SECTION 1. GENERAL PROVISIONS
- This Policy applies to persons, visiting the Company’s Website http://www.palangahotel.lt/, using its information and services.
- For the purposes of this Policy, the concept of Data Subject covers any natural person, whose personal data is processed by K. Geco trade company.
- By using the services and continuing browsing the Website, the Visitor (user of the Website) confirms that they have read this Policy, understand its provisions and agree to adhere to them.
- The Data Controller ensures that upon adopting and implementing this Policy, he aims to implement the following key principles, related to personal data processing:
- The personal data of the Data Subject is processed in a lawful, fair and transparent manner (the principle of lawfulness, fairness and transparency);
- Personal data is collected for established, clearly defined and lawful purposes and will not be processed further in ways that are incompatible with those purposes;
- Further personal data processing for archiving purposes for the benefit of the public interest or statistics is not regarded as incompatible with the primary purposes (the principle of the purpose limitation);
- The personal data is adequate, suitable and complies with the purposes of its processing (the principle of data minimisation);
- Efforts will be made to ensure that personal data is accurate and, where necessary, updated within a reasonable time of the change;
- All reasonable steps will be taken to ensure that the personal data, which is inaccurate in terms of the purposes of its processing, is erased without delay or rectified within a reasonable time (the principle of accuracy);
- Personal data will be stored in a form, which enables to identify the data subjects, no longer than necessary for the purposes of the personal data processing;
- Personal data may be stored for longer periods if the personal data will be process only for archival purposes, the public interest or statistics, upon conducting appropriate technical and organisational measures, needed to protect the rights and freedoms of the Data Subject (the principle of data retention);
- Considering the general type of the data, processed by the Data Controller, the Personal data is processed in a way to ensure appropriate personal data security in application of appropriate technical or organisational measures, including protection against personal data processing without a permission or illegal personal data processing, also from accidental loss, destruction or damage (the principle of uniformity and confidentiality);
- The Data Controller is responsible for following the above-mentioned principles and must be able to prove that they are adhered to (the principle of accountability).
- This Policy has been compiled in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (hereinafter referred to as GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania (hereinafter – LPPD), and other legislation in fore in the European Union and the Republic of Lithuania. The concepts, used in the Policy are interpreted the same as they are defined in the GDPR and the LPPD.
- The Data Controller’s Website is using cookies in order to differentiate between various users of the website. Cookies enable the Data Controller to ensure a smoother user experience for the Website browsers and improve the Website itself.
- Cookies are small text files, stored by the Person's browser or device (personal computer, mobile phone or tablet).
- We are using Google Analytics website analysis service, which enables us to record and analyse the statistics of the use of the website. More information on Google Analytics and the information this tool enables to collect, is available here - https://support.google.com/analytics/answer/6004245?hl=lt.
- If you wish to prevent Google Analytics from recording information on your web browsing, you can use Google Analytics Opt-out Browser Add-on.
- Http://www.palangahotel.lt/ website uses the following cookies:
TERM OF USE
Session ID cookie, used to ensure the functionality of the website (e.g. going back to the last point in the list).
Until the end of the session
To store information on the parts of the website, visited by the user, the number of visits, the length of the visits, the browser information, etc.
Half a year
Until exiting the browser
- The cookies used on the website do not enable to identify the user of the website. Each visit of the Website is anonymous, recognising the personal computer, mobile phone or tablet and IP address, and such information is not available to the third parties, except for cases, established by the law.
- Upon opening the Website and clicking the pop-up button ‘I agree’, the browsing person agrees to have the cookies stored on their computer, mobile phone or tablet.
- To revoke the consent, the browsing person can delete or block cookies by selecting appropriate settings on their browser that enable to refuse all or some of the cookies. All users should be aware that using browser settings that block the cookies (including the necessary cookies) may result in issues with using all or some of the Website's functions.
- The Data, collected by cookies, will be processed in accordance with the provisions of the Law on Legal Protection of Personal Data of the Republic of Lithuania, the Law on Electronic Communications of the Republic of Lithuania, the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (hereinafter referred to as GDPR), and other personal data protection legislation.
- Following the provisions of the law, this Website applies security measures to prevent illegal Personal data use and revelation.
SECTION 3. WHAT IS THE BASIS OF OUR USE OF YOUR DATA?
- K. Geco trade company collects and processes personal data in accordance with the law on personal data protection of the Republic of Lithuania and the EU. The basis of the company’s processing of personal data is as follows:
- On the basis of your consent, expressed by active action, i.e. addressing us and provision of personal data, or other active actions;
- For the implementation of our lawful interests (e.g. administration of our website and ensuring its proper operation);
- Video surveillance at our Hotel and its territory to ensure property and personal security;
- To perform our duties in accordance with the law.
- The Company aims to ensure precise, fair and lawful data processing, and only for the purposes that it was collected for, in accordance with the clear and transparent principles and requirements of personal data processing, established by the law.
SECTION 4. PERSONAL DATA PROCESSING FOR DIRECT MARKETING PURPOSES
- The company processes your personal data for the purpose of direct marketing upon receiving your explicit consent to such data processing, e.g. as you subscribe to our newsletters, etc. (the basis of data processing - your voluntary consent for data processing);
- The purpose of our direct marketing includes processing of your name, e-mail address and phone number.
- For the purposes of direct marketing, your personal data may be processed as follows:
- You may receive e-mails about our offers, campaigns and news;
- You may receive e-mails with invitations to events, offers and similar information.
- You can unsubscribe from our newsletters any time by clicking on the link at the bottom of the newsletters we send.
- We also use Facebook, Google and other online advertising providers. The privacy policies of these providers, the information on the data they collect and applicable data protection measures are available in the privacy policies of the said providers. More information on how it works and also on how you can object to the display of such adds or other data use, is available in the information, provided by the said providers:
SECTION 5. PERSONAL DATA PROCESSING FOR VIDEO SURVEILLANCE PURPOSES
- Seeking to protect the property, health and lives of the Hotel, our guests, staff and other persons, the premises and territory of our Hotel are under video surveillance.
- Video surveillance and the data of the Guests, entering the video surveillance field (video data), is processed on the basis of our lawful interest. Our video surveillance systems do not use face recognition and (or) analysis technology, the data recorded is not grouped or profiled according to a specific data subject (person).
- The Guests are informed of the video surveillance by information signs with a video surveillance camera symbol and details of the data controller, provided before entering the territory and (or) premises under surveillance.
- The video surveillance field does not include premises, where the Guests expect full personal data protection (changing rooms, resting rooms, bathrooms, etc.).
- The personal data of our Guests, collected by video surveillance (video data) are stored for up to 30 (thirty) calendar days since the date of recording.
SECTION 6. PERSONAL DATA PROCESSING FOR OTHER PURPOSES
- We can also process your personal data by providing you with other services, e.g. taking and processing your reservations, fulfilling the obligations of the services we offer, issuing invoices and (or) other accounting documents for our services. Usually this type of personal data processing is implemented on the basis of a service provision agreement, your consent or provisions, established by the law.
- We can also process data for other purposes if we have obtained your (the data subject’s) consent of when the personal data processing is based on other lawful criteria for processing, established in other legislation.
SECTION 7. HOW LONG DO WE PROCESS AND STORE YOUR DATA?
- We will process and store your personal data no longer than necessary for the purposes that this data was collected for, or for a period, established by the law.
- Your personal data processing may take longer than established in the Policy in the following cases:
- There is a reasonable suspicion of illegal activity, which is subject to an investigation;
- Your data is necessary for a proper solving of a dispute or claim.
- If we have received complaints, related to violations of our Guests or if we have noticed violations of a certain Guest ourselves;
- For back-up copies and other similar purposes, related to the operation and maintenance of information systems;
For other special reasons, conditions and cases, established by the law.
SECTION 8. WHAT THIRD PARTIES DO WE DISCLOSE YOUR DATA TO AND IN WHAT CASES?
- The Company will not disclose your personal data to any third parties without your prior consent, except for the cases, listed below:
- We can disclose your data to be processed by third persons that assist us in our business and the administration of the Service provision. These persons may include data centres, companies, developing, providing and supporting software, companies, providing information technology infrastructure services, internet browsing or internet activity analysis and service companies, security services, etc.
- In each case we provide the data processor with the data only to the extent it is necessary to complete a specific task or provide a certain service.
- Our data processors may process your personal data only under our instructions. Moreover, they must ensure your data safety in accordance with the applicable legislation and written agreements, signed with us.
- Data may also be disclosed to competent state or law enforcement institutions, e.g. the police or supervisory institutions, but only upon demand and only if the demand complies with the applicable legislation or only in cases and procedures, established by the law, to ensure our rights, the safety of our guests, staff and resources, and to make a claim, to provide and to defend our legal claims.
SECTION 9. YOUR RIGHTS
- Data protection legislation provides you with many rights, related to your personal data processing.
- You have a right to get acquainted with your personal data that we process:
- You have a right to request for our confirmation if we process your personal data and, in such case, request to get acquainted with your personal data that we process. In order to use the right, indicated above, we ask to submit a written request by e-mail to firstname.lastname@example.org;
- You have a right to demand to correct your personal data that is incorrect.
- If you believe that information about you is incorrect or insufficient, you have a right to ask to correct it. In order to use the right, indicated above, we ask to submit a written request by e-mail to email@example.com.
- You have a right to disagree with your personal data processing:
- You have a right to disagree with your personal data processing, when the personal data is processed based on our lawful interests. Nevertheless, despite your disagreement, we will continue your data processing in case of reasonable and motivated reasons to do so. In order to use the right, indicated above, we ask to submit a written request by e-mail to firstname.lastname@example.org.
- You have a right to demand to delete your personal data (the right to be forgotten):
- Under certain circumstances, you have a right to request to have your personal data deleted. However, this provision does not apply if we must store the data in accordance with the law. In order to use the right, indicated above, we ask to submit a written request by e-mail to email@example.com.
- You have a right to limit with your personal data processing:
- Under certain circumstances, you also have a right to limit with your personal data processing. In order to use the right, indicated above, we ask to submit a written request by e-mail to firstname.lastname@example.org.
SECTION 10. FINAL PROVISIONS
- The legal relationship, related to this Policy, is subject to the law of the Republic of Lithuania.
- The Data Controller holds no liability for the damage, including the damage, caused by disruptions of the website use, for the loss or damage to the data, caused by the actions or lack thereof, mistakes, intentional harm or other improper use of the Website by the person himself/herself or third persons, acting under the said person's knowledge.
- The Data Controller also holds no liability for the disruptions of connecting to and/or use of the Website and (or) the damage caused by them due to the actions or lack thereof of the third persons, unrelated to the Data Controller or the person, including power supply, internet access disruptions, etc.
- The Data Controller has a right to change this Policy in part or in full.
- Supplementations or changes to this Policy come into force on the date of publishing on the Website.
- If the person continues to use the Website and/or the services, provided by the Data Controller, after the Policy has been supplemented or changed, it will be regarded that the said person does not object to such supplementations and/or changes.
- You may contact us regarding all issues of data processing by e-mail: email@example.com.