Privacy policy

Approved by the order of the director of Žemaitės UAB dated 2018-05-25 No. 25/18

 

 

PRIVACY POLICY

 

Žemaitės UAB shall ensure that personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; the data shall not be processed in any manner inconsistent with the said purposes. Žemaitės UAB shall apply a number of organisational and technical measures to ensure adequate security of personal data, including protection from unauthorised or illegal processing, as well as from accidental loss, destruction, or damage of such data.

1.     KEY TERMS

 

1.1. Privacy Policy - the following personal data processing rules and information on use of cookies, as available online at http://www.hotelzemaites.lt/ .

1.2. Website - the website at http://www.hotelzemaites.lt/ , where the guests of Žemaitės UAB can book a hotel room(s) and grant their consent to process personal data for direct marketing purposes.

1.3. Data Controller - a natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purposes of the Privacy Policy, the Data Controller means Žemaitės UAB, registration number: 221359670, registered address: Žemaitės g. 15, LT-03118 Vilnius, Lietuva, contacts: e-mail: info@hotelzemaites.lt , phone +370 5 213 31 93.

1.4. Data Subject - a hotel guest whose personal data are processed by the Data Controller for the purposes of e-commerce and direct marketing.

1.5. Data Processor - a natural or legal person, which assists the Data Controller, based on authorisation granted, to accomplish the objectives set out.

1.6. Personal Data -  any information relating to an identifiable guest of the hotel, processed by the Data Controller, including, but not limited to, full name, e-mail address, telephone etc.

 1.7. Data Processing - any operation performed on personal data, such as collection, recording, accumulation, storage, alteration (addition or correction), submission, use, destruction or any other operation (set of operations).

1.8. Direct marketing - any operation directed at offering of goods or services to individuals by mail, phone or any other direct channel, offering special discounts and/or enquire their opinion on the goods or services offered. Approved by the order of the director of Žemaitės UAB dated 2018-05-25 No. 25/18

 1.9. Consent - freely made act by the Data Subject that signifies his/her agreement to the processing of personal data.

1.10. Supervisory Authority - the State Data Protection Inspectorate.

 

 

  1. GENERAL PROVISIONS

 

2.1. The policy provides for key provisions on collection, accumulation, and processing of

personal data.

2.2. Data Subject is considered to be aware of the Privacy Policy once he/she signifies his/her

Consent to the processing of his/her Personal Data.

2.3. The Privacy Policy is available and can be printed out online http://www.hotelzemaites.lt/

any time.

 

3. PROCEDURE FOR COLLECTION, STORAGE, AND USE OF PERSONAL

DATA

 

3.1. A Data Subject shall, when booking a room at the hotel, signify his/her consent to the processing of the following personal data by the Data Controller:

3.1.1. full name,

3.1.2. sex,

3.2. password and security question;

3.3. credit card details;

3.4. amount payable;

3.5. duration of stay at the hotel.

3.6. A hotel guest providing his/her personal data confirms these are both precise and complete.

3.7. Personal Data of registered users received for this purpose shall be stored for 3 (three) calendar years after completion of a booking at the hotel.

3.8. Data Subject is informed that, to accomplish the said purpose, the following data processors shall be employed: IT support company and a company in charge of permanent maintenance of PORTE hotel programme.

3.9. The Data Controller shall provide the following data to the Statistics Lithuania: number of guests, country of origin of guests, purpose of visit, and duration of stay at the hotel.

3.10. Data Subject, who enters his/her e-mail address on the website, accepts that the Data Controller will, for the purpose of direct marketing process the his/her personal data below:

3.10.1. E-mail address, Approved by the order of the director of Žemaitės UAB dated 2018-05-25 No. 25/18

3.11. Personal Data received for the purposes of Direct Marketing shall be stored for 3 (three) calendar years after submission of such data.

3.12. The Data Controller confirms that the Personal Data shall be collected from the Data Subject directly, and no other sources will be used.

3.13. The Data Controller shall not disclose the Personal Data under processing to the third parties, except:

3.13.1. when Data Subject grants his/her consent for disclosure of personal data,

3.13.2. when executing an order or offering other services – to the Data Processors offering services of delivery of goods or other services so ordered by the client,

3.13.3. law enforcement authorities (when so required by law),

3.13.4. where necessary to prevent or investigate criminal offences.

 

4. EXERCISE OF RIGHTS BY THE DATA SUBJECT

 

4.1. Data Subject authorises the Data Controller to collect, control, process and store his/her Personal Data to the extent and for the purpose as is provided by the Privacy Policy.

4.2. Data Subject shall be free to revoke his/her consent for collection, processing, and storage of his/her personal data any time (and in the event the personal data are processed for direct marketing purposes, no additional grounds shall be required) by contacting the Data Processor in writing as follows: 1) by logging to the website account; 2) in the event of direct marketing – by clicking a link contained in each e-mail (newsletter); 3) by mail or personal delivery at: Žemaitės g. 15, LT-03118 Vilnius, Lietuva, 4) by e-mail address at: info@hotelzemaites.lt from the same e-mail address as was provided at the time of registration. The Data Controller shall, upon receipt of such a request by the Data Subject, suspend processing of personal data immediately, and destroy relevant Personal Data. The Data Controller shall be free to refuse deleting personal data from the server if there is a legitimate reason to store these, in particular, in the interests of national security and defence, public order, crime prevention,  investigation, discovery or prosecution, in order to secure vital national economic or financial interests, and protection of rights and liberties of other people.

4.3. A Data Subject shall, upon adequate identification, and upon production, to the Data Controller, of a personal identity document (or a notarised copy) to be used for identification only (and shall not be stored), be free to access his/her personal data based on a written application addressed to the Data Controller as follows: by mail or

personally at the following address: Žemaitės g. 15, LT-03118 Vilnius, Lietuva. Approved by the order of the director of Žemaitės UAB dated 2018-05-25 No. 25/18

4.4. A third party, wishing to access Personal Data of a Data Subject, shall be required to produce a notarised power of attorney; Personal Data shall be disclosed to an attorney upon production of a representation agreement, and upon indication of purpose of data use.

4.5. The Data Controller shall, upon receipt of a request by a Data Subject to access his/her personal data processed, respond within 30 (thirty) calendar days after receipt of relevant enquiry. Such an answer shall indicate whether the Personal Data of a Data Subject are currently processed, and if so, the nature and recipients of such data within 1 (one) calendar year. Such an answer shall be provided free of charge.

4.6. In the event the Data Subject, having accessed his/her Personal Data, finds that his/her Personal Data have been collected or received from illegal sources, or that the data are currently processed for different purposes than listed in the consent, he/she may then contact the Data Controller by e-mail seeking suspension processing of such Personal Data and/or deletion of his/her Personal Data. Where the Data Controller finds a request  by Data Subject valid, it shall execute a request by a Data Subject immediately, within 5 business days, and inform of any actions so taken in writing.

4.7. In the event the Data Subject, having accessed his/her Personal Data, finds them not precise or incomplete, he/she may then, upon adequate identification, apply in writing seeking correction and/or supplement of his/her Personal Data. Where the Data Controller finds an application valid, it shall correct or supplement the Personal Data immediately, within 5 business days, and inform of any actions so taken in writing.

4.8. A Data Subject may request the Data Controller to “forget” him/her, i.e. request to have all of his/her Personal Data deleted, unless, however, such data are required for the purposes they were collected and processed, or unless the Data Subject withdraws his/her consent, or unless the data are processed in breach of legal requirements. The Data Controller shall execute such a valid request and shall inform the Data Subject of steps taken immediately, within 5 business days.

4.9. Where a Data Subject believes his/her legitimate interests were breached in course of processing of his/her Personal Data, he/she shall be free to contact the Supervisory Authority.

 

5. RISK FACTORS OF BREACH OF PERSONAL DATA PROTECTION AND

METHODS TO RESOLVE THESE

 

5.1. To ensure protection of Personal Data, the Data Controller shall implement the following organisational and technical personal data protection measures:

 

5.1.1. Organizational measures

 

5.1.1.1. The Data Controller shall operate according to procedures so as to ensure secure processing and/or transfer of digital data and/or documents and their archives.

5.1.1.2.Access to the Personal Data of the Data Subject shall only be granted to those employees when so required to carry out their official functions, and only subject to confidentiality agreements, provided the employees have been introduced to other rules of procedure concerning data processing.

 

5.1.2. Technical measures

 

5.1.2.1. Data processors (service providers) appointed by the Data Controller shall act upon authorisation of the Data Controller only.

5.1.2.2. Personal data shall be protected from loss, unauthorised use and change. Internet connection shall be encoded, while webpage shall function via https:// protocol.

5.1.2.3. Hardware shall be protected from malware (e.g. installation and update of anti-virus software), while internal network shall be protected with a firewall.

 

6. USE OF COOKIES

 

6.1. http://www.hotelzemaites.lt/ website shall include cookies; they shall be used for statistical purposes, to assess the visiting rate of the website and popularity of specific content. Such processing of data does not allow for personal authentification of a website visitor, directly or otherwise.

6.2. A website visitor can either delete cookies from his/her PC, or have them blocked on his/her browser; this may make certain functions of the website unavailable (or disrupt their functioning).

Coocie name

Description/Purpose of use

Creation moment

Expiry date

Used data

PHPSESSID

The standard cookie is used to support the user session. Required cookie

At the time of entering the page

Until the closing of the website window

Unique identifier

Google Analytics

_ga

These cookies are used to collect statistical information about website traffic. The resulting data is used to generate reports and to refine the page.

At the time of entering the page

years

Unique identifier

_gid

These cookies are used to collect statistical information about website traffic. The resulting data is used to generate reports and to refine the page.

At the time of entering the page

24 hours

Unique identifier

_gat

Used to set new sessions / visits

At the time of entering the page

10 minutes

Unique identifier

 

7. FINAL PROVISIONS

 

7.1. The above Privacy Policy shall be revised 2 times (twice) per year, and updated where necessary.

7.2. The Privacy Policy shall enter into effect on 25 May 2018, and shall be published on the Website.

News by email

Find out first about our news and special offers

By subscribing to newsletters, I agree to the Privacy Policy.

You have successfully ordered our newsletter!

The field is mandatory Invalid e-mail format