PRIVACY POLICY
PRIVACY POLICY
The purpose of the Privacy Policy is to inform how the personal data of data subjects are collected and processed, explain how long they are stored, to whom they are disclosed, what rights data subjects have, and where to contact regarding their exercise or other matters related to personal data processing.
Personal data are processed in accordance with the European Union General Data Protection Regulation (EU) 2016/679 (hereinafter – the Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania, and other legal acts regulating personal data protection.
UAB “MICHAELSON boutique HOTEL” follows these main data processing principles:
– personal data are collected only for clearly defined and lawful purposes;
– personal data are processed lawfully and fairly;
– personal data are kept up to date;
– personal data are stored securely and no longer than required by the established purposes of processing or by applicable laws;
– personal data are processed only by Hotel employees who are authorized to do so according to their job functions or by properly authorized data processors.
1. DEFINITIONS
1.1. Data Controller – UAB “MICHAELSON boutique HOTEL” (hereinafter – the Hotel), legal entity code 111805372, registered address: Žvejų g. 18A, LT-91241 Klaipėda.
1.2. Data Subject – any natural person whose data are processed by the Hotel. The Data Controller collects only such data of the data subject that are necessary for the Hotel’s activities and/or when visiting, using, or browsing the Hotel’s websites, Facebook page, etc. (hereinafter – the Website). The Hotel ensures that collected and processed personal data will be secure and used only for a specific purpose.
1.3. Personal Data – any information directly or indirectly related to a data subject whose identity is known or can be directly or indirectly determined using relevant data. Personal data processing means any operation performed on personal data (including collection, recording, storage, editing, modification, granting access, submitting queries, transfer, archiving, etc.).
1.4. Consent – any freely given and informed confirmation by which the data subject agrees that their personal data be processed for a specific purpose.
1.5. Cookies – small pieces of text information used on the Hotel’s website that are automatically created while browsing the site and stored on the computer or other device used by the data subject (website visitor). Cookies are used to improve visitors’ browsing experience, analyze website traffic, and study visitor behavior on the website.
2. SOURCES OF PERSONAL DATA
2.1. Personal data are provided by the data subject themselves. The data subject contacts the Hotel, uses its services, leaves comments, asks questions, requests information, etc.
2.2. Personal data are obtained when the data subject visits the Hotel’s website, fills in forms available there, or for any reason leaves their contact details, etc.
2.3. Personal data are obtained from other sources. Data may be obtained from other institutions or companies, publicly available registers, etc.
3. PROCESSING OF PERSONAL DATA
3.1. By submitting personal data to the Hotel, the data subject agrees that the Hotel will use the collected data to fulfill its obligations to the data subject and to provide the expected services.
3.2. The Hotel processes personal data for the following purposes:
3.2.1. Provision of hotel services. For this purpose, the following data are processed: name(s), surname(s), date of birth, identity document number, nationality, and country issuing the identity document, address of residence, arrival and departure dates, names and surnames of accompanying spouse and/or minor child(ren), number of adults and children using hotel services, dietary requirements, bank account details, bank name, service price, car registration number, authorization details (if hotel services are ordered by a legal entity’s representative), signature.
3.2.2. Ensuring and continuing the Hotel’s operations. For this purpose, the following data may be processed: supplier (natural person) data – name(s), surname(s), personal code or date of birth, address, phone number, email address, workplace, position, bank account and bank name, transaction date, amount, currency, and other data provided by the person or obtained by the Hotel under applicable laws while performing its activities. For example, data in a business license (type of activity, group, code, name, validity periods, issue date, amount), individual activity certificate number, VAT payer status, and other data necessary for proper performance of contractual or legal obligations.
3.2.3. Administration of job candidate CV databases. For this purpose, the following data are processed: name(s), surname(s), date of birth (age), address, contact details (phone, email), education (institution, study period, degree and/or qualification), training and certification information, work experience (employer, work period, position, responsibilities, achievements), language skills, IT and driving skills, other competencies, any information provided in CVs, cover letters, or other application documents, references and recommendations, referees’ contact information, and recommendation content.
3.2.4. Administration of inquiries, comments, and complaints. For this purpose, the following data are processed: name(s), surname(s), email address, phone number, and the text of the message, comment, feedback, or complaint.
3.2.5. Sale of gift vouchers. For this purpose, the following data are processed: name(s), surname(s), information about the service/product specified in the gift voucher, email address, phone number, gift voucher validity date, payment details, recipient’s name, seller’s name, and surname.
3.2.6. Direct marketing. For this purpose, the following data are processed: name(s), surname(s), date of birth, email address, and phone number.
3.2.7. Ensuring the safety of hotel employees, other data subjects, and property (video surveillance). For this purpose, the following data are processed: video image. Video surveillance systems do not use facial recognition or analysis technologies; recorded footage is not grouped or profiled by specific individuals. Data subjects are informed about surveillance through informational signs with a camera symbol and the Hotel’s details, displayed before entering monitored areas. Video cameras do not capture areas where data subjects expect complete privacy.
3.2.8. Processing of cookies. More information in the COOKIE POLICY.
3.2.9. Other purposes for which the Hotel has the right to process personal data when the data subject has given consent, when processing is necessary for the Hotel’s legitimate interests, or when required by applicable laws.
4. DISCLOSURE OF PERSONAL DATA
4.1. The Hotel undertakes to maintain confidentiality regarding data subjects. Personal data may be disclosed to third parties only when necessary for contract execution or other legitimate reasons.
4.2. The Hotel may provide personal data to its data processors who provide services to the Hotel and process personal data on its behalf. Data processors may process data only according to the Hotel’s instructions and to the extent necessary to fulfill contractual obligations. The Hotel uses only processors who ensure adequate technical and organizational measures to meet the Regulation’s requirements and protect data subject rights.
4.3. The Hotel may also disclose personal data in response to court or government authority requests, as required to comply with applicable laws and official instructions.
4.4. The Hotel guarantees that personal data will not be sold or rented to third parties.
5. PROCESSING OF MINORS’ PERSONAL DATA
5.1. Persons under 14 years of age may not submit any personal data via the Hotel’s website. If a person is under 14 years old, a written consent from a parent or guardian is required before submitting any personal information to use the Hotel’s services.
6. RETENTION PERIOD OF PERSONAL DATA
6.1. Personal data collected by the Hotel are stored in printed documents and/or in the Hotel’s information systems. Data are processed no longer than necessary to achieve the processing purposes or as required by the data subjects and/or applicable laws.
6.2. Even if the data subject terminates a contract and stops using the Hotel’s services, the Hotel must continue storing the data to address potential future claims or legal issues until the data retention period expires.
7. RIGHTS OF THE DATA SUBJECT
7.1. Right to receive information about data processing.
7.2. Right to access processed data.
7.3. Right to request data correction.
7.4. Right to request data deletion (“Right to be forgotten”). This right does not apply when personal data are processed under another legal basis, such as contract execution or compliance with legal obligations.
7.5. Right to restrict data processing.
7.6. Right to object to data processing.
7.7. Right to data portability. This right must not negatively affect others’ rights and freedoms and does not apply to data processed non-automatically, e.g., in paper files.
7.8. Right to demand that no decision based solely on automated processing, including profiling, be applied.
7.9. Right to file a complaint regarding data processing to the State Data Protection Inspectorate.
8. The Hotel must ensure conditions for the data subject to exercise the above-mentioned rights, except in cases established by law when it is necessary to ensure national security or defense, public order, prevention, investigation, detection, or prosecution of criminal offenses, important economic or financial interests of the state, prevention or detection of professional or ethical misconduct, or protection of the rights and freedoms of the data subject or others.
9. PROCEDURE FOR EXERCISING DATA SUBJECT RIGHTS
9.1. The data subject may contact the Hotel regarding the exercise of their rights:
9.1.1. by submitting a written request in person, by mail, through a representative, or electronically via email: reception@hotelmichaelson.com;
9.1.2. verbally – by phone: +370 640 63378;
9.1.3. in writing – to the address: Žvejų g. 18 & 18A.
9.2. To prevent unlawful disclosure, upon receiving a request, the Hotel must verify the data subject’s identity.
9.3. The Hotel’s response must be provided no later than within one month from the date of receipt of the request, depending on the specific circumstances of data processing. This period may be extended by two additional months if necessary, considering the complexity and number of requests.
10. RESPONSIBILITIES OF THE DATA SUBJECT
10.1. The data subject must:
10.1.1. inform the Hotel about any changes in the provided information and data. It is important for the Hotel to have accurate and up-to-date data;
10.1.2. provide necessary information so that the Hotel can identify the data subject and ensure communication or cooperation with the correct individual (provide an identity document or confirm identity through legally established or electronic means). This is necessary to protect both the data subject’s and others’ personal data so that information is disclosed only to the rightful person.
11. FINAL PROVISIONS
11.1. By submitting personal data to the Hotel, the data subject agrees with this Privacy Policy, understands its provisions, and undertakes to comply with it.
11.2. As the Hotel develops and improves its activities, it has the right to amend this Privacy Policy unilaterally at any time. The Hotel may amend it in part or in full by publishing the updated version on its website.
11.3. Amendments or additions to the Privacy Policy take effect from the date of their publication on the website.