I. DATA OF THE PERSONAL DATA ADMINISTRATOR
We would like to kindly inform you that the administrator of your personal data is Hotel Trylogia Bozena Ladno, with its registered office in Zielonka (05-220) at ul. Poniatowskiego 46a, entered into the Central Register and Information on Economic Activity kept by the minister for development and using the NIP number: 952-114-27-30, hereinafter referred to as the "Hotel".
Contact with the Hotel regarding the protection of personal data is possible at the following e-mail address: iod@trylogia.pl
II. DATA PROTECTION INSPECTOR
The hotel has appointed a Data Protection Officer who will be happy to help you in all matters related to the protection of personal data, in particular, to answer any questions regarding the processing of your personal data. Contact with the Inspector is possible at the following e-mail address: iod@trylogia.pl
III. PURPOSES AND BASIS FOR PROCESSING OF PERSONAL DATA
In order to provide services in accordance with the business profile, the Hotel processes your personal data - for various purposes, but always in accordance with the law. The provided personal data will be processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation), abbreviated as GDPR. We obtain personal data from you in the process leading to the conclusion of the contract or from our partners from booking portals, if you have given such consent. Below you will find the specific purposes of the processing of personal data along with the legal grounds.
1. In order to evaluate the service, book the service and perform the service, as well as in the case of concluding other contracts related to the business profile, we may process such personal data as:
The legal basis for such data processing is Art. 6 sec. 1 lit. b GDPR, which allows the processing of personal data if they are necessary to perform the contract or take steps to conclude a contract. Children's data such as first name, surname, nationality and date of birth are collected only from their parents or legal guardians in order to determine their age and the discounts they are entitled to, and for statistical purposes (obligation of the Central Statistical Office and tourist tax).
2. In order to consider the complaint, we process personal data such as:
The legal basis for such data processing is Art. 6 sec. 1 lit. b GDPR, which allows the processing of personal data if they are necessary to perform the contract or take steps to conclude a contract;
3. In order to issue an invoice and meet other obligations arising from tax law, such as, for example, keeping accounting records for 5 years, we process personal data such as:
The legal basis for such data processing is Art. 6 sec. 1 lit. c GDPR, which allows the processing of personal data, if such processing is necessary for the Personal Data Administrator to fulfill its obligations under the law;
4. In order to test satisfaction with the services offered, audits, improving and modifying our services, we process personal data such as:
The legal basis for such data processing is Art. 6 sec. 1 lit. f GDPR, which allows the processing of personal data, if in this way the Personal Data Administrator carries out its legitimate interest (in this case, the hotel's interest is to learn the opinions of customers about the services provided, to adapt them to the needs and expectations of interested parties);
5. In order to ensure the safety of hotel employees and guests, and to prevent fraud, we process personal data such as:
The basis of the work the scope of such data processing is Art. 6 sec. 1 lit. f GDPR, which allows the processing of personal data, if in this way the Personal Data Administrator carries out its legitimate interest (in this case, the interest of the Hotel is to ensure security to all persons staying on the premises of the Hotel). Closed-circuit television data is removed maximum 30 days from the date of registration.
6. In order to create registers and records related to the GDPR, including, for example, the register of customers who objected in accordance with the GDPR, we process personal data such as:
The provisions of the GDPR impose certain documentation obligations on us to demonstrate compliance and accountability. In the event that you, for example, object to the processing of your personal data for marketing purposes, we need to know who not to use direct marketing.
The legal basis for such data processing is Art. 6 sec. 1 lit. c GDPR, which allows the processing of personal data, if such processing is necessary for the Personal Data Administrator to fulfill its obligations under the law (provisions contained in the GDPR); and, art. 6 sec. 1 lit. f GDPR, which allows the processing of personal data, if in this way the Personal Data Administrator implements its legitimate interest (in this case, the hotel's interest is to have knowledge about people who exercise their rights under the GDPR);
7. In order to establish, investigate or defend against claims, we process personal data such as:
The legal basis for such data processing is Art. 6 sec. 1 lit. f GDPR, which allows the processing of personal data, if in this way the Personal Data Administrator implements his legitimate interest (in this case, the hotel's interest is to have personal data that will allow to establish, pursue or defend against claims, including customers and third parties);
8. For analytical purposes, i.e. research and analysis of activity on the website belonging to the Hotel, we process personal data such as:
The legal basis for such data processing is Art. 6 sec. 1 lit. f GDPR, which allows the processing of personal data, if in this way the Personal Data Administrator carries out its legitimate interest (in this case, the hotel's interest is to learn about customer activity on the website);
In order to use cookies on the website, we process such text information (cookies will be described in a separate section). The legal basis for such processing is Art. 6 sec. 1 lit. a GDPR, which allows the processing of personal data on the basis of a voluntarily granted consent (the first time you enter the website, a request for consent to the use of cookies appears);
9. In order to administer the website, we process personal data such as:
These data are saved automatically in the so-called server logs, each time you use the website belonging to the Hotel. It would not be possible to administer the website without the use of a server and without this automatic saving. The legal basis for such data processing is Art. 6 sec. 1 lit. f GDPR, which allows the processing of personal data, if in this way the Personal Data Administrator carries out its legitimate interest (in this case, the hotel's interest is website administration);
IV. COOKIES
The hotel on its website, like other entities, uses the so-called cookies, i.e. short text information saved on a computer, phone, tablet or other user's device. They can be read by our system, as well as by systems belonging to other entities whose services we use (e.g. Facebook, Google).
Cookies perform many functions on the website, most often useful, which we will try to describe below (if the information is insufficient, please contact us):
By default, your web browser allows the use of cookies on your device, so during the first visit, please consent to the use of cookies. However, if you do not wish to use cookies when browsing the website, you can change the settings in your web browser - completely block the automatic handling of cookies or request notification each time cookies are placed on the device. The settings can be changed at any time.
While respecting the autonomy of all people using the website, we feel obliged to inform you that disabling or limiting the use of cookies may cause quite serious difficulties in using the website, e.g. in the form of having to log in to each subpage, longer page loading period. , restrictions on the use of functionalities, restrictions on liking the page on Facebook, etc.
V. RIGHT TO WITHDRAW CONSENT
If the processing of personal data is based on consent, you may withdraw this consent at any time.
If you would like to withdraw your consent to the processing of personal data, then you should follow point 11 point 5. If the processing of your personal data was based on consent, its withdrawal does not make the processing of personal data to at that moment it was illegal. In other words, until the consent is withdrawn, we have the right to process your personal data and its revocation does not affect the lawfulness of the current processing.
VI. REQUIREMENT TO PROVIDE PERSONAL DATA
Providing any personal data is voluntary and depends on your decision. However, in some cases, providing certain personal data is necessary to meet your expectations regarding the use of services.
In order to order a service at the Hotel, it is necessary to provide the data indicated in point. 3 A of this privacy policy.
In order for you to be able to receive an invoice for services, it is necessary to provide all the data required by tax law - without this, we are not able to properly issue an invoice.
In order to be able to contact you by phone in matters related to the provision of the service, it is necessary to provide a telephone number and e-mail address - without this, we are not able to contact us by phone or send a booking confirmation.
VII. AUTOMATED DECISION MAKING AND PROFILING
We would like to kindly inform you that we do not make automated decisions, including those based on profiling. The content of the inquiry, which is sent via the form, is not subject to evaluation by the IT system. The proposed price of the service is based on the price list of our hotel.
VIII. PERSONAL DATA RECIPIENTS
Like most entrepreneurs, we use the help of other entities in our activities, which often involves the necessity to provide personal data. In connection with the above, if necessary, we transfer your personal data to lawyers cooperating with us who provide services to companies that handle fast payments, an accounting company, a hosting company, a company responsible for sending SMS messages, as well as an insurance company (if it is necessary to repair the damage).
In addition, it may happen that, for example, on the basis of an appropriate legal provision or a decision of a competent authority, we will also have to transfer your personal data to other authorities or entities.
IX. TRANSMISSION OF PERSONAL DATA TO THIRD COUNTRIES
Like most entrepreneurs, we use various popular services and technologies offered by entities such as Facebook, Microsoft, Google or Bitrix24. These companies are based outside the European Union, and therefore in the light of the provisions of the GDPR, they are treated as third countries.
The GDPR introduces certain limitations in the transfer of personal data to third countries, because since, as a rule, European regulations do not apply there, the protection of personal data of European Union citizens may unfortunately be insufficient. Therefore, each data controller is required to establish the legal basis for such transfer.
For our part, we assure you that when using the services and technologies, we transfer personal data only to entities from the United States and only to those that have joined the Privacy Shield program, based on the implementing decision of the European Commission of July 12, 2016 - more on this subject can be found read on the European Commission website at: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacyshield_en.
Entities that have joined the Privacy Shield program guarantee that they will comply with the high standards of personal data protection that are in force in the European Union, therefore the use of their services and technologies in the process of personal data processing is legal.
At any time, we will provide you with additional explanations regarding the transfer of personal data, in particular when this issue raises your concern.
X. PERIOD OF PROCESSING OF PERSONAL DATA
1. In accordance with applicable law, we do not process your personal data "indefinitely", but for the time needed to achieve the set goal. After this period, your personal data will be irretrievably deleted or destroyed.
2. In a situation where we do not need to perform operations on your personal data other than their storage (e.g. when we store the content of the order for the purpose of defending against claims), we additionally secure them until they are permanently removed or destroyed - by pseudonymisation. Pseudonymisation consists in encrypting personal data or a set of personal data in such a way that it is impossible to read them without an additional key, and therefore such information becomes completely useless for an unauthorized person.
3. Regarding individual periods of personal data processing, we kindly inform you that we process personal data for the period of:
4. We count the periods in years from the end of the year in which we started processing personal data in order to improve the process of deleting or destroying personal data. Separate counting of the deadline for each concluded contract would entail significant organizational and technical difficulties, as well as a significant financial outlay, therefore establishing a single date for the deletion or destruction of personal data allows us to manage this process more efficiently. Of course, if you exercise your right to be forgotten, such situations are considered individually.
5. An additional year related to the processing of personal data collected for the performance of the contract is dictated by the hypothetical fact that you can report a moment before the expiry of the limitation period, the request may be delivered with a significant delay or you may incorrectly specify the limitation period for your claim.
XI. POWERS OF DATA SUBJECTS
1. We kindly inform you that you have the right to:
2. We respect your rights under the provisions on the protection of personal data and we try to facilitate their implementation as much as possible.
3. We point out that the above-mentioned rights are not absolute, and therefore we may legally refuse you to comply with them in certain situations. However, if we refuse to accept the request, it is only after careful analysis and only if the refusal to accept the request is necessary.
4. Regarding the right to object, we explain that you have the right to object to the processing of your personal data at any time on the basis of the legitimate interest of the Personal Data Administrator (they are listed in point III) in connection with your particular situation. However, you must remember that, in accordance with the provisions, we may refuse to take into account the objection if we prove that:
5. In addition, you can object to the processing of your personal data for marketing purposes at any time. In such a situation, after receiving the objection, we will stop processing for this purpose.
6. You can exercise your rights in the following way:
XII. RIGHT TO LODGE A COMPLAINT
If you believe that your personal data is being processed contrary to the applicable law, you may lodge a complaint with the President of the Personal Data Protection Office.
XIII. FINAL PROVISIONS
To the extent not covered by this Privacy Policy, the provisions on the protection of personal data shall apply.
The hotel reserves the right to make changes to this Privacy Policy, with the proviso that the version valid at the time of booking the service shall apply to services performed prior to the change of the Privacy Policy.
This Privacy Policy applies from May 25, 2018.
Poniatowskiego 46
05-220 Zielonka near Warsaw