Privacy Policy
Personal Data Protection Policy
For Guests, Visitors and Other Data Subjects
1. The purpose of the policy.
The Personal Data Protection Policy describes how Grandeur Hotel processes personal data in accordance with applicable data protection laws and international best practices. We respect and protect your right to be fully informed about the processing of your personal data.
2. Who are we?
Data Controller:
Business name: Grandeur Hotel
Address: 5 Lech and Maria Kaczynski St., Batumi, Georgia
Contact number: +995322152500
Email: [email protected]
Website: https://www.grandeurhotel.ge/ka
3. Principles of Data Processing.
Principle of Legality and Fairness – We process your personal data only on lawful grounds and in accordance with rules established by applicable law.
Purpose Limitation – We process personal data only for the specific operational purpose for which it was collected.
Principle of Transparency – You are informed about the personal data processing activities.
Principle of Data Minimization – We process personal data only to the extent necessary to achieve the operational purpose.
Principle of Term Limitation– We retain personal data only for as long as necessary to achieve the operational purpose. After the retention period expires, we securely delete and destroy the data.
Principle of Data Security – To protect the security of personal data, we implement technical and organizational measures that adequately safeguard the data against unauthorized or unlawful processing, as well as accidental loss, destruction, or damage.
4. What type of data do we process?
When providing our services, depending on the nature of the service, we may process one or more of the following types of personal data:
Identification data: Name, last name, date of birth, identification number, data of the document confirming identity (copy), sex, citizenship, place of birth, address, nationality and etc;
Contact information: Email, telephone number, and etc;
Data obtained by communication: Data obtained via email, telephone, chat, social media or other communication channel;
Recordings: Video recordings. No audio monitoring is conducted on the premises.
Banking and card information: Financial information, such as billing details, payment data, and card information used for payments.
Reservation and accommodation data:
Check-in and check-out dates, Guest preferences (e.g., room/floor etc.)
Contractual information: Information about services provided and products supplied by the hotel;
Device data:
When you visit our website, we automatically collect information about your device, such as your IP address, time zone, and essential cookies.
Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.
5. Purpose of data processing.
We process data only for clearly defined and legitimate purposes. The personal data listed in Clause 4 of this document are processed for one or more of the specific purposes outlined below:
- For the purpose of protecting the legal rights and legitimate interests of the hotel;
- For the purpose of providing the offered products and services;
- For the purpose of improving service quality and taking into account customer needs and preferences;
- For the purpose of organizing events on the hotel premises;
- For the purpose of entering into a contract (including an employment contract) or transaction;
- To manage labor law-related rights and responsibilities with employees;
- To protect our own property and that of others;
- For the purpose of ensuring compliance with safety standards;
- To address breaches of hotel policies;
- When visiting our website, we use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
-
To carry out payment transactions through our website.
6. How is personal data collected?
Personal information about guests, accompanying persons, and visitors is collected:
From websites through which our hotel rooms are booked, based on contracts concluded with them;
Directly from individuals using the hotel’s services — on-site, via phone calls or correspondence;
Directly from individuals using the hotel’s services, when processing payments through the website or on-site. When you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, payment information (such as credit card numbers), email address, and phone number.
When using the hotel premises under a contractual arrangement, the contracting party may provide us with information about event participants (names and surnames) for the purpose of granting them access to the building;
During video monitoring inside the hotel building and its external perimeter.
When visiting out website, we collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
-
“Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
7. Basis for data processing.
Your personal data will be processed only if one of the following grounds exists:
- You have given voluntary consent for the processing of your data;
- Data processing is necessary to conclude or perform a contract with you, or to fulfill obligations arising from a transaction;
- Data processing is required to comply with legal obligations;
- Data processing is necessary to provide services to you or to consider your application;
- Data processing is necessary to protect the legitimate interests of the hotel or third parties;
- The data is publicly available.
The purpose of video monitoring is to prevent crime, ensure the safety of individuals on the premises employees, guests, visitors, including minors and to protect property.
8. Processing of Personal Data of Minors.
We process the personal data of minors in accordance with the Law on Personal Data Protection, based on the consent of a parent or legal guardian, and always with the best interests of the minor in mind.
9. Data Retention and Disposal Policy.
We retain your data:
- For the entire duration of the service and for no longer than 10 years after the service has ended;
-
Or for the period necessary to achieve the specific purpose of processing, as defined by the scope of the service or specified in the contract.
10. Your rights.
Right to be Informed About Data Processing –You have the right to obtain information about the data being processed about you, the purpose and legal basis of the processing, as well as the source of the data and any disclosures made to third parties.
Right to Access and Receive Copies of Your Data - You have the right to access the personal data held about you by the hotel and to receive copies of documents or records containing your personal data, in accordance with the procedures established by Georgian law.
Right to Correct, Update and Complete Data - You have the right to request correction, updating, and completion of any inaccurate, incomplete, or outdated personal data about you.
Right to Suspend Data Processing and Request Deletion or Erasure - You have the right to request that the processing of your personal data be suspended, and that your data be deleted or erased;
Right to block data – You have the right to request data blocking;
The right to withdraw consent - You have the right to withdraw your consent to the processing of your personal data at any time and to request the deletion of any data processed based on that consent.
Right to Data Portability - You have the right to request the portability of your personal data that you have provided to us — that is, to receive it in a structured format or to have it transferred to another data controller.
Right to appeal - In case of a violation of your rights, you may contact us, the Personal Data Protection Service, or the court.
Rights in Case of a Data Breach - You have the right to be informed about any incident involving your personal data, including the relevant circumstances, the actual or potential harm caused by the incident, and the measures taken or planned to mitigate or eliminate such harm.
11. Data Security.
We store and process your personal data in compliance with legal requirements and implement technical and organizational security measures to protect your data.
We protect your personal data against unauthorized or unlawful access, accidental loss, damage, disclosure, or destruction.
Our employees follow internal procedures to ensure the confidentiality of personal data.
12. Data Sharing.
Your data may be shared with:
- Our affiliated entities and service providers, including IT service providers, auditors, and consultants;
- Courts, based on a court order;
- We use Google Analytics to understand how you interact with our website.
-
Other third parties, with your consent.
13. Cookies.
“Cookies” are small text files stored on your device when you visit our website. The use of essential “cookies” ensures the functionality of the website and allows you to use it, while other types of “cookies” help improve and simplify your experience on the site.
When visiting our website, you will be required to consent to the Cookies Policy in order for the information to be collected.
14. Policy updates.
This policy document may be updated periodically, as needed. The revised version will be published on our website without delay, indicating the date of the update.