Keystone Management, SIA

PRIVACY POLICY

  1. GENERAL PROVISIONS
    • Privacy policy (hereinafter – the Policy) describes the order, in which Keystone Management, SIA, registration No. 50203227291, registered address: 23 Elizabetes St., Riga, LV-1010 (hereinafter – the Company), processes Client’s personal data. The data controllerfor the Client's personal data is the Company, on behalf and in the interests of which the Client's personal data is processed, and which is responsible for the processing of the Client's personal data.
    • The Client is any natural person who uses, has used, or expressed a desire to use any services of the Company, including guests, hotel visitors of the Company, as well as visitors to the Company's website.
    • The Policy is applicable if the Client uses, has used, or expressed a desire to use the services provided by the Company, or is otherwise connected to the services provided by the Company, including relationships with the Client that were established before the provisions of this Policy came into effect.
    • The Company, in accordance with applicable regulations, ensures the confidentiality of personal data and has implemented corresponding technical and organizational measures to protect personal data from unauthorized access, unlawful processing, or disclosure, accidental loss, alteration, or destruction.
    • Personal data includes any information directly or indirectly related to the Client, namely any information that pertains to an identified or identifiable natural person.
    • Processing of personal data includes any actions related to personal data (including collection, recording, storage, modification, access provision, requests, transfer, deletion, etc.).
    • Information obtained from Clients and about Clients is processed and protected in accordance with this Policy, documents developed by the Company, and the requirements of regulatory acts. Additional information about the processing of the Client's personal data in specific cases may also be described in contracts, other documents related to services, and on the Company's website: www.keystonecollection.com (hereinafter – the Website)
  2. PERSONAL DATA PROCESSING
    2.1  Hotel reservation

    Hotel reservations can be made through the following methods:

    • On the website,
    • By contacting the Company by phone at +371 24953810,
    • By sending a request in electronic form to the Company's email address info@keystonecollection.com,
    • In person at the Company's hotel,
    • Through the intermediary of a travel agency,
    • Through the intermediary of online travel agencies, e.g., booking.com, hotels.com, etc.

    Regardless of the chosen hotel reservation channel, the Company processes your personal data for the following purposes:

    • To provide you with the opportunity to book a room at the Company's hotel,
    • To ensure the availability of the hotel and for reservation administration,
    • To send you a reservation confirmation,
    • To send you a reservation reminder,
    • To email you a review reminder.

    Hotel reservation 

    Categories of data being processed 

    • First name, last name;
    • Address;
    • Date of birth;
    • Email address;
    • Phone number;
    • Name/last name of the accompanying adult guest(s);
    • Payment card details;
    • Citizenship;

    Categories of data subjects

    • Client;
    • Hotel guest;
    • Accompanying hotel guest;
    • Person requesting the reservation.

    Grounds for data processing

    Data processing is carried out in order to:

    • Provide the selected services,
    • Conclude a contract based on the Client's request and ensure its performance;
    • Fulfil legitimate interests, such as confirming a reservation request in case of a dispute.

     

    Data receivers 

    • Company's hotel;
    • Company's structural units;
    • IT service providers;
    • Persons specified in external regulatory acts upon their justified request, in the manner and scope established by external regulatory acts

2.2. Checking in and checking out

When the Client arrives at the Company's hotel, the Company collects information, asks the guest to fill out a registration form, and processes the Client's personal data for the purpose of:

    • Registering the Client's check-in and check-out from the hotel;
    • Identifying the Client;
    • Creating or updating the Client's profile in the hotel booking system;
    • Managing (and archiving) the Client's registration in the hotel;
    • Obtaining a guarantee from a credit card or making a deposit to secure payment for the hotel stay;
    • Issuing a room key;
    • Ensuring the processing of payments related to the Client's stay at the hotel;
    • Generating, printing, or sending an invoice for the stay to the Client.

If the Client has booked a room at the Company's hotel but did not show up on the scheduled day without cancelling the reservation in advance, the Company processes the Client's personal data for the purpose of cancelling the Client's reservation and managing, processing, and recovering unpaid payments for which the payment deadline has expired.

Checking in and checking out

Categories of data being processed

    • First name, last name;
    • Address;
    • Date of birth;
    • Email address;
    • Phone number;
    • Name/last name of the accompanying adult guest(s);
    • Payment card details;
    • Citizenship;
    • Personal identification document data.

Categories of data subjects

    • Client;
    • Hotel guest;
    • Accompanying hotel guest.

Grounds for data processing

Data processing is carried out in order to:

    • Provide the selected services,
    • Fulfil the contract;
    • Fulfil legitimate interests, such as verification of the Client’s identity prior to signing the contract, as well as for storing the Client’s applications regarding the provision of services and other inquiries.

Data receivers

    • Company's hotel;
    • Company's structural units;
    • IT service providers;
    • Travel agencies;
    • Persons specified in external regulatory acts upon their justified request, in the manner and scope established by external regulatory acts.

2.3. Staying at the hotel

When a client stays at the Company's hotel, the Company processes the client's personal data for the purpose of:

    • Providing room cleaning and service during the stay;
    • Providing meals;
    • Returning lost or forgotten items to their owners;
    • Fulfilling the wishes of hotel guests and/or their companions, such as dietary needs and additional amenities.

 

Staying at the hotel

Categories of data being processed

    • First name, last name;
    • Address;
    • Date of birth;
    • Email address;
    • Phone number;
    • Name/last name of the accompanying adult guest(s);
    • Payment card details;
    • Special dietary needs.

Categories of data subjects

    • Client;
    • Hotel guest;
    • Accompanying hotel guest.

Grounds for data processing

Data processing is carried out in order to:

    • Provide the selected services,
    • Fulfil the contract;
    • Fulfil legitimate interests, such as arranging daily cleaning of the hotel, personalize the services provided and/or help with identifying the owners of lost or forgotten items.

 Data receivers

    • Company's hotel, including the personnel of the hotel, reception desk administrators and/or other engaged personnel of the hotel;
    • Company's structural units;
    • IT service providers;
    • Persons specified in external regulatory acts upon their justified request, in the manner and scope established by external regulatory acts.

2.4. Obtaining Client’s feedback

After the client's stay at the Company's hotel, the Company sends a satisfaction survey to the client's email, allowing the client to provide feedback on the hotel's performance.

Client’s feedback

Categories of data being processed

    • First name, last name;
    • Address;
    • Email address;
    • Phone number.

Categories of data subjects

    • Client;
    • Hotel guest;
    • Accompanying hotel guest.

Grounds for data processing

Data processing is carried out in order to:

    • Fulfil legitimate interests, such as improving the quality of services being provided.

 Data receivers

    • Company's hotel;
    • Company's structural units;
    • IT service providers;
    • Business partners of the Company – entities providing customer satisfaction questionnaires.

2.5. Reviews in social networks and internet

The company may process customer's personal data obtained through social network platforms (such as Facebook, Instagram) or online reviews (including the TripAdvisor platform) related to the company's hotel for the purpose of:

    • responding to customer inquiries or complaints;
    • monitoring the company's reputation;
    • improving the company's services.

Reviews in social networks and internet

Categories of data being processed

Data of any person which you decide to publish in social networks or other online review platforms.

Categories of data subjects

    • Client;
    • Hotel guest;
    • Accompanying hotel guest.

Grounds for data processing

Data processing is carried out in order to:

    • Fulfil legitimate interests, such as improving the quality of the services being provided and help the Company to better understand the wishes and habits of the customers.

Data receivers

    • Company's hotel;
    • Company's structural units;
    • IT service providers.

2.6. Commercial information newsletters

If you have agreed to receive our commercial information, we may contact you from time to time to provide information about our services and the latest offers, as well as process your personal data for these purposes.

Consent to the processing of personal data for receiving commercial information can be granted only by individuals who can act independently. If a person under the age of 13 wishes to receive information about news or offers, we ask the parents or guardians of such person to contact us.

An individual has the right to provide the Company only with their own personal data. It is prohibited for an individual to provide the Company with the personal data of other individuals. However, in the event of transferring personal data of other individuals to the Company, the individual, as an independent owner of personal data, is responsible for ensuring the legal basis for the transfer of such personal data to the Company and informing the individuals whose data is transferred to the Company about the processing of their personal data in accordance with this Policy, and ensuring compliance with the general personal data processing procedure provided by the General Data Protection Regulation and other applicable laws.

You have the right to withdraw your consent at any time by sending a request to the Company at its email address privacypolicy@keystonecollection.com or at the mailing address: 23 Elizabetes Street, Riga, LV-1010, marked "Consent Withdrawal Request". The withdrawal of consent does not affect the legality of data processing based on consent before its withdrawal.

Commercial information newsletter

Categories of data being processed

    • First name, last name;
    • Email address;
    • Phone number.

Categories of data subjects

    • Client;
    • Hotel guest;
    • Accompanying hotel guest.

Grounds for data processing

Data subject’s consent.

Data receivers

    • Company's structural units;
    • IT service providers;
    • Company’s business partners – entities providing IT solutions for the marketing needs, newsletters, offers and information.

2.7. Event planning

In the hotel of the Company, various events can be organized, such as seminars, conferences, etc. The collected personal data will be processed to fulfil your request for organizing the event.

Event planning

Categories of data being processed

    • First name, last name;
    • Contact details;
    • Position

Categories of data subjects

    • Client;
    • Client’s representative.

Grounds for data processing

Processing of data is carried out in order to:

    • provide the Client with the selected service;
    • ensure the execution of the contract.

Data receivers

    • Company's structural units;
    • IT service providers;
    • Company’s business partners – entities engaged in the event planning.

2.8. Video surveillance

Video surveillance

Categories of data being processed

    • Person’s image.

 Categories of data subjects

    • Client;
    • Hotel guest;
    • Accompanying hotel guest;
    • Hotel visitor;
    • Hotel employee.

Grounds for data processing

The processing of data is carried out for the purpose of:

    • implementing legitimate interests - protecting the Company's and third parties' property located in the premises and on the hotel territory, ensuring the safety of individuals, preventing potential legal violations, documenting the commission of a crime, as well as supervising the progress and quality of services in the hotel.

Data receivers

    • Company's structural units;
    • IT service providers;
    • Company’s business partners – security services company;
    • State and municipality institutions (upon request).

3. DATA STORAGE PERIOD

The company stores and processes the Client’s personal data as long as at least one of the following conditions is met:

    • Only for the duration of the contract concluded with the Client;
    • As long as, in the manner provided by external regulatory acts, the Company or the Client can realize their legitimate interests (e.g., raise objections or file a lawsuit);
    • As long as one of the parties is legally obligated to retain the data;
    • As long as the Client's consent to the relevant processing of personal data is valid, if there is no other legal basis for processing the data.

When the aforementioned conditions cease to exist, the Client’s personal data is deleted.

4. RIGHTS OF THE CLIENT AS DATA SUBJECT

In accordance with data protection laws, including the General Data Protection Regulation, the data subject – an individual whose personal data is processed by the Company – is granted the following rights regarding the processing conducted by the Company:

    • Obtain additional information about the processing of personal data by the Company, request a copy of the personal data of the data subject held by the Company, and receive information about obtaining a copy of personal data.
    • Request the correction of personal data of the data subject (if it is found that the information about the data subject held by the Company is inaccurate or incomplete, the data subject has the right to request correction from the Company).
    • Withdraw the consent provided for the processing of personal data by the Company.
    • Request the deletion of personal data of the data subject.
    • Request the restriction of the processing of personal data of the data subject (marking the personal data of the data subject held by the Company to limit their processing in the future).
    • Request the portability of personal data (the ability to receive information about the data subject's personal data in a machine-readable format).
    • Object to the processing of personal data based on the legitimate interests of the Company.

The mentioned data subject rights are not absolute, and their exercise may be restricted. For example, the Company has the right to refuse to cease the processing of personal data if the Company indicates compelling legal grounds for processing that outweigh the interests, rights, and freedoms of the data subject or to fulfil or defend the Company's legitimate claims.

To exercise data subject rights or obtain additional information about the processing by the Company, the data subject or other individuals should contact the Company using the contact information provided in these rules.

Compliance with data protection rights by the Company is overseen by the State Data Inspectorate. To resolve any disagreements or misunderstandings, the Company requests data subjects to first contact the Company. If the data subject is not satisfied with the response received or in other cases, they have the right to file a complaint with the State Data Inspectorate (address: Elijas iela 17, Rīga, LV-1050; email: info@dvi.gov.lv; phone: 67223131).

5. DUTIES OF THE CLIENT AS DATA SUBJECT

    • The Client is responsible for providing accurate, valid, and complete data both when entering into the contract (ordering the service) and during the execution of the contract (provision of services).
    • The Client, as a data subject, is obliged to promptly inform the Company of any changes to their personal data by sending a written notification to the email address specified in Section 8 of this Policy or to the legal address of the Company.

6. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES:

The Company does not transfer personal data outside the European Union / European Economic Area.

7. AMENDMENTS TO THE POLICY

The Company has the right to unilaterally amend this Privacy Policy at any time in accordance with applicable laws, ensuring the publication of the current Privacy Policy on the Company's website.

8. CONTACT INFORMATION

The client can contact the Company regarding personal data protection, including withdrawing consent, requests, exercising data subject rights, and complaints about personal data processing.

Contact information for the Company's representative for personal data protection: Email: privacypolicy@keystonecollection.com, 23 Elizabetes Street, Riga, LV-1010.