Privacy Policy

 

The personal data protection policy document describes the process of personal data processing by “Rooms Hotels Lab” LLC and guarantees the protection of the data subject’s rights during processing.

The terms used in this document have the meanings defined by the law of Georgia “On Personal Data Protection”.

“Rooms Hotels Lab” LLC respects Georgian legislation and international standards in the field of human rights protection. Protecting the privacy of our guests, employees, and individuals in contractual relationships with us is of particular importance. Accordingly, we implement all necessary organizational and technical security measures to safeguard your personal data.

 

1. Legislation underlying the personal data protection policy document:

Your personal data is processed in accordance with the Law of Georgia “On Personal Data Protection”.

Your rights are protected in accordance with Georgian legislation and the European Data Protection Regulation (GDPR).

We take into account the recommendations of the Personal Data Protection Service of Georgia to ensure the highest standard of protection for your rights.

Based on the above regulations, you have the right to request information about our processing of your personal data.

We are prepared to furnish you with the requested information as promptly as possible and within the time limits established by the legislation of Georgia.

 

2. Person responsible for personal data processing:

Company name: “Rooms Hotels Lab” LLC (hereinafter referred to as “we”)

Identification number: 404676169

Address: Georgia, Tbilisi, Mtatsminda district, Kostava Street, No. 14

Phone number: +995 0322 02 00 99

Email: pdo@roomshotels.com

3. Individual authorized for personal data processing.

We process personal data independently and do not engage the services of other authorized individuals in this process. However, in cases of appropriate necessity during the provision of services to “Rooms Hotel Lab,” it may be necessary to disclose information containing data to person(s) authorized by us and/or grant them access rights (for example, for technical website updates, sending technical notifications, or assistance). In such instances, the disclosure/granting of access to personal data will only occur based on a written agreement between us and the relevant authorized person. The contract will include the obligation of the authorized person to process the data solely for the purposes specified in the contract, maintain confidentiality, and adhere to the rules and prohibitions established by the Law of Georgia “On Personal Data Protection.”

4. Protection of the principles of data processing by us.

Principles we adhere to in the process of data processing:

The principle of legality and fairness – we process your personal data only according to the rules and grounds established by law. We ensure proper protection of your rights by following the principle of equality (non-discrimination).

 

Principle of transparency – the data processing process is transparent to you, the data subject. You can contact us at any time and receive information about the processing of your personal data in accordance with the manner and time limits established by the legislation of Georgia.

Principle of purpose limitation – we process personal data only for the specific purpose for which they were obtained. To use the data obtained with your consent for another purpose, we will ask for your consent again.

The principle of data minimization – we process data only to the extent necessary to achieve the goal, taking into account the proportionality between the goal and the volume of data.

The principle of data accuracy – we ensure that the personal data stored with us are accurate and true. We correct or delete inaccurate data immediately upon your request or upon our discovery of an error.

The principle of term limitation – we store data only for the period necessary to achieve the purpose. For the storage of personal data, we pre-determine a specific period or indicate a criterion for determining the period.

Principle of data security – To protect data security, we implement technical and organizational measures during data processing that adequately ensure data protection, including protection against unauthorized or illegal processing, accidental loss, destruction, and/or damage.

5. For what purpose we process personal data:

The purposes of personal data processing are derived from the scope of activities of “Rooms Hotels Lab” and are related to the provision of our services/products, improvement of the quality of services/products and delivery, compliance with security measures, and the implementation of labor activities of persons employed at “Rooms Hotels Lab”.

We process personal data for the following specific purposes:

• To provide the proposed products and services;

• For conducting automatic payment procedures;

• To enter into contracts or transactions;

• For labor relations with individuals employed at “Rooms Hotel Lab”;

• For special offers and marketing purposes for customers;

• For holding events in the hotel area;

• For analytical and statistical purposes, to understand how our users interact with our website;

• To conduct various research studies to improve products and services; to study how users use our products and services;

• To develop and manage our brands, products, and services;

• To improve service quality and consider user preferences;

• For security and property protection;

• To respond to violations of hotel rules.

6. How we collect personal data

How do we obtain information about hotel visitors?

When booking hotel rooms online, through the communication center, or purchasing services on site, data from the data subject is collected. Similarly, information about accompanying persons is collected, with their consent.

During online payment of the service fee.

From websites (e.g., Booking.com) through which our hotel rooms are booked, based on agreements concluded with them.

About registered members on our website:

 

When registering on the hotel’s website, we obtain data from the data subject, who enters the data themselves and confirms their consent to the processing of personal data by checking the appropriate box.

About our website visitors:

 

When you visit our website, we collect information in accordance with the “Cookies” policy.

 

How do we collect data about hotel loyalty program members?

 

A data subject who becomes a member of the Loyalty Program enters their data on the web page and agrees to join the Loyalty Program.

 

How do we obtain data about persons working with us?

 

In order to make employment decisions and enter into employment contracts, we obtain personal data from the data subjects, as well as from the referees specified by them.

 

How do we collect data about people participating in events held at the hotel?

 

If the conference space of the hotel is used within the framework of an agreement, the party participating in the agreement may provide us with information about the individuals participating in the event (names and surnames) in order to grant them access to the building.

 

How we collect data for direct marketing:

 

Personal data is obtained for direct marketing purposes solely on the basis of written consent provided by the data subject, in accordance with the procedures established by the Law of Georgia “On Personal Data Protection,” and with guarantees ensuring the protection of the data subject’s rights as outlined in paragraph 7 of this document.

 

How will we obtain information about the persons around the perimeter of the hotel?

 

For the purpose of security and property protection, video monitoring is conducted in the “Rooms Hotel Lab” building and its outer perimeter. A warning sign about video monitoring is prominently displayed. Additionally, our employees are notified in writing about video monitoring, and their written consent is obtained.

Specific rules for collecting personal data through video monitoring and guarantees of rights protection can be found in the document “Standard Operating Procedure on Video Monitoring.”

How do we obtain information about restaurant customers/food service users?

 

We collect information about the individuals/data subjects who use the services of the restaurant customers/food establishments when they book a table (either physically, via phone calls, or using the reservation application) and make a payment.

 

7. Processing Personal Data for Direct Marketing

 

For the purpose of direct marketing, personal data is processed only based on the informed, written consent of the data subject through a special form (https://mailchi.mp/roomshotels/pdo). Before giving consent, the data subject is provided with the following information: who is responsible for processing personal data; which personal data is processed for direct marketing purposes with the consent of the personal data subject; specific purposes of data processing; in what form they will receive messages/information from the company; guarantees of personal data protection; rights of the subject of personal data; term of personal data processing; consent withdrawal and withdrawal mechanisms; consequences of consent withdrawal.

A special consent form is available on our website, and a printed version is available at the hotel’s check-in desk. Data subjects enter the data themselves and confirm their consent by checking the appropriate box and sending their consent by pressing the “Submit” button.

 

 

 

8. Separate categories of data, purposes of processing, bases, and terms.

 

 

 

9. Rights of Data Subjects

 

We protect the rights of the personal data subject guaranteed by the Law of Georgia “On Personal Data Protection” and the European Regulation on Personal Data Protection (GDPR). Considering the scope of our activity, it is important to have information about the following basic rights:

The right to receive information about data processing

The data subject has the right to request, and we will provide the following information within 10 days: which data we process about them, the basis and purpose of data processing, the source of data collection/retrieval, the term of data storage, and if it is impossible to determine a specific term, the criteria by which we will determine the term, to whom and with what legal guarantees we will transfer their data.

We will inform the data subject without their request, as soon as possible, about any incident (a data security breach that leads to improper or accidental damage, loss, unauthorized disclosure, destruction, modification, access to, collection/retrieval, or other unauthorized processing of data) if the incident is highly likely to cause significant harm and/or pose a significant threat to basic human rights and freedoms. In case of an incident, we will inform the data subject about the incident and the circumstances related to it, the measures taken or planned to reduce or eliminate the alleged/imminent damage caused by the incident, and the contact details of the personal data protection officer.

The right to access and receive a copy of the data

 

The data subject can request copies of their personal data processed by us free of charge. We may set a reasonable fee if the data subject requests their release in a form other than the form of storage, and this requires the expenditure of additional resources by us. In this case, the specified fee will not exceed the amount of resources spent.

The right to correct, update, and complete data:

 

The data subject has the right to request that we correct, update, and/or fill in false, inaccurate, and/or incomplete data about them. We will correct the error at the request of the data subject and if we discover the error and notify the data subject thereof, unless the error is of a technical nature.

In the event of an error, we will also notify all recipients of the data, the person responsible for all other processing of the same data, and the person authorized for processing to whom we have transferred the data.

 

The right to stop processing, delete, or destroy data

 

The data subject has the right to request the person responsible for processing to stop processing, delete, or destroy data about them. The request must be fulfilled no later than 10 days. The data subject may refuse to delete and destroy data only in exceptional cases established by the legislation of Georgia.

 

 

Right to block data

The data subject has the right to request the person responsible for processing to block the data if one of the following circumstances exists: the data subject disputes the authenticity or accuracy of the data; data processing is illegal, however, the data subject opposes their deletion and requests data blocking; the data are no longer necessary to achieve the purpose of their processing, but the data subject needs them to file a complaint/lawsuit; the data subject requests the termination, deletion, or destruction of the data processing and this request is being considered; there is a need to preserve data for use as evidence. Data blocking may be refused to the data subject only in exceptional cases established by the legislation of Georgia.

The right to withdraw consent

The data subject has the right, at any time, without any explanation or justification, to withdraw the consent given by them. If there is no other basis for data processing than the consent of the data subject, in the case of withdrawal of consent, the data processing must be stopped and/or the processed data must be deleted or destroyed no later than 10 working days after the request. The data subject has the right to withdraw consent in the same form in which consent was given. Before withdrawing the data subject’s consent, upon their request, we will provide information about the possible consequences of withdrawing consent.

 

10. Protection of personal data of minors

We process personal data of minors in accordance with the law “On Personal Data Protection”, based on the consent of the parent or legal representative, taking into account the best interests of the minor.

 

11. Data security

 

We ensure the safe protection of your data and apply all necessary technical and organizational measures for this purpose.

We protect your personal data from unauthorized or unlawful access, accidental loss, damage, disclosure, or destruction.

Once the purpose of personal data processing has been fulfilled, we regularly delete and destroy personal data or store them in a depersonalized form for our analytical and statistical purposes.

Companies affiliated with us adhere to the same standard of personal data protection.

The contracts concluded by us with persons authorized to process personal data or with third parties include special provisions to ensure the protection of personal data.

We carry out video monitoring for security and property protection in accordance with the law “On Personal Data Protection”.

For a description of technical and organizational security measures, please see “Description of measures taken for personal data security” in detail.

For the rules and conditions of video monitoring, please refer to “Standard Operating Procedure for Video Monitoring”.

 

12. Transfer of data to third parties

 

We will not transfer personal data processed by us to other persons except:

• Companies affiliated with our company, in accordance with the agreement that contains guarantees of confidentiality and protection of personal data. Who are persons affiliated with us – interlinked company, where company owns, is owned by another individual in the company, or is jointly owned (with another company) by another entity. An affiliate is also an individual over which our company exercises common control with another entity, or over which control is exercised by the same entity that is the controller of our company. For the purposes of this provision, control means equity participation, membership in management, or registered directorship;
• Companies that technically send messages/information on the basis of the contract concluded with us. In this case, they will only be given your phone number or email.

13. “Cookies“ Policy

“Cookies” are small text files that the website stores on your computer or mobile phone during your visit. “Cookies” help us to better manage and improve the efficiency of the website. “Cookies” files store information related to your navigation on our website.

We do not store data about your address, passwords, credit and debit bank cards, or any other personal information in cookie files.

We use Google Analytics and Facebook Pixel services.

These services allow us to obtain statistical data about our website visitors (such as search content, the specific website page they visit, etc.). We receive information about from which city/country the user came to our website, how much time the visitor spends on our website, which operating system the website visitor uses, etc.

Additionally, we gather information about our visitors’ age, gender, interests, device language, location, device type, behavior (engagement, interaction with the website, frequency of website visits, and recency). This information is processed for statistical purposes only and does not allow us to identify the user.

After visiting our website, you must accept cookies policy in order to collect said information.

1. Update

 

The said policy document is subject to updating as necessary.

2. Contact Information

Phone number: +995 0322 02 00 99

E-mail: pdo@roomshotels.com