DISCLOSURE OBLIGATION TO HOTEL CUSTOMERS
The new provisions on personal data protection (GDPR) came into force on 25 May 2018. Therefore, we would like to clarify, what this means to you in practice. The safety of your data is our utmost priority; therefore, we take all necessary measures to ensure that their processing is carried out safely and transparently.
Its idea is to present you with your full rights in relation to the new provisions on the protection of personal data and the obligations that we must fulfil towards you subject to article 13 of the GDPR (i.e., Information Obligation), among others.
- To begin, we wish to explain to you what the GDPR is.
The GDPR is short for the Regulation of the European Parliament and the EU Council 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data as well as the repeal of Directive 95/46/EC. Therefore, each time we use this abbreviation, it shall refer to this act of law. Often, we will also use the term "General Data Protection Regulation” interchangeably.
- What lies beneath the term data controller?The data controller, the entity that determines the purposes for which and by what means your personal data will be processed is Hotel Wersal Sp. z o.o. with registered seat in Zakopane, ul. Tetmajera 16, 34-500 Zakopane.
- Who is a Data Protection Officer (DPO)?
A Data Protection Officer (DPO) is a person you can contact if you have questions, doubts as to the scope of the processing of your data by the Data Controller.
The function is performed in our company by Rafał Andrzejewski.
You can contact the Data Protection Officer in several ways:
a. as a rule, we recommend contact via e-mail: email@example.com. This form of contact will allow us to refer to your correspondence in a specific and transparent manner.
b. however, if you think that e-mail contact is bothersome to you, you may contact the Data Protection Officer by telephone via 504976690.
- Please be informed that your personal data is processed in order to perform the agreement, to which the data subject is a party, or to take actions on the request of the data subject prior to entering into an agreement; to send trade information by means of electronic communication; to conduct direct marketing of the data controller’s products or services; to seek redress for business activities; to fulfil the legal obligations imposed on the Data Controller.
- The Legal basis for processing of your personal data is article 6 sec. 1(a) of the GDPR , article 6 sec. 1(b) of the GDPR, article 6 sec. 1(c) of the GDPR and article 6 sec. 1(f) of the GDPR.
- Information about the recipients of personal data:
Your data may be disclosed to:
a. transport companies and taxi drivers upon ordering transport or courier services for the guest;
b. companies providing IT support services for the hotel;
c. companies providing accounting services;
d. companies providing legal services;
e. companies operating the reception system;
f. companies providing newsletter services;
g. companies operating the booking system;
h. companies providing security services for persons and property;
i. companies providing marketing services for the hotel.
7. Your personal data will not be transferred to third countries.
8. Retention period – how long will we process your personal data?
We will process your personal data no longer than necessary.
- For accounting and tax purposes, we will process it for as long as we are obligated to do so by the law. In light of the recent provisions, it is for 5 years counting from the end of the calendar year in which the tax obligation was imposed.
- If personal data is processed to pursue claims (including court proceedings), we will be able to process it for the period of limitation of claims in compliance with the provisions of the Civil Code.
- If you give us your consent to the processing of personal data, whether for marketing purposes, for the dissemination of image and in many other cases upon our request, then we will process it until you cancel your consent.
- Upon accomplishment of the primary purpose for which your personal data was obtained (e.g. performance of the agreement, processing is necessary to perform the agreement), your data will be processed for archival purposes for the period in compliance with our archival regulations and for a period required to defend us against claims, subject to generally applicable provisions of law, including the limitation period for claims specified in the generally applicable requirements of law.
9. Please be advised that you have the right to:
1. access to your personal data, as well as to rectify, delete or limit processing.
2. transfer your data
3. lodge a complaint to the supervisory authorities.
4. a written, justified request to stop the processing of your data, due to personal reasons;
5. to object to the processing of your data, where the Data Controller intends to use it for marketing purposes or against transferring your data to another data controller;
6. obtain comprehensive information concerning:
- the presence of your data in the collections of the Data Controller and the address of its registered office;
- purpose, scope and manner of processing data contained in such collections;
- information on how long your data is processed in the collections;
- possible sources of data acquisition;
- sharing your data, and in particular information about the recipients or categories of recipients to whom the data are made available.
10. Furthermore, please be informed that in relation to personal data processed subject to your consent – you are entitled to withdraw your consent to the processing of personal data at any time. The withdrawal of consent does not affect the legality of processing, which was carried out based on consent before its withdrawal. Consent may be withdrawn in the same form it was granted.
11. Provision of data is voluntary but necessary to conclude the agreement with us; use our services or simply contact us. However, if we decide to provide you additional services, e.g. marketing of products via e-mail or telephone, we shall always ask for your consent. Failure to grant consent for marketing activities shall not affect the conclusion of the agreement for the provision of hotel services. We treat your consent as a voluntary, conscious, unequivocal declaration of will that may be withdrawn at any time.
12. Your personal data will be processed automatically. We process it in paper version and multiple times in IT systems. However, it does not involve automatic decision-making, relating to profiling.
 GDPR – REGULATION OF THE EUROPEAN PARLIAMENT AND THE EU COUNCIL 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation).