Find Everything

Privacy Policy

BM LUXURY HOTEL (UAB Aramiso skrynia)

Last Updated: November 2025

BM Luxury Hotel (“we,” “us,” or “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website, make a reservation, or stay at our hotel.

This policy complies with the General Data Protection Regulation (GDPR) and applicable Lithuanian data protection laws.

1. INFORMATION WE COLLECT

1.1 Personal Information You Provide

When you make a reservation or interact with our services, we may collect:

  • Name and contact information (email address, phone number, postal address)
  • Date of birth and age verification
  • Payment information (credit/debit card details, billing address)
  • Government-issued identification details (for check-in purposes)
  • Special requests or preferences (dietary requirements, accessibility needs, room preferences)
  • Communication records (emails, phone calls, chat messages)
  • Guest reviews and feedback

1.2 Information Collected Automatically

When you visit our website, we may automatically collect:

  • IP address and device information
  • Browser type and version
  • Pages visited and time spent on our website
  • Referring website or source
  • Operating system and device identifiers
  • Cookies and similar tracking technologies (see Section 8)

1.3 Information from Third Parties

We may receive information about you from:

  • Payment processors and financial institutions
  • Travel booking platforms and agencies
  • Online travel agencies (OTAs) if you book through their platforms
  • Social media platforms if you interact with us through social channels

2. HOW WE USE YOUR INFORMATION

We use your personal data for the following purposes:

2.1 Reservation and Service Delivery

  • Processing and managing your hotel reservations
  • Confirming bookings and sending reservation details
  • Facilitating check-in and check-out processes
  • Providing requested services during your stay
  • Processing payments and managing billing

2.2 Communication

  • Responding to your inquiries and requests
  • Sending booking confirmations and pre-arrival information
  • Providing customer support
  • Sending important updates about your reservation

2.3 Legal and Security Purposes

  • Complying with legal obligations and regulations
  • Preventing fraud and ensuring payment security
  • Maintaining the safety and security of our guests and property
  • Resolving disputes and enforcing our Terms and Conditions

2.4 Marketing and Improvement (with your consent)

  • Sending promotional offers and special deals (only if you opt in)
  • Conducting customer satisfaction surveys
  • Analyzing usage patterns to improve our services
  • Personalizing your experience on our website

3. LEGAL BASIS FOR PROCESSING

We process your personal data based on the following legal grounds:

3.1 Contractual Necessity

Processing is necessary to fulfill our contract with you (your reservation and stay).

3.2 Legal Obligation

Processing is required to comply with legal requirements, such as tax laws, accounting regulations, and identity verification requirements.

3.3 Legitimate Interests

We have legitimate business interests in processing your data, such as fraud prevention, network security, and business analytics.

3.4 Consent

For marketing communications and certain cookies, we rely on your explicit consent, which you can withdraw at any time.

4. HOW WE SHARE YOUR INFORMATION

We do not sell your personal data to third parties. We may share your information with:

4.1 Service Providers

  • Payment processors for secure transaction processing
  • IT service providers for website hosting and maintenance
  • Email service providers for communications
  • Analytics providers to understand website usage

4.2 Legal Requirements

We may disclose your information when required by law, legal process, court order, or government request.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity.

4.4 Protection of Rights

We may share information when necessary to protect our rights, property, safety, or that of our guests or others.

All third-party service providers are contractually obligated to maintain the confidentiality and security of your personal information and may only use it for the specific purposes we authorize.

5. INTERNATIONAL DATA TRANSFERS

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) where our service providers are located. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions confirming appropriate data protection levels
  • Other legally recognized transfer mechanisms

We take all reasonable steps to ensure your data receives adequate protection wherever it is processed.

6. DATA RETENTION

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

6.1 Reservation Data

Booking and guest information is retained for up to 7 years for accounting, tax, and legal compliance purposes.

6.2 Marketing Data

If you consent to marketing communications, we retain your data until you withdraw consent or request deletion.

6.3 Website Analytics

Anonymous usage data may be retained for up to 26 months for analytics purposes.

When personal data is no longer needed, we securely delete or anonymize it.

7. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Secure Socket Layer (SSL) encryption for data transmission
  • Encrypted storage of sensitive information
  • Regular security assessments and updates
  • Access controls limiting who can view your data
  • Staff training on data protection and security
  • Secure payment processing through PCI DSS-compliant providers

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

8. COOKIES AND TRACKING TECHNOLOGIES

8.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. They help us provide you with a better experience and allow certain functionalities to work.

8.2 Types of Cookies We Use

Essential Cookies (Required)

  • Enable core website functionality
  • Remember your booking session
  • Required for the website to function properly
  • Cannot be disabled

Performance and Analytics Cookies (Optional)

  • Help us understand how visitors use our website
  • Collect anonymous information about page visits and user behavior
  • Used to improve website performance

Functionality Cookies (Optional)

  • Remember your preferences and settings
  • Enhance user experience with personalized features

Marketing Cookies (Optional, requires consent)

  • Track your browsing to show relevant advertisements
  • Measure effectiveness of marketing campaigns
  • Only used if you provide explicit consent

8.3 Managing Cookies

You can control and delete cookies through your browser settings. However, disabling essential cookies may affect website functionality and your ability to make reservations.

For more information about managing cookies, visit www.allaboutcookies.org

9. YOUR RIGHTS UNDER GDPR

As a data subject in the European Union, you have the following rights:

9.1 Right of Access

You have the right to request a copy of the personal data we hold about you.

9.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure (“Right to be Forgotten”)

You can request deletion of your personal data in certain circumstances, such as when it’s no longer necessary for the purposes for which it was collected.

9.4 Right to Restriction of Processing

You can request that we limit how we use your personal data in certain situations.

9.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and to transmit it to another controller.

9.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

9.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw that consent at any time.

9.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

To exercise any of these rights, please contact us using the information provided in Section 13.

10. CHILDREN’S PRIVACY

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete such information promptly.

Parents or guardians making reservations for minors are responsible for providing any necessary information about the child.

11. THIRD-PARTY WEBSITES

Our website may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated policy on our website with a new “Last Updated” date
  • Sending an email notification if you have an active reservation
  • Displaying a notice on our website

Your continued use of our services after changes become effective constitutes acceptance of the updated Privacy Policy.

13. CONTACT US

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal information, please contact us:

BM Luxury Hotel
Data Protection Officer
Karmėlava, Lithuania

Email: dpo@bmhotel.lt

We will respond to your request within 30 days as required by GDPR.

14. SUPERVISORY AUTHORITY

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Lithuanian Data Protection Authority:

State Data Protection Inspectorate
A. Juozapavičiaus str. 6
LT-09310 Vilnius, Lithuania
Email: ada@ada.lt
Phone: +370 5 279 14 45
Website: https://vdai.lrv.lt

15. CONSENT TO MARKETING

We respect your communication preferences. You can opt in to receive promotional emails, special offers, and newsletters from BM Luxury Hotel.

Marketing Opt-In: By checking the marketing consent box during booking or signing up for our newsletter, you agree to receive marketing communications.

Opt-Out: You can unsubscribe from marketing emails at any time by:

  • Clicking the “unsubscribe” link in any marketing email
  • Contacting us directly with your request
  • Updating your preferences through your account (if applicable)

Please note that even if you opt out of marketing communications, we will still send you essential transactional emails related to your bookings and stay.

Thank you for trusting BM Luxury Hotel with your personal information. Your privacy matters to us, and we are committed to protecting your data and respecting your rights.