This privacy policy (hereinafter referred to as the “Policy”) defines how Sostinės gondola UAB (hereinafter referred to as the “We” or the “Data Controller”) collects, uses and stores your personal data when you use our website gondola.lt and when you book services through the Amelia Booking system and when you make a payment through the “Paysera” payment gateway.
1. General 1.1 The security of your personal data is a priority for us. In collecting and processing your personal data, we comply with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation – GDPR) and the legislation of the Republic of Lithuania.
1.2. This Policy explains in detail what data we collect and why, how we use it and what rights you have in relation to your personal data.
2. Data collection and use
2.1. We collect and process personal data for the following purposes:
* Booking and provision of services: when you book services through the Amelia Booking plug-in, we collect your name, email address, phone number and other information necessary to complete the booking (e.g. date, time, type of service, number of people).This data is necessary to contact you about the booking, to confirm it, and to ensure the smooth provision of the service. * Payment processing: when you make a payment for services through the Paysera system, we do not process your bank card details. This data is processed directly by Paysera, a trusted payment service provider that meets the highest security standards. We only receive confirmation of a successful payment.
* Communication: we may use your contact details (email address, phone number) to inform you about the status of your reservation, changes or other important information related to your booked services.
* For statistical and analytical purposes: we may collect anonymised data about the use of the website (e.g. traffic statistics) in order to improve the performance of our website and the quality of our services. This data does not allow us to identify you personally.
3. Data storage and security
3.1. Your personal data is stored and processed in accordance with the security requirements set out in the GDPR and other legislation.
3.2. We take appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration or destruction.
3.3. Your personal data will be kept for as long as is necessary to provide the services, to protect our legitimate interests or as required by applicable law.
4. Transfer of data to third parties
4.1. Your personal data may only be transferred to third parties where there is a legitimate need to do so and only for the purposes set out in this Policy.
4.2 Amelia Booking: this plug-in helps you manage your bookings and collects booking data. The data is processed and stored on our website server.
4.3 Paysera: for payment transactions, your data (payment information) is transmitted to the Paysera system. “Paysera acts as an independent data controller and is responsible for the security of your payment data.
4.4. We do not transfer your personal data to any third party for marketing purposes without your explicit consent.
5. Your rights You have the following rights in relation to your personal data:
5.1 Right to know: the right to be informed about what personal data we process about you, for what purposes, who the recipients of the data are, and for how long the data will be kept.
5.2 Right of access: the right to request access to your personal data.
5.3 Right to rectification: the right to have inaccurate personal data about you rectified.
5.4 Right to erasure (right to be forgotten): the right to have your personal data erased if they are no longer necessary for the purposes for which they were collected or if you withdraw your consent and there is no other legal basis for the processing.
5.5 Right to restrict processing: the right to request the restriction of the processing of your data under certain circumstances.
5.6 Right to data portability: the right to receive your personal data that you have provided to us in a structured, commonly used and computer-readable format, and the right to transfer that data to another controller.
5.7 Right to object: the right to object to the processing of your personal data.
5.8 Right to withdraw consent: if your data is processed on the basis of consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of the processing carried out before the withdrawal of consent.
5.9 Right to lodge a complaint: the right to lodge a complaint with the State Data Protection Inspectorate if you believe that your rights in relation to the processing of personal data have been infringed.
6. Cookies (Cookies)
6.1. Our website may use cookies, which are small text files that are placed on your device when you visit the website.
6.2. Cookies are used to ensure the functionality of the website, to improve your experience, to analyse website traffic and to provide personalised content.
6.3. You can manage and/or delete cookies in your browser settings. Please note that disabling cookies may result in some features of the website not working properly.
7. If you have any questions or would like to exercise your rights related to the processing of personal data, please contact us: UAB “Sostinės gondola” Address: J. Tiškevičiaus g. 4-4, LT-02232 Vilnius E-mail: [email protected] Phone: +37062055531
8. Changes to the Policy We reserve the right to change this Privacy Policy at any time. Changes will be communicated by posting an updated version on our website.
