Privacy Policy

PRIVACY NOTICE

General information 

UAB Domus Maria (hereinafter referred to as “we” or “Data Controller”) is the manager of Hotel Domus Maria at Aušros Vartų str. 12, Vilnius. This Privacy Notice governs and explains how we collect and further process your personal data when you use the website operated by Hotel Domus Maria at https://www.domusmaria.com. The terms contained in this Privacy Notice apply each time you access our content and/or service, regardless of what device (computer, mobile phone, tablet, TV, etc.) you use.

Data Controller’s details:

UAB Domus Maria
Legal entity code: 302998440
Registered office address: Aušros Vartų g. 12, Vilnius
Tel. +37052644880
E-mail: info@domusmaria.com

Data about the Data Controller are collected and stored by State Enterprise Centre of Registers, Vilnius branch.

We confirm that we will collect information about you in line with the requirements of the applicable laws and regulations of the European Union and of the Republic of Lithuania and the guidelines of the regulatory authorities, and that we have adopted all reasonable technical and administrative measures to ensure that data that we collect about website visitors are protected from loss, unauthorized access and/or alteration. The Data Controller has caused its employees to make written commitments not to disclose and distribute information accessed in the workplace to any third party, including information about visitors of the website/social media accounts.

The definitions used in this Privacy Notice have the meanings assigned to them in General Data Protection Regulation No 2016/679 (EU).

Persons under the age of 16 may not provide any personal data through our website/social media accounts. If you are a person under 16, make sure that you obtain a parent or guardian’s permission before you provide personal information to us.

Be sure to read carefully this Website Privacy Notice, because each time you access this website you agree to abide by the terms described here. If you disagree with these terms, please do not visit our website, use our content and/or services. Follow each section for further information on how we process your personal data and the way we do business.

How do we collect information about you?

We may collect personal data about you, i.e. any information identifying you, in various ways:

  • You may provide us with information (personal data) directly (by filling in a booking form, subscribing to our newsletter, or making a call to us).
  • We may collect information about you automatically (when you visit our website, our social media account, or use our applications).
  • In certain cases we may acquire information about you from third parties and may collect information about you from publicly available sources (e.g. through LinkedIn social networking platform, your company’s website or otherwise).

We may collect information that you provide to us directly. Typically, this will happen when you:

  • enter into an arrangement with us for provision of services or another agreement;
  • subscribe to our newsletter or register to receive other communications;
  • make reservation and/or stay at our hotel;
  • attend events held at the hotel;
  • participate in our surveys.

We may collect information about you automatically. Typically, this will happen when you:

  • visit our hotel (through video (CCTV) recording and use of data captured by sensors connected to mobile technologies);
  • submit inquiries through our booking system or social media accounts;
  • use our website (we collect information about you through the use of cookies and similar technologies; to learn more about the cookies we use, please, read information below);
  • make public posts on social media platforms that we follow.

Where permitted by applicable law, we may acquire information about you from third parties. This may include information shared by our partner travel organisers or other hotels, marketing agencies, your publicly available profile information (LinkedIn, Facebook, Twitter, Instagram, etc.). We may link information provided by yourself, collected from public and commercial sources to other information we obtain from you or about you.

We may also collect information about you in other contexts than discussed in this Privacy Notice. If this is the case, we will give you further notice.

 

What information (personal data) about you do we process?

Although we seek to collect as limited amount of your information as possible, we collect the following information:

  • information necessary to provide our services to you (provided in contracts, booking form);
  • information you give us in surveys;
  • information you give us when you telephone us;
  • information about your preferences and interests;
  • information necessary to verify your age and identity;
  • information about the device you use.

Information that we collect from you directly will be apparent from the circumstances and the context in which you provide it. For example:

  • when we provide our services to you we process your information such as your name, surname, place of residence, identity document details (issuing country, document number, nationality, facial image), check-in and check-out dates, payment method, signature, number of children, group code, Travel industry ID, other information we may need in providing services to you, such as your phone number or e-mail address to which we will send your booking confirmation;
  • frequency of your visits to our hotel;
  • information about your interests and preferences.

Information that we collect automatically will generally concern:

  • your usage of our website (device information: IP address, operating system version, and settings of the device you use to access our content/products; log information: time and duration of your login session, search query terms you enter through the website, and any information stored in cookies that we have set on your device (cookies policy is provided below); location information: your device’s GPS signal or information about nearby WiFi access points and cell towers that may be transmitted to us when you use our website content.

Information that we collect from third parties or publicly available sources will generally consist of the following:

  • your interests;
  • your e-mail address, name, surname, your country, check-in and check-out dates, special preferences and interests.

You may choose not to disclose certain information to us (e.g. information requested in the registration form), but in that case you may not be allowed to access our online booking system.

Purposes and legal basis of data processing

We use the above information we collect for the following purposes:

  • to provide accommodation, catering and other associated services;
  • to provide service-related information you request;
  • for marketing purposes*, e.g. providing customized advertisements and sponsored content and sending promotional communications; assessment and analysis of our market, clients, products and services (including asking for your opinions on our products and services, carrying out client/partner surveys, running competitions or promotions, as permitted by law);
  • to understand the way people use our online services so that we can improve them and develop new content, products and services;
  • to protect our interests before any court or any other institution;
  • otherwise with your consent*.

You may opt out of direct marketing communications from us at any time. If you prefer not to receive our direct marketing communications, please let us know by sending us an e-mail or clicking on the opt-out link appearing in the newsletter.

We process personal data about you based on one or several legitimate grounds for the processing:

  • compliance with legislative requirements;
  • discharge of obligations under a contract between you and us;
  • our legitimate interests, unless they are overridden by your private interests;
  • in certain cases, your consent.
Purpose Legal basis/bases Personal data
To provide accommodation, catering and other related services

Discharge of obligations under a contract between you and us.
Compliance with legislative requirements.

Our legitimate interests unless, these interests are overridden by your private interests.

Name, surname, place of residence, identity document details (issuing country, document number, nationality, facial image), check-in and check-out dates, payment method, signature, number of children, group code, Travel industry ID, other information we may need in providing our services to you, such as your phone number or e-mail address to which we will send your booking confirmation, frequency of your visits to our hotel, information about your interests and preferences.
To provide service-related information you request This information is provided to you on the basis of our legitimate interest to provide you with accurate information about the services we provide, room availability, extra services, etc. In order to be able to answer your queries by phone, e-mail, through social media and otherwise, we may ask you to give us your phone number, e-mail address or other contact details convenient to you.
For marketing purposes, e.g. providing customized advertisements and sponsored content and sending promotional communications; assessment and analysis of our market, clients, products and services (including asking for your opinions on our products and services and carrying out client/partner surveys) For this purpose we process your personal data on the basis of our legitimate interest to inform about our services, events, news and other relevant information. Name, social media account details, telephone, e-mail, address, your interests.
To understand the way people use our online services so that we can improve them and develop new content, products and services For this purpose we process your personal data on the basis of the legitimate interest to monitor the quality of our services, develop and improve the content we provide, and ensure security of the website. IP address, operating system version, and settings of the device you use to access our content/products, time and duration of your login session, search query terms you enter through our website, and any information stored in cookies that we have set on your device, your device’s GPS signal or information about nearby WiFi access points and cell towers that may be transmitted to us when you use our website content.
To protect our interests before any court or any other institution

Compliance with legislative requirements.

Legitimate interest to defend against lawsuits and claims.

Depending on the lawsuit or claim filed, we may collect all personal data mentioned in this Privacy Notice that we have about you.

Where we do not base our use of information about you on one of the above legal bases, we will ask for your consent before we process your information (these cases will be clear from the circumstances and the context).

In some instances, we may use information about you for purposes other than described above. Where this is the case, we will provide a supplemental notice to you.

To whom we disclose your personal data?

We may disclose your personal data to the following entities:

  • companies that provide services for us;
  • banks/companies that provide payment services;
  • other carefully selected business partners;
  • other parties, when so required under law or necessary in order to protect our legitimate interests.

Companies providing services for us are currently the following:

  • Vilniaus Arkivyskupijos Ekonomo Tarnyba, VŠĮ
  • Lietuvos paštas, AB
  • UCS Baltic, UAB
  • APG MEDIA, UAB

These entities are limited in their ability to use your information for purposes other than providing services to us.

Advertising agencies established in Lithuania or foreign countries.  These entities are limited in their ability to use your information for purposes other than providing services to us.

We may share information about you with other third parties, such as public authorities, authorities supervising activities in the hotel sector, pre-trial investigation officials, courts, and others, when we consider disclosure to be necessary to protect our legitimate interests.

To what countries do we transfer your personal data?

Where the Data Controller transfers your personal data to countries outside the European Economic Area we ensure that any of the following safeguards is implemented:

  • a contract is signed with the data recipient based on the standard contractual clauses adopted by the European Commission.
  • in respect of data transmission by a group of undertakings, binding corporate rules are applied.
  • the data recipient is established in a country recognized by the European Commission as applying adequate data protection standards.
  • authorization is obtained from the Data Protection Inspectorate.

How do we protect information about you?

We have put in place reasonable and appropriate physical and technical measures to safeguard the information we collect in connection with the provision of our content/services.

Please note, however, that although we take reasonable steps to protect your information, no website, Internet transmission, computer system or wireless connection is completely secure.

How long your personal data will be kept?

We will retain your personal data for the period necessary to fulfill the purpose for which they were collected. After that, we will delete them, except where we are legally obligated to retain the information for tax purposes, or such data may be required in conducting a pre-trial investigation, but in any event the retention period will not extend beyond 10 years. On expiration of this period, the data will be irretrievably deleted.

Normally, personal data storage periods are as follows:

Personal data Retention period
Payment data 10 years after the payment transaction
Personal data used for marketing purposes 5 years from your last stay at or visit to the hotel or our website
Video (CCTV) monitoring data 30 days
IT system logs Up to several months
Analytical data Such data are normally collected automatically while you visit the website and immediately depersonalised/aggregated.

Rights that you have

The data subject whose data are processed in connection with activities carried out by the Data Controller, depending on the situation, has the following rights:

  • to know (be informed) about the processing of data concerning him/her (right to know);
  • to access his/her data and be informed about the methods of their processing (right of access);
  • to obtain rectification of personal data or, taking into account the purposes of the processing of personal data, to have incomplete personal data completed (right to rectification);
  • to obtain the erasure of data concerning him/her or the suspension of data processing activities concerning him/her (except storage) (right to erasure and ‘right to be forgotten’);
  • to obtain from the Data Controller restriction of the processing of personal data if there is a legitimate ground (right to restriction of processing);
  • to exercise the right to data portability (right to data portability);
  • to lodge a complaint with the State Data Protection Inspectorate.

We offer you easy ways to exercise these rights. You can do writing to us to info@domusmaria.com, or using certain links provided at the end of our promotional communications.

You may not be able to exercise these rights when in the cases provided by law it is necessary to ensure prevention, investigation and detection of crimes, violations of official or professional ethical standards, as well as the protection of the rights and freedoms of the data subject or other persons.

We will ask you to prove your identity face-to-face, through electronic signature or, where the two options are not available, remotely via video-call before we enable you to exercise your rights.

Rights that you have Certain restrictions
To know (be informed) about the processing of your data (right to know) You have the right be informed in a concise form and using simple and plain language before the processing of your personal data.

To access your data and be informed about the methods of their processing

(right of access)

This right means:
– confirmation whether or not we process personal data concerning you;
– providing you with the list of your data that we process;
– informing you about the purposes and legal bases for the processing of your personal data;
– confirmation as to whether or not we transfer data to third parties and, if so, the safeguards we have implemented;
– informing you from which source your personal data originate;
– information as to the existence of profiling;
– information about the storage period.
After we have established your identity, we will provide you with the above information, provided this does not affect the rights and freedoms of others.
To obtain rectification of personal data or, taking into account the purposes of the processing of personal data, to have incomplete personal data completed (right to rectification) This applies if the information we hold is incomplete or inaccurate.
To obtain the erasure of your data (right to be forgotten) This applies if:
– the information we hold is no longer necessary in relation to the purposes for which we use it;
– we process your data on the basis of your consent and you withdraw your consent;
– we process your data on the basis of legitimate interests and we find that, following your objection, they are overridden by your private interests;
– the information was unlawfully used.
To stop all data processing activities in respect of your data (except storage)

This right applies, temporarily while we look into your case, if you:

– contest the accuracy of the information;
– have objected to our processing of your personal data on the basis of legitimate interests;
– our processing of your information is unlawful and you oppose the erasure of the information;
– we no longer need the information, but you require it to establish a legal case.

To obtain from the Data Controller restriction of the processing of personal data if there is a legitimate ground (right to restriction of processing) You may opt out of our use of your personal data for direct marketing purposes.
To exercise the right to data portability This right may be exercised if you have provided your data to us and the processing is carried out by us by automated means and on the basis either of your consent, or on the basis of discharging our contractual obligations to you.
To lodge a complaint with the State Data Protection Inspectorate www.ada.lt
   

Cookies, beacons and similar technologies

In this Privacy Notice the term “cookies” is used to refer to cookies and other similar technologies, for instance, pixel tags, web beacons, and clear GIFs.

We strive to provide you with content and features tailored to your specific needs while you browse our website. To achieve this, we use cookies, small pieces of information stored on your web browser. They help the Data Controller to identify you as a prior visitor of the specific website, collect your previous browsing history and use this information to adapt the content. Cookies also help to ensure the smooth operation of websites, track duration and frequency of visits on websites and collect statistical information about website traffic. By analyzing such data we can improve our website experience and make our websites more user-friendly.

We use the following cookies on our website:

Cookies Period Purpose
_ga 2 years Used by Google Analytics to distinguish between users
_gid 24 hours Registers a unique ID that is used to generate statistical data on how the visitor uses the website
_fbp 3 months Facebook advertising/retargeting tracking cookie
_gcl_au 3 months Google AdSense advertising tracking cookie
_gat 24 hours Used by Google Analytics to throttle request rate
fr 3 months

Used by Facebook to deliver a series of advertisement products such as real time bidding from third party

advertisers.

GPS 1 day Registers a unique ID on mobile devices to enable tracking based on geographical GPS location.
IDE 1 year Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and t p resent targeted ads to the user.
NID 6 months Registers a unique ID that identifies a returning user’s device. The ID is used for targeted ads.
PREF 8 months

Registers a unique ID that is used by Google to keep statistics of how the visitor uses YouTube videos

across different websites.

test_cookie 24 hours Used to check if the user’s browser supports cookies.
VISITOR_INFO1_LIVE 179 days Tries to estimate the users’ band width on pages with integrated YouTube videos.

When you use a web browser to access our content, you can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent.

Each browser is different, so check the “Help” menu of your browser to learn how to change your cookie preferences. The operating system of your device may contain additional controls for cookies.

If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to decline cookies. For more information on how to manage cookies go to: http://www.allaboutcookies.org/manage-cookies/.

Please note, however, that some services may not function properly without cookies and if you disable them, the services or any part of services may no longer be available to you.

In addition to the cookies used by the Data Controller, certain third parties are allowed to enable and access cookies in your computer. In that case the use of cookies is governed by third party privacy policies.

Please note that our booking system account is governed by the cookies policy of the booking system. You will be asked to read and agree with the privacy policy of the system before confirming your booking.

Please note that our social networking accounts are governed by the cookies policy of the respective social media network.

Contact us

If you discover any inconsistency in this Privacy Notice, any security issue on our website, or have other questions related to the processing of your personal data, please contact us in a manner convenient to you using the contact details below:

Mailing address: UAB DOMUS MARIA, Aušros Vartų g. 12, Vilnius

Telephone: +370 5 2644880

E-mail: info@domusmaria.com

Final provisions

We will review this Privacy Notice at least once every two years. We will notify you about changes to this Privacy Notice that we consider material by posting a notice on the specific website. By continuing to access or use our content and/or services after we have posted such notice you agree to be bound by the new terms set out in the update.

Issued by the General Manager on 2019 08 21

Last update on 2019 08 21