General provisions
- PAKRUOJO DVARAI JSC (hereinafter referred to as the Company), implementing Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / The requirements of the EC (hereinafter – the General Data Protection Regulation or BDAR) and the Law on the Legal Protection of Personal Data of the Republic of Lithuania (hereinafter – the Law on Personal Data Protection) ensure the implementation of personal data website: www.pakruojo-dvaras.lt (hereinafter – the Privacy Policy).
- This Privacy Policy does not apply to links to third party websites on the Company’s website, therefore we encourage visitors to read the privacy policy applicable to such third party websites and services directly and individually.
- Terms used in this Privacy Policy:
- Personal data means any information that can be used to identify a natural person, as well as any other information about a natural person that can be used to identify him or her (hereinafter referred to as AD).
- The Company’s Privacy Policy is based on the following provisions:
- the principles of legality, fairness and transparency;
PROCESSING OF PERSONAL DATA ON THE COMPANY’S WEBSITE
Processing of personal data of the company’s website visitors
- During the visit of the AD entity to the Company’s website, the Company’s website server automatically records the visitor’s visit for the purpose of ensuring a smooth connection (online communication), convenient interaction between the website and the application, stability and security of communication and website operation.
- The following data identifying the AD entity is collected and processed during the visit of the AD entity to the Company’s website:
AD categories:
- The IP address of the requesting device of the AD entity;
- date and time of access;
- the name and URL of the opened file;
- Details of the website or application from which access was granted (via URL)
- details of the browser used and, if applicable, the operating system of the computer capable of connecting to the Internet and the name of the access service provider.
The purpose of collecting AD is to optimize the operation and stability of the Company’s website, optimize communication and protect the information system.
Legal basis for the processing of AD – The processing is necessary for the legitimate interests of the controller or of a third party (Article 6 (1) (d) (f) BDAR).
From which sources AD is collected – Collected automatically during a visit to the Company’s website.
Term of data processing – the data identifying the AD subject is stored only during the visit to the website, and upon completion of the visit they are automatically deleted or stored for a certain period of time (for more information, see below – Use of Cookies ).
AD management of company website visitors for business improvement and marketing purposes
- The Company monitors the behavior of AD entities visiting the Company’s website (www.pakruojo-dvaras.lt) in order to collect and analyze statistics on market trends and customer behavior (habits) so that the Company can make important business decisions regarding hotel guests and visitors to the Manor. meeting needs and improving performance. For these purposes, the Company uses automated data collection and analysis tools (cookies) that prevent the use of AD (IP addresses are masked).
- The Company uses only third-party cookies for the collection and analysis of statistics, which are described in detail in the Rules for the Use of Cookies (provided in Section 3).
- The Company uses Google Analytics, a website analytics service provided by Google Inc. (USA), which allows you to capture and analyze site usage statistics. The ability of Google Analytics tools to collect AD entity identification data is provided by Google Inc. In the Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en_US .
- If a visitor doesn’t want Google Analytics tools to capture information about their browsing on a website, the visitor can use the Google Analytics Opt-out Browser Add-on.
- In any case, the Company’s website provides the AD entity with the opportunity to disable cookies by using the cookie detection feature before browsing the Company’s website.
AD management of company website visitors for direct marketing purposes
- The Company only processes AD for direct marketing purposes with the prior and explicit consent of ADS to such processing.
- The company may conduct direct marketing in the following ways:
- to submit general direct marketing proposals – the Manor newsletter with the Company’s offers, promotions and news;
- submit invitations to participate in Manor events, surveys, loyalty programs or lotteries;
- provide customized direct marketing offerings tailored to the needs of the AD entity.
AD categories:
- name and / or surname,
- e-mail address
- telephone number,
- job title and / or current position.
The purpose of collecting AD is to conduct direct marketing for the Company.
Legal basis for AD processing:
- The processing is necessary for the legitimate interests of the controller or of a third party (Article 6 (1) (f) of the BDAR);
- The data subject has consented to the processing of his or her personal data for one or more specific purposes (Section 6 (1) (a) of the BDAR).
3. From which sources AD are collected – To be provided after registration by the AD entity (upon notification) and subsequently collected automatically during a visit to the Company’s website.
4. Data processing term – data identifying the AD subject is stored for 3 (three) months after the end of the event, and then the AD is anonymised into statistical data, which is processed for 12 (twelve) months.
5. For direct marketing purposes, the Company uses automated AD collection and analysis technologies described in Section 3 of the Privacy Policy “AD Management of Visitors to the Company’s Website”, which are used to profile AD entities based on their browsing behavior and intrinsic interests.
6. Taking into account the content of the Company’s website, the Company assumes that the data of AD entities older than 16 years are collected and processed for marketing purposes. If it is established that the data of AD subjects under the age of 16 are being processed, the Company will immediately suspend the processing of these AD subjects and inform the AD subject of the need to provide the consent of the parents or legal representative regarding the processing of such AD subjects.
7. For the purposes of direct marketing, the Company uses the services of social networks (Facebook, Instagram), online service providers (eg Google) and other online advertising providers. The AD will be informed about the privacy policies of these service providers, the data collected and the personal data protection measures applied by referring to the privacy policies applied by the said service providers on the Company’s website.
8. The Company shall ensure that the AD Entity has the right to withdraw its consent for the processing of its AD for direct marketing purposes at any time in the same manner as the consent has been given or in any other manner acceptable to the visitor.
Use of cookies when collecting personal data of visitors to the Company’s website
- Cookies are used to improve the visitor experience when visiting the Company’s website. Cookies help to ensure the smooth operation of websites, allow you to monitor the duration and frequency of visits to websites and collect statistical information about the number of website visitors. The information collected by cookies allows the Company to provide visitors with a more convenient way to browse, learn more about the behavior of the Company’s website visitors, analyze trends and improve both the website and visitor service and services provided by the Company.
- Visitors have the option to select or accept cookies on the website. If the visitor does not agree to the storage of cookies on the visitor’s computer or other terminal device, the visitor may change the access settings of the Company’s website or the settings of his / her web browser: disable all cookies or enable / disable them one by one. However, please note that in some cases, disabling cookies may slow down your internet browsing, restrict certain features of the Website or block access to the Company’s website. For more information on cookie management, visit http://www.allaboutcookies.org/manage-cookies/ or visit www.google.com/privacy_ads.html .
- Details of cookies used:
The name of the cookie | Description | The moment of creation | Expiry date |
has_js | A standard cookie used to support a user session | At the time of entering the page | Until the website window is closed |
_fbp | Facebook ad management cookie | At the first entry to the page | 3 months |
AA003 | A cookie used to collect information about visitors browsing a website. | At the time of the first entry into the page and with consent | 3 months |
ATN | A cookie used to collect information about visitors browsing a website. | At the time of the first entry into the page and with consent | 2 years |
fr | Facebook cookie for providing third-party promotional links. | At the first entry to the page | 3 months |
cookiesAgree | A cookie used to identify a visitor’s consent to the use of cookies when browsing a website. | With consent | Until deleted |
cookiesLevelX | A cookie that distinguishes which cookies you allow to be used when browsing the website. | With consent | Until deleted |
google_experement_mod * | GoogleAdSense cookie to determine the effectiveness of advertising. | At the first entry to the page | Permanent |
google-per-mod | GoogleAdSense cookie to determine the effectiveness of advertising. | At the first entry to the page | Permanent |
IDE | Google’s DoubleClick cookie, which is used to collect information about the browser’s browsing experience. | At the time of the first entry into the page and with consent | 1 year |
_ga, _ | This cookie is used by Google Analytics to measure the purpose of a user’s visit, and to report website activity to website operators to improve their customer experience. | At the time of the first entry into the page and with consent | 2 years |
_gid | This cookie is used by Google Analytics to identify the person. | At the first entry to the page | 48 hours |
_gat | This cookie is used to collect Google Analytics statistics about website traffic. | At the first entry to the page | Until the end of the session |
4. The Company’s website contains links to third party websites (websites of the Company’s partners, eg www.dovanusala.lt;), as well as social network extensions (social network Facebook, YouTube, Google Maps plug-ins) . Third-party websites, services, or applications provided on the Company’s website are subject to the privacy policies of those third parties. The Company encourages visitors to familiarize themselves with the privacy policies of these third parties.
AD management of visitors to the Company’s website in the Company’s commercial activities
Processing of personal data of AD entities for the purpose of taking action at the request of the data subject prior to the conclusion of the contract
- In order to enter into an agreement with a potential client, the Company shall process the data of the AD subject when the latter, filling in the form provided on the Company’s website, requests the Company to:
- to submit a preliminary offer regarding the services provided by the Company,
- accept a service order (reservation);
- to buy tickets to the Manor event;
- perform other actions before concluding the contract.
When submitting an offer that meets the needs of an AD entity or confirming an order for the services provided by the Company, the Company collects and manages the following AD:
AD categories:
- name and / or surname,
- e-mail address
- telephone number.
The purpose of AD collection is the Company’s intention to enter into a contract with a customer by submitting a direct offer (offer) to the customer, performing a service order (reservation) or other actions prior to concluding the contract.
Legal basis for the processing of AD – The processing of data is necessary to take action at the request of the data subject before the conclusion of the contract (Article 6 (1) (b) of the BDAR).
From which sources AD is collected – Presented to the AD subject upon notification during a visit to the Company’s website.
Data processing deadline – data identifying the AD entity is stored for 12 months after the end of the relevant event (validity of the offer).
- Taking into account the content of the Company’s website, the Company assumes that the data of AD entities older than 16 years are collected and processed for the purposes of concluding the agreement. If it is established that the data of AD subjects under the age of 16 are being processed, the Company shall immediately suspend the processing of these AD subjects and inform the AD subject of the need to provide the consent of the parents or legal representative regarding the processing of such AD subjects.
- When distributing tickets to the events of the Manor, the Company uses the electronic ticket distribution platform Paysera Tickets (www.tickets.paysera.com) and the electronic content management platform Tilda (www.tilda.cc). Tickets for the Manor’s events are sold in accordance with the Paysera Tickets Terms and Conditions to customers (https://tickets.paysera.com/en/information/buyer-terms) and the Paysera Tickets Privacy Policy (https: // tickets) applies to the protection of personal data. .paysera.com/en/information/privacy-policy).
- The Company manages orders and distributes tickets electronically using the electronic content management platform Tilda in accordance with the terms of the ticket offer for the event (Oferta) and the third party privacy policy (https://tilda.cc/privacy).
- The company encourages visitors and ticket buyers to familiarize themselves with the Paysera Tickets electronic ticketing platform’s ticketing and Tilda privacy policies.
Processing of personal data of AD subjects in the process of temporary accommodation (hotel services)
- The Company processes personal data by providing temporary accommodation services to guests in a managed hotel when:
- the person makes a room reservation at the hotel;
- accommodation (registration) of the guest is performed and payment for services is made;
- providing other services (catering, entertainment) during your stay at the hotel or during the event.
2. The following guest ADs shall be collected during temporary accommodation at a hotel:
AD categories:
Identification AD: name, age, identity document details (number, expiry date, date of issue, photograph).
Communications AD: Email postal address, telephone number, place of residence or residential address.
Financial information: bank account number, bank card number and expiration date.
Additional personally identifiable AD:
- room access details during the stay;
- personal consumption habits and characteristics during the stay (eg use of food, telephone, minibar, internet, pay TV)
- events in personal life (eg weddings);
- video surveillance data without personal identification means;
- a photo of the person during the event without personal identification.
AD entities – a person who is provided with temporary accommodation services in a hotel.
The purpose of collecting AD is to provide temporary hotel accommodation and other services.
Legal basis for AD processing:
- to take action at the request of the data subject before concluding the contract (Article 6 (1) (b) of the BDAR);
- the processing is necessary for the performance of a contract to which the data subject is a party (Article 6 (1) (b) of the BDAR);
- the processing is necessary for the legitimate interests of the controller or of a third party (Article 6 (1) (f) of the BDAR).
From which sources are AD collected:
- ADs are provided by the AD entity directly to the Company:
- to the e-mail address specified in the advertisement or via the data submission form installed on the Company’s website (electronic document);
- by post or direct delivery to a representative of the Company (paper document);
- ADs are submitted to the Company through third parties (hereinafter referred to as the Selection Partners) who carry out the initial selection of candidates.
Data processing deadline:
- Identification AD – 10 years from the date of provision of the service;
- Communications AD – 24 months from the date of service provision;
- Additional personally identifiable AD – 1 month from the date of provision of the service (Note: video surveillance data is stored for -14 days)
- In the course of the company’s activities, additional personally identifiable ADs are collected only for the purpose of ensuring the quality of guest service, asking them to meet individual needs during their stay or event. The company will take all reasonable steps to ensure the anonymity of these ADs during their stay.
- In order to ensure the management of the Company’s activities and the security of its property, guests and their property during their stay, the Company controls the access to the rooms and the video surveillance of the hotel premises and territory without the use of personal identification means.
- In order to ensure the fraudulent use of payment instruments or the prevention of other frauds, or in the event of extreme events (eg natural disasters, danger of a terrorist attack, a guest league), the Company may carry out full identification, copying and storing identity documents for statutory purposes.
Processing of data of AD entities submitting inquiries, notifications or complaints regarding the Company’s activities
- The following data shall be collected and processed by the AD subject during the handling of inquiries, notifications or complaints:
AD categories:
- name and / or surname,
- e-mail address
- telephone number.
AD Entities – Natural persons who have submitted an inquiry, notice or complaint to the Company.
The purpose of collecting AD is to improve the Company’s operations, ensure the rights of customers and protect the Company’s legitimate interests.
Legal basis for AD processing :
- the processing is necessary for the legitimate interests of the controller or of a third party (Article 6 (1) (f) of the BDAR);
- the processing is necessary for the performance of a contract to which the data subject is a party (Article 6 (1) (b) BDAR).
From which sources are AD collected:
- By filling in the notification form on the Company’s website.
- Deadline for data processing
- Complaints, notifications and inquiries – 1 (one) year after the submission of the answer.
Transfer of AD to Third Parties – AD shall not be transferred to third parties except in connection with the processing of legal claims or actions or where information provided by law is required to be transferred to law enforcement authorities for further investigation.
- Longer Data Retention: Upon expiration of the AD processing and retention period set forth in this Privacy Policy, the Company will destroy the AD and, in the cases set forth in the Privacy Policy, reliably and irrevocably depersonalize as soon as reasonably and reasonably necessary. The retention of personal data for longer than specifically specified in this Privacy Policy may only take place if:
- it is necessary for the Company to be able to defend itself against claims, claims or claims and exercise its rights;
- there are reasonable grounds for suspecting an illegal activity under investigation;
- The data of the AD subject is necessary for the proper resolution of the dispute or complaint;
- Restoration of IT systems for backup storage and other purposes to ensure the security and operational stability of IT systems;
- on other grounds provided for by law.
The company guarantees the following rights of the AD entity:
- Right of access to personal data processed: The AD entity has the right to obtain confirmation of the Company’s processing of his personal data, as well as the right to access his personal data processed by the Company and to receive information on the purposes of data processing, categories of data sources of data.
- Right to correct personal data: If the data provided by the AD entity has changed or the AD entity considers that the information processed by the Company about it is inaccurate or incorrect, the AD entity has the right to request that this information be changed, corrected or corrected.
- Right of Complaint: If an AD Entity believes that its AD Company is handling it in violation of data protection law, it has the right to apply directly to the Company for redress of a potential violation. If the AD entity is not satisfied with the solution proposed by the Company or in its opinion the Company has not taken the necessary actions at its request, the AD entity has the right to submit a complaint to the supervisory authority of the State Data Protection Inspectorate in the Republic of Lithuania (L. Sapiegos g. 7, 10312 Vilnius; tel. (Δ 5) 271 2804, 279 1445; el. e-mail: ada@ada.lt).
- Right to delete data (right to be forgotten): In certain circumstances specified in the data processing legislation (when personal data are processed unlawfully, the basis for processing data has disappeared, etc.), the AD entity has the right to request the Company to delete his personal data if they have been processed. obtain the consent of the AD entity on a legal basis.
- Right to restrict data processing: In certain circumstances specified in the data processing legislation (where personal data are processed unlawfully, the AD entity disputes the accuracy of the data, objects to the processing on the basis of a legitimate interest, etc.), the AD entity also has the right to restrict its AD processing .
- Right to data portability: ADs processed by the Company with the consent of the AD entity and processed by automated means have the right to be transferred to another data controller if the data were obtained with the consent of the visitor. The Company will provide the data requested by the AD Entity in a computer-readable format commonly used in IT systems, and will transfer the data directly to another data controller designated by the AD Entity upon request and subject to technical availability.
- In order to exercise the above rights, the AD entity must submit a written request to the Company in the manner set out below.
Processing of requests for personal data or infringement of rights
- In order to protect the data of the AD entity from unauthorized disclosure, the Company has the right to identify the AD entity upon receipt of a request from the AD entity to provide data or exercise its other rights. The Company has the right to do so (i) request the relevant questionnaire data provided in the AD registration form for the purpose of comparing or overlapping relevant data; or (ii) send a control message to the contact specified in the registration form (SMS or e-mail) requesting an authorization action. If the verification procedure is unsuccessful, the Company has the right to establish that the applicant is not the subject of the requested data and to reject the submitted application.
- The company undertakes to provide information on the action taken on the request without undue delay, but in any case no later than one month after receipt of the AD entity’s request and completion of the verification procedure. Depending on the complexity and number of requests received, the Company has the right to extend for another two months within one month, informing the AD entity by the end of the first month and stating the reasons for such extension.
- If the request was submitted by electronic means, the Company will also provide a response by electronic means, unless this is not possible (eg due to the extremely high volume of information) or if the AD entity has requested a different response.
Security measures and transfer of personal data
- The Company ensures that AD uses a variety of security technologies and procedures to protect processed AD from unauthorized access, use, or disclosure.
- The Company undertakes to take all possible measures immediately upon detecting cases of unauthorized access to, or misuse or disclosure of, AD, and shall inform the AD Entity and the AD Security Control Authority accordingly.
- The Company shall not transfer the AD to any third parties without the prior consent of the AD Entity, except that the AD may be transferred for processing to third parties who assist the Company in carrying out its activities and administering the provision of the Services. Such persons may include data center companies, asylum and related services companies, advertising, marketing services companies, software developers, providers, support and development companies, information technology infrastructure services companies, communication service companies, internet browsing or internet activity analysis. security companies providing security services. In each case, the Company shall provide the data processor only with the amount of data necessary to execute a specific order or provide a specific service.
- The Company reserves the right to file an AD with the competent governmental or law enforcement agencies upon their request, as well as to safeguard the interests of the Company and third parties in pursuing legal claims or defending legitimate interests.
- The company ensures that personal data is processed in the territory of the European Union.
- The Company does not intend to transfer or not transfer personal data to third countries, but informs that certain technical data of the AD entity’s visit to the Company’s website (IP address, cookies, technical information of the browser used, other information related to browser activity and website browsing) , may be transferred or made available to entities within and outside the European Economic Area for analytical and related purposes (for example, when using the Google Analytics service provided by Google Inc., a company incorporated in the United States).
Final Provisions
- This Privacy Policy is effective from 2021. August 30
- The Company may change the provisions of this Privacy Policy from time to time. The Company informs the Visitors about the changes by submitting a new version of the Privacy Policy on the Company’s website, indicating the dates of the installed fixes.
- Visitors must understand and acknowledge that by continuing to visit the Company’s website, they agree to this Privacy Policy and its amendments and updates.
- Should AD have any questions regarding the Company’s processing of personal data in accordance with the provisions of this Privacy Policy or the AD Entity intends to exercise its rights in relation to the processing of visitor personal data, AD Entities may make a request to the Company in the following ways:
- by sending a letter to: Ramybės st. 4-70, LT02103 Vilnius Public Institution PAKRUOJO TEODORAS with a reference on the envelope “On the processing of personal data”;
- by sending a request by e-mail e-mail address: info@pakruojo-dvaras.lt.
- by phone + 370 686 65055 (administration of PAKRUOJO TEODORAS);
- or by filling in the notification form in the section of the Company’s website (www.pakruojo-dvaras.lt): “Contacts” with the reference “Regarding the processing of personal data”.