DISCLOSURE OBLIGATION TO HOTEL CUSTOMERS
- The controller of your personal data is Bachleda Hotel Zakopane Sp. z o.o with its registered office in Zakopane, ul. Tetmajera 16, 34-500 Zakopane, hereinafter referred to as “Controller”.
- Contact details of the Personal Data Protection Inspector: Rafał Andrzejewski, email: firstname.lastname@example.org
- We wish to inform you that your personal data is processed for the purpose of executing the agreement, the party of which is the person the data is related to, or to undertake actions as demanded by the person the data is related to prior to concluding the agreement; sending commercial information with the use of means of electronic communication; direct marketing of the Controller’s own products or services; pursuing business activity claims; fulfilling the legal obligation imposed on the Controller.
- The legal basis for the processing of your personal data – Article 6 (1) (a) GPDR, Article 6 (1) (b) GDPR, Article 6 (1) (c) GDPR, Article 6 (1) (f) GDPR.
- Providing your personal data is a contractual and statutory obligation (issuing a VAT invoice). Failure to provide data shall result in inability to provide the service. Additionally, upon receiving the guest’s consent, his/her personal data shall be processed for the marketing purposes within the scope of such consent.
- We shall process your personal data only for as long as necessary:
- the data shall be processed throughout the period of providing hotel services;
- for the purpose of accounting and for tax reasons, we shall process the data for as long as we are legally obligated to do so. Pursuant to applicable regulations, it is the period of 5 years from the end of the calendar year in which the tax obligation arouse;
- provided that we process personal data for the purpose of pursuing claims (including in recovery proceedings), we shall be entitled to process it for that purpose for the period of limitation in accordance with the provisions of the Civil Code;
- provided that you have given us your consent to the processing of your personal data, whether for marketing purposes or in other cases when we ask for such consent, we shall process it until you withdraw your consent.
- Your data may be made available or entrusted, pursuant to an agreement, to one of the following recipient categories:
- transport companies and taxi drivers in case of organizing transport or courier services for the guests;
- companies providing IT support for the hotel;
- companies providing accounting services;
- companies providing legal services;
- companies providing services related to the reception system;
- companies providing services related to the newsletter;
- companies providing services related to the booking system;
- companies providing services related to security of people and property;
- companies providing marketing services for the hotel and travel agencies.
- You have the right to demand:
- access to your personal data – within the limits of Article 15 GDPR,
- correcting it – within the limits of Article 16 GDPR,
- deleting it - within the limits of Article 17 GDPR,
- limiting the processing - within the limits of Article 18 GDPR,
- transferring the data - within the limits of Article 20 GDPR,
- the right to object to processing (in case of processing specified in Article 6 (1) (f) GDPR) – within the limits of Article 21 GDPR.
INFORMATION CLAUSE - MONITORING
In connection with Article 13 of the Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR”), we inform that:
- The controller of your data registered by the camera system is Bachleda Hotel Zakopane Sp. z o.o with its registered office in Zakopane, ul. Tetmajera 16, 34-500 Zakopane, hereinafter referred to as “Controller”.
- The goal of monitoring is to ensure safety of the hotel guests pursuant to Article 6 (1) (f) GDPR. With respect to the hotel employees, the goal shall be to ensure safety in the workplace, protect property and maintain the secrecy of information the disclosure of which could compromise the Controller, pursuant to Article 6 (1) (c) GDPR in connection to Article 22² § 1 of the Act of 26 June 1974 Labour Code (Dz.U.2018.917 i.e. of 16 May 2018).
- Your personal data may also be processed by entities with which the Controller has signed personal data processing agreements, in particular an information technology company.
- The data shall not be transferred to third countries or international organisations.
- Your personal data shall be registered in electronic form as image from video monitoring and stored for the period of no longer than 30 days of recording, and in case the recording is or can be a piece of evidence in any proceedings carried out pursuant to applicable law – for as long as necessary, as imposed by legal regulations.
- You have the right to lodge a complaint with a supervisory authority, when you recognize that the processing of your personal data infringes the Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR). The supervisory authority is the President of the Personal Data Protection Office. You also have the right to access your personal data.
- Based on personal data processed in that way, the Personal Data Controller shall not make decisions based solely on automated processing, including decisions resulting from profiling. (Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict certain aspects concerning that natural person’s performance at work, economic situations, health, personal preferences, interests, reliability, behaviour, location or movement.)
 GDPR – REGULATION OF THE EUROPEAN PARLIAMENT AND THE EU COUNCIL 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation).