DATA CONTROLLER

Legal entity SIA “Relax plus”
Legal entity code: 40203411572
Address: Liela iela 37-10, Marupe, LV-2167
Phone number: +370 647 58964
Email: info@gamtosoaze.lt
Website: www.gamtosoaze.lt

Data about the data controller is collected and stored at the Kaunas branch of the VĮ “Registrų centras”.

“Gamtos oazė” ensures that personal data is processed in a lawful, fair, and transparent manner, collected only for purposes specified in this policy. All measures are applied to ensure proper security of personal data. These privacy policy provisions apply regardless of the device used.

TERMS USED IN THE PRIVACY POLICY

Personal Data – any information related to a living person whose identity is established or can be established.
Data Subject – a person who uses the services provided by “Gamtos oazė,” purchases goods, or visits the website www.gamtosoaze.lt, as well as candidates applying for offered job positions.
Websitewww.gamtosoaze.lt
Request – a data subject’s request to exercise their rights.
Regulation – the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

This Privacy Policy may also use other terms whose meaning corresponds to the provisions of the Regulation.

GENERAL PROVISIONS

This Privacy Policy informs you about the main principles of personal data processing and the implementation of data subjects’ rights. By using the services of “Gamtos oazė,” purchasing goods, submitting your data, sending a CV, filling out reservation forms, or submitting inquiries, and continuing to browse the Website, you confirm that you have read this Privacy Policy and understand its provisions.
This Privacy Policy can be viewed and printed at any time on the website www.gamtosoaze.lt.

PRINCIPLES OF PERSONAL DATA PROCESSING

“Gamtos oazė” processes personal data in accordance with the laws of the European Union and the Republic of Lithuania regulating personal data processing.
Personal data is processed only when there is a legitimate processing criterion – to take action at the request of the data subject with their consent before concluding a contract or to perform a contract, when personal data processing is required by applicable laws and/or when personal data needs to be processed for the legitimate interest of “Gamtos oazė” or a third party.

METHODS OF PERSONAL DATA COLLECTION

Personal data is obtained in various ways:

  • by filling out forms on the website,
  • submitting an inquiry,
  • subscribing to the newsletter,
  • calling our specified phone numbers,
  • sending a CV or other employment-related information,
  • placing an order for our services,
  • communicating or observing “Gamtos oazė” activities on social networks,
  • or by contacting “Gamtos oazė” in any other way.

PURPOSES OF PERSONAL DATA PROCESSING

User data is processed for the following purposes:

  • providing accommodation, catering, and other services,
  • providing information related to the services upon the user’s request,
  • marketing purposes,
  • website traffic statistics, monitoring, improvement, rating, and guest feedback analysis, complaint handling, service improvement,
  • property and personal protection purposes,
  • defending our interests in court or other institutions, e.g., submitting, fulfilling, and defending legal claims for debt recovery,
  • maintaining relationships with customers and partners,
  • administration, accounting,
  • contract execution, inquiry administration,
  • employee search purposes.

PERSONAL DATA RECIPIENTS

Your privacy is important to us, so we will not disclose your personal data to others without your consent, except for the following persons:

  • in case of a dispute – legal service providers,
  • auditors, other consultants,
  • data processors employed,
  • reservation service providers,
  • operators of online booking channels used by the data subject for reservation purposes, such as www.booking.com, www.airbnb.com, and others, for the purpose of ordering services for you,
  • your travel agent or another person ordering our services for you,
  • state institutions, law enforcement agencies, and other persons as required by the laws of the Republic of Lithuania.

You are not obliged to provide us with any personal data, but without your personal data, we may not be able to perform certain actions or provide services, such as selling goods or issuing invoices.
The user has the right to opt-out of receiving direct marketing content at any time by notifying us via email at info@gamtosoaze.lt or using the unsubscribe link in the newsletter.

CATEGORIES OF PROCESSED PERSONAL DATA

By making a reservation or ordering services, you express your consent that the Data Controller will process the following user data:

  • name, surname of the data subject,
  • date of birth, age,
  • identity card (passport) number, issuance date and place,
  • personal code,
  • copy of the passport or identity card,
  • phone number,
  • address, country,
  • email,
  • password and security question,
  • credit card details,
  • payable amount,
  • purchased service/good/voucher. We process the validity date of the gift voucher, payment details when you purchase a service/good/gift voucher. If you purchase a gift voucher for another person, we also process the recipient’s name.
  • information provided in the CV,
  • check-in and check-out date,
  • information about accompanying persons,
  • data subject’s preferences (food, etc.),
  • reservation number,
  • additionally ordered services,
  • signature,
  • IP address,
  • website browsing history and date,
  • other information necessary for providing services, maintaining relationships, issuing invoices, and administering contracts, submitting legal claims,
  • feedback and service ratings on social media platforms, we may process your personal data shared with us or published on social media or other online reviews about us.
  • data subject’s habits related to provided services,
  • data subject’s profile and other information on social media,
  • video recordings. We conduct video surveillance on our premises to protect our, your, and others’ property, as well as the health and life of individuals, based on our and third parties’ legitimate interest. We collect the following information during video surveillance: video recordings, video capture date and time, location. Video recordings may only be used to disclose suspected criminal activities, administrative violations, or prove damage to the health or life of employees, service providers, third parties, and may only be transferred to persons entitled to receive such data by law;
  • other categories of data.

The Data Controller provides the following data to the Lithuanian Department of Statistics:

  • number of guests,
  • country of origin of the guest(s),
  • purpose of the visit,
  • duration of the stay.

PERSONAL DATA RETENTION PERIOD

Personal data is processed no longer than necessary to achieve the purposes of data processing or no longer than required by data subjects and/or prescribed by law.
Typically, we will process data during the contract, service provision period, and 10 years from the end of the contract, service provision, or relationship, complying with document archiving requirements set by law and to assert, exercise, or defend legal claims.
Data provided by candidates is retained for one year after the specific selection ends if no employment contract is concluded with the candidate, or if the candidate submits their data without applying for a specific position, with the data subject’s consent, or until the data subject withdraws their consent for data processing.
Recorded telephone conversations for service improvement purposes are retained for no longer than 30 days.
Data collected during guest behavior monitoring for service improvement and customization to guest needs is processed for no longer than 3 years from the last contact with the data subject.
Payment card data is retained for 1000 days.
Personal data obtained through social media platforms or online reviews to address your complaints or respond to positive feedback about us, monitor our online reputation to evaluate and improve our service quality, is processed for no longer than 1 year from the date of data collection.
Reservation data entered in the reservation system is retained for 10 years from the date of check-out from “Gamtos oazė.” Credit card data used during registration is retained for 10 days from the date of check-out from “Gamtos oazė.”
Video surveillance recordings with personal data are retained and processed for no longer than 1 month from the date of data capture/receipt.
If the data subject withdraws consent for data processing or the data processing term ends (when data is processed based on the data subject’s consent), only data confirming the fact of consent provision will be retained for no longer than 10 years from the end of the consent term or consent withdrawal to assert, exercise, or defend legal claims.
Personal data obtained in compliance with the Ministry of Health of the Republic of Lithuania instructions for implementing COVID-19 disease (coronavirus infection) prevention and control measures is retained and processed for no longer than 21 days from the date of data capture/receipt.

DATA PROCESSORS

Your personal data may be processed by data processors providing accounting, legal, website maintenance, data center and/or server rental, IT maintenance, external audit, and other services.
Data processors have the right to process personal data only according to our instructions and only to the extent necessary to properly fulfill the obligations specified in the contract.

YOUR RIGHTS RELATED TO PERSONAL DATA

The data subject, whose data is processed in the Data Controller’s activities, has the following rights, depending on the situation:

  • to be informed about the processing of their data (right to know),
  • to access their data and how it is processed (right to access),
  • to request correction or, considering the purposes of personal data processing, to supplement incomplete personal data (right to rectify),
  • to request the destruction of their data or the suspension of their data processing (excluding storage) (right to destroy and right to be forgotten),
  • to request the Data Controller to restrict the processing of personal data on one of the legitimate grounds (right to restrict),
  • to data portability (right to portability),
  • to submit a complaint to the State Data Protection Inspectorate.

PROCEDURE FOR EXERCISING DATA SUBJECT’S RIGHTS

For all questions related to the processing of the data subject’s personal data and the exercise of their rights, you have the right to contact us via email at info@gamtosoaze.lt.
A request to exercise the data subject’s rights must be legible, signed, and include your name, surname, address, and other contact details for communication or the preferred way to receive a response regarding the exercise of the data subject’s rights.
If we have doubts about your identity or the accuracy of the provided data, we have the right to request additional information necessary to verify it.
The data subject can withdraw consent to collect, process, and store their personal data at any time, and can withdraw consent for direct marketing purposes without any additional justification by contacting the Data Controller, who will immediately stop processing personal data and destroy the related personal data. The Data Controller has the right not to delete personal data from the server if there is a legitimate basis for retaining it, especially to ensure national security and defense, public order, crime prevention, investigation, detection, or prosecution, protect significant state economic or financial interests, and protect the rights and freedoms of others.
You can exercise your rights yourself or through a representative who must indicate their name, surname, address, and other contact details for communication, as well as your name, surname, and other necessary data for proper identification of the data subject and provide a notarized power of attorney, while data to a lawyer is provided only upon submission of a representation agreement and specifying the purpose of data use.

If you do not comply with the procedure specified in this section when contacting us, we will inform you within 7 calendar days from the receipt of your request, indicating the deficiencies. If you do not correct the indicated deficiencies or inform us of the reasons why they cannot be corrected, we will not consider your request. If there are objective circumstances that prevent the correction of the indicated deficiencies, we may decide to accept your request and consider it.
The Data Controller, having received a request from the Data Subject to access the processed personal data, will provide a response within 30 calendar days from the date of receipt of the inquiry. The response is provided free of charge.

RESERVATION SYSTEMS, SOCIAL MEDIA

You can order accommodation and related services not only using our reservation system but also using external reservation systems such as www.booking.com, www.airbnb.com, etc. We want to point out that the personal data you provide on external reservation systems is primarily processed by the operators of these external reservation systems. We are not responsible for how your personal data is processed by the operators of external reservation systems. Therefore, before providing any data, we recommend thoroughly reviewing their personal data privacy policy.
“Gamtos oazė” has created and manages accounts on social media platforms such as Instagram and Facebook. All information you provide on social media platforms Instagram and/or Facebook (including messages, use of “Like” and “Follow” fields, and other communications) or that is received when you visit our accounts (including information obtained through cookies used by social network operators) is controlled not by us, but by the social network operator. Therefore, we recommend reading the privacy notices of the social network operators and contacting them directly regarding the use of your personal data. To learn more about the privacy policy of the Facebook social network operator, click here: https://www.facebook.com/policy.php.

USE OF COOKIES

Cookies are used on the website www.gamtosoaze.lt for statistical purposes to evaluate website traffic and the popularity of provided content. This method of data processing does not allow the identification of the website visitor’s identity. The website visitor can delete cookies from their computer or block them in their browser, but some website functionality may not work in this case.

RISK FACTORS AND SOLUTIONS FOR PERSONAL DATA PROTECTION BREACHES

To ensure proper personal data protection, the Data Controller implements the following organizational and technical personal data protection measures: The work process is organized to ensure the secure handling of computer data and their archives. Access to personal data is granted only to those employees who need it to perform their work functions and only to those who have signed confidentiality agreements and are familiar with other internal rules. Personal data is protected against loss, unauthorized use, and alterations. Internet connections are encrypted, and the website is operated over the https:// protocol.

FINAL PROVISIONS

By contacting us, you express your will for us to contact you regarding your inquiry.
These privacy rules are reviewed at least once every two years and updated as needed, taking effect from their publication on the Website.
If you have any questions related to the processing of your personal data, please contact us via email at info@gamtosoaze.lt.

Shopping Cart
Scroll to Top