes of data processing and the legislation applicable to the Company. This Policy shall be aimed at the persons, who use or intend to use the services of the Company or visit the website www.ramybepalanga.lt.

According to this Policy, any natural person, whose personal data are processed by the Company shall be regarded as the Data Subject. By using the services, continuing to browse the website, the Visitor (the user of the website) shall confirm that he / she has read this Policy, understood the provisions set forth herein and shall agree to comply with them.

The Data Controller shall ensure that by adopting and implementing this Policy, it shall pursue to implement the following key principles related to the processing of personal data:

1. Personal data shall be processed in a lawful, fair and transparent manner (the principle of lawfulness, integrity and transparency) in relation to the Data Subject;

2. Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in any manner that is incompatible with the above mentioned purposes;

3. Further processing of personal data for archiving purposes for the benefit of public interest or for statistical purposes shall not be considered incompatible with the original purpose (the principle of purpose limitation);

4. Personal data must be adequate, relevant and not excessive in relation to the purposes for which they are processed (the principle of data amount minimization);

5. Every effort shall be made to ensure that personal data are accurate and, where necessary, updated within a reasonable time after the change has occurred;

6. All reasonable measures shall be taken to ensure that the personal data, which are inaccurate having regard to the purposes for which they are processed, are deleted or rectified within a reasonable period (the principle of accuracy);

7. Personal data shall be stored in a form, which permits the identification of Data Subjects for no longer than it is necessary for the purposes for which the personal data are processed;

8. Personal data may be stored for longer periods, if the processing of personal data is carried out solely for archival, public interest or statistical purposes, subject to appropriate technical and organizational measures, necessary to protect the rights and freedoms of the Data Subject (the principle of limitation of retention period);

9. Having taken into account the generic nature of the personal data processed by the Data Controller, personal data shall be processed in such a manner as to ensure appropriate security of personal data by appropriate technical or organizational measures, including protection against unauthorized or unlawful processing of personal data and against accidental loss, destruction or damage (the principle of integrity and confidentiality);

10. The Data Controller shall be responsible for ensuring the compliance with the above principles and must be able to prove the compliance (the principle of accountability).

By booking a room / rooms at the hotel, the Data Subject shall express his / her consent that the Data Controller would process the following personal data of the Data Subject:

• Name, surname

• E-mail

• Telephone number

• Address of residence

• The amount payable

• The duration of stay in the hotel

When submitting his / her personal data, the guest of the hotel shall confirm that these data are accurate and complete.

This Policy has been drafted based on the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing the Directive 95/46/EC (hereinafter referred to as the GDPR), the Law of the Republic of Lithuania on Legal Protection of Personal Data (hereinafter referred to as the LLPPD), as well as on other legislation of the European Union and the Republic of Lithuania. The terms used in this Policy shall be interpreted as they are defined in the GDPR and the LLPPD.

2. Information about cookies

The Data Controller uses cookies on the Website in order to distinguish between the users of the Website. By using cookies, the Data Controller aims to ensure a better experience for the people browsing the Website and to improve the Website itself. Cookies are small text files that are stored on the personal browser or device (a PC, mobile phone, or tablet).

We use Google Analytics, a website analytics service that allows us to capture and analyse the statistics on website usage. More about Google Analytics and the information these tools enable to collect, please see https://support.google.com/analytics/answer/6004245?hl=en. If you wish that Google Analytics tools would not capture the information on your web browsing, you can use the Google Analytics opt-out browser plugin.

The Web cookies prevent from identifying the Website user ID. Visits to the Website are logged anonymously, having recognised a PC, mobile phone or tablet and the IP address, and such information collected is not shared with third parties except as required by law. By opening the Website and clicking the button “I Accept” in the pop-up box, the browsing person shall agree that the cookies are stored on his / her PC, mobile phone or tablet. To withdraw his / her consent, the browsing person may delete or block cookies by selecting the appropriate settings on his / her browser enabling to refuse all or part of the cookies. It should be noted that using such browser settings that block cookies (including the obligatory cookies), may cause a person problems when using all or part of the features of the Website.

Personal data collected by cookies shall be processed in accordance with the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on Electronic Communications of the Republic of Lithuania, Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, and other provisions of personal data protection legislation.

In accordance with legal requirements, the Website is subject to security measures that prevent unauthorized disclosure and use of personal data.

The website https://www.ramybepalanga.lt/ uses the following cookies:

COOKIE CATEGORY	COOKIE NAME	COOKIE EXPIRATION TIME
Analytical cookie to improve the functioning of the Website	_ga	2 years
Analytical cookie to improve the functioning of the Website	_gat	1 minute
Analytical cookie that enables the user to have his/her own unique ID number	_gid	1 day
Functionality cookie to remember the visitor’s preferences	Pll_language	1 year

3. Purposes of use of personal data

The Company collects and processes personal data in accordance with the EU and Lithuanian legal acts regulating the protection of personal data.

The Company processes personal data collected on its Website on the following grounds:

• On the basis of consent, which is expressed by your active actions, i.e. by contacting us and providing / submitting your personal data or by any other proactive actions;

• To pursue our legitimate interests (e.g. by administering the Website and ensuring its proper functioning);

• When providing you the accommodation services, also for guest accounting, guest debt management, messaging purposes;

• When handling orders, registration, inquiries;

• When forwarding you the information about our services rendered and special offers (if you agree to receive such information);

• When contacting you regarding the evaluation of the quality of the services rendered;

• When conducting video surveillance inside the hotel and in its environs, and ensuring the safety of property and persons.

Under no circumstances will your personal data be disclosed to any third parties, except in the following cases:

• In case there is your consent to the disclosure of personal data;

• To law enforcement agencies in accordance with the procedure established by legal acts of the Republic of Lithuania;

• Having your consent to contact you by phone or e-mail for direct marketing purposes, we will endeavour to send you only the information about special offers that may be of interest to you;

• To execute our duties that we are subject to by law.

The Company seeks to ensure that personal data are processed accurately, fairly and lawfully, and only for the purposes for which they were collected, in accordance with clear and transparent principles and requirements for the processing of personal data laid down by law.

4. Processing of personal data for direct marketing purposes

The Company shall process your personal data for the purposes of direct marketing only having your explicit consent to such processing, for example: when you subscribe to our newsletters, etc. (data processing is based on your free consent for data processing). For direct marketing purposes, we may process your name, e-mail address, and telephone number. Your personal data may be processed for direct marketing purposes in the following ways:

• you may receive our newsletter with our offers, promotions and news by e-mail;

• you may receive invitations to events, offers and similar information by email.

You can unsubscribe from our newsletters at any time. You can do so by clicking on the dedicated link at the bottom of our newsletters.

We also use Facebook, Google, and other online advertising providers’ services. For the privacy policies of these service providers, the data they collect, and the personal data protection measures applied please see the privacy policies of those service providers. For more information about how it works, as well as the information about how you may object to such advertisements or the use of such data, please refer to the information provided by these service providers.

5. Processing of personal data by conducting video surveillance

To ensure the protection of the hotel property and the property, health and life of our guests, employees, and others, we conduct video surveillance in our area. We execute video surveillance and process the guest data (image data) of our guests captured in the video surveillance filed on the basis of our legitimate interest. Our CCTV systems do not use face recognition and / or analysis technologies, and the video data captured using those systems are not grouped or profiled to a specific data subject (person). Guests are informed about the ongoing video surveillance by means of information signs with the video camera symbol and the data of the Data Controller, which are provided before entering the monitored area and / or premises. The premises, where guests expect absolute protection of personal data (changing rooms, rest rooms, toilets, etc.) are excluded from the surveillance field of the video cameras. The personal data (video data) of the guests collected during video surveillance are stored for up to 30 (thirty) calendar days from the day of capture.

6. Processing of personal data for other purposes

We may also process your personal data when providing you our other services, e.g. receiving and executing your bookings, fulfilling our obligations related to the services we offer, issuing invoices and / or other accounting documents for the services rendered. Usually the processing of such personal data is carried out on the basis of service provision contract, your consent or when fulfilling the obligations imposed on us by law. We may also process personal data for other purposes, if we have obtained your (the data subject’s) consent or if the processing of personal data is based on other lawful processing criteria set out in the laws.

7. Duration of storage of personal data

We will process and store your personal data for no longer, than it is necessary for the purposes for which they were collected or for such period as is required by law. The retention of your personal data for a longer period than specified in the Policy may only take place in the following cases:

• There are reasonable grounds for suspecting the unlawful conduct that is being investigated;

• Your data are necessary for the proper resolution of a dispute or complaint;

• If we have received complaints concerning our Guest or if we have noticed the infringements committed by an appropriate Guest;

• For the purposes of making backups and for other purposes related to the operation and maintenance of information systems, or for any similar purposes;

• In the case of other special grounds, conditions or circumstances provided for by law.

8. Transmission of personal data to third parties

The Company shall not transfer your personal data to any third party without your prior consent, except as described below:

• We may transfer your data to the third parties, who help us to run our activities and manage the provision of Services. Such persons may include data centres, companies engaged in software development, provision, maintenance, and improvement, companies providing information technology infrastructure services, companies performing internet browsing or internet activity analysis and providing services, security offices providing security services, etc.

• In any case, we only provide the Data Controller with the data required to complete a specific transfer or provide a specific service.

• The Data Controllers, whose services we use, may process your personal data only following our instructions. Moreover, they must ensure the security of your data in accordance with applicable law and written agreements entered into with us.

• Data may also be provided to competent authorities or law enforcement agencies, such as the police or supervisory authorities, but only upon their request and only when required by applicable law or in the cases and procedures provided by law, to safeguard our rights, the security of our guests, employees, and resources, and to assert, enforce, and defend legal requirements.

9. Your rights

Data protection legislation give you a number of rights in relation to the processing of your personal data.

You have the right to access your personal data processed by us:

You have the right to ask us to confirm whether we process your personal data and, in such cases request access to your personal data that we process. To exercise the above right, please submit a written request to us by e-mail to palanga@vilaramybe.lt

You have the right to demand correction of your inaccurate data:

If you believe that information about you is incorrect or incomplete, you have the right to ask for it to be corrected. To exercise the above right, please submit a written request to us by e-mail to palanga@vilaramybe.lt

You have the right to object to the processing of your personal data:

You have the right to object to the processing of personal data when the personal data are processed on the basis of our legitimate interest. However, despite your objection, we will continue processing your data if there will be reasonable, well-founded reasons for that. To exercise the above right, please submit a written request to us by e-mail to palanga@vilaramybe.lt

You have the right to require for your personal data to be deleted (the right to be forgotten):

In certain circumstances, you have the right to request that we delete your personal data. However, this provision does not apply, if we are required by law to keep the data. To exercise the above right, please submit a written request to us by e-mail to palanga@vilaramybe.lt

You have the right to restrict the processing of your personal data:

In certain circumstances, you also have the right to restrict the processing of your personal data. To exercise the above right, please submit a written request to us by e-mail to palanga@vilaramybe.lt

10. Final Provisions

The legal relations related to this Policy shall be governed by the law of the Republic of Lithuania. The Data Controller shall not be liable for any damage, including the damage resulting from interruptions in the use of the Website, the loss of or damage to data, caused by any acts or omissions, errors, deliberate harm, other inappropriate use of the Website by the person or any third parties acting on the person’s behalf.

The Data Controller shall also not be liable for interruptions of the Website connection and / or use, and / or any damage caused by them due to any acts or omissions of the third parties not related to the Data Controller or the person, including power failures, internet access interruptions, etc. The Data Controller has the right to amend the Policy, in whole or in part. Addendum or amendments to the Policy shall take effect from the date of their publication on the Website.

If the person continues to use the Website and / or the services provided by the Data Controller after the addenda or amendment of the Policy, the person shall be deemed to have no objection to such addendum and / or amendments. If you have any questions in relation to data processing, please contact us by e-mail at palanga@vilaramybe.lt

This Privacy Policy shall apply from 25 May 2018.