SIA SEMARAH HOTEL MANAGEMENT PRIVACY POLICY

Last revised on January 11, 2019

The Privacy Policy, hereinafter referred to as the Policy, describes the procedure by which SIA SEMARAH HOTEL MANAGEMENT processes personal data.

SIA SEMARAH HOTEL MANAGEMENT is committed to protecting the privacy of its Customers by using modern technology, taking into account the existing privacy risks and SIA SEMARAH HOTEL MANAGEMENT’s reasonably available organizational, financial and technical resources, therefore the Policy is applicable to SIA SEMARAH HOTEL MANAGEMENT relations with Customers, including those established before the entry into force of this Policy, as well as in relation to third parties that, in connection with the provision of services to Customers, receive or transfer to SIA SEMARAH HOTEL MANAGEMENT any personal data (including information of contact persons, payers, etc.).

1. Definitions
A Customer is any natural person who is using, has used or has expressed a wish to use any services of SIA SEMARAH HOTEL MANAGEMENT, including guests, visitors to the office and hotels of SIA SEMARAH HOTEL MANAGEMENT and the website maintained by SIA SEMARAH HOTEL MANAGEMENT. Personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. Personal data processing controller
2.1. The personal data processing controller is SIA SEMARAH HOTEL MANAGEMENT, reg. No. 40103576889, registered office address Skanstes Street 7 k-1, Riga, LV-1013, telephone +37166118465 (hereinafter – and/or Service Provider), https://www.semarahhotels.com/.

3. Applicable laws and regulations
3.1. Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter – General Data Protection Regulation).
3.2. Personal Data Processing Law and other applicable laws and regulations on privacy and data processing.
3.3. Other laws and regulations that determine the obligations of the Controller to perform specific activities with personal data.

4. SEMARAH HOTEL MANAGEMENT Privacy Policy
4.1. The Privacy Policy ensures that SEMARAH HOTEL MANAGEMENT processes Personal Data lawfully, fairly and in a transparent manner. The policy applies to processing of any personal data, i.e., regardless of the form and/or environment in which the Customer provides personal data (websites maintained by SEMARAH HOTEL MANAGEMENT, in paper format, electronically or by telephone) and in which systems or paper format the data are processed.
4.2. With regard to specific types of data processing (e.g., processing of data obtained as a result of video surveillance, etc.), additional, specific rules may be laid down, of which the Customer is informed at the moment he or she provides the relevant data to SEMARAH HOTEL MANAGEMENT.
4.3. SEMARAH HOTEL MANAGEMENT processes Personal Data for the provision of services and sale of goods to ensure the fulfilment of contractual obligations between SEMARAH HOTEL MANAGEMENT and the Customer, as well as in legitimate interests of SEMARAH HOTEL MANAGEMENT, such as business planning and analysis, provision of information to public authorities and their operatives in the cases and amounts specified in external rules and regulations, as well as for other specific purposes, of which the Customer is informed at the moment he or she provides the relevant data to SEMARAH HOTEL MANAGEMENT.
4.4. SEMARAH HOTEL MANAGEMENT does not disclose to other persons Personal Data or any other information obtained during the provision of services or sale of goods, except in the following cases:
4.4.1. To SEMARAH HOTEL MANAGEMENT outsourced partners who provide services required by SEMARAH HOTEL MANAGEMENT. In such cases, SEMARAH HOTEL MANAGEMENT thoroughly checks all external service providers (processors of personal data) who process Personal Data on behalf of and acting for SEMARAH HOTEL MANAGEMENT, to ensure that the Personal Data are processed solely in accordance with SEMARAH HOTEL MANAGEMENT’s tasks, instructions, and legal requirements;
4.4.2. In accordance with the Customer’s explicit and unambiguous consent;
4.4.3. To persons provided for in laws and regulations upon their substantiated request, in accordance with the procedures and in the amounts provided for in laws and regulations;
4.4.4. For the protection of the legitimate interests of SEMARAH HOTEL MANAGEMENT in cases specified in laws and regulations, for example, by turning to a court or other state institutions with a claim against a person who has infringed on the legitimate interests of SEMARAH HOTEL MANAGEMENT.

5. Categories and source of Personal Data processed, purpose/objective and legal basis of Personal Data processing, potential recipients of data

6. Rights of the Customer as a data subject
6.1. The right to information, namely the right to receive information on whether SEMARAH HOTEL MANAGEMENT processes Personal Data and, if so, to receive information about the customer’s Personal Data that are being processed and why they are processed.
6.2. The right to access own data, namely the Customer’s right to request access to his or her Personal Data and to receive the Customer’s Personal Data stored by SEMARAH HOTEL MANAGEMENT and processed in one of the most commonly used electronic formats.
6.3. The right to rectify data, i.e. the Customer’s right to request rectification of his or her Personal Data if they are inaccurate, incomplete or incorrect.
6.4. The right to delete data, i.e. the Customer’s right to request deletion of his or her Personal Data, for example, if the Personal Data are no longer necessary for the purpose for which they were collected or if the Personal Data were processed unlawfully.
6.5. The right to restrict the processing, namely the right to restrict the processing of Personal Data in accordance with the applicable laws and regulations, for example, when SEMARAH HOTEL MANAGEMENT is assessing whether there is a right to deletion of the Personal Data.
6.6. The right to data portability, namely the Customer’s right to receive his or her Personal Data stored at SEMARAH HOTEL MANAGEMENT in a structured, commonly used and machine-readable format and to transfer the data to another Service Provider.
6.7. The right to object to processing of data, namely the Customer’s right to object to processing of his or her Personal Data carried out in the legitimate interests of the Service Provider.
6.8. The right to submit complaints regarding the processing of Personal Data to the Data State Inspectorate (www.dvi.gov.lv) if, according to the applicable laws and regulations, the processing of Personal Data violates the rights and interests of the person.
6.9. Upon receiving Customer’s request for the exercise of his/her rights as a data subject, SEMARAH HOTEL MANAGEMENT verifies the Customer’s identity, assesses the request and executes it in accordance with the applicable laws and regulations. SEMARAH HOTEL MANAGEMENT reply is sent to the Customer via registered mail to the contact address indicated by him or her, or an electronically signed reply is sent by e-mail upon the Customer’s request, taking into account, if possible, the manner of receiving the reply specified by the Customer.

7. Obligations of the customer as a data subject
7.1. The data subject is responsible for providing true, valid and complete data both when concluding the contract (ordering the service) and during the performance of the contract (during the provision of the service).
7.2. In case of changes in personal data, the data subject is obliged to promptly inform SEMARAH HOTEL MANAGEMENT thereof in writing by sending information to the e-mail address referred to in Paragraph 10 of these Rules or to the registered office of SEMARAH HOTEL MANAGEMENT.

8. Geographical area of ​​data processing
Personal data will be processed in the European Union/European Economic Area.

9. Data storage duration
Personal data will only be processed for as long as is necessary to achieve the purpose of the processing. The retention period may be based on the contract concluded with the Customer (after termination of the relationship between SEMARAH HOTEL MANAGEMENT and the Customer, Personal data are deleted if retention of the data is not necessary for other processing purposes, legitimate interests of SEMARAH HOTEL MANAGEMENT, or applicable laws and regulations (e.g., laws on accounting, anti-money laundering, statute of limitations, civil law, etc.)).

10. Contact details
The Customer may contact SEMARAH HOTEL MANAGEMENT regarding personal data protection matters, including withdrawal of consent, requests, exercise of the data subject’s rights and complaints about the processing of personal data.

Contact details of SEMARAH HOTEL MANAGEMENT representative responsible for personal data protection matters: phone +37166118465, e-mail privacypolicy@semarahhotels.com, Skanstes Street 7 k-1, Riga, LV-1013.