THE PROCESSING OF YOUR PERSONAL DATA
In connection with the new provisions on personal data of natural persons (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, p. 1) - hereinafter referred to as the GDPR - in force since 25 May 2018, we would like to inform you about what we do with the data we collect, what data we use and what rights apply in connection with the processing.
Administrator of personal data.
The administrator of your personal data is Jolanta Walczak "Bacero" Przedsiębiorstwo produkcyjno- usługowo- handlowych (production, service and trading company) with registered office at Wrocław (postcode 53-234), ul. Grabiszyńska 251, NIP: 8940000253, REGON: 006009551, which owns the Vega Hotel, the Bacero Hotel and the Grand City Hotel.
You can contact the administrator for personal data directly at the e-mail address: email@example.com
Purpose and legal basis of data processing.
Your personal data may only be processed in accordance with the provisions of the applicable law; the GDPR provides for a number of reasons for the processing of personal data of natural persons.
When using our hotel, your personal data will be processed for various purposes:
- to enter into and perform a contract with you for the provision of hotel services or similar services provided by the hotel at the request of a guest (e.g. reservation of a special reception in our restaurant - weddings, baptisms, ceremonial dinners, etc.). Legal basis Art. 6 para. 1 lit. b of the GDPR,
As well as:
- the establishment, prosecution or defence of claims, if applicable,
- archiving of information where it is necessary to prove the facts arising from the provisions of the applicable law,
- financial services to settle the costs of your stay in the hotel through our accounting department, including the issuance of accounting documents,
- statistics, surveys on your satisfaction with our service, analytical - consisting of adapting our services to the needs of customers, handling complaints and notifications,
- for the direct marketing of own products and services,
- furthermore, the personal data of the guest can only be processed in public areas (corridors, stairwells, reception, restaurant, etc.) by video surveillance in the hotel. The purpose of video surveillance is to ensure the safety of our guests and others in the area and the protection of property,
which is our legitimate interest as an administrator of personal data (legal basis Art. 6 para. 1 lit. f of the GDPR)
Scope of data processing.
We process the following data concerning you - your name, e-mail address, telephone number, place of residence, PESEL number, identity card or passport number, date of birth and, if applicable, financial identification data (credit/payment card data).
Duration of data processing
We process your personal data:
- for the entire duration of the contract for hotel services or another contract concluded at the request of a guest and thereafter until the expiry of the limitation period - for a maximum of 10 years,
- necessary for invoicing - for 5 years from the end of the billing period,
- which are processed by us on the basis of our legitimate interest as holders of personal data for the entire period in which this interest exists,
- for the direct marketing of own products and services - up to the objection,
- data processed by video surveillance will be kept for 30 days, unless the occurrence of an incident requires further processing for the purposes of the proceedings in accordance with the provisions of the law.
Parties to whom we may disclose personal data.
We will only pass on your personal data to our subcontractors with whom we have concluded separate agreements for the processing of personal data:
- IT companies and companies offering the hotel's IT support and infrastructure (provider of integrated information systems Not7.pl based in Chyby, ul. Pomarańczowa 5 Spółka z o.o., Profitroom Sp. z o.o. based in Poznań, ul. Roosevelta 9/3, 60-829),
The data can also be passed on to the following categories of recipients: Law firms, courier and postal companies, insurance companies, licensed bodies (e.g. courts, public prosecutors), tax offices.
Data transmission to third countries or international organisations.
We do not share your personal information with third countries or international organizations.
Rights to which you are entitled.
The provisions of the GDPR protect the processing of your personal data. You have the right:
1. to access them and receive a copy of them.
2. to correct your data.
3. remove them if you believe that we have no reason to edit them.
4. to limit the processing of the data, e.g. exclusively to their storage or other purposes stated by you, as well as in a situation in which an objection has been raised against the processing of personal data.
5. oppose marketing. You can object to the processing of your personal data for direct marketing purposes at any time (in this case we will not process your personal data for this purpose).
6. to object to the processing on the basis of a legitimate interest on the basis of your special circumstances. You must give us a reason (special situation) why we have to stop processing the data. We will stop processing your data for these purposes unless we can prove that our reasons for processing take precedence over your rights or if we need them to justify, prosecute or defend claims.
7. to transmit data that can be processed by receiving personal data from us in easily readable formats (e.g. csv or other easily accessible formats) on request or by requesting that we transfer this data to another administrator (service provider),
8. lodge a complaint with the President of the Office for the Protection of Personal Data, whose contact details and the way in which you exercise this right can easily be found on the Internet on the official website of the Office for the Protection of Personal Data.
To exercise your rights, please contact us by e-mail: firstname.lastname@example.org
Once we have confirmed your identity, we will process your requests, rights and questions.
Do you have the right to revoke your consent for certain purposes of data processing if you have previously given it?
You can revoke your consent at any time by sending a short message to our e-mail address email@example.com that you revoke your consent to the processing of your personal data.
Please note that if we process your data for purposes other than those for which you have given your consent, we may process your data for purposes for which we have a different legal basis. We have defined the cases for the purposes for which we process personal data.
Information on the request / voluntary provision of data.
In order to use our services and conclude a contract with us, you must provide us with your personal data, as this is a prerequisite for its conclusion. The need to provide information is also required by law (e.g. for the documentation of sales with VAT invoice). If you do not wish to provide this information, we may refuse to enter into a contract.
Providers who have provided us with personal information about you.
If you have not provided us with your personal data, we may have received your data from the travel agency or booking portal through which you made your reservation.
We work together with the following online booking portals: booking.com, HRS.com, CiH, eHoliday.pl, Expedia.com, Netmedia, PTQV.
Personal data that we have received from other companies are in particular first and last name, e-mail address, telephone number, date of birth, pesel.
Detailed information about the location that has provided us with this information is available at the hotel reception or at – www.gradncityhotel.pl