Below you can read our PRIVACY POLICY
PRIVACY POLICY:
PRIVACY POLICY
This Privacy Policy (hereinafter referred to as the “Policy”) applies to the processing of personal data that Park-Hotel “Akvarel” may obtain from individuals (data subjects) based on the Constitution of Ukraine and the Law of Ukraine “On Personal Data Protection” dated 01.06.2010 No. 2297-VI (hereinafter – the “Law”), as well as the General Data Protection Regulation (EU) 2016/679 of 27.04.2016 (hereinafter – “GDPR”) and other applicable European data protection legislation, collectively referred to as the “Legislation”.
This Privacy Policy has been developed to inform you about:
• what personal data is;
• which of your personal data we collect;
• how and why we use it;
• to whom we may disclose your personal data;
• how we protect the confidentiality of your personal data;
• how to contact us and whom to approach if you have questions regarding the processing of your personal data.
We process your personal data only when one of the conditions specified in Article 6 of the GDPR is met, including but not limited to:
• you have given your consent to the processing of your personal data;
• the processing is necessary for the provision of services to you;
• such processing is required by the legislation of the country in which you reside.
We take the security of our clients’, potential clients’, and other individuals’ personal data very seriously, and we are committed to protecting the confidentiality of your personal information. The Administration undertakes to take all necessary measures to prevent misuse of your personal data that becomes known to us. We will process your personal data strictly in accordance with the applicable Legislation and only when there are lawful grounds for such processing.
You are not obliged to provide us with your personal data; however, without certain information about you, we may be unable to provide some of our services. In cases where we determine the methods of collecting your personal data and define the purposes for which such data is used, the Administration acts as the “Data Controller” for the purposes of the GDPR and other applicable European data protection laws, and as the “Owner of Personal Data” under the Law of Ukraine.
1. Terms and Definitions
Personal Data – information or a set of information about an individual who is identified or can be specifically identified (the “User”).
Special Categories of Personal Data – so-called “sensitive” personal data that may cause harm to the data subject at work, in an educational institution, place of residence, or may lead to discrimination in society. For example, personal data containing information about racial or ethnic origin, political or religious beliefs, trade union membership, health status, sexual life, biometric, or genetic data. In the terminology of Ukrainian law, these are personal data the processing of which poses a special risk to the data subjects.
Data Subject – an individual to whom the personal data relates and who can be identified or has already been identified by means of such personal data.
Website Administration (Administration, hereinafter also “we,” “our,” or “us”) – Park-Hotel “Akvarel”, legal address: Ukraine, 80300, Lviv region, Lviv district, Zhovkva city, Vokzalna Street, 14a.
Processing of Personal Data – any action or set of actions such as collection, registration, accumulation, storage, adaptation, alteration, recovery, use, and dissemination (distribution, transfer), depersonalization, destruction of personal data, including with the use of information (automated) systems.
Dissemination of Personal Data – actions related to the transfer of information about an individual based on the consent of the data subject.
Use of Personal Data – any actions of the Administration regarding the processing of such data, actions related to their protection, as well as actions involving granting partial or full rights to process personal data to other entities in relations related to personal data, carried out with the consent of the data subject or in accordance with the legislation of Ukraine.
Depersonalization of Personal Data – the removal of information that allows a person to be directly or indirectly identified.
User – the data subject, any legally capable natural person who has accepted this Policy in their own interest to obtain information on the pages of the website or to receive consultation online via the website https://hotel-akvarel.com.ua/ through the Internet.
Web Resource (Website) – a set of data, electronic (digital) information, and other objects of copyright and/or related rights, interconnected and structured within the website address and/or account of the person holding the intellectual property rights (hereinafter – “IP”) to the website. Access to these objects is provided via an Internet address consisting of a domain name, directory records, or calls and/or an IP address. The web resource owned by the Administration is located at https://hotel-akvarel.com.ua/.
Policy – this Privacy Policy, published on the webpage of the web resource at: https://hotel-akvarel.com.ua/terms-condition-en/.
Data Controller – a natural or legal person who determines the purposes and means of personal data processing and bears primary responsibility for their processing. The Data Controller is equivalent to the “Owner of Personal Data” under Ukrainian legislation. Within this Policy, the Data Controller is Park-Hotel “Akvarel”.
Data Processor – a natural or legal person who processes personal data on behalf of the Data Controller based on the Controller’s instructions (orders, directions). The Data Processor is equivalent to the “Personal Data Processor” under Ukrainian law.
2. General Provisions
2.1. This Policy applies to all your Personal Data that may be obtained by Us in the process of your use of the web resource. This Policy covers Personal Data received both before and after the effective date of this Policy.
2.2. The purpose of this Policy is to provide you with the necessary information that allows you to assess what Personal Data we process, for what purposes, the methods of processing, and the measures taken to ensure their security.
2.3. By using the website and providing your Personal Data to the Administration, including through third parties, you acknowledge your consent to the processing of your Personal Data in accordance with this Policy.
2.4. If you do not agree with the terms of this Policy, you must stop using the web resource.
2.5. The consent to the processing of Personal Data may be withdrawn by the Data Subject. In the event that the Data Subject withdraws their consent to the processing of Personal Data, the Administration shall have the right to continue processing such data without the Data Subject’s consent if there are legal grounds provided by law.
2.6. The Website Administration does not verify the accuracy of the Personal Data provided by the User and has no ability to assess their legal capacity. However, the Administration assumes that the User acts in good faith and with due diligence, provides accurate and sufficient Personal Data, makes all necessary efforts to keep such data up to date, and does not violate the rights of third parties.
2.7. By agreeing to the terms of this Policy, you confirm that at the time of the collection of Personal Data you are informed about the persons to whom the Personal Data are transferred, as well as about the content and purpose of such collection. You confirm (guarantee) that the Personal Data transferred to Us for processing were provided with the consent of the data owners and in compliance with applicable law.
2.8. Upon receiving Personal Data from the User, the Administration does not assume any obligation to inform the Data Subjects (or their representatives) whose data have been provided about the start of Personal Data Processing, since the responsibility for providing such notification lies with the User who transferred the data, at the moment of entering into a contract with the Data Subject and/or obtaining their consent for such transfer.
2.9. The processing of your Personal Data is carried out in accordance with the requirements of the Law. The processing of Personal Data of individuals located within the EU or who are citizens of the EU is governed, in particular, by the EU General Data Protection Regulation (GDPR) 2016/679. Additionally, the legislation of other countries may impose further requirements.
2.10. This Policy applies to all information that the Administration may receive about the User during their use of the web resource, as well as during the execution of any agreements and contracts between the Administration and the User.
2.11. This Policy is an internal document of the Administration.
2.12. The Personal Data Controller shall not be held liable for any consequences arising from the processing of Personal Data if the Controller is not responsible for the event that caused such consequences.
You also agree that the Owner of Personal Data has the right to grant access to and transfer your Personal Data to third parties without any additional notice, provided that the purpose of processing does not change and only in cases stipulated by this Privacy Policy and/or Ukrainian law.
No person under the age of 18 should provide us with personal information through the web resource. We do not intentionally collect personal information from individuals under 18 years of age. Parents and guardians must continuously monitor the online activities of their children in this regard.
3. Composition of Personal Data
3.1. The Administration, in order to carry out its activities and fulfill its obligations, processes the User’s Personal Data provided during the visit to the website https://hotel-akvarel.com.ua/ and stores it on the Administration’s server.
3.2. The User’s Personal Data include: last name, first name, patronymic, email address, mobile/landline phone number, country of residence, place of work, position, date of birth, as well as other data entered by the User into the feedback form, booking (registration) form, partnership/cooperation application, or job application form.
We ask you to provide only those Personal Data that are necessary for delivering the service you selected, receiving newsletters, or responding to your specific request or complaint. However, if you choose to provide additional Personal Data, we may also process it with the required level of protection.
3.3. The Administration reserves the right to establish requirements for the composition of Personal Data that must be provided when using the web resource. If certain information is not specified by the Administration as mandatory, its provision or disclosure is made at the User’s discretion.
3.4. The data automatically transmitted to the Administration during the User’s use of the web resource via the software installed on the device include: IP address, information about the browser and type of operating system, technical specifications of hardware and software, and the date and time of access to the web resource.
4. Legal Basis and Purpose of Personal Data Processing
4.1. The legal bases for the Processing of Personal Data include:
- the Data Subject’s consent to the processing of their Personal Data by the Administration;
- the conclusion and execution of a contract to which the Data Subject is a party, or which is concluded for the benefit of the Data Subject, or to take pre-contractual measures at the request of the Data Subject;
- the necessity for the Administration to comply with legal obligations established by applicable law.
4.2. The purposes of Personal Data Processing are:
• fulfillment of the functions assigned to the Administration under the laws of Ukraine and the GDPR;
• collection, storage, and processing of Personal Data obtained through the web resource in accordance with the Law and the GDPR;
• sending Users commercial (marketing) communications containing additional information about services, current promotions, special offers, and product catalogs related to the services provided by the Administration via the website;
• identification of the Data Subject while using the website;
• communication with the Data Subject when necessary, including sending offers, informational materials, notifications, advertisements, and processing user inquiries;
• improvement of the web resource’s quality, user convenience, development of new functionalities, and enhancement of service quality;
• improvement of the User’s professional skills and qualifications;
• conducting statistical and other research based on anonymized data;
• fulfillment of contractual and other obligations of the Administration towards the User under agreements concluded between the Administration and the User or third parties for the User’s benefit.
5. Fundamental Principles of Personal Data Processing
5.1. The processing of personal data by the Administration is carried out on the basis of the following principles:
5.1.1. Legality of the purposes and methods of personal data processing;
5.1.2. Good faith of the Administration, as the data controller, ensured by compliance with the requirements of the legislation of Ukraine concerning the processing of personal data;
5.1.3. Achievement of specific, pre-defined purposes for the processing of personal data;
5.1.4. Consistency between the purposes of personal data processing and the purposes previously determined and declared at the time of data collection;
5.1.5. Compliance of the scope and volume of processed personal data, as well as the methods of processing, with the stated purposes of processing;
5.1.6. Accuracy and sufficiency of personal data for the purposes of processing, and the inadmissibility of processing data that are excessive in relation to those purposes;
5.1.7. Ensuring the accuracy and adequacy of personal data during processing, and where necessary, maintaining their relevance with respect to the purposes of processing;
5.1.8. Prohibition of merging databases containing personal data that are processed for incompatible purposes;
5.1.9. Storing personal data in a form that allows identification of the data subject for no longer than is required to achieve the purpose of processing;
5.1.10. Personal data being processed shall be destroyed or anonymized upon achieving the purposes of processing or if the need to achieve such purposes no longer exists, unless otherwise provided by the legislation of Ukraine and the GDPR;
5.1.11. We must also take into account the periods for which we may need to retain your personal data in order to fulfill our legal obligations to you or to supervisory authorities;
5.1.12. Over time, we may minimize the personal data we use, or even anonymize it so that it can no longer be linked to you personally. In such cases, we may use this information for statistical or other purposes without further notice to you, as it will no longer be considered personal data.
5.2. The Administration may process personal data for statistical or other research purposes, provided that the data are mandatorily anonymized.
5.3. The Administration does not process personal data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in political parties or trade unions, criminal convictions, as well as data concerning health, sexual life, biometric or genetic data.
5.4. The processing of personal data is carried out in compliance with the requirements established by the legislation of Ukraine and the GDPR.
6. Duration of Personal Data Processing
6.1. The duration of personal data processing is determined by the purposes of processing but shall not exceed the period specified by law.
6.2. Personal data whose processing (storage) period has expired must be destroyed or anonymized unless otherwise provided by law. Personal data shall be stored in a form that allows identification of the data subject for no longer than required by the purpose of processing, unless a specific retention period is established by law. Processed personal data are subject to destruction or anonymization upon the achievement of processing purposes or when the need for such purposes ceases to exist, unless otherwise provided by law. We must also take into account the periods during which we may need to retain your personal data to fulfill our legal obligations to you or to supervisory authorities (in accordance with EU Regulation 261/2004).
6.3. Over time, we may minimize the personal data we use or anonymize it so that it can no longer be associated with you personally. In this case, we may use such information without further notice to you.
7. Persons Authorized to Process Personal Data on Behalf of the Administration
7.1. For the purposes of this Policy, only those employees of the Administration who are assigned such duties in accordance with their official (employment) responsibilities are allowed to process personal data. Access by other employees may be granted only in cases provided by law. The Administration ensures that its employees comply with confidentiality obligations and maintain the security of personal data during processing.
7.2. The Administration has the right to transfer personal data to third parties in the following cases:
• the data subject has provided written consent for such actions;
• the transfer is required by Ukrainian or other applicable legislation in accordance with the procedure established by law.
At the same time, access to personal data shall not be granted to a third party if that person refuses to assume or is unable to ensure compliance with the legal requirements for data protection.
7.3. The Administration has the right to entrust the processing of personal data to a third party with the consent of the data subject, unless otherwise provided by the legislation of Ukraine, based on a contract concluded with such third party, which includes confidentiality and non-disclosure obligations.
7.4. Representatives of state authorities (including supervisory, regulatory, law enforcement, and other bodies) may gain access to the personal data processed by the Administration only to the extent and in the manner prescribed by law.
8. Implementation of Personal Data Protection
8.1. The Administration’s activities related to personal data processing within information systems are inseparably linked with the obligation to protect the confidentiality of the obtained information, except where such protection would contradict applicable law.
8.2. The personal data protection system includes organizational and/or technical measures determined with regard to current security threats to personal data and the information technologies used in the information systems. The Administration updates these measures as new technologies emerge or as necessary.
8.3. The exchange of personal data during processing within information systems is carried out through communication channels protected by technical means of information security.
8.4. When processing personal data in information systems, the Administration ensures:
• the implementation of measures aimed at preventing unauthorized access to personal data and/or their transmission to persons not entitled to such access;
• timely detection of incidents of unauthorized access to personal data;
• prevention of impacts on the technical means of automated personal data processing that could disrupt their operation;
• the possibility of immediate recovery of personal data that have been modified or destroyed as a result of unauthorized access;
• continuous monitoring of personal data security.
8.5. Confidentiality of personal information is maintained, except in cases where the web resource technology or the user’s software settings provide for the open exchange of information with other website users or with any Internet users.
8.6. The Administration complies with the following requirements of Ukrainian law in the field of personal data protection:
• confidentiality requirements for personal data;
• requirements for ensuring that data subjects can exercise their rights;
• requirements for maintaining the accuracy and, where necessary, the relevance of personal data in relation to the purposes of processing (including taking or ensuring measures for deleting or correcting incomplete or inaccurate data);
• requirements for protecting personal data against unauthorized or accidental access, destruction, alteration, blocking, copying, provision, dissemination, or other unlawful actions;
• other requirements established by law.
8.7. In accordance with the law, the Administration independently determines the composition and scope of measures necessary and sufficient to ensure compliance with its legal obligations in the field of personal data protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
The Administration adheres to the principle of data minimization. We process only the information about you that we need, or that you voluntarily provide beyond what is necessary. In addition, we have configured all web resource interfaces and service applications to ensure the highest possible level of privacy. When transferring personal data to government authorities, we always use the most secure and verified methods of data transmission.
8.8. Cookies and Other Tracking Technologies
Cookies are small text files that websites store on your computer or mobile device when you start using them. This allows the website to remember your preferences and actions for a certain period, including so that you do not have to re-enter this information each time. Our cookies themselves do not identify an individual user but rather the computer or mobile device you are using.
Cookies and other tracking technologies on our website may be used in various ways — for example, to enable the functioning of the web resource, to analyze site traffic, or for advertising purposes. We use cookies and similar technologies, in particular, to enhance the quality and efficiency of our services.
For more information about what cookies are, how they work, how to manage or delete them, please visit www.allaboutcookies.org.
Please note that you can configure your internet browser settings to block cookies and other tracking technologies. However, you should understand that if you disable certain cookies, some website features may be limited, and you may not be able to use all its advantages. Additionally, some pages may not function properly.
8.9. More detailed information about our website’s cookie policy can be found on the page: https:// hotel-akvarel.com.ua/en/cookie-policy/
9. Rights of the Data Subject
9.1. Rights of Data Subjects under the Legislation of Ukraine:
9.1.1. To know the sources of collection, the location of their Personal Data, the purpose of its processing, the location of the Personal Data Controller, or to give appropriate instructions to authorized persons to obtain this information, except in cases established by law.
9.1.2. To receive information about the conditions for granting access to Personal Data, including information about third parties to whom their Personal Data is transferred.
9.1.3. To access their Personal Data.
9.1.4. To receive, no later than 30 (thirty) calendar days from the date of the request (unless otherwise provided by law), a response regarding whether their Personal Data is being processed and, if so, what data specifically.
9.1.5. To submit a reasoned request to the Administration to object to the processing of their Personal Data.
9.1.6. To submit a reasoned request for the modification or deletion of their Personal Data if such data is processed unlawfully or is inaccurate.
9.1.7. To protect their Personal Data from unlawful processing, accidental loss, destruction, damage, concealment, failure to provide or untimely provision, and to protect against the dissemination of false or defamatory information that harms a person’s honor or reputation.
9.1.8. To file complaints about the processing of their Personal Data to the Administration, the Commissioner of the Verkhovna Rada of Ukraine for Human Rights, or to the court.
9.1.9. To exercise legal remedies in case of violation of Personal Data protection legislation.
9.1.10. To include reservations regarding the limitation of their right to process Personal Data when granting consent.
9.1.11. To withdraw consent for the processing of Personal Data.
9.1.12. To be informed about the mechanism of automated processing of Personal Data.
9.1.13. To protection from an automated decision that has legal consequences for them.
9.1.14. The Administration has the right to entrust the Processing of Personal Data to a third party with the consent of the Data Subject, unless otherwise provided by the legislation of Ukraine, based on a contract concluded with such third party, the condition of which is compliance with confidentiality and non-disclosure of Personal Data.
9.1.15. Representatives of state authorities (including supervisory, regulatory, law enforcement, and other bodies) shall have access to Personal Data processed by the Administration only within the scope and procedure established by the legislation of Ukraine.
9.2. Other Rights of Data Subjects under the GDPR:
In addition to Ukrainian legislation on Personal Data protection, the Administration ensures compliance with the rights granted to you under the General Data Protection Regulation (GDPR).
9.2.1. Right to Information.
We are ready to provide data subjects with information about which of their Personal Data we process.
If you wish to know what Personal Data we process about you, you may submit a request for such information at any time, including by contacting the Administration directly.
The list of data that we must provide to you is outlined in Articles 13 and 14 of the GDPR. When making such a request, please specify your requirements clearly so that we can lawfully review your request and respond appropriately.
Please note that if we cannot verify your identity through electronic communication, phone conversation, or in the presence of reasonable doubt regarding your identity, we may ask you to present an identity document — including through personal appearance at the Administration’s address.
This ensures that your Personal Data is not disclosed to a person who might impersonate you.
We process requests as quickly as possible, but please note that providing a complete and lawful response regarding Personal Data is a complex process and may take up to one month.
9.2.2. Right to Rectification of Your Data.
If you find that some of your Personal Data processed by us is incorrect or outdated, please notify us.
In such cases, we may ask you to present an identity document, including by visiting the Administration’s office in person.
In some situations, we may not be able to modify your Personal Data — for instance, when such data has already been used in the performance of a contract and/or is contained in a tax document issued under applicable Tax Law.
9.2.3. Withdrawal of Consent and the Right to Be Forgotten.
If the Administration processes your Personal Data based on your consent (for example, for marketing or promotional purposes), such processing can be stopped at any time simply by withdrawing your consent.
You may also exercise your right to be forgotten.
In cases specified in Article 17 of the GDPR, the Administration will delete your Personal Data that it processes, except for data that we are legally required to retain under applicable law.
For security reasons, in such cases, the Administration may ask you to provide an identity document, including through personal appearance at the Administration’s registered address.
10. Location of Personal Data Storage
The Administration uses the services of CMI-system (https://cmi-system.com) to store and secure Personal Data.
CMI-system collaborates with Hosting Ukraine (https://www.ukraine.com.ua/) to ensure data storage reliability and security.
11. Amendments to the Privacy Policy
11.1. This Policy may be amended or terminated by the Administration unilaterally without prior notice to Users, including when required by law.
The new version of the Policy becomes effective upon its publication on the website, unless otherwise stated in the new version.
We therefore encourage you to regularly visit https://hotel-akvarel.com.ua/terms-condition-en/ to ensure you have the most up-to-date information.
12. Who You Can Contact Regarding the Protection of Your Personal Data
12.1. If you have any questions, comments, complaints, or requests regarding the protection or processing of Personal Data, you may contact us via official email at hotel.aquarell@gmail.com
or by mail at the following address:
Ukraine, 80300, Lviv region, Lviv district, Zhovkva, 14a Vokzalna Street.
Please make sure to include your full name, email address, and detailed description of your inquiry, comment, complaint, or request in all correspondence.
12.2. The competent supervisory authority for Personal Data protection in Ukraine is the Department for Personal Data Protection of the Secretariat of the Commissioner of the Verkhovna Rada of Ukraine for Human Rights.
You may contact this authority with complaints or suggestions if you believe your rights have been violated in connection with the processing of Personal Data.