Privacy policy

KORNAS, UAB, company code 141750654, registered office address at Kuosų 20, Klaipėda (hereinafter referred to as the Company), shall respect the privacy of guests and persons interested and protect your personaldata when providing accommodation services. The Company shall process andcontrol the data provided during your registration fairly and lawfully. By using the services of the website, the person shall confirm that he/she has read, understood, and agreed to this Privacy Policy. If you have any questions related to the processing of the personal data, please send an e-mail to

General Provisions

This Privacy Policy (hereinafter referred to as the Policy) shall regulate, inter alia, the collection, processing, and storage of the personal data performed by the Company as a data controller.

The company provides accommodation and room rental services. For the provision of these services, the Company shall process the personal data in accordance with the legal bases and the purposes of data processing specified in the Policy and the legislation applicable to the Company.

This Policy shall be intended for persons who use or intend to use the services of the Company or visit the website

The data subject in this Policy shall be any natural person whose personal data is processed by the Company.

By using the services, and continuing to browse the website, the Visitor (user of the website) shall confirm that he/she has familiarized himself/herself with this Policy, understands its provisions, and agrees to comply with them.

The Data controller shall ensure that adopting and implementing this Policy, it seeks to implement the following fundamental principles related to the processing of personal data:

1. The personal data are processed in a legal, fair, and transparent manner in relation to the data subject (principle of legality, fairness, and transparency).

2. The personal data is collected for established, clearly defined, and legitimate purposes and is not further processed in a manner incompatible with those purposes.

3. Further processing of the personal data for archiving purposes in the public interest or for statistical purposes shall not be considered incompatible with the primary purposes (principle of purpose limitation).

4. The personal data are adequate, appropriate, and only necessary to achieve the purposes for which they are processed (principle of data minimisation).

5. There are made efforts to ensure that the personal data would be accurate and, if necessary, they would be updated within a reasonable period from the fact of the change.

6. All reasonable measures shall be taken to ensure that the personal data that are not accurate, considering the purposes of their processing, should be immediately deleted, or corrected within a reasonable period (principle of accuracy).

7. The personal data shall be kept in such a form that the identity of the Data subjects can be determined no longer than it is necessary for the purposes for which the personal data is processed.

8. The personal data can be stored for longer periods whether the personal data will be processed only for archiving purposes, in the public interest, or for statistical purposes, after implementing the relevant technical and organizational measures necessary to protect the rights and freedoms of the Data Subject (principle of storage limitation).

9. The personal data, considering the general nature of the personal data processed by the Data Controller, shall be processed in such a way that adequate security of the personal data would be ensured through the application of appropriate technical or organizational measures, including protection against the processing of the personal data without permission or illegal processing of the personal data and against accidental loss, destruction or damage (principle of integrity and confidentiality).

10. The data controller shall be responsible for ensuring that the above-mentioned principles are followed and must be able to demonstrate that they are followed (principle of accountability).

By reserving a villa, the data subject shall express his/her consent that the Data Controller will process the following personal data:

  •  Name, surname,
  • E-mail
  • Phone number
  • Residential address
  • Amount to be paid;
  • Length of stay in the villa

By submitting his/her personal data, the guest of the villa shall confirm that they are accurate and complete.

This Policy is drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and the Council on the protection of natural persons in the processing of personal data and on the free movement of such data and which repeals Directive 95/46/EC (hereinafter referred to as the GDPR), the Law on the Legal Protection of Personal Data of the Republic of Lithuania (hereinafter – ADTAI), other legislation of the European Union and the Republic of Lithuania.


Purposes of using the personal data

The Company shall collect and process personal data in accordance with the legislation of the EU and the Republic of Lithuania regulating the protection of personal data.

The Company processes the personal data collected on the website on the following basis:

  • Based on consent, which is given by your active actions, i.e. contacting us and submitting your personal data, or other active actions;
  • For the implementation of our legitimate interests (for example, administering the website and ensuring its proper functioning);
  • When providing you with accommodation services, guest accounting, guest debt management, and sending messages;
  • When processing orders, registration, and request;
  • When sending you information about our services and special offers (if you agree to receive such information);
  • When contacting you regarding the evaluation of the quality of the services provided;
  • When carrying out video surveillance in the territory of the villa and ensuring the safety of property and persons;
  • The personal data you provide shall not be provided to third parties under any circumstances, except in the following cases:
  • If there is your consent to the disclosure of Personal Data;
  • To the law enforcement institutions in accordance with the procedure provided by the legislation of the Republic of Lithuania.With your consent, to contact you by phone or email for direct marketing purposes, we will try to send you only the information about special offers that may be interesting to you.
  • To perform the duties imposed on us by the legislation.

The Company shall strive that the personal data would be processed accurately, fairly, and legally, they would be processed only for the purposes for which they were collected, as well as they would be processed in accordance with the clear and transparent principles and requirements of personal data processing established in the legislation.

Processing of personal data for direct marketing purposes

The Company shall process your personal data for direct marketing after receiving your explicit consent for the processing of such data, for example: when you subscribe to our newsletters, etc. (the basis of data processing is your freely explicit consent to data processing).

For direct marketing, we may process your name, e-mail address, and phone number. Your personal data may be processed for direct marketing in the following ways:

  •  you can receive a newsletter with our offers, promotions, and news by e-mail.
  • you can receive invitations to events, offers, and similar information by email.
  • You can unsubscribe from our newsletters at any time. You can do this by clicking the dedicated link at the bottom of our newsletters.

We use the services of Facebook, Google, and other online advertising providers either. You can read about the privacy policies of these service providers, the data collected, and the personal data protection measures applied in the privacy policies of the aforementioned service providers.

More information on how it works, as well as information on how you can object to the display of such advertisements or such use of the data, can be found in the information provided by the aforementioned service providers.

Processing of the personal data performing video surveillance

We perform video surveillance in our area to ensure the protection of the property, health, and life of the villa, our guests, employees, and other persons.

We perform video surveillance and process the data (video data) of Guests entering the video surveillance field based on our legitimate interests.

Our video surveillance systems do not use face recognition and/or analysis technologies, the video data captured by them are not grouped or profiled according to a specific data subject (a person).

The guests are informed about the video surveillance performed using information signs with a video camera symbol and data controller details, which are presented before entering the monitored territory and/or premise.

The premises where the Guests expect absolute personal data protection (dressing, rest, toilet rooms, etc.) are not included in the surveillance field of video cameras.

The personal data of the Guests collected during video surveillance (video data) are stored for up to 30 (thirty) calendar days from the date of capture.