In this Privacy Policy, we provide the information required by the General Data Protection Regulation No. 2016/679 (EU) of the European Union (hereinafter referred to as the Regulation) regarding the processing of personal data, performed when you are using our website.

The data controller who determines the purposes and means of processing your personal data shall be UAB NERINGA HOTEL (legal entity code 302547380, address Gedimino ave. 23, 01103 Vilnius, telephone No. +370 5212228, e-mail hotel@neringavilnius.com).

It is important that you read this Privacy Policy carefully, as its terms apply to natural persons visiting our website, ordering services, communicating with us and otherwise providing personal data. Please read the current version of this document regularly, as its contents may change in the future.

The terms used in the Privacy Policy shall be as defined in the Regulation.

We may obtain your personal data upon your completion of an inquiry or booking form on our website, placing of an order to purchase our services or otherwise contacting us, completing a registration card and providing details upon arrival at the hotel, as well as communicating with us through social media and using hotel room lock cards. We may also receive your personal data indirectly through the online booking channel you use to make our hotel reservation.

If you order our hotel services, we shall retain the personal data you provide for a period of 10 years. The purpose of the data processing is the provision of hotel services and the basis is the performance of a contract concluded with you (Article 6 (1) (b) of the Regulation). If we do not receive the requested personal data, we shall not be able to provide the service.

The following principles apply to the collection and use of your personal data provided by you, as well as from other sources:

• Your personal data shall be processed in a lawful, fair and transparent manner (principle of legality, fairness and transparency);
• Your personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes (purpose limitation principle);
• Your personal data shall be adequate, relevant and only necessary for the purposes for which they are processed (data minimisation principle);
• The personal data processed shall be accurate and, where necessary, kept up to date (principle of accuracy);
• Your personal data shall be stored in a form that allows for the identification of the person for no longer than is necessary for the purposes for which your personal data are processed (principle of storage limitation);
• Your personal data shall be processed in such a way as to ensure adequate security of personal data through appropriate technical or organisational measures, including protection against unauthorised or unlawful processing of data and against unintentional loss, destruction or damage (principle of integrity and confidentiality).