Privacy and cookie policy


This Privacy and Cookie Policy explains how Alfor LLC, as the controller of personal data (hereinafter – the Controller), processes personal data and provides information about the rights of the data subject in accordance with the Personal Data Processing Law and the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter – the Regulation).

The purpose of the Privacy and Cookies Policy is to inform visitors of Aston Hotel Riga (hereinafter – the Hotel) and its website about the processing of personal data, its purposes and personal data protection measures.

Contact details of the controller

Controller: Alfor LLC, registration No.40003512913, registered and actual office: 12 Plienciema Street, Marupe, Marupe District, LV-2167, Latvia, e-mail address:, telephone number 67301000.

The Data Protection Officer’s email address:

Information on the processing, acquisition, transfer and protection of personal data

The Controller shall comply with the following data processing principles in order to ensure adequate data protection measures:

  • personal data is collected from the data subject on the basis of consent;
  • processing of personal data is based on a contractual obligation for the purposes and obligations set out in the contract;
  • processing of personal data is necessary to ensure the performance of obligations under laws and regulations;
  • inform the data subject for what purposes the personal data are collected and used;
  • process personal data in accordance with the Regulation and other applicable laws and regulations;
  • personal data shall be collected and processed:
  • for the provision of hotel services;
  • for the provision of catering services;
  • for accounting and human resources purposes,
  • for protection of its legitimate interests,
  • for complying with laws and regulations,
  • for improving service quality,
  • for marketing purposes,
  • for security needs of customers, employees and property


  • take precautions to prevent the loss, misuse and unauthorised access, disclosure, alteration or destruction of personal data;
  • take appropriate technical and organisational measures to protect the data systems on which personal data are stored;
  • personal data are collected, processed, stored and transmitted in automated and/or document-based processing systems;
  • ensure that access to personal data is restricted to appropriate authorised persons who need such access in order to carry out their official duties;
  • personal data are processed lawfully and fairly;
  • personal data are not stored for longer than required by laws, regulations or for the purpose of the processing;
  • personal data may be disclosed to law enforcement authorities, state and local authorities upon a legally substantiated request from the respective authority;
  • the data is processed in a member state of the European Union (EU) or the European Economic Area (EEA). Personal data is not transferred to or processed in a country outside the EU/EEA.

The Controller does not process special categories of personal data concerning data subjects.

Purpose of the processing of personal data

The Controller processes personal data for the following purposes:

  • to receive hotel services, the customer must provide the following information: name, surname, personal identification number, date of birth, nationality, e-mail address, telephone number, credit card number and expiry date, details of identity document (passport or identity card), national registration number of the vehicle;
  • to provide catering services, the customer must provide the following information: name, surname, personal identification number or date of birth;
  • to ensure the execution of services and the administration of payments, the activity data processed may include: online payment data (debit/credit card number), account number;
  • Cookies are collected to ensure the security, improvement, development and maintenance of the Aston Hotel Riga website. Further information on cookies and their management is provided in the Use of cookies section below;
  • to carry out marketing activities.
  • to prevent offences relating to the protection of property and the safeguarding of vital interests of persons, including life, health, safety and order.

Legal basis for processing personal data

The Controller processes personal data on the following legal grounds:

  • the data subject’s consent;
  • entering into a contract – to ensure the service is delivered and online payments are processed;
  • regulatory compliance – to comply with an obligation under a law or regulation;
  • legitimate interests – to fulfil contractual obligations and achieve contractual objectives, or legitimate interests deriving from laws or regulations;
  • safeguarding the vital interests of the data subject or another natural person – to ensure the security of data held by the Controller.

Claims for reimbursement

The Controller shall not be entitled to claim reimbursement of expenses under the Regulation, except where the data subject requests more than one copy of the data, including where there are multiple requests for the same personal data. In such a case, the Controller may charge a reasonable fee based on administrative costs.

Storage of personal data

The Controller shall store personal data in accordance with the purposes of processing personal data and the legal grounds for processing personal data set out in this Privacy and Cookie Policy for as long as at least one of the following circumstances exists:

  • there is a legal obligation to keep the data for a certain period of time in accordance with the requirements of laws and regulations;
  • it is necessary to pursue the legitimate interests of the Controller;
  • it is necessary to fulfil the contractual obligations entered into between them.


Rights of the data subject

The data subject shall have the right to obtain information on what personal data the Controller holds and for what purpose they are processed, to request correction, supplementation or deletion of data, to transfer data (data portability), as well as to withdraw their consent to data processing if the data processing is carried out on the basis of consent, by submitting an application to the Controller at 12 Plienciema Street, Marupe, Mārupe District, LV-2167, Latvia, or an application signed with a secure electronic signature, sent to e-mail address:

The Controller shall communicate with the data subject using the contact details (telephone number, e-mail address, address) provided by the data subject. The data subject may receive the requested information within one month from the date of submission of the request by post, which will be sent to the address indicated in the application by registered post or e-mail, or in person at the Controller’s office at 12 Plienciema Street, Marupe, Mārupe District, LV-2167, Latvia.

If the data subject is not satisfied with the response received, the data subject shall have the right to lodge a complaint with the Data State Inspectorate at 17 Elijas Street, Riga, LV-1050, Latvia.


Use of cookies

The website of Aston Hotel Riga uses cookies to help improve your browsing experience and to ensure that the website functions properly.

When visiting the website, the user is presented with a window with a message that cookies are being used. The Controller respects the right to privacy and, if the user does not wish to accept cookies, it is possible to close the notification, as well as to change the settings and choose not to allow all types of cookies and to define your own settings using the cookie settings button. The Controller informs you that blocking cookies may affect the functioning of the website and the services offered. If the website user accepts cookies, the legal basis for the use of cookies is the user’s consent, by which the user confirms that he/she has read the information about cookies, the purposes of their use, the cases in which information is passed on to a third party.

An “internet cookie” is a small file consisting of letters and numbers that will be installed on a visitor’s computer, mobile device or any other device from which the data subject accesses the internet.

The cookie is set via a request sent to the web browser (i.e. Edge Firefox, Chrome) by the web server and is completely “passive” (it does not contain software, viruses or spyware and cannot access information on the hard drive of the data subject’s device). It is anonymous and does not identify you directly.

Cookies allow the Controller to obtain valuable feedback in relation to the devices from which the data subject visits websites on the Internet, thereby facilitating the data subject’s access to the websites and integrating applications or features into the website that may provide the data subject with a better website navigation experience, making it more useful and enjoyable.



For more information about cookies, including how you can find out what cookies are set on your device and how to manage or delete them, please visit:

If you have any questions, contact us

If you have any questions about the processing of your personal data, please contact the Controller or its Data Protection Officer by one of the following channels: e-mail, telephone 67301000.

The Controller has the right to unilaterally amend or supplement this Privacy and Cookie Policy. The current version of the Privacy and Cookie Policy is published on the Aston Hotel Riga website