Menu
Offers
Call us
Access
Make a booking
Promotions
Book a roomSpecial Offers
Book a room

Privacy policy

Your data is in safe hands

Information on the processing of personal data

I. DATA OF THE PERSONAL DATA ADMINISTRATOR

We would like to kindly inform you that the administrator of your personal data is Hotel Trylogia Bozena Ladno, with its registered office in Zielonka (05-220) at ul. Poniatowskiego 46a, entered into the Central Register and Information on Economic Activity kept by the minister for development and using the NIP number: 952-114-27-30, hereinafter referred to as the "Hotel".

Contact with the Hotel regarding the protection of personal data is possible at the following e-mail address: iod@trylogia.pl


II. DATA PROTECTION INSPECTOR

The hotel has appointed a Data Protection Officer who will be happy to help you in all matters related to the protection of personal data, in particular, to answer any questions regarding the processing of your personal data. Contact with the Inspector is possible at the following e-mail address: iod@trylogia.pl


III. PURPOSES AND BASIS FOR PROCESSING OF PERSONAL DATA

In order to provide services in accordance with the business profile, the Hotel processes your personal data - for various purposes, but always in accordance with the law. The provided personal data will be processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation), abbreviated as GDPR. We obtain personal data from you in the process leading to the conclusion of the contract or from our partners from booking portals, if you have given such consent. Below you will find the specific purposes of the processing of personal data along with the legal grounds.

1. In order to evaluate the service, book the service and perform the service, as well as in the case of concluding other contracts related to the business profile, we may process such personal data as:

  • First name and last name;
  • Address (street, house / flat number, zip code and city);
  • Phone number;
  • E-mail adress;
  • Company data along with the NIP number (in the case of issuing a VAT invoice for the enterprise);
  • Vehicle registration number of the customer's vehicle (in the case of using the hotel car park);
  • Basic bank account details to confirm the transfer;
  • ID number / PESEL number;
  • Information relating to nationality;
  • Your payment card number and other card details, as well as credentials and other billing and billing information related to mobile billing;
  • Reservation number.

The legal basis for such data processing is Art. 6 sec. 1 lit. b GDPR, which allows the processing of personal data if they are necessary to perform the contract or take steps to conclude a contract. Children's data such as first name, surname, nationality and date of birth are collected only from their parents or legal guardians in order to determine their age and the discounts they are entitled to, and for statistical purposes (obligation of the Central Statistical Office and tourist tax).

2. In order to consider the complaint, we process personal data such as:

  • First name and last name;
  • Address (street, house / flat number, zip code and city);
  • Phone number;
  • E-mail adress;
  • Reservation number;
  • Possibly the bank account number - if the money is refunded.

The legal basis for such data processing is Art. 6 sec. 1 lit. b GDPR, which allows the processing of personal data if they are necessary to perform the contract or take steps to conclude a contract;

3. In order to issue an invoice and meet other obligations arising from tax law, such as, for example, keeping accounting records for 5 years, we process personal data such as:

  • First name and last name;
  • Business;
  • Residence address or registered office address;
  • Number nip;
  • Reservation number.

The legal basis for such data processing is Art. 6 sec. 1 lit. c GDPR, which allows the processing of personal data, if such processing is necessary for the Personal Data Administrator to fulfill its obligations under the law;

4. In order to test satisfaction with the services offered, audits, improving and modifying our services, we process personal data such as:

  • E-mail adress;
  • Reservation number;
  • First name and last name;
  • Guest comments or suggestions.

The legal basis for such data processing is Art. 6 sec. 1 lit. f GDPR, which allows the processing of personal data, if in this way the Personal Data Administrator carries out its legitimate interest (in this case, the hotel's interest is to learn the opinions of customers about the services provided, to adapt them to the needs and expectations of interested parties);

5. In order to ensure the safety of hotel employees and guests, and to prevent fraud, we process personal data such as:

  • Data from the hotel system;
  • Face image obtained from video monitoring;
  • Vehicle registration number of the customer's vehicle (in the case of using the hotel car park);
  • First name and last name;
  • E-mail adress;
  • Phone number;
  • IP address.

The basis of the work the scope of such data processing is Art. 6 sec. 1 lit. f GDPR, which allows the processing of personal data, if in this way the Personal Data Administrator carries out its legitimate interest (in this case, the interest of the Hotel is to ensure security to all persons staying on the premises of the Hotel). Closed-circuit television data is removed maximum 30 days from the date of registration.

6. In order to create registers and records related to the GDPR, including, for example, the register of customers who objected in accordance with the GDPR, we process personal data such as:

  • First name and last name;
  • E-mail adress.

The provisions of the GDPR impose certain documentation obligations on us to demonstrate compliance and accountability. In the event that you, for example, object to the processing of your personal data for marketing purposes, we need to know who not to use direct marketing.

The legal basis for such data processing is Art. 6 sec. 1 lit. c GDPR, which allows the processing of personal data, if such processing is necessary for the Personal Data Administrator to fulfill its obligations under the law (provisions contained in the GDPR); and, art. 6 sec. 1 lit. f GDPR, which allows the processing of personal data, if in this way the Personal Data Administrator implements its legitimate interest (in this case, the hotel's interest is to have knowledge about people who exercise their rights under the GDPR);

7. In order to establish, investigate or defend against claims, we process personal data such as:

  • Name and surname (if the surname was given) or company name;
  • Residence address (if provided);
  • PESEL number or NIP number (if provided);
  • E-mail adress;
  • IP address;
  • Reservation number.

The legal basis for such data processing is Art. 6 sec. 1 lit. f GDPR, which allows the processing of personal data, if in this way the Personal Data Administrator implements his legitimate interest (in this case, the hotel's interest is to have personal data that will allow to establish, pursue or defend against claims, including customers and third parties);

8. For analytical purposes, i.e. research and analysis of activity on the website belonging to the Hotel, we process personal data such as:

  • Date and time of visiting the website;
  • Type of operating system;
  • Approximate location;
  • Type of web browser used to view the website;
  • Time spent on the site;
  • Subpages visited;
  • The subpage where the contact form has been completed.

The legal basis for such data processing is Art. 6 sec. 1 lit. f GDPR, which allows the processing of personal data, if in this way the Personal Data Administrator carries out its legitimate interest (in this case, the hotel's interest is to learn about customer activity on the website);

In order to use cookies on the website, we process such text information (cookies will be described in a separate section). The legal basis for such processing is Art. 6 sec. 1 lit. a GDPR, which allows the processing of personal data on the basis of a voluntarily granted consent (the first time you enter the website, a request for consent to the use of cookies appears);

9. In order to administer the website, we process personal data such as:

  • IP address;
  • Server date and time;
  • Information about the web browser;
  • Information about the operating system

These data are saved automatically in the so-called server logs, each time you use the website belonging to the Hotel. It would not be possible to administer the website without the use of a server and without this automatic saving. The legal basis for such data processing is Art. 6 sec. 1 lit. f GDPR, which allows the processing of personal data, if in this way the Personal Data Administrator carries out its legitimate interest (in this case, the hotel's interest is website administration);


IV. COOKIES

The hotel on its website, like other entities, uses the so-called cookies, i.e. short text information saved on a computer, phone, tablet or other user's device. They can be read by our system, as well as by systems belonging to other entities whose services we use (e.g. Facebook, Google).

Cookies perform many functions on the website, most often useful, which we will try to describe below (if the information is insufficient, please contact us):

  • ensuring security - cookies are used to authenticate users and prevent unauthorized use of the customer panel. Therefore, they are used to protect the user's personal data against unauthorized access;
  • impact on the processes and efficiency of using the website - cookies are used to ensure that the website works efficiently and that you can use the functions available on it, which is possible among other things, thanks to remembering the settings between subsequent visits to the website. Thanks to them, you can efficiently navigate the website and individual subpages;
  • session status - cookie files often contain information on how visitors use the website, e.g. which subpages are displayed most often. They also make it possible to identify errors displayed on some subpages. Cookies used to save the so-called "Session state" therefore help to improve services and increase the browsing experience;
  • maintaining the session status - if the client logs in to his panel, cookies enable the session to be maintained. This means that after switching to another subpage, you do not have to re-enter your login and password each time, which contributes to the comfort of using the website;
  • creating statistics - cookies are used to analyze how users use the website (how many people open the website, how long they stay on it, which content is of greatest interest, etc.). Thanks to this, it is possible to constantly improve the website and adapt its operation to the preferences of users. In order to track activity and create statistics, we use Google tools, such as Google Analytics; in addition to reporting website usage statistics, pixel Google Analytics may also be used, together with some of the cookies described above, to help display more relevant content to the user in Google services (e.g. in the Google search engine) and throughout the web;
  • use of social functions - on the website we have the so-called Facebook pixel that allows you to like our fanpage on this website while using the website. However, to do this, we must use cookies provided by Facebook.

By default, your web browser allows the use of cookies on your device, so during the first visit, please consent to the use of cookies. However, if you do not wish to use cookies when browsing the website, you can change the settings in your web browser - completely block the automatic handling of cookies or request notification each time cookies are placed on the device. The settings can be changed at any time.

While respecting the autonomy of all people using the website, we feel obliged to inform you that disabling or limiting the use of cookies may cause quite serious difficulties in using the website, e.g. in the form of having to log in to each subpage, longer page loading period. , restrictions on the use of functionalities, restrictions on liking the page on Facebook, etc.


V. RIGHT TO WITHDRAW CONSENT

If the processing of personal data is based on consent, you may withdraw this consent at any time.

If you would like to withdraw your consent to the processing of personal data, then you should follow point 11 point 5. If the processing of your personal data was based on consent, its withdrawal does not make the processing of personal data to at that moment it was illegal. In other words, until the consent is withdrawn, we have the right to process your personal data and its revocation does not affect the lawfulness of the current processing.


VI. REQUIREMENT TO PROVIDE PERSONAL DATA

Providing any personal data is voluntary and depends on your decision. However, in some cases, providing certain personal data is necessary to meet your expectations regarding the use of services.

In order to order a service at the Hotel, it is necessary to provide the data indicated in point. 3 A of this privacy policy.

In order for you to be able to receive an invoice for services, it is necessary to provide all the data required by tax law - without this, we are not able to properly issue an invoice.

In order to be able to contact you by phone in matters related to the provision of the service, it is necessary to provide a telephone number and e-mail address - without this, we are not able to contact us by phone or send a booking confirmation.


VII. AUTOMATED DECISION MAKING AND PROFILING

We would like to kindly inform you that we do not make automated decisions, including those based on profiling. The content of the inquiry, which is sent via the form, is not subject to evaluation by the IT system. The proposed price of the service is based on the price list of our hotel.


VIII. PERSONAL DATA RECIPIENTS

Like most entrepreneurs, we use the help of other entities in our activities, which often involves the necessity to provide personal data. In connection with the above, if necessary, we transfer your personal data to lawyers cooperating with us who provide services to companies that handle fast payments, an accounting company, a hosting company, a company responsible for sending SMS messages, as well as an insurance company (if it is necessary to repair the damage).

In addition, it may happen that, for example, on the basis of an appropriate legal provision or a decision of a competent authority, we will also have to transfer your personal data to other authorities or entities.


IX. TRANSMISSION OF PERSONAL DATA TO THIRD COUNTRIES

Like most entrepreneurs, we use various popular services and technologies offered by entities such as Facebook, Microsoft, Google or Bitrix24. These companies are based outside the European Union, and therefore in the light of the provisions of the GDPR, they are treated as third countries.

The GDPR introduces certain limitations in the transfer of personal data to third countries, because since, as a rule, European regulations do not apply there, the protection of personal data of European Union citizens may unfortunately be insufficient. Therefore, each data controller is required to establish the legal basis for such transfer.

For our part, we assure you that when using the services and technologies, we transfer personal data only to entities from the United States and only to those that have joined the Privacy Shield program, based on the implementing decision of the European Commission of July 12, 2016 - more on this subject can be found read on the European Commission website at: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacyshield_en.

Entities that have joined the Privacy Shield program guarantee that they will comply with the high standards of personal data protection that are in force in the European Union, therefore the use of their services and technologies in the process of personal data processing is legal.

At any time, we will provide you with additional explanations regarding the transfer of personal data, in particular when this issue raises your concern.


X. PERIOD OF PROCESSING OF PERSONAL DATA

1. In accordance with applicable law, we do not process your personal data "indefinitely", but for the time needed to achieve the set goal. After this period, your personal data will be irretrievably deleted or destroyed.

2. In a situation where we do not need to perform operations on your personal data other than their storage (e.g. when we store the content of the order for the purpose of defending against claims), we additionally secure them until they are permanently removed or destroyed - by pseudonymisation. Pseudonymisation consists in encrypting personal data or a set of personal data in such a way that it is impossible to read them without an additional key, and therefore such information becomes completely useless for an unauthorized person.

3. Regarding individual periods of personal data processing, we kindly inform you that we process personal data for the period of:

  • the duration of the contract - in relation to personal data processed for the conclusion and performance of the contract;
  • 3 years or 10 years + 1 year - in relation to personal data processed for the purpose of establishing, investigating or defending claims (the length of the period depends on whether both parties are entrepreneurs or not);
  • 6 months - in relation to personal data that were collected in the valuation of the service, and at the same time the contract was not concluded immediately;
  • 5 years - in relation to personal data related to the fulfillment of obligations under tax law;
  • until the consent is withdrawn or the purpose of processing is achieved, but not longer than for 5 years - in relation to personal data processed on the basis of consent;
  • until an objection is effectively raised or the purpose of processing is achieved, but not longer than for 5 years - in relation to personal data processed on the basis of the legitimate interest of the Personal Data Administrator or for marketing purposes;
  • until they become obsolete or lose their usefulness, but no longer than for 3 years - in relation to personal data processed mainly for analytical purposes, the use of cookies and website administration.

4. We count the periods in years from the end of the year in which we started processing personal data in order to improve the process of deleting or destroying personal data. Separate counting of the deadline for each concluded contract would entail significant organizational and technical difficulties, as well as a significant financial outlay, therefore establishing a single date for the deletion or destruction of personal data allows us to manage this process more efficiently. Of course, if you exercise your right to be forgotten, such situations are considered individually.

5. An additional year related to the processing of personal data collected for the performance of the contract is dictated by the hypothetical fact that you can report a moment before the expiry of the limitation period, the request may be delivered with a significant delay or you may incorrectly specify the limitation period for your claim.


XI. POWERS OF DATA SUBJECTS

1. We kindly inform you that you have the right to:

  • access to your personal data;
  • rectification of personal data;
  • deletion of personal data;
  • restrictions on the processing of personal data;
  • object to the processing of personal data;
  • to be forgotten in the event that other legal provisions allow it;
  • receiving a copy of the data
  • transferring personal data.

2. We respect your rights under the provisions on the protection of personal data and we try to facilitate their implementation as much as possible.

3. We point out that the above-mentioned rights are not absolute, and therefore we may legally refuse you to comply with them in certain situations. However, if we refuse to accept the request, it is only after careful analysis and only if the refusal to accept the request is necessary.

4. Regarding the right to object, we explain that you have the right to object to the processing of your personal data at any time on the basis of the legitimate interest of the Personal Data Administrator (they are listed in point III) in connection with your particular situation. However, you must remember that, in accordance with the provisions, we may refuse to take into account the objection if we prove that:

  • there are legitimate grounds for processing that override your interests, rights and freedoms, or
  • there are grounds for establishing, investigating or defending claims.

5. In addition, you can object to the processing of your personal data for marketing purposes at any time. In such a situation, after receiving the objection, we will stop processing for this purpose.

6. You can exercise your rights in the following way:

  • send an e-mail to the Data Protection Officer at the following address: iod@trylogia.pl
  • send such a request to the address of the Data Protection Officer - ul. Poniatowskiego 46a; 05-220 Zielonka
  • provide the receptionist during a visit to our Hotel.


XII. RIGHT TO LODGE A COMPLAINT

If you believe that your personal data is being processed contrary to the applicable law, you may lodge a complaint with the President of the Personal Data Protection Office.


XIII. FINAL PROVISIONS

To the extent not covered by this Privacy Policy, the provisions on the protection of personal data shall apply.

The hotel reserves the right to make changes to this Privacy Policy, with the proviso that the version valid at the time of booking the service shall apply to services performed prior to the change of the Privacy Policy.

This Privacy Policy applies from May 25, 2018.

Trylogia Hotel

Poniatowskiego 46
05-220 Zielonka near Warsaw

22 771 82 24
recepcja@trylogia.pl


Check out our location
© 2024
Hotel Trylogia

Powered by ZUUWORKS