Pema e Thate Beach Bar & Sunbed Rental
Pema e Thate is committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), applicable Albanian data protection laws, and other relevant privacy regulations.
This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our premises, use our services, visit our website, contact us, or make reservations.
1. Data Controller
The data controller responsible for your personal data is:
Pema e Thate
Address: Lagjia nr.3, rruga Pema e Thate, nr.2, Ksamil, Sarande 9706
Email: info@pemaethate.com
Phone: 355693103331
If you have any questions regarding this Privacy Policy or the processing of your personal data, please contact us using the details above.
2. Personal Data We Collect
We may collect and process the following categories of personal data:
Information You Provide Directly
- Name and surname
- Email address
- Telephone number
- Reservation details
- Special requests or preferences
- Payment-related information
- Communications sent to us via email, phone, social media, or contact forms
Information Collected Automatically
When you visit our website, we may collect:
- IP address
- Browser type and version
- Device information
- Pages visited
- Date and time of access
- Referring website information
- Cookie and tracking data
CCTV Monitoring
For security and safety purposes, CCTV cameras may operate in selected areas of our premises. CCTV recordings may capture images of visitors and staff.
3. Purpose of Processing Personal Data
We process personal data for the following purposes:
- Managing beach bed and umbrella reservations
- Providing beach bar services
- Processing payments and transactions
- Responding to inquiries and customer support requests
- Managing customer relationships
- Improving our services and website functionality
- Complying with legal obligations
- Ensuring safety and security through CCTV monitoring
- Preventing fraud and unauthorized activities
- Sending marketing communications where consent has been provided
4. Legal Basis for Processing
Under GDPR, we process personal data based on one or more of the following legal grounds:
Contractual Necessity
Processing required to provide services you request, such as reservations or purchases.
Legal Obligation
Processing necessary to comply with applicable laws, tax regulations, accounting obligations, or requests from public authorities.
Legitimate Interests
Processing necessary for:
- Business administration
- Service improvement
- Website security
- Fraud prevention
- Customer service
- Protection of property and individuals
Consent
Where required by law, we rely on your consent for:
- Marketing communications
- Certain cookies and tracking technologies
You may withdraw your consent at any time.
5. Cookies and Similar Technologies
Our website may use cookies and similar technologies to:
- Ensure proper website functionality
- Remember user preferences
- Analyze website traffic
- Improve user experience
- Support marketing activities
Where required by law, non-essential cookies will only be used after obtaining your consent.
You may manage cookie preferences through your browser settings or our cookie consent banner.
6. Sharing of Personal Data
We may share personal data with:
Service Providers
- Website hosting providers
- Reservation management providers
- Payment processors
- IT support providers
- Marketing service providers
Authorities
Where required by law, we may disclose personal data to:
- Courts
- Regulatory authorities
- Law enforcement agencies
- Tax authorities
All third-party service providers are required to process personal data securely and only for authorized purposes.
7. International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA), we will ensure that appropriate safeguards are implemented, including:
- European Commission adequacy decisions
- Standard Contractual Clauses (SCCs)
- Other legally approved transfer mechanisms
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, including:
- Reservation records: as required for business and legal purposes
- Accounting and financial records: as required by applicable law
- Customer communications: as reasonably necessary for customer service
- CCTV footage: generally retained for a limited period unless required for investigations or legal obligations
When data is no longer needed, it will be securely deleted or anonymized.
9. Data Security
We implement appropriate technical and organizational measures to protect personal data, including:
- Secure servers and systems
- Access controls
- Password protection
- Data encryption where appropriate
- Staff confidentiality obligations
- Regular security reviews
Despite these measures, no method of transmission or storage can be guaranteed as completely secure.
10. Your Rights Under GDPR
You have the following rights regarding your personal data:
Right of Access
You may request confirmation of whether we process your personal data and obtain a copy of that data.
Right to Rectification
You may request correction of inaccurate or incomplete information.
Right to Erasure
You may request deletion of your personal data where applicable.
Right to Restriction of Processing
You may request that we limit the processing of your personal data in certain circumstances.
Right to Data Portability
You may request a copy of your data in a structured, commonly used, machine-readable format.
Right to Object
You may object to certain processing activities based on legitimate interests.
Right to Withdraw Consent
Where processing is based on consent, you may withdraw your consent at any time.
Right to Lodge a Complaint
You have the right to submit a complaint to the competent data protection authority if you believe your rights have been violated.
11. Marketing Communications
If you subscribe to our newsletter or marketing communications, we may send promotional information about our services, events, and special offers.
You may opt out at any time by:
- Clicking the unsubscribe link in emails
- Contacting us directly
We will not send marketing communications without an appropriate legal basis.
12. Third-Party Websites
Our website may contain links to third-party websites or social media platforms. We are not responsible for the privacy practices of those external websites. We encourage users to review their privacy policies separately.
13. Children’s Privacy
Our services are not specifically directed toward children under the age of 16. We do not knowingly collect personal data from children without appropriate parental authorization where required by law.
14. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect legal, operational, or regulatory changes.
Any updates will be published on our website with a revised “Last Updated” date.
15. Contact Us
If you have any questions regarding this Privacy Policy or wish to exercise your GDPR rights, please contact:
Pema e Thate
Address: Lagjia nr.3, rruga Pema e Thate, nr.2, Ksamil, Sarande 9706
Email: info@pemaethate.com
Phone: 355693103331
We will respond to privacy-related requests in accordance with applicable data protection laws.
By using our website, making a reservation, or using our services, you acknowledge that you have read and understood this Privacy Policy.