top of page

PRIVACY POLICY

The purpose of the Privacy Policy is to inform how the personal data of data subjects are collected and processed, how long they are stored, to whom they are provided, what rights data subjects have and where to go to exercise them, or any other issues related to the processing of personal data.
Personal data is processed in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the "Regulation"), the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the protection of personal data.
Grand apartamentai Private Limited Liability Company strictly adheres to the following data processing principles:
-personal data is collected only for clearly defined and legitimate purposes;
-personal data shall only be processed lawfully and fairly;
-personal data are kept up to date;
-personal data shall be stored securely and for no longer than required by the stated purposes of the processing or by law;
-personal data shall be processed only by those employees of the Company who are authorised to do so by virtue of their job functions or by duly authorised data processors.


1. CONCEPTS

1.1 Data Controller - Closed Joint Stock Company "Grand apartamentai" (hereinafter referred to as "Company"), legal entity code 304924435, registration address Mokyklos g. 51, Alksnėnų k., LT70478 Vilkaviškio raj.

1.2 Data Subject - any natural person whose data is processed by the Company. The Data Controller shall only collect the data of the Data Subject that is necessary for the performance of the Company's activities and/or for visiting, using, browsing the Company's websites, Facebook page, etc. (hereinafter referred to as the "Website"). The Company ensures that the personal data collected and processed will be secure and will only be used for a specific purpose.

1.3 Personal data means any information relating directly or indirectly to a data subject whose identity is known or can be identified, directly or indirectly, by reference to the data concerned. Processing of personal data means any operation performed on personal data (including collection, recording, storage, adaptation, alteration, access, retrieval, transmission, archiving, etc.).

1.4 Consent means any freely given and informed indication by which the data subject agrees to the processing of his or her personal data for a specified purpose.

2. SOURCES OF PERSONAL DATA

2.1 Personal data are provided by the data subject. The data subject contacts the Company, registers for services, uses the services provided by the Company, purchases goods and/or services, participates in sweepstakes or contests, leaves comments, asks questions, subscribes to newsletters, contacts the Company for information, etc.

2.2 Personal data is obtained when the data subject visits the Company's website. The data subject fills in the forms on the website or leaves his/her contact details, etc., for whatever reason.

2.3 Personal data is obtained from other sources. Data obtained from other bodies or companies, publicly accessible registers, etc.

3. PROCESSING OF PERSONAL DATA

3.1 By providing personal data to the Company, the data subject consents to the Company's use of the collected data for the purpose of fulfilling its obligations to the data subject by providing the services expected by the data subject.

3.2 The Company processes personal data for the following purposes:

3.2.1. to ensure the maintenance and continuity of the Company's business. For this purpose, the following data are processed:

For the purpose of concluding and executing contracts, personal data of customers and suppliers (natural persons) may be processed: name(s), surname(s), personal identification number or date of birth, place of residence (address), telephone number, e-mail address, place of work, position, bank account and the bank where the account is located, date of the monetary transaction or transaction, amount, currency and other data provided by the person, which the Company receives in accordance with the legislation in the course of the Company's activities and/or which the Company is obliged to process by law and/or other legislation. For example, the data contained in the business certificate (type of activity, group, code, name, periods of activity, date of issue, amount), the number of the certificate of individual activity, data on whether the data subject is a VAT payer, and any other data necessary for the proper performance of the contractual and/or statutory obligations.

3.2.2. for the purpose of ensuring the security of the Company's employees, other data subjects and property (video surveillance). For this purpose, the following data are processed:

Image. Video surveillance systems do not use facial recognition and/or analysis technologies and do not group or profile the video data captured by them according to a specific data subject (person). The data subject shall be informed about the video surveillance by means of information signs with the symbol of the video camera and the details of the Company, which shall be displayed before entering the monitored area and/or premises. The field of surveillance of CCTV cameras shall exclude premises where the data subject expects absolute protection of personal data.

3.2.3. Sale of gift vouchers. For this purpose, the following data are processed:
Name(s), surname(s), details of the service/product on the gift voucher, e-mail address, telephone number, expiry date of the gift voucher, billing details, name of the recipient of the voucher, address of the owner.

3.2.4 Administration of enquiries, comments and complaints. For this purpose, the following data is processed:
Name(s), surname(s), e-mail address, telephone number, text of the message, comment, feedback or complaint.

3.2.5 Administration of a database of CVs of job applicants. For this purpose, the following data are processed:

Name(s), surname(s), date of birth (age), address of residence, contact details (telephone number, e-mail address), information on the candidate's education (training institution, period of training, education/qualifications obtained), information on further training (training attended, certificates obtained), information on the candidate's work experience (employer, period of employment, duties, responsibilities and/or achievements), information on language skills, information technology, driving skills, other competences, other information you provide in your CV, cover letter or other application documents, references from employers, references: the person recommending or giving the reference, their contact details, the content of the recommendation or reference.

3.2.6. Direct marketing. For this purpose, the following data are processed:
Name(s), surname(s), date of birth, telephone number, e-mail address.

3.2.7 Running games, competitions. For this purpose the following data are processed:
Name(s), surname(s), telephone number, e-mail address.

3.2.8. provision of hotel services. For this purpose the following data are processed:

Name(s), surname(s), date of birth, identity document number, nationality of the person accommodated and the country of issue of the identity document; address of the place of residence; date of arrival, date of departure; names of the spouse and/or minor child(ren) arriving together; number of adults and children who will be using the hotel services; food requirements; bank account details, bank; cost of the service; registration number of the car; details of the power of attorney (in case the hotel is booked by a representative of a legal person); place of work and position; signature.

3.2.9. other purposes for which the Company is entitled to process the data subject's personal data, where the data subject has expressed his/her consent, where the processing is necessary for the legitimate interest of the Company or where the Company is obliged to process the data by the relevant legislation.

4. USE OF COOKIES

4.1 The Company's website uses cookies, which are small pieces of textual information that are automatically generated when you browse the website and stored on your computer or other device. Cookies are used to improve the browsing experience for visitors to the website, to analyse the traffic and behaviour of visitors to the website.

4.2 The Company uses cookies on the website to improve and enhance the website visitor experience.

4.3 The following types of cookies may be used on the Company's website:

4.3.1.Technical cookies - help the website visitor to display the website and its content, and help ensure the functionality of the website. Technical cookies are necessary for the proper functionality of the website.

4.3.2 Functional cookies - are used to help the website visitor to use the Company's website, to remember the choices and preferences made during browsing. Functional cookies are not necessary for the full functionality of the website, but they do add functionality and improve your experience of using the Company's website.

4.3.3 Analytical cookies - used to obtain information about how visitors use the Company's website. This is necessary to enable us to optimise and improve the Company's website. Analytical cookies allow us to collect data about the web pages you have viewed, which pages you have come from, which emails you have opened and responded to and date and time information. This also means that we may use information about you and how you use this website, such as the frequency of your visit, the number of clicks on a particular page, the search terms used, etc.

4.3.4. commercial cookies (targeting or advertising cookies) - used to provide personalised advertising to a visitor to the Company's website. This is known as "remarketing", which is based on browsing actions, such as the products and/or services you have searched for, viewed.

4.4 Access to statistical data about visitors to the Company's website is available to the Company's employees who are responsible for analysing this data and improving the website.

4.5 Access to technical records may also be provided by the Company's partners who provide content management tools for the Company's website.

4.6 The Google Analytics tool is provided by Google Inc. in the United States and therefore also has access to the statistical data collected by the Google Analytics tool. "Google Inc. is committed to the EU-US Privacy Shield Principles, which ensure that the service provider complies with all the requirements of the EU privacy standards. This provider is also subject to contractual privacy obligations. You can read about this by clicking on the link below:    

https://www.google.com/analytics/terms/dpa/dataprocessingamendment_20160909.html.

4.7 The data collected by the Company by means of cookies shall not be stored by the Company for longer than is necessary to achieve the purposes of the processing or for longer than is required by the data subjects and/or provided for by law.

4.9 If you do not agree to our use of cookies, you have the option to change your browser settings and control the number of cookies. Please see below for useful links on how to refuse cookies:

For Chrome browser: https://support.google.com/chrome/answer/95647?hl=en

For Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer?redirectlocale=en-US&redirectslug=Cookies

For Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac

For Edge browser: https://support.microsoft.com/en-us/help/4468242/microsoft-edge-browsing-data-and-privacy-microsoft-privacy

5. USE OF SOCIAL NETWORKS

5.1 All information you provide via social media (including messages, the use of the "Like" and "Follow" boxes and other communications) is controlled by the operator of the relevant social network.

5.2 Our Company currently has an account on the social networking site Facebook, whose privacy policy is available at https://www.facebook.com/privacy/explanation;

5.3 We recommend that you read the privacy notices of third parties and contact the service providers directly if you have any questions about their use of your personal data.

6. PROVISION OF PERSONAL DATA

6.1 The Company undertakes to respect the duty of confidentiality towards data subjects. Personal data may be disclosed to third parties only if this is necessary for the conclusion and performance of a contract for the benefit of the data subject or for other legitimate reasons.


6.2 The Company may provide personal data to its data processors who provide services to the Company and process personal data on behalf of the Company. The processors shall have the right to process the personal data only on the instructions of the Company and only to the extent necessary for the proper performance of their obligations under the contract. The Company shall only use processors that provide sufficient guarantees that appropriate technical and organisational measures will be implemented in such a way that the processing complies with the requirements of the Regulation and that the data subject's rights are protected.


6.3 The Company may also provide personal data in response to requests from courts or public authorities to the extent necessary for the proper execution of applicable law and public authorities' orders.


6.4 The Company guarantees that personal data will neither be sold nor rented to third parties.

 


7. PROCESSING OF PERSONAL DATA OF MINORS

7.1 Persons under the age of 14 may not submit any personal data through the Company's website. If a person is under the age of 14, in order to make use of the Company's services, the written consent of a representative (parent, mother, guardian) for the processing of the personal data is required prior to the submission of personal information.

8. STORAGE PERIOD FOR PERSONAL DATA

8.1 Personal data collected by the Company shall be stored in printed documents and/or in the Company's information systems. The processing of personal data shall not be longer than is necessary to achieve the purposes of the processing or longer than is required by the data subjects and/or provided for by law.

8.2 Although the data subject may terminate the contract and refuse the Company's services, the Company shall remain obliged to retain the data subject's data for possible future claims or legal claims until the expiry of the retention periods.

9. RIGHTS OF THE DATA SUBJECT

9.1 Right to receive information about the processing of data.

9.2. The right of access to the data processed.

9.3. The right to have the data rectified.

9.4. The right to have the data erased ('Right to be forgotten'). This right does not apply if the personal data for which erasure is requested is also processed on another legal basis, such as processing necessary for the performance of a contract or the performance of an obligation under applicable law.

9.5 Right to restrict processing.

9.6 Right to object to processing.

9.7 Right to data portability. The right to data portability must not adversely affect the rights and freedoms of others. The data subject shall not have the right to data portability in respect of personal data which are processed in non-automatically structured files, such as paper files.

9.8 The right to request that a decision based solely on automated processing, including profiling, not be applied.

9.9 The right to lodge a complaint about the processing of personal data with the State Data Protection Inspectorate.

10. The Company must enable the Data Subject to exercise the above-mentioned Data Subject's rights, except in the cases provided for by law, where it is necessary to ensure national security or defence, public order, the prevention, investigation, detection or prosecution of criminal offences, the protection of the State's important economic or financial interests, the prevention, investigation and detection of breaches of official or professional ethics, or the protection of the Data Subject's or other persons' rights and freedoms.


11. PROCEDURE FOR EXERCISING THE RIGHTS OF THE DATA SUBJECT

11.1 The Data Subject may contact the Company in order to exercise his/her rights:

11.1.1. by submitting a written request in person, by post, through a representative or by electronic means - by e-mail: ____________________ ;

11.1.2. orally by telephone at _____________________;

11.1.3. in writing to ___________________.

11.2 In order to protect the data against unauthorised disclosure, the Company must verify the identity of the data subject upon receipt of a data subject's request for the provision of data or the exercise of other rights.

11.3 The Company's response to the data subject shall be provided no later than one month from the date of receipt of the data subject's request, taking into account the specific circumstances of the processing of personal data. This period may be extended by a further two months, if necessary, depending on the complexity and number of requests.

12. RESPONSIBILITY OF THE DATA SUBJECT

12.1 The data subject shall:

12.1.1. inform the Company of any changes to the information and data provided. It is important for the Company to have correct and valid data subject information;

12.1.2. provide the necessary information to enable the Company to identify the data subject at the data subject's request and to verify that it is communicating or cooperating with the data subject (by means of proof of identity or by means of a legal procedure or electronic communication that permits proper identification of the data subject). This is necessary for the protection of the data subject's data and the data of others, so that the information disclosed about the data subject is provided only to the data subject, without prejudice to the rights of other persons.

13. FINAL PROVISIONS

13.1 By providing the Company with personal data, the data subject accepts this Privacy Policy, understands its provisions and agrees to abide by it.

13.2.In the course of developing and improving the Company's business, the Company has the right to unilaterally change this Privacy Policy at any time. The Company has the right to unilaterally change the Privacy Policy, in part or in full, by notifying you on the website ____________________.

13.3 Amendments or changes to the Privacy Policy shall come into force from the date of their publication, i.e. from the date on which they are posted on the website _________________.

bottom of page