Privacy policy

 “Uzupio namas” accommodation provider 

Privacy Policy TERMS AND CONDITIONS

13 December 2021 Nr, 1902-05

Vilnius

Privacy Policy and Consent to Data Use

Thank you for visiting our homepage and for your interest in our company. Our dealings with our customers and prospective customers are a matter of trust. Your trust is of great value to us. As such, we recognize the importance and obligation of handling your data carefully and protecting it from misuse.

In order to make you feel safe and secure when visiting our website, we take the protection of your personal data and its confidential treatment very seriously. Therefore, we act in accordance with applicable personal data protection and data security legislation. In this notice on data protection, we would like to inform you about which data we store and when, and how we use it – of course, in compliance with applicable laws.

Below, we explain which information we collect during your visit to our website and how it is used.

I. Name and address of the controller

The controller within the meaning GDPR and other national data protection laws of the Member States as well as other data protection regulations is:

Moon Garden Hotel, UAB “Užupio namas”, Paupio str. 31A, Vilnius, Lithuania, tel: (8-5) 219 9949, email: welcome@moongardenhotel.com  

II. Name and address of the Data Protection Officer

The controller’s Data Protection Officer is:

Moon Garden Hotel, UAB “Užupio namas”, Paupio str. 31A, Vilnius, Lithuania, tel: (8-5) 219 9949, email: welcome@moongardenhotel.com 

III. General information about data processing

1. Scope of processing of personal data

In principle, we collect and use personal data of our users only to the extent necessary for the provision of a functional website and our content and services. The collection and use of personal data of our users regularly takes place only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) GDPR serves as the legal basis. For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures. Insofar as the processing of personal data is required to fulfil a legal obligation that our company is subject to (e.g. national reporting laws), Art. 6 (1) (c) GDPR serves as the legal basis. If the processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing.

3. Deletion of data and duration of storage

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage ceases to exist. In addition, storage may be provided for by European or national legislators in EU regulations, laws or other provisions to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the provisions mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

IV. Contact/email contact

1. Description and scope of data processing

A contact option is available on our website which can be used for electronic contact. If a user makes use of this option, they can contact the relevant contact person via the email address provided. In this case, the user’s personal data transmitted by email is stored in the email system.

In this context, there is no disclosure of data to third parties. The data is used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for the processing of these data is Art. 6 (1) (a) GDPR if the user has granted its consent.

The legal basis for the processing of the data is, moreover, Art. 6 (1) (f) GDPR. If contact is established in order to conclude a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

3. Purpose of data processing

For the processing of personal data as part of email contact, the required legitimate interest in the processing of data is given.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been definitively clarified.

If the contact is a pre-contractual relationship (offer or reservation request), the data transferred is also stored in our hotel software and used for contract performance. If no contractual relationship arises, we will delete the data after one year effective at the end of the year.

5. Objection and removal options

The user has the option to object to the processing of their personal data at any time. We have set up the email address welcome@moongardenhotel.com  for this purpose. Please note that in the case of an objection, the conversation cannot be continued and we cannot create offers etc. All personal data stored in the course of making contact will be deleted in this case.

V. Online booking through the website

1. Description and scope of data processing

On our website, you have the option to book rooms and arrangements for Moon Garden Hotel. If a user makes use of this option, the data entered in the input form will be transmitted to us and stored. This data includes: first name, surname, email address, phone number, address, number of accompanying travelers, expected arrival time, requests, payment data (credit card), date, time.

If you make an online booking from our website, this is done through the online booking system. All booking data entered by you will be encrypted. In this context, no further transfer of the data to third parties will take place. The data is used exclusively to process the booking and for communication.

2. Legal basis for data processing

The legal basis for the processing of the data is the conclusion of an accommodation contract with the user in accordance with Art. 6 (1) (b) GDPR.

3. Purpose of data processing

The processing of personal data from the input form is solely for the purpose of processing the booking request and payments.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention requirements are met.

5. Objection and removal options

The user has the option to object to the processing of their personal data at any time. We have set up the email address welcome@moongardenhotel.com for this purpose.

Please note that in the case of an objection, the booking cannot be completed and the conversation cannot be continued.

VI. Online booking through other websites

1. Description and scope of data processing

Moon Garden Hotel gives interested parties the option to book rooms and arrangements through hotel reservation portals (third-party providers). If a user makes use of this option, the data entered in the input form will be transmitted to us and stored to the extent permitted by the respective hotel reservation portal in accordance with its own privacy policy. The data may include: first name, surname, email address, phone number, address, number of accompanying travelers, expected arrival time, requests, payment data (credit card).

The data provided is transferred to our hotel software via a so-called channel manager. All booking data received is transferred in encrypted form. As the provider of the channel manager has committed itself to the handling of the personal data transmitted in accordance with data protection law. It takes all organizational and technical measures to protect your data.

In this context, no further transfer of the data to third parties will take place. The data is used exclusively to process the booking and, if necessary, for communication.

2. Legal basis for data processing

The legal basis for the processing of the data is the conclusion of an accommodation contract with the user in accordance with Art. 6 (1) (b) GDPR.

3. Purpose of data processing

The processing of personal data from the input form is solely for the purpose of processing the booking request and payments.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention requirements are met.

Moon Garden Hotel has no influence on the storage periods at the respective hotel reservation portal.

5. Objection and removal options

The user has the option to object to the processing of their personal data at any time. We have set up the email address welcome@moongardenhotel.com or this purpose.

Please note that in the case of an objection, the booking cannot be completed and the conversation cannot be continued.

VII. Sending of e-mails before arrival

1. Description and scope of data processing

We would like to send a welcome mail to those of our guests from whom we have received an email address as part of the booking or where we can connect with the guest through a hotel reservation site. A few days before arrival, the guest will receive an email with a reservation summary and information about the reservation and any additional services that are available. If we send these e-mails, this happens via the platform Loventis. Loventis has committed itself to the handling of your transmitted data in accordance with data protection law. Loventis takes all organizational and technical measures to protect your data. 

2. Legal basis for data processing

The legal basis for the processing of the data is firstly our legitimate interest in the processing of data in the context of the booking, i.e. the contract initiation relationship.

3. Purpose of data processing

We want to contact the guests to give them the option to book additional services quickly and comfortably and to find Hostel quick.

4. Duration of storage

The data will be deleted as soon as it is no longer required for the achievement of the purpose.

5. Objection and removal options

The user has the option to object to the processing of their personal data at any time. We have set up the email address welcome@moongardenhotel.com for this purpose.

VIII. Online review

1. Description and scope of data processing

Former guests can leave a review of our hotel after check-out. For this purpose, we would like to send you an email within 14 days of departure to ask you for a hotel review. In addition, there is the option of submitting the review in a paper questionnaire. In this case, we will enter the opinion submitted into the online review system. Each review may be published anonymously on request. If you did not feel comfortable in one of our hotels, we would like to take the opportunity to contact you.

If a former guest makes use of this online review option, data from the former guest is stored in the evaluation form. This data includes: email address as well as voluntary information such as first name, surname, language and information provided in the review. In this context, no further transfer of the data to third parties will take place. The data will only be used to publish the rating and to mediate poor ratings.

2. Legal basis for data processing

The legal basis for the processing of data is, moreover, Art. 6 (1) (f) GDPR, i.e. the legitimate interest of Moon Garden Hotel.

3. Purpose of data processing

The purpose of the hotel review is to communicate and summarize the opinions of hotel guests through our website so that interested parties can form their own impression about our services. In addition, the results assist with our internal quality management.

4. Duration of storage

The data is not deleted.

5. Objection and removal options

There is always the option to have the publication of the review deleted (right to be forgotten). We have set up the email address  welcome@moongardenhotel.com for this purpose. Please let us know what review you would like to have deleted.

XVII. Use of cookies

1. Description and scope of data processing

Cookies are small files that allow us to store specific information related to you, the user, on your computer while you visit one of our websites. Cookies help us to determine the frequency of use and the number of users on our websites, as well as to make our offers as comfortable and efficient as possible for you. We use ‘session cookies’, which are cached exclusively for the duration of your use of our website. The session cookies are stored on your data carrier to ensure certain settings and functionalities on our websites via your browser. The cookies we use are deleted after the end of the browser session, i.e. once you close your browser. Below, we describe which cookies we use on the site in more detail. These cookies allow us to tailor the features and content of the site to your needs by storing your preferences. For example, these cookies may be used to store your user data in our forum or to make a language selection. In addition, they can be used to provide interactive information, such as watching our virtual catalogues or videos.

Cookie name Valid Purpose of the cookie

exp_last_activity 1 year This cookie tells us the date of your last activity on our website. If it is your first visit, it will be set to the current time.

exp_last_visit 1 year This cookie is only relevant to registered users. If you are browsing the site as a guest, it will be set to a date in the past.

exp_tracker until the end of the session This cookie stores the last 5 pages that you visited on our site. We use this information to redirect you to the page where you were located.

SSL_JSessionID until the end of the session bookassit cookie

In addition, we use cookies on our website that enable an analysis of users’ browsing behaviour. In this way, the following data can be transmitted: search terms entered, frequency of page views, use of website functions. The users’ data collected in this way is pseudonymised by way of technical precautions. As such, the data can no longer be associated with the visiting user. The data is not stored together with other personal data of the users. When accessing our website, the user is informed about the use of cookies for analytics purposes and their consent to the processing of the personal data used in this context is obtained. In this context, reference is also made to this privacy policy.

2. Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) (f) GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is the consent of the user in accordance with Art. 6 (1) (a) GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website cannot be offered without the use of cookies. For them, the browser needs to be recognised even after changing pages. The user data collected through technically necessary cookies is not used to create user profiles.

Analysis cookies are used to improve the quality of our website and its contents. Through the analysis cookies, we learn how the website is used, allowing us to constantly optimise our service. For these purposes, our legitimate interest in the processing of personal data is in accordance with Art. 6 (1) (f) GDPR.

4. Duration of storage, objection and deletion options

Cookies are stored on the computer of the user and transferred by it to our site. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transfer of cookies. Previously saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to their full extent. The use of our services is also possible without cookies and scripts. You can disable the storage of cookies and scripts in your browser, restrict them to certain websites or set your browser to notify you when a cookie is sent. You can also delete cookies from your computer’s hard drive at any time. You can install browser add-ons to block scripts. NoScript for Firefox and ScriptSafe for Google Chrome are examples of such browser add-ons. These not only block any kind of JavaScript, they also block selected trackers, Java, Flash and other plugins on websites.

If you are concerned about third-party cookies, you can reject them specifically and still receive the cookies that make our website work properly.

This is how you can reject cookies in any of the main browsers:

Mozilla Firefox: http://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Google Chrome: https://support.google.com/chrome/bin/answer.py?hl=de&answer=95647&p=cpn_cookies

Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11

Safari: http://support.apple.com/kb/PH11913

Please note, however, that in these cases you will have to expect a limited presentation of the page and Use of social media plugins

  • Our website uses social plugins (‘plugins’) of the social network facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (‘Facebook’). The plugins are marked with a Facebook logo or the words ‘Facebook Social Plugin’. When you visit a page on our website that contains such a plugin, your browser will establish a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and incorporated by it into the website. By incorporating the plugins, Facebook is informed that you have accessed the corresponding page on our website. If you are logged in to Facebook, Facebook can assign the visit to your Facebook account. If you interact with the plugins, for example by clicking the ‘Like’ button or leaving a comment, the information is transferred from your browser directly to Facebook and stored there. For more information about the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your related rights and settings options for the protection of your privacy, please refer to Facebook’s privacy policy. If you do not want Facebook to collect data about you through our website, you must log out of Facebook before visiting our website.a limited user interface.
  • Use of +1 buttons/Google +1 buttons

Our website uses the ‘+1’ button of the Google Plus social network, which is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (‘Google’). The button is recognisable by the ‘+1’ sign on a white or coloured background. When you visit a page on our website that contains such a button, your browser will establish a direct connection to Google’s servers. The content of the ‘+1’ button is transmitted by Google directly to your browser and incorporated by it into the website. We therefore have no control over the scope of data Google collects using the button. According to Google, no personal data is collected without clicking on the button. Such data, including IP addresses, is only collected and processed from members who are logged in. For more information about the purpose and scope of the data collection and the further processing and use of the data by Google, as well as your related rights and settings options for the protection of your privacy, please refer to Google’s privacy policy concerning the ‘+1’ button: (http://www.google.com/intl/de/+/policy/+1button.html) and the FAQs: (http://bit.ly/r3Qmer.)

If you are a Google Plus member and you do not want Google to collect information about you from our website and link it to your member data stored on Google, you must log out of Google Plus before visiting our website.

XVIII. Use of personal information when checking in to Hotel.

 1. Description and scope of data processing

At the time of check in to Moon Garden Hotel, we ask your passport and may ask personal data including: first name, surname, email address, phone number, address, number of accompanying travelers, expected arrival and leaving time, requests, payment data (credit card), passport information. We do scan all travelers passports. The data is collected by Moon Garden Hotel exclusively and is not shared with any other third party except of booking management software Loventis that is used by Moon Garden Hotel.

As the provider of the channel manager has committed itself to the handling of the personal data transmitted in accordance with data protection law. It takes all organizational and technical measures to protect your data.

In this context, no further transfer of the data to third parties will take place. The data is used exclusively to process the booking and, if necessary, for communication.

2. Legal basis for data processing

The legal basis for the processing of data is, moreover, Art. 6 (1) (f) GDPR, i.e. the legitimate interest of Moon Garden Hotel.

3. Purpose of data processing

The purpose of data collection during check in is for the safety reasons. We collect passport information for safety reasons while staying in Moon Garden Hotel. It is not used for any other purpose. The data of personal contacts: email, name may be used for asking for a review few days after the stay in Moon Garden Hotel.

4. Duration of storage

The data is collected 6 month after the guest check out time. After the 6 month only guest name, surname, phone number and email address remains in Moon Garden Hotel database and is not deleted. This data we use only for knowing if the guest has already stayed and what is the previous story with the guest: we use discounts for loyal guests and we do not accept rude and violent guests.  

5. Objection and removal options

There is always the option to have the publication of the review deleted (right to be forgotten). We have set up the email address welcome@moongardenhotel.com for this purpose. Please let us know what review you would like to have deleted.

XIIV. Filming in public areas in Moon Garden Hotel

 1. Description and scope of data processing

There are cameras filming in Moon Garden Hotel public areas 24/7. Images are being monitored and recorded for the purposes of safety, security and the detection of crime and are stored in Moon Garden Hotel computer for not longer than a year. If there is crime or the possibility of aggression, we may share filming information with police. 

2. Legal basis for data processing

The legal basis for the processing of data is, moreover, Art. 6 (1) (f) GDPR, i.e. the legitimate interest of Moon Garden Hotel.

3. Purpose of data processing

The only purpose of filming is for the safety of our guests and workers. 

4. Duration of storage

The data is collected not longer then 12 month. 

5. Objection and removal options

There is always the option to have the publication of the review deleted (right to be forgotten). We have set up the email address welcome@moongardenhotel.com for this purpose. Please let us know what review you would like to have deleted.

XVIII. Protection of minors

This service is primarily for adults. We do not currently market special areas for children. As a result, we do not knowingly collect information to determine age, nor do we knowingly collect personal information from children under the age of 16. However, we advise all visitors to our website under the age of 16 not to disclose or provide any personal information through our service. In the event that we find that a child under the age of 16 has provided us with personal data, we will delete the personal data of the child from our files, insofar as this is technically possible, in compliance with the Children’s Online Privacy Protection Act (see the Federal Trade Commission website at www.ftc.gov/kidzprivacy for more information about this law).

XIX. Rights of data subjects

If your personal data is processed, you are a data subject within the meaning GDPR and you have the following rights with respect to the controller.

You have a right to information about the personal data stored about you, the purpose of the processing, possible transfers to other entities and the duration of storage.

If data is inaccurate or no longer required for the purposes for which it was collected, you may request that the data be corrected, deleted or the processing restricted. Insofar as provided for in the processing procedures, you may also view and correct your data yourself if necessary. Should your particular personal situation give rise to reasons against the processing of your personal data, you may object to this insofar as the processing is based on a legitimate interest. The controller will no longer process the personal data relating to you unless it can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending against legal claims. If the personal data relating to you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing. If you object to processing for direct marketing or profiling purposes, your personal data will no longer be processed for these purposes.

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the time of revocation.

All private policy terms and conditions are approved by UAB “Užupio namas” director Eglė Sutkutė – Bagdzevičė.

If you have questions about your rights and the assertion of your rights, please contact: 

UAB “Užupio namas”

Paupio str. 31A, Vilnius

Lithuania 

Tel.: +370 686 84523

Email: welcome@moongardenhotel.com

X. Security

Moon Garden Hotel employs technical and organizational security measures in accordance with Art. 32 GDPR in order to protect your data managed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological developments. Access to them is only possible for a small number of authorized persons and persons committed to special data protection obligations who are involved in the technical, administrative or editorial support of data.

XXII. Declaration of consent of the user in internet

By using our website and the offers contained therein, you agree that we can store the personal data you have voluntarily submitted to us and process and use this data in compliance with this privacy policy.

We reserve the right to change, update or supplement this privacy policy at any time. Any revised privacy policy shall only apply to personal data that has been collected or changed since the revised policy entered into force.

XXIII. Declaration of consent of the user while check in

By checking in to our Moon Garden Hotel and giving your passport and personal contacts details, you agree that we can store the personal data you have voluntarily submitted to us and process and use this data in compliance with this privacy policy.

We reserve the right to change, update or supplement this privacy policy at any time. Any revised privacy policy shall only apply to personal data that has been collected or changed since the revised policy entered into force.