Privacy policy


Statement on the Treatment of Personal Data and the Use of our Website

Dear Guest,
Our mission is to put hospitality services on the highest level in order to satisfy the demands and expectations of guests. This is not only reflected in high quality hotel services, but also in the care we put into the treatment of our Guests’ personal data. In order to be able to offer our services, we need to know some of your personal data. Since the information you will provide is valuable, it is treated and kept in compliance with the applicable laws as well as making use of the most suitable technological means and organisational resources. Your data are collected, processed, transmitted and kept in accordance with the requirements of the relevant laws and regulations in force. To ensure appropriate level of the relevant, all our Guests’ data are treated in compliance with the Law on the Legal Protection of Personal Data of the Republic of Lithuania (LLPPD), and in pursuance of EU official Regulation no. 2016/679 (General Data Protection Regulation, hereinafter “GDPR”).
This statement is aimed at providing you with all the necessary information in accordance with the above regulations, namely:

A. About us
B. Which Data we Collect and Why
C. Consent
D. Your Rights
E. Security Measures (how we protect your data)
F. Duration of Data Retention
G. Transmission of your Data to Third Parties
H. Transmission of your Data Abroad
I. Cookies, Analysis and Tracking Systems, Social-media Plug-ins, External Links
L. Minors
M. General Provisions
N. Amendments to this Statement

A. About us

City Gate, a joint-stock company governed by the Lithuanian Law, UID (identification number): 110874198, with its registered office at Bazilijonu str. 3, 01304 Vilnius, hereinafter referred to as the Hotel, is responsible, amongst other things, for the management of the Hotel, including its presence on the Web. In such capacity, the Hotel thus acts as the data controller in respect of the data collected, including data collected through this website. The data are collected in compliance with the relevant Federal laws and regulations as well as the GDPR.

B. Which Data we Collect and Why

In order to provide our services, we need to collect some personal data from our Guests and from the users of our website. A part of these data are transmitted directly by the device you use to visit our website. To the extent that you wish to stop the automatic transmission of data, please access the settings of your browser, or of your device, and disable the transmission of personal data. Other data are required when you make an enquiry with us or make a reservation for a room. A part of this information is absolutely necessary in order for us to be able to provide you with the service you request, while a part is necessary in order to allow us to offer you a tailored service in line with your wishes. Some data are then kept to fulfil our tax obligations and obligations towards the police, national statistical office and to ensure the proper performance of the contract. Finally, some data are required in order to enable us to keep in touch with our Guests after their leave our hotel, so as to keep you informed about our activity and offers (marketing).

1. Data collected when you access our website, acquired through our servers

  •  Access date and time;
  • IP number of your computer
  • Browser being used in your device;
  • Country from which connection to our server originates, as well as information about the language, the screen etc.;
  • Operating system of your computer;
  • Information about your internet service provider;

2. Data to be supplied by you about your enquiry about offers and/or reservations, including:

  • Name and surname;
  • Address
  • E-mail address
  • Phone number
  • Correspondence language;
  • Nationality (in case of reservation)
  • Credit card details (in case of reservation)
  • Passport No (in case of reservation);
  • Date of birth (in case of reservation);
  • Car license plate No (optional)
  • Food preferences / intolerances / allergies (optional)
  • Name and age of any children if they are included in the reservation (optional in the case of children under age)
  • Any special services requested (e.g. airport tansfer etc., optional)

3. Data to be supplied by you for communications to be sent by the hotel, including:

  • Name and surname;
  • Correspondence language;
  • E-mail address

C. Consent

The GDPR defines the term “consent” as follows: “‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.
The LLPPD specifies that “consent is only valid if it is given freely and unequivocally after the person concerned has been duly informed. The processing of sensitive personal data requiring special protection and profiling are subject to express consent”.
Consent must always be explicitly stated in the case of very sensitive personal data, such, for example, information about your religion, your ethnic origin, your political position etc. In the unlikely event that the Hotel needs this kind of information, we shall therefore need your explicit consent.
As regards less sensitive data, consent may also be given by means of any freely given indication of willingness, as in the case of acts implying an intent, or it may be assumed when the data under consideration are essential in order for us to provide our services. In this case, your request to obtain services from the Hotel will imply your consent to the use of your personal data by the Hotel for the provision of the service requested.
Other data are intended to be used for our marketing communication activity and are expressly collected for this purpose. Of course you do not have to consent to your data being processed for this purpose and, if you have given your consent, you can withdraw it at any time. Our check-in staff is available to address all and any concerns you may have about the treatment of your personal data. Please refer to para. IV below for any further questions.

D. Your Rights

You are entitled to request that your data:

be updated, corrected or (if they are incomplete) supplemented
deleted, if
your data are no longer necessary to pursue the aim for which they were collected or drawn;You have withdrawn your consent or you object to the treatment of your data;

Your data have been treated unlawfully or they have to be deleted to fulfil a legal obligation;
beonly partially processed if:
Your data are not correct or have been treated unlawfully or you have objected to their treatment;
Despite the fact that the Hotel no longer needs them for the purpose of processing them, the data are necessary in order for the Hotel to legally enforce your rights;
be transferred to another holder (“right of transfer”), if treatment is based on consent and is performed using automated means.
Please note that in compliance with our tax obligations, police and national statistical office requirements, the Hotel is bound to keep a part of your personal data – see paragraph “Duration of data retention” below. In pursuance of the applicable laws and regulations, you are entitled to file a complaint with a supervisory authority (in Lithuania, the State Data Protection Inspectorate and, in the other countries, the competent authorities designated by the national legislation in force)

E. Security Measures (how we protect your data)

1. The Hotel, through appropriate technical instruments and organisational procedures, implements measures aimed at protecting your personal data against unauthorised treatment and/or loss of the same. Our technical systems are maintained taking due account of constant technological development. In order to avoid unauthorized treatment or loss of their data, we recommend that our Guests always use updated systems and that they do not share any sensible information such as credit card numbers, user names or passwords with third parties.
2. With a view to ensuring absolute confidentiality as to the services provided to our Guests as well the confidential treatment of their personal data, the Hotel has further improved its corporate policies so that your personal data can only be accessed by the staff who actually need them in order to provide the services you request.

F. Duration of Data Retention

As a rule, our Guests’ personal data are treated and kept only for the time needed in order to provide the services requested by the Guests (contract base) or in compliance with the applicable legal requirements (legal base). In particular, the data are kept for three years after the end of the contractual relationship between the Guest and the Hotel for legal and accounting purposes (e.g. in case of legal proceedings initiated by either the Hotel or the Guest) and provisions of Law on the Legal Protection of Personal Data of the Republic of Lithuania. At the end of the data retention period, the data are anonymized and deleted to the extent that the Hotel ceases to have any legal interest in retaining the same.

G. Transmission of your Data to Third Parties

Under certain circumstances, the Hotel needs to allow third parties to access your data in order to be able to provide its services (outsourcing), particularly for the management of its website as well as in order to send newsletters and for profiling and marketing purposes. In any case, such transmission only occurs to the extent that you have consented to it (see paragraph III above) and/or to the extent that this is required by and/or complies with the applicable law. At any rate, the Hotel’s Partners contractually commit to guaranteeing the same security standards offered by the Hotel both vis-à-vis our Guests and vis-à-vis the Hotel.

H. Transmission of your Data Abroad

Under certain circumstances, the Hotel needs to allow third parties abroad to access your data in order to be able to provide its services (outsourcing), to the extent that treatment in keeping with this statement is necessary. The said third parties are equally required to ensure the confidentiality of personal data. To the extent that the said third parties are based in countries where the level of protection of personal data does not correspond to our Lithuanian and/or European standards, we undertake to guarantee adequate protection of your data by means of specific binding agreements to be entered into or through appropriate legal measures. Feel free to request any further information you may need on this matter.

I. Cookies, Analysis and Tracking Systems, Social-media Plug-ins, external Links

1. Cookies are small packages of data, a kind of identification card, which your device exchanges with our server while you browse our website. In particular, the information so collected is intended to optimize your browsing experience in terms of pleasurableness and effectiveness. Cookies are automatically saved on your device by the browser you use for surfing the internet and also allow keeping track of your choices and settings so as to make each access more efficient. Each browser allows setting how to manage the cookies and even allows preventing the transmission of your information. Furthermore, you can disable the cookies either in part or completely and be informed each time a system requests the exchange of cookies etc. Please note that disabling the cookies may partly affect your browsing experience and result in certain services not functioning, whether in part or completely.
2. Our website is equipped with tracking systems which allow collecting the information necessary for its management and implementation. Here too, cookies are used along with tracking systems offered by third parties, such as for example Google analytics (by Google Inc.)


Cookie Function




Expiration date


_ici_current_admin_language Navigation language for website administrator Navigation When webpage is loaded 2 hours


wordpress_test_cookie WordPress sets this cookie when you navigate to the login page. The cookie is used to check whether your web browser is set to allow, or reject cookies. Navigation When website is loaded A session cookie, deleted when you close your web browser.


_ici_current_language Navigation language for website user Navigation When website is loaded 1 diena
_ga, _gat, _gid Used by Google Analytics to distinguish users and throttle request rate. Analytical When website is loaded  

Expires after 2 years, 1 minute, 24 Hours



WordPress uses this cookie to indicate when you’re logged in, and who you are, for most interface use. Navigation When website is loaded A session cookie, deleted when you close your web browser.


The cookie is used to check whether your web browser is set to allow, or reject cookies.




When website is loaded


1 year

3. In order to allow our Guests to choose whether and how to keep in touch with our Hotel, communication also occurs through the most popular social media. In this regard, our website is equipped with systems, called plug-ins, which allow the user to enable a connection with the social medium selected. Only then, hence at the Guest’s express request, can the exchange of the data necessary for the use of the social medium take place.
4. Our website offers links to external websites of interest or useful for the provision of our services. The Hotel does not monitor such websites all the time, so you are invited to read the relevant statements on the protection of personal data before you start browsing them. The Hotel accepts no responsibility for the contents or for the enforcement of the Hotel’s personal data protection rules. At any rate, the Hotel does not provide any personal data to the administrators of such websites, unless expressly requested otherwise.

L. Minors

Unless the personal data of minors (within the meaning of the applicable laws) are transmitted by the respective holders of parental authority (parents, guardians etc.), such data are not collected by our Hotel. However, since we do not regularly collect any personal data except as provided by this document and by the applicable laws and regulations, we are unable to detect data such as, for example, the age of those visiting our website. If you believe that a minor who is subject to your parental authority has disclosed his/her personal data to us without your consent, please notify us without delay so as to ensure that the minor will not receive any communication from us such as, for example, our promotional information. Our staff will take all the necessary measures.

M. General Provisions

Please note that the transmission of communications, documents and other information by email is considered less reliable, secure and confidential than transmission by post or fax. Although we use state-of-the-art identification technologies to combat malware such as viruses and spam, we recommend that you use proper, updated protection systems (e.g. antivirus software) and we do not accept responsibility for any damage resulting from email messages or the loss of the same. Additionally, we reserve the right to reject any emails with potentially dangerous attachments.

N. Amendments to this Statement

The Hotel reserves the right to revise this statement in order to ensure adequate protection in compliance with the legislation in force. Therefore, this statement may be revised and/or amended, in particular as a consequence of major changes in legislation or derived from case law.

Version of November 2018