Политика конфиденциальности

  • Personal data protection policy

    Update date: November 28, 2024.

    This personal data protection policy explains the types of personal data and the forms of their use that "Elt Building" LLC collects from you and the rights that you, as a data subject, have in connection with the collection and processing of your personal data.

    Definitions of terms:

    The person responsible for the processing: "ELT Building" LLC (S/N: 445471285, legal address: Georgia, Batumi city, Rejeb Nizharadze Street N18), the legal entity that determines the purposes and means of processing your personal data and that, together with the person authorized for processing, carries out data processing. processing;

    Person authorized for processing: "Elt Building" LLC (S/N: 445471285, legal address: Georgia, Batumi city, Rejeb Nizharadze Street N18), a legal entity that processes your personal data for and on behalf of the person responsible for processing;

    "Data Controller" and "Data Processor" collectively referred to as "we" or "our"

    Personal data or personal information: information we collect from you that identifies or makes identifiable a data subject;

    You: Our customer who acquires or intends / is interested in acquiring our services and products.

    We collect your personal data from the following channels/sources:

    a) in case of registration of a personal account on this website (hereinafter "website");

    b) by providing your email address and consenting to our direct marketing policy, in the case of subscribing to our marketing communications;

    c) through this website, our communication / call center, social media pages or other publicly available communication channels, in the case of booking our hotels and/or restaurants and bars;

    d) as the main or accompanying guest during physical registration in our building;

    Accordingly, in the event that you engage in any of the above-mentioned "activities", we take all reasonable steps to ensure that you read and agree to this Personal Data Protection Policy and any amendments/updates to it.

    If you have any questions or complaints regarding this Personal Data Protection Policy, please contact us at the contact details specified in Article 12 of the same Personal Data Protection Policy.

    1.Personal information we collect from you

    Depending on the type of "activity" you engage in, we may collect different types of data, and by agreeing to this Personal Data Protection Policy, you give us the right to collect and process your personal data.

    a) If you only visit our "website" and do not make a reservation through it, we collect about you: technical data (so-called IP address, log-in data, browser type and version, time zone configuration and location, browser "flag-in" types and versions), the operating system of the device, platform and other type of technology that you use when accessing a given "website"), information related to the use of the "website" (your use of the "website" page", information related to the use of products and services located on the same "website"), marketing and communication data (your preferences regarding receiving marketing offers from us and/or other third parties and your experience as a user of us or a given "website" and your respective preferences);

    b) If you subscribe to our marketing messages and/or register a personal account through this website (except for technical data, information related to the use of the "website", marketing and communication data, which is explained in subsection "a" of this article), we We collect about you: identification data (your first and last name) and contact information (your email address).

    c) If you book our hotel rooms on our "website" (in addition to technical data, information about your use of the "website" and marketing and communication data, we collect about you: your identification data (name, surname or similar means of identification ), contact information (address, e-mail address and phone/mobile number), technical and website usage data (which is explained in subsection "a" of this article), transaction data (information about purchases of our services or products , which are performed by you through this "website", financial data (your payment card details), specific data about each client (your username and password, reservations, your arrival and departure dates at our hotels, your interests, preferences, feedback and survey responses) and marketing and communications data (as defined in subsection (a) of this section);

    d) If you book our hotel rooms through our communication/call center (hotline), we collect about you: your identification data as defined in sub-section c of this article, contact data and specific/individual information for each customer (your reservations, your arrival and departure dates at our hotels, purchases or orders you make, your interests, preferences, feedback and survey responses (if shared as such));

    e) If you book our hotel rooms through a third-party website, we collect about you: your identification data (name, surname or similar means of identification), specific data for each client (your reservations, your arrival and departure dates at our hotels, you purchases or orders made by you, your interests, preferences, feedback and survey responses (if shared) and financial data (your payment card details);
    f) If you register at our hotel reception, we collect about you: identification data (name, surname, date of birth, nationality and country), a copy of your passport or ID card for identification purposes and reasonable security measures in the building where our hotels are located, Your contact data (email address and mobile phone number), identification data about your accompanying guest (first and last name of the guest(s)), specific data about each client (your reservations, arrival and departure dates at our hotels, purchases made by you or orders, your interests, preferences, feedback and survey responses) and your financial data (your payment card details);
    g) If you are a guest accompanying the main guest of our hotel and you undergo physical check-in at our hotel reception, we collect about you: your identification data (name, surname, date of birth, nationality and country), a copy of your passport or ID card for identification purposes and In order to maintain reasonable security measures in the building where our hotels are located, your contact data (email address and mobile phone number), identification data about your accompanying guest (guest(s) first and last name), specific data about each client (your reservations , arrival and departure dates at our hotels, purchases or orders made by you, your interests, preferences, feedback and survey responses) and your financial data (your payment card details) and data related to transactions carried out (if you make payments at our facilities).

    2. Third parties as persons authorized to process your personal data on our behalf

    We use the services offered by our contractors, such as booking systems, who, based on their respective contractual obligations, are responsible for ensuring and maintaining all relevant and necessary data security standards and protecting the confidentiality of "personal information" and processing it only in accordance with our instructions. By carrying out any of the above-mentioned "activities", our contractors collect and process your "personal data" only for the purpose and to the extent necessary for your use of our "website" to carry out the relevant "activities".
    Please note that the "personal data" they collect is also collected and processed in accordance with their personal data protection and cookie policy. Furthermore, in addition to this personal data protection policy, your "personal information" is also subject to the personal data protection and cookie processing policies developed by the above-mentioned third parties, and by performing the above-mentioned "activities", you agree that the third parties in accordance with the personal data protection policies developed by them to collect, store and process your "personal information". For additional and detailed information about third parties, the categories of "personal data" collected by them, the forms and rules of personal data collection and processing developed by them, please refer to our contact details specified in Article 12 of this Personal Data Protection Policy. We will try to satisfy your request as soon as possible.

    3. When and how we collect your personal data Personal information may be obtained from the following sources/activities:

    a) When you carry out any of the "activities" listed in the first article of the Personal Data Protection Policy, we collect data in accordance with the detailed and differentiated list developed in the same article.
    b) "We may also collect your personal information" from other sources, such as shared marketing partners, booking systems, social media tools, applications and other third parties. When you visit our "Website" from your personal social media account, we also collect personal information from your social media account.

    4. Our personal data protection principles

    We collect and process your personal data in accordance with the following principles of personal data protection:
    a) We collect and process your "personal data" only in accordance with the purposes set forth in Article 5 of this Personal Data Protection Policy and your personal data is not processed in any other way that conflicts with these purposes. Accordingly, we ensure that the "personal data" collected about you is processed only to the extent that is adequate, necessary and limited to the stated purposes;
    b) We store and process your "Personal Data" only to the extent and for the period necessary to achieve the purposes set out in the Personal Data Protection Policy;
    c) We protect all public and non-public “personal information” collected about you with strict adherence to high security and privacy standards;
    d) We implement and maintain all necessary internal technical and organizational security measures to keep and protect your "Personal Data" confidential and secure. which includes storing your personal data in secure electronic databases that are accessible only to a strictly defined group of persons, in accordance with the internal standard operating procedures developed and implemented by us, which are mandatory for the said persons;
    e) We require any third parties who provide us with their products/services to protect and respect the privacy of your personal information;
    f) We only allow authorized employees and contractors to have access to and process your personal data, only in accordance with the purposes set out in this personal data protection policy. They are fully and unalterably subject to the privacy obligations set out in the Personal Data Protection Policy on the storage, processing and disclosure of your "Personal Data".

    5. Purposes of personal data collection and processing

    We collect and process your personal data only to the extent provided for the following purposes:

    a) to provide you with our products and services;
    b) to ensure all appropriate and necessary security measures after physical registration at our premises;
    d) to carry out automatic payment procedures, if you book a hotel through our website and do not show up;
    e) to improve your experience with our products and services and our services, taking into account your preferences;
    f) to receive the preferences of our users; and/or
    g) To protect our legitimate and legal interests, in the event of a dispute between us and the user regarding the personal data protection law or our actions.
    6. Personal Data Sharing / Personal Data Transfer
    We may share your personal information with the following persons:
    a) Our affiliated companies, which include entities affiliated or related to us, any entity and/or person directly or indirectly controlled by us, under common control with us or controlled with us by another affiliated entity with common business interests. For the purposes of this definition, "control" means: the direct or indirect power to manage and direct the activities of a person, by virtue of ownership, controlling interest or voting rights, whether contractual or otherwise.

    6. Personal Data Sharing / Personal Data Transfer

    Personal data is shared with our affiliated companies within the corporate governance structure of our group of companies for common legitimate, financial, legal and corporate purposes. We only share your "Personal Data" with affiliates within our group who need to process your data for the purposes set out in the same clause and who treat your personal data processing, storage and non-disclosure to the same standards of confidentiality as set out in this Personal Data Protection Policy.
    b) Our employees who need to access and process your personal data only for the purposes set out in this personal data protection policy. They are subject to the privacy obligations set out in the Personal Data Protection Policy on the processing, safekeeping and non-disclosure of your personal data;
    c) Third parties who act as persons authorized to process data on our behalf in accordance with Article 2 of this Personal Data Protection Policy and for the purpose provided for in the same Article. Data sharing (data transfer) to such third parties, which are registered and operate outside of Georgia, is carried out in accordance with the rules and requirements established by the current legislation of Georgia on international data transfer.d) to relevant state bodies, in accordance with the requirements of the current legislation of Georgia.

    7. COOKIE files

    The website uses the so-called Cookies to analyze your use of our website. This information helps us to update and develop our services and website. Accordingly, we also process your personal information through the cookie files specified in the Cookie File Processing Policy below.

    8. Profiling (automated processing of personal data

    We process your "Personal Data" through automated means to identify your preferences that help us improve and refine our products and services. By agreeing to this Personal Data Protection Policy, you also consent to us processing your "Personal Data" for profiling purposes. Profiling serves the purpose of analyzing your requirements, wishes and preferences in order to make your visit to our hotels and restaurants and bars more comfortable and enjoyable and to offer you an experience that is individually tailored and designed for you. More specifically, for profiling purposes, we analyze the following information about you:
    At the stage of accommodation in our hotels:
    a) number of reservations (including used and canceled reservations);
    b) number of guests;
    d) purchases and orders;
    e) amount spent;
    f) seasonality of bookings
    g) frequency of bookings;
    h) Interruption between bookings.
    You, as a data subject, have the right to request the deletion or destruction of the data collected for the purposes of profiling and the resulting data and to express consent to the processing of your personal data for the purposes of profiling, which we will comply with within 10 working days as stipulated by the applicable legislation of Georgia.
    Please note that if you consent to our processing of your personal data for profiling purposes or request its termination, we may no longer be able to offer you services / products that are improved or tailored to your requirements, preferences and interests, or may be limited in our ability.
    We reserve the right to refuse to comply with your request if this is justified by a relevant legal basis or if the retention of such data is necessary to protect our legitimate interests.
    You will be sent an appropriate written explanation of the grounds for our refusal to grant your request and information on how to appeal our decision.

    9. Personal Data Storage and Security
    We treat your personal information with due care, confidentiality and compliance with the requirements of the applicable legislation of Georgia. We adopt and implement all necessary technical and organizational security measures to protect your personal information from unlawful use, loss, alteration, deletion, processing and/or unauthorized, unauthorized access and impact to your personal data. We take and implement the mentioned measures in accordance with the applicable legislation of Georgia and the principles provided for in this personal data protection policy.
    We process and store your "Personal Data" to the extent and duration necessary to achieve the purpose set forth in this Personal Data Protection Policy. If the purpose of the processing no longer exists either under this Personal Data Protection Policy or under the law, we will routinely delete your "Personal Data" or store it in a de-identified and depersonalized form, while minimizing the collected Personal Data to only the extent necessary for the remaining active and valid purposes. to achieve
    We ensure that the third parties defined in Section 6 of this Personal Data Protection Policy strictly adhere to the terms and conditions set forth in this Article.

    10. Your Rights and Obligations
    According to this personal data protection policy, you, as a data subject, can at any time and without incurring any additional costs from us, apply for the following rights:
    a) to receive information about what kind of personal data we process about you and according to which bases and principles;
    b) get information about all the sources from which we collect your personal data;
    c) Get information on your personal data retention periods. and, if a specific term is not defined, about the relevant criterion that establishes such a term;
    d) get information about the legal basis and legitimate purposes of processing your personal data. Also, if we transfer your personal data to another country, the data security standards developed and implemented by us at the stage of such transfer;
    e) get information about the recipients of your personal data and the basis and purpose of transferring your personal data to them;
    f) Receive information about the decision made as a result of the automated individual processing of your personal data, including profiling and the logic we use to make such a decision. Also, to receive information on its impact on the process of data processing and on the probable results obtained as a result of such processing;
    g) request the transfer of your personal data processed by us to another person responsible for processing;
    h) express your consent to our processing of your personal data, and/or
    i) In case of violation of the rights and established rules provided by this personal data protection policy and/or the law, apply to the personal data protection service (please see the contact details in Article 12 of the given personal data protection policy) or to the general courts of Georgia.

    You also have the right to request that your personal data be corrected, updated, deleted or destroyed or that we stop processing your personal data. We will satisfy your request within 10 working days as stipulated by the current legislation of Georgia. We reserve the right to refuse your request if it conflicts with our legitimate and legal interests, public interest, obligations imposed by the current legislation of Georgia or established requirements. Our refusal of your request will be presented with appropriate justification and an indication of how to appeal our decision.
    Please also note that if you request the deletion or destruction of your personal data that is necessary to provide you with the Services, we will no longer be able to provide you with the Services.
    If you wish to make any of the above requests in relation to your personal data, please contact us at our contact details set out in Article 12 of this Personal Data Protection Policy.
    Please further note that we are responsible for considering and meeting your requests only in relation to and within the scope of the personal data located and stored on our data servers. If you wish to have access to your personal data collected and processed by third parties, and you would like such persons to return, amend, add or delete your "personal data", please contact us at the contact details specified in Article 12 of this Personal Data Protection Policy.
    You are solely responsible for any damages to us or third parties that you may incur based on providing us with inaccurate, false or misleading information. Please note that you are only allowed to provide us with your own personal data and you are not allowed to provide us with information about other third parties. If you provide us with personal data of other third parties, it is understood that you have obtained such data in accordance with the relevant authorities and laws and that you are providing it to us based on the relevant permission.
    Please also note that we may retain and process certain types of personal information about you in order to complete transactions initiated by you, before returning or deleting such "personal information" at your request.
    11. Governing law
    Our website and this personal data processing policy are interpreted and regulated in accordance with the applicable legislation of Georgia.

    12. Our details
    In case of any questions, complaints, requests or claims, please contact us at the following details:
    "Elt Building" LLC (S/N: 445471285).
    Legal address: Georgia, st. Batumi, Regeb Nizharadze Street N18
    Email address: wynresidenceresetvation@rivarrockhotels.com
    Or contact the Personal Data Protection Service at the following contact details:
    Personal Data Protection Service
    Legal address: Georgia, st. Batumi, Regeb Nizharadze Street N18
    Email address: wyninfo@riverrockhotels.com
    Phone number: tel:+995577102418