2. This Policy is intended for individuals, who visit the Company’s Website (www.centrumhotels.com), use the Website information and the reservation services it provides.
3. The data subject according to this Policy is any natural person whose personal data is processed by UAB CENTRUM.
4. By using the services and continuing to browse the Website, the Visitor (Website user) confirms that they have read this Policy, understand its terms and agree to comply with them.
5. The data controller ensures that by adopting and implementing this Policy, it is seeking to pursue the following fundamental principles, related to the processing of personal data:
5.1. Personal data shall be processed in a lawful, fair and transparent manner in regards to the data Subject (principles of legality, fairness and transparency);
5.2. Personal data is collected for specified, clearly defined and legitimate purposes and will not be further processed in a way incompatible with those purposes;
5.3. Further processing of personal data for the purposes of public interest and for statistical purposes, is not considered to be incompatible with the primary objectives (purpose limitation principle);
5.4. Personal data is adequate, appropriate and only necessary for the purposes for which they are processed (data amount minimization principle);
5.5. Efforts are made to ensure that personal data is accurate and updated as necessary during a reasonable time after their change;
5.6. All reasonable steps shall be taken to ensure that personal data which is not accurate in relation to the purposes for which it is processed are immediately deleted or corrected within a reasonable time (principle of accuracy);
5.7. Personal data shall be kept in such a form that the identity of the Data subjects can be determined for no longer than is necessary for the purposes for which personal data is processed;
5.8. Personal data may be stored for longer periods if personal data is processed only for archiving or statistical purposes, after the implementation of the appropriate technical and organizational measures, which are necessary to protect the rights and freedoms of the Data subject (principle of limitation of the duration of data storage);
5.9. Personal data, taking into account the general nature of the personal data handled by the Data controller, shall be managed in a way, that applied appropriate technical or organizational measures shall ensure the proper security of personal data, including protection against processing of personal data without permission or the unlawful processing of personal data and accidental loss or damaging of personal data (integrity and confidentiality principles);
5.10. The data controller is responsible for the adherence to the above-mentioned principles and should be able to prove that they are being upheld (accountability principle);
6. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter – General Data Protection Regulation or GDPR) the Law on legal protection of personal data of the Republic of Lithuania (hereinafter – ADTAI), other legal acts of the European Union and the Republic of Lithuania. Terms used in this Policy are understood as defined by BDAR and ADTAI.
ON WHAT GROUNDS DO WE MANAGE YOUR DATA?
7. UAB CENTRUM collects and processes your personal data in accordance with EU and Lithuanian legal acts regulating the protection of personal data. The Company processes the personal data on the Website according to the following grounds:
7.1 According to consent, which is expressed by your active actions, i.e. addressing us and the provision of personal data for reservation purposes or other active actions;
7.2 The implementation of our legitimate interests (for example, by administering the Website and ensuring its proper functioning);
7.3 While performing video surveillance in the hotels operated by the Company (ARTIS CENTRUM HOTELS, RATONDA CENTRUM HOTELS, GRATA CENTRUM HOTELS) and within their territories, ensuring the safety of hotels, their guests, property and persons;
7.4 In order to comply with the obligations imposed on us by effective legislation.
8.The Company seeks to process personal data correctly, fairly and legally, so that they are processed only for the purposes for which they were collected and according to clear and transparent personal data processing principles and requirements, specified in legal acts.
INFORMATION REGARDING USED COOKIES
10. Cookies are small volume text files, which are kept on the Person’s web browser or device (personal computer, mobile phone or tablet computer).
11. We use the Google Analytics Website analysis service, which allows Website usage to be recorded and analyzed. You can learn more about Google Analytics and the information that these tools allow to be collected here – https://support.google.com/analytics/answer/6004245?hl=en.
12. If you want Google Analytics tools to refrain from recording information about your browsing activity on the Website, you can use the Google Analytics opt-out browser add-on.
13. Cookies used on the Website do not allow the Website user to be identified. A visit to the Website is registered anonymously while recognizing your personal computer, mobile phone or tablet computer and IP address, and such information is not provided to third parties, except in the cases provided by law.
14. By browsing the Website and clicking on the “I Accept” button in the pop-up field, the person, who is browsing the Website, agrees to save the cookies on his computer, mobile phone, or tablet computer.
15. In order to revoke their given consent, the person, browsing the Website, can delete or block cookies by choosing the appropriate settings in their browser, which allows them to refuse to receive all or a part of the cookies. It is understood that using browser settings that block cookies (including necessary cookies), may result in the person experiencing problems using all or a part of the Website’s features.
16. Personal data, which is collected by cookies is processed in accordance with the provisions of the Law on the Legal protection of personal data of the Republic of Lithuania, the Law on Electronic Communications of the Republic of Lithuania, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, as well as other personal data protection legislation.
17. The Website applies security measures, which prevent the unlawful disclosure or use of Personal data according to the requirements of legal acts.
PERSONAL DATA MANAGEMENT FOR DIRECT MARKETING REASONS
18. The Company manages your personal data for direct marketing purposes in cases, when you express a consent for such data processing, for example: upon ordering our newsletters, etc. (the basis of data processing is a free will consent for data processing expressed by you);
19. We can process your name, email address and phone number for direct marketing purposes.
20. Your Personal data can be processed in the following ways for direct marketing purposes:
20.1 You can receive a newsletter by email with our special offers and news;
20.2 You can receive invitations to events, offers and similar information by email.
20.3 You can refuse to receive our newsletters at any time. You can do this by clicking on a link, located for that purpose at the bottom of our newsletters.
21. We also employ the services of Facebook, Google, and other online advertising providers. You can read the privacy policies of these service providers, the data they collect and personal data protection measures in the privacy policies of these service providers. For more information on how this functions, as well as information on how you can disagree with the display of such advertisements or the use of such data, please see the information provided by these service providers: – https://lt-en.facebook.com/policies/ads#; https://policies.google.com/technologies/ads.
PERSONAL DATA PROCESSING DURING THE EXECUTION OF VIDEO SURVEILLANCE
22. In order to ensure the protection of the Company’s, employees’, guests’ and other persons’ property, health and life, we use video surveillance in our hotels and premises.
23. Video surveillance is carried out in the CENTRUM UAB hotels:
23.1 ARTIS CENTRUM HOTELS – Totorių str. 23, Vilnius;
23.2 RATONDA CENTRUM HOTELS – A. Rotundo str. 1, Vilnius;
23.3 GRATA CENTRUM HOTELS – Vytenio str. 9, Vilnius.
24. We carry out video surveillance and process the data of our Guests, which come into the supervision field (image data) according to our legal interest. Our video surveillance systems do not use facial recognition and/or analysis technology, and their captured image data is not grouped or profiled according to a particular data subject (person).
25. Guests are informed regarding the video surveillance by information signs with a camera symbol and the details of the data controller, which are presented prior to entering the surveilled area and/or the Hotel.
26. Camera observation area fields do not include rooms and other premises where guests expect absolute personal data protection, such as changing rooms, bedrooms, rest rooms, bath and toilet rooms.
27. The personal data of Guests (image data) collected by video surveillance is stored for up to 30 (thirty) calendar days from the date of recording.
PERSONAL DATA PROCESSING FOR OTHER OBJECTIVES
28. We can also process your personal data by providing you with other services, for example: by accepting your reservations, by providing accommodation, conference room rent services and fulfilling our other obligations, as well as by issuing invoices and/or other accounting documents for the services. Typically, the processing of such personal data is carried out based on a service agreement, your consent or in accordance with the obligations imposed on us by law.
29. We may process personal data for other purposes if we have received consent from you (the Data subject) or when the processing of personal data is based on the lawful processing criteria, provided by other legal acts.
HOW LONG WILL WE PROCESS AND MAINTAIN YOUR DATA?
30. Your personal data will be processed and maintained for no longer than is necessary for the purposes, for which the data was collected or for the period, specified by law.
31. Keeping your personal data for a period longer than specified in this Policy can be implemented only in the following cases:
31.1 There is a substantiated suspicion of an unlawful act, which is being investigated;
31.2 Your data is necessary for the proper resolution of a dispute or a complaint;
31.3 If we have received complaints related to the Guest, or if we have detected any malicious actions by the Guest or the visitor of the Website;
31.4 When the information is kept as backup copies and other related or similar purposes for the operation and maintenance of information systems;
31.5 Under other specific bases, conditions or cases, specified in legal acts.
IN WHICH CASES AND TO WHAT THIRD PARTIES WILL WE DISCLOSE YOUR DATA?
32. The Company will not transfer your personal data to any third parties without your prior consent, with the exception of cases, specified below.
33. We can transfer your data for processing by third parties which helps us to execute our activities and administrate the provision of Services. Such persons can be data center, advertising, marketing or service providing companies, as well as companies creating, providing, supporting or developing software, informational technology infrastructure service providing companies, companies providing connection services, executing web browsing or internet activity analysis and providing related services, security companies, providing security services, etc.
34. In each case, we provide the data processor with as much data as is needed to implement the specific instruction or to provide a specific service.
35. Our involved data processors can process your personal data only according to our instructions. Additionally, they are obliged to ensure the safety of your data according to effective legal acts and written agreements concluded with us.
36. The data can also be provided to competent authorities or law enforcement institutions, i.e. police or supervising institutions, however, this shall be done only at their demand and only when it is requested according to effective legal acts or in cases and by the order, provided for in laws or legal acts, in order to ensure our rights, the safety of our resources, employees and purchases, to claim, provide and protect our legal demands.
37. Data protection regulating legal acts provide you with many rights, related to the processing of your personal data.
38. You have the right to revise your personal data, which we are processing:
38.1 You have the right to request us to approve that we are processing your personal data, and to review such data if we process it. In order to take advantage of the above-mentioned right, please submit a written request to us by email: email@example.com
39. You have the right to demand to correct your incorrect data.
39.1 If you believe that the information about you is incorrect or incomplete, you have the right to request that it be corrected. In order to take advantage of the above-mentioned right, please submit a written request to us by email: firstname.lastname@example.org.
40. You have the right to disagree with personal data processing.
40.1 You have the right to disagree with personal data processing, whenever personal data is processed according to our legal interests. However, regardless of your objection, in cases when there are substantiated and motivated reasons to continue to process the data, we will continue to do so. In order to take advantage of the above-mentioned right, please submit a written request to us by email: email@example.com
41. You have the right to demand that your personal data be deleted (the right to be forgotten):
41.1 In specific circumstances, you have the right to request us to delete your personal data. However, this provision is not applied if we are obliged to keep the data according to laws. In order to take advantage of the above-mentioned right, please submit a written request to us by email: firstname.lastname@example.org.
42 You have the right to limit your personal data processing:
42.1 In specific circumstances, you also have the right to limit the processing of your personal data. In order to take advantage of the above-mentioned right, please submit a written request to us by email: email@example.com
43. The legal relations related to this Policy are subject to the Law of the Republic of Lithuania.
44. The Data processor is not responsible for damage, including damage caused by interference during the use of the Website, for data loss or damage, caused by acting or failing to act by the person himself or third parties on his behalf, errors, deliberate damage, and other improper Website usage.
45. The Data processor is also not held responsible for the interference during the connection and/or usage of the Website and (or) the damage caused by them, related to the actions or inactions of third parties, not related to the Data processor or the person, including electrical, internet access interference, etc.
46. The Data processor has the right to partially or fully change this Policy.
47. Policy updates or changes come into legal force from the day they are announced on the Website.
48. If a person continues to use the Website and/or services provided by the Data processor, after the update or changes to the Policy, it is held that the person does not contradict such changes and/or updates.
48.1 Please address all of the data processing questions to us via email: firstname.lastname@example.org.
Prepared by: UAB Veritas bona (304628436)