The purpose of the Privacy and Cookies Policy is to inform visitors of Aston Hotel Riga (hereinafter – the Hotel) and its website about the processing of personal data, its purposes and personal data protection measures.
Contact details of the controller
Controller: Alfor LLC, registration No.40003512913, registered and actual office: 12 Plienciema Street, Marupe, Marupe District, LV-2167, Latvia, e-mail address: firstname.lastname@example.org, telephone number 67301000.
The Data Protection Officer’s email address: email@example.com.
Information on the processing, acquisition, transfer and protection of personal data
The Controller shall comply with the following data processing principles in order to ensure adequate data protection measures:
- personal data is collected from the data subject on the basis of consent;
- processing of personal data is based on a contractual obligation for the purposes and obligations set out in the contract;
- processing of personal data is necessary to ensure the performance of obligations under laws and regulations;
- inform the data subject for what purposes the personal data are collected and used;
- process personal data in accordance with the Regulation and other applicable laws and regulations;
- personal data shall be collected and processed:
- for the provision of hotel services;
- for the provision of catering services;
- for accounting and human resources purposes,
- for protection of its legitimate interests,
- for complying with laws and regulations,
- for improving service quality,
- for marketing purposes,
- for security needs of customers, employees and property
- take precautions to prevent the loss, misuse and unauthorised access, disclosure, alteration or destruction of personal data;
- take appropriate technical and organisational measures to protect the data systems on which personal data are stored;
- personal data are collected, processed, stored and transmitted in automated and/or document-based processing systems;
- ensure that access to personal data is restricted to appropriate authorised persons who need such access in order to carry out their official duties;
- personal data are processed lawfully and fairly;
- personal data are not stored for longer than required by laws, regulations or for the purpose of the processing;
- personal data may be disclosed to law enforcement authorities, state and local authorities upon a legally substantiated request from the respective authority;
- the data is processed in a member state of the European Union (EU) or the European Economic Area (EEA). Personal data is not transferred to or processed in a country outside the EU/EEA.
The Controller does not process special categories of personal data concerning data subjects.
Purpose of the processing of personal data
The Controller processes personal data for the following purposes:
- to receive hotel services, the customer must provide the following information: name, surname, personal identification number, date of birth, nationality, e-mail address, telephone number, credit card number and expiry date, details of identity document (passport or identity card), national registration number of the vehicle;
- to provide catering services, the customer must provide the following information: name, surname, personal identification number or date of birth;
- to ensure the execution of services and the administration of payments, the activity data processed may include: online payment data (debit/credit card number), account number;
- to carry out marketing activities.
- to prevent offences relating to the protection of property and the safeguarding of vital interests of persons, including life, health, safety and order.
Legal basis for processing personal data
The Controller processes personal data on the following legal grounds:
- the data subject’s consent;
- entering into a contract – to ensure the service is delivered and online payments are processed;
- regulatory compliance – to comply with an obligation under a law or regulation;
- legitimate interests – to fulfil contractual obligations and achieve contractual objectives, or legitimate interests deriving from laws or regulations;
- safeguarding the vital interests of the data subject or another natural person – to ensure the security of data held by the Controller.
Claims for reimbursement
The Controller shall not be entitled to claim reimbursement of expenses under the Regulation, except where the data subject requests more than one copy of the data, including where there are multiple requests for the same personal data. In such a case, the Controller may charge a reasonable fee based on administrative costs.
Storage of personal data
- there is a legal obligation to keep the data for a certain period of time in accordance with the requirements of laws and regulations;
- it is necessary to pursue the legitimate interests of the Controller;
- it is necessary to fulfil the contractual obligations entered into between them.
Rights of the data subject
The data subject shall have the right to obtain information on what personal data the Controller holds and for what purpose they are processed, to request correction, supplementation or deletion of data, to transfer data (data portability), as well as to withdraw their consent to data processing if the data processing is carried out on the basis of consent, by submitting an application to the Controller at 12 Plienciema Street, Marupe, Mārupe District, LV-2167, Latvia, or an application signed with a secure electronic signature, sent to e-mail address: firstname.lastname@example.org.
The Controller shall communicate with the data subject using the contact details (telephone number, e-mail address, address) provided by the data subject. The data subject may receive the requested information within one month from the date of submission of the request by post, which will be sent to the address indicated in the application by registered post or e-mail, or in person at the Controller’s office at 12 Plienciema Street, Marupe, Mārupe District, LV-2167, Latvia.
If the data subject is not satisfied with the response received, the data subject shall have the right to lodge a complaint with the Data State Inspectorate at 17 Elijas Street, Riga, LV-1050, Latvia.
An “internet cookie” is a small file consisting of letters and numbers that will be installed on a visitor’s computer, mobile device or any other device from which the data subject accesses the internet.
The cookie is set via a request sent to the web browser (i.e. Edge Firefox, Chrome) by the web server and is completely “passive” (it does not contain software, viruses or spyware and cannot access information on the hard drive of the data subject’s device). It is anonymous and does not identify you directly.
Cookies allow the Controller to obtain valuable feedback in relation to the devices from which the data subject visits websites on the Internet, thereby facilitating the data subject’s access to the websites and integrating applications or features into the website that may provide the data subject with a better website navigation experience, making it more useful and enjoyable.
For more information about cookies, including how you can find out what cookies are set on your device and how to manage or delete them, please visit: www.allaboutcookies.org.
If you have any questions, contact us
If you have any questions about the processing of your personal data, please contact the Controller or its Data Protection Officer by one of the following channels: e-mail email@example.com, telephone 67301000.