According to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation; Polish: Ogólne rozporządzenie o ochronie danych, RODO), we would like to inform you about matters related to the processing of personal data in connection with the use of our services. Please read the information below.
The Personal Data Controller and the Data Protection Supervisor
Legal grounds and the purpose of the data processing
Justified legal grounds are required for the processing of personal data. General Data Protection Regulation provides for several types of such legal grounds, and as far as the usage of our services is concerned, the following legal grounds shall be applicable:
- Necessity to process the data in order to conclude or perform the agreement that binds us.
If we conclude an agreement with you to provide certain services (e.g. hotel or restaurant services, organization of private or business events, conferences, cultural events, sale of tickets for events at Dworek Gościnny/Jazz Bar, sale of vouchers, and other services or sale of products), we are allowed to process your personal data to the extent which is necessary to perform such a contract. In any case, conclusion and performance of the agreement shall authorize us to process the data necessary for its implementation (e.g. the data given while booking a hotel room). Otherwise, we would not be able to provide this service, and you would not be able to use it.
If the personal data was made available through the booking portal, travel agency, corporate clients or other agents, the information regarding the scope of the processing of personal data can be obtained at the reception desk of a particular hotel or villa.
- Voluntary consent
It is necessary in the case of sending commercial or marketing information to the e-mail address (e.g. Thermaleo Plus newsletter - Szczawnica, Gastronomic Club newsletter), handling queries sent to us in a proper way (e.g. contact forms), participating in competitions organized by us or in the recruitment process.
Your consent is necessary as well for processing health information in connection with the use of the services offered by SPA Modrzewie Park Hotel. This data is required for due performance of SPA services.
- Justified interest of the data controller
This ground for the processing of personal data refers to such cases when the processing is legitimate due to our justified needs, which includes, i.a.: the need to ensure security in our facilities by using video monitoring, seeking possible claims or protecting against claims, as well as running marketing and promotion of the services offered by the controller.
- Legal provisions
This ground for the processing applies to situations when, due to the applicable law, we are obliged to process your data (e.g. fulfillment of the tax obligation).
Your personal data is not subject to automated decision making processes and is not profiled.
Data processing time
Your data, as part of our services, will be processed only if we have one of the legal grounds permitted by the General Data Protection Regulation and only for the purpose adapted to the particular ground, as described above. Your data will be processed until the existence of legal grounds therefor, i.e. when the data is necessary to perform the contract – the period of limitation for tax or civil claims, depending on which occurs later; when the consent was granted - until its withdrawal, restrictions or other actions taken by you in order to limit this consent; when the ground for the processing of data constitutes a justified interest of the data controller - until the existence of such legitimate interests; when a legal provision is introduced - until a given provision still obliges us.
The data is kept no longer than necessary for the purposes for which the data was collected, unless the applicable law requires us to keep it longer.
The data controller transfers personal data to the following categories of entities: companies providing IT support services and software providers, transport and taxi companies when a guest ordered transport or courier services, law firms providing legal advisory and representation services, and other entities authorized under the law. In special cases, such as the organization of a large private or business event when the number of required rooms exceeds the hotel capacity of the controller, it is possible to transfer personal data to friend hotels in order to provide accommodation.
We may be legally obliged to disclose personal data at the request of authorized services and authorities, as well as courts and the prosecutor. This data can be made available without your knowledge and consent, pursuant to the binding legal provisions. In such cases, we always verify the legality of requests of services and authorities regarding the disclosure of your data.
According to the General Data Protection Regulation, you have the following rights in relation to the processing of personal data by the data controller.
If the consent for processing the data has been given, it may be withdrawn at any time without affecting the legality of the processing which was conducted on the basis of the consent before its withdrawal.
The data controller is not going to transfer personal data outside the European Economic Area.