§1. GENERAL PROVISIONS
This Privacy Policy applies to users of the Website at the URL: http://hotelvesperhouse.wa.profitroom.com and is effective as of ___. The Controller of the users’ data is: (hereinafter referred to as “We”). Contact details of the Data Protection Officer: ___, e-mail: ___
§2. PERSONAL DATA
Following the implementation of the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons concerning the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation – hereinafter referred to as “GDPR”), we inform you that:
- We process data for the following purposes:
- performance of the contract or taking action at the request of the data subject before concluding the contract (legal basis: Article 6(1)(b) of GDPR),
- handling inquiries (Article 6(1)(f) of GDPR),
- handling complaints and claims (Article 6(1)(b) of GDPR),
- keeping records and fulfilling legal obligations imposed on the Controller (Article 6(1)(c) of GDPR),
- sending a newsletter (Article 6(1)(a) of GDPR),
- monitoring and improving the quality of the services – requesting completion of a survey or answering some questions about the quality of the services provided (Article 6(1)(f) of GDPR),
- displaying personalized commercial information on social networks (Art. 6(1)(a) of GDPR)
- Providing data is voluntary, yet essential to use the services. In the case of expressing consent, it is voluntary and expressed by clicking the checkbox that includes the conditions of the consent granted.
- If a person has agreed to the processing of data (legal basis: Article 6(1)(a) of GDPR), the data is processed until the consent is withdrawn, but after this period, we have the right to archive information on who and when, and what consent was given (to establish, assert or defending legal claims). In other cases, the data is processed for the period justified by the execution of the purpose (e.g. performance of the contract, answering questions, tax regulations, etc.). The period of processing depends on the possibility of establishing, asserting, or defending claims or when data retention is required due to tax regulations.
- You can revoke your consent at any time. Please click on the link, or send an email to: ___.
- Each data subject has the right to access, correct, delete or restrict the processing of personal data, the right to object, the right to transfer data, and the right to complain with a supervisory authority.
- Transaction data, including personal data, are transferred directly by the user to the payment service provider.
- The Website visitors may fill in a form and subscribe to the newsletter and provide an e-mail address and/or telephone number for the automated contact.
- The Website visitors may express their consent for Us to run advertising campaigns on social networks targeted based on their email addresses.
§3. DATA RECIPIENTS
We use the services of software and ICT system maintenance companies with whom We have entered into appropriate agreements. These agreements include data processing rules and confidentiality. The data is not shared and none of these companies has the right to process the data in any other way than specified in the contract. Your data, if the company has access to it, may be processed only for the proper provision of services.
§4. COOKIES
- Cookies are transferred to web browsers and are then stored in the memory of devices and read by the server each time you connect to the Website.
- We would like to point out that storing cookies does not allow us to access your private device or read any data other than the data stored in the cookies.
- We use the so-called technical cookies, which enable the correct use of the message transmission and remembering your settings,
- and to generate simple statistics of the Service.
- We use cookies and data collection technologies to help us analyse traffic on the Website. This allows us to optimize its performance, improve the most popular solutions, and display dedicated messages and offers. You can consent, refuse to consent, revoke consent or manage your settings by clicking here.
- We use the following cookies:
REGULATIONS ON PERSONAL DATA PROTECTION
I. GENERAL PROVISIONS
- The Administrator of your personal data collected and processed via the website is Anna Gajewska who runs the business under the name of: „VESPER” Anna Gajewska at the address: ul. Tuchomska 3, 80-178 Gdańsk, with tax identification number: 9570327843 (hereinafter also as: „Administrator” or „Vesper”).
- Please send all inquiries or requests regarding the exercise of your rights in connection with the processing of your personal data to the following e-mail address: biuro@hotelvesper.pl
- The data processed on the basis of this Privacy Policy are processed in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as: "GDPR") and the Act of 10 May 2018 on the protection of personal data.
- We process and collect personal data in accordance with the following principles:
- reliability and honesty;
- based on the appropriate legal basis (legality principle);
- transparent and clearly;
- with attention to data compliance (the principle of data correctness);
- for specific purposes (the principle of minimization);
- in accordance with the principle of time (the principle of limiting data storage);
- in a manner that ensures the confidentiality and integrity of data.
II. SCOPE OF COLLECTED DATA
- The scope of collected and processed data depends on the specific purpose stipulated in point III., the services provided by the Administrator and the type of data that you have provided to the Administrator. Each time, all processes of data are carried out on the basis of appropriate legal grounds.
- The personal data processed by the Administrator mainly includes: data indicated in the message sent to us, e-mail address, telephone number.
- The provision of personal data by the User is voluntary. The user is not obliged to provide their personal data, however, if you want to use some services (e.g. contact form), the lack of voluntary transfer of personal data will prevent their performance.
III. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING
Your data is processed for the purpose:
- replying to your questions by e-mail, via the contact form or by phone (including information about the Administrator's offers for the provision of hotel services) – based on Article. 6 sec. 1 lit. f GDPR as part of the Administrator's legitimate interest, which is to strive to sell its services and build contact with customers and potential customers and art. 6 sec. 1 letter b GDPR, i.e. in order to carry out the activities necessary to conclude a contract;
- providing hotel services and accompanying services (including accepting reservations) – based on Article. 6 sec. 1 letter b GDPR as data necessary to perform the contract;
- sending marketing content via means of communication for which you have voluntarily consented - by e-mail or by phone (also via SMS) – based on Article. 6 sec. 1 letter f as part of the Administrator's legitimate interest, which is marketing of own services, presenting the offer to potential customers and enabling the conclusion of a contract and building relationships with customers;
- administering and developing the Administrator's website - based on Article. 6 sec. 1 lit. f GDPR as part of the Administrator's legitimate interest, which is to ensure the development of communication channels with potential customers, including: transparency and readability of the website as well as correcting and adjusting the offer presented on the Administrator's website to the market realities.
IV. PERIOD OF DATA PROCESSING
- Your data will be processed for the period necessary to achieve the indicated purpose for which we have started processing the data. After this period, your data will be deleted.
- After the end of the service by electronic means, the Administrator does not process personal data, except for the possibility of further use of the data, which are necessary for the proper settlement of the service or for the pursuit of claims for payment for the use of services.
- The data processed on the basis of consent will be processed until the purpose for which the processing procedure was initiated is achieved, however not longer than until its cancellation. After the consent is withdrawn, personal data will not be processed and will be deleted.
V. DATA RECIPIENTS
- The Administrator may transfer your data to trusted external entities (data recipients), which include the following categories of entities:
- entities providing payment services;
- entities providing services accompanying hotel services;
- IT service providers;
- entities supporting the Administrator's marketing activities;
- entities providing legal and accounting services (law firms, accounting offices);
- public authorities, tax authorities at their request. - As a rule, your personal data will not be transferred outside the European Economic Area, but due to the fact that the Administrator also uses services and technologies offered by entities, which do not have their headquarters outside the European Union, which include, among others: Facebook Inc., Google Inc. and Microsoft – it is possible to transfer your data also outside the European Economic Area. In this case, however, the transfer of personal data to the above-mentioned entities will be held on the basis of standard clauses adopted by the European Commission and thus - will be subject to the appropriate protection measures.
VI. RIGHTS RELATED TO DATA PROCESSING
- In connection with the processing of personal data by the Administrator, you have the following rights:
- request for data access;
- request for data rectification;
- request to delete data ("the right to be forgotten");
- request to restrict processing;
- request for data transfer – including receipt of the data and sending it to another administrator or to request, if technically possible, to send the data directly to another administrator;
- the right to object to data processing;
- the right to lodge a complaint with the supervisory authority – i.e. to the President of the Personal Data Protection Office.
- In the processes of your data by us, there is no automated decision-making, in particular there is no profiling.
- Please be advised that you also have the right to revoke the consent granted to the Administrator for the processing of personal data. For this purpose, please send similar information from the telephone number or e-mail address that you reported as a channel for receiving marketing information.
- To take advantage of the rights guaranteed by the generally applicable provisions of law and the provisions of this Privacy Policy, please contact us by the e-mail address: biuro@hotelvesper.pl or by sending correspondence to the address of the registered office, i.e. ul. Tuchomska 3, 80-178 Gdańsk.
- Demands arising from the rights specified in point VI. 1. will be considered by the Administrator without undue delay, no later than within 1 month. This period may be extended by another two months, but in this case, the Administrator will indicate the reasons thereof and specify the period for which the deadline for examining the request of the data subject is to be extended.
- In the case of exercising the right to access data (point VI. 1.1.) and the right to transfer data (point VI 1.5.), a copy of the data concerning is attached to the answer given to the requesting party in commonly known and available machine-readable formats.
VII. POLICY FOR THE USE OF "COOKIES"
- The Administrator on their website and in the course of providing services to website users applies the technologies aimed at collecting and saving information by means of: voluntarily entering information in the forms on the website and by collecting cookies, i.e. short text information (strings), saved on a computer, phone, tablet or other user's device (end device). These files are sent to the clipboard of the browser used by the user, which re-sends them on subsequent visits to the website. Cookies contain information necessary for the proper functioning of the website.
- Cookies have numerous functions, which include: ensuring security (they are used to authenticate users), have an impact on the performance of the website (they are required to enable the use of many website functions, e.g. by remembering settings), save the state of the session (allow for the identification of errors that may appear on subpages) and allow the creation of statistics aimed at the continuous development of the website.
- The Administrator uses the following cookies:
- permanent - i.e. files that remain in the browser's memory until they are deleted by the user;
- session - i.e. files that remain in the browser memory until you turn off or log out of the website;
- necessary - i.e. files that are required for the proper operation of the website (e.g. user authentication); without saving them, it is not possible for users to use the website
- functional - i.e. files that enable more efficient use of the website (e.g. saving user settings); without saving them, the use of some functionalities of the Administrator's website may be difficult or limited.
- Your browsers allow the use of cookies by default. If you do not change your browser settings, you give your consent to their use. In order to manage the appropriate cookie settings, please read the relevant instructions indicated in the web browser you use.
- The consent to the processing of cookies is voluntary. However, please remember that if restrictions in their use are introduced, the use of the website may be difficult or it may become impossible to use some of the functionalities of the Administrator's website.
- The Administrator informs also that they may use cookies also applied by entities not established in the EEA, such as – Facebook Inc. and Google Inc. These files can be used to connect accounts on social networks with user accounts or to use certain website functions related to accounts on social networks.
VIII. FINAL PROVISIONS
- The provisions of this Privacy Policy may be updated or changed. Any changes to the Privacy Policy will be made available in an easily accessible and visible manner on the Administrator's website.
- To the extent not covered by this Privacy Policy, the generally applicable provisions on the protection of personal data shall apply.
- This Privacy Policy shall apply from 16 April 2021.
INFORMATION CLAUSE FOR CUSTOMERS
AND POTENTIAL CUSTOMERS
The Administrator of your personal data is Anna Gajewska who runs the business under the name of: „VESPER” Anna Gajewska with the seat in Gdańsk (80-178) at 3 Tuchomska street, with tax identification number: 9570327843 (hereinafter referred to as: „Administrator”).
In matters related to the processing of your personal data by the Administrator, please contact the person responsible for the protection of personal data at the e-mail address: biuro@hotelvesper.pl or to the postal address: ul. Tuchomska 3, 80-178 Gdańsk.
The processing of personal data takes place in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC – hereinafter referred to as: „GDPR”.
- Purposes of data processing and legal basis
Your data is processed for the purpose: NO. | PURPOSE | BASIS | JUSTIFICATION | SCOPE |
1. | conclusion and performance of hotel services and accompanying services (does not apply to data required only for marketing purposes; the provision of our services does not depend on the expression or withdrawal of marketing consent) | art. 6 sec. 1 letter b GDPR | as data necessary to perform the contract | the data processed by us for this purpose is the data disclosed on the registration cards and in the reservation system to which they belong: name and surname, address, identification document number, telephone number, credit card number - if provided, vehicle registration number - if provided |
2. | issuing accounting documents and keeping accounting and tax documentation | 6 sec. 1 letter c GDPR | as part of the Administrator's fulfilment of their legal obligation, which in this case is related to the regulation of the Accounting Act | the data processed by us for this purpose are: name and surname, address of residence or registered office, tax identification number - if provided, booking number |
3. | ensuring the safety of services performed by using monitoring in clearly marked places | art. 6 sec. 1 letter f GDPR | as part of the Administrator's legitimate interest, which is to ensure the safety of hotel guests and employees on the premises of the facility run by the Administrator | data processed by us for this purpose is: the image of people staying in the facility |
4. | sending marketing content based on the Customer's express consent via the communication channel selected by the customer by e-mail or by phone (also via SMS) | art. 6 sec. 1 letter a GDPR | as personal data processed on the basis of the consent expressed by the Customer | the data processed by us for this purpose are: name and surname; address e-mail; telephone number - if provided |
5. | considering complaints submitted by you | art. 6 sec. 1 letter b GDPR | as data necessary to perform the contract | the data processed by us for this purpose are: name and surname, e-mail address, booking number, (possibly) home address — if the money is refunded, (possibly) the bank account number - if the money is refunded |
6. | sending questionnaires aimed at developing the quality of services | art. 6 sec. 1 letter f GDPR | as part of the Administrator's legitimate interest, which is the development and improvement of the quality of services provided by the Administrator | the data processed by us for this purpose is: e-mail address, name and surname |
7. | investigation or defence against claims | art. 6 sec. 1 letter f GDPR | as part of the Administrator's legitimate interest, which is judicial enforcement of claims and defence of the Administrator's rights | the data processed by us for this purpose are: name and surname, address of residence - if provided, PESEL number or tax identification number - if provided, e-mail address, reservation number, ID document number. |
8. | administering the Administrator's website: www.hotelvesper.pl | art. 6 sec. 1 letter f GDPR | as part of the Administrator's legitimate interest, which is comprehensive and efficient provision of hotel services, creating communication channels with | the data processed by us for this purpose are: IP address, server date and time, information about the web browser, information about the operating system. |
The provision of your data for marketing purposes (point 4) and sending surveys is voluntary and does not affect the performance of our services. At the same time, the indication of other data processed by us for the purposes indicated above is voluntary, but necessary to perform / conclude a contract or fulfil our statutory obligations (point 2). Failure to provide this data will result in the inability to conclude a contract or provide services to you.
- Period of data processing by the Administrator
- Your data will be processed by us for a period of time:
- in the scope of point 1 and 5 above – for the duration of the contract; in relation to the data provided to the Administrator as part of the submitted request for services, which did not lead to the conclusion of the contract – for 1 year;
- in the scope of point 2 – for a period of 5 years from the end of the calendar year in which the contract was terminated or expired;
- in the scope of point 3 – for a period of 30 days from the date of recording the monitoring on the Administrator's servers;
- in the scope of point 4 and 6 – for the period necessary to achieve the purpose for which they were collected, no later than until the consent is revoked / objection raised;
- in the scope of point 7 above – for the period of limitation of claims (the period of limitation of claims depends on the type of claim); - The data processing periods indicated in the point above, indicated in years, are counted from the end of the year in which the Administrator began processing the personal data. Such a solution is to facilitate the process of deleting or destroying personal data and to avoid major organizational and financial difficulties if it is necessary to count the period of data processing by the Administrator for each process separately. If you exercise your right to be forgotten, the Administrator will consider the case individually.
III. Data recipients
Like most entrepreneurs, we also use the services of third parties, which may require the transfer of your personal data to other entities. However, we make sure that all data provided by us is processed safely also by external entities.
In connection with the above, your data may be transferred to the following categories of entities: entities providing payment services; entities providing services accompanying hotel services; IT service providers; entities supporting the Administrator's marketing activities; entities providing legal and accounting services (law firms, accounting offices); public authorities, tax authorities at their request.
In addition, we also use services and technologies offered by entities that are not based outside the European Union, to which they belong: Facebook, Google Inc. and Microsoft Corporation, therefore, the transfer of your data may also take place outside the European Economic Area. In this case, however, the transfer of your personal data to the above-mentioned entities will be held on the basis of standard clauses adopted by the European Commission and thus - will be subject to appropriate protection measures.
IV. Rights related to the processing of personal data
In connection with the processing of your personal data by us, you have the following rights:
- request for access to personal data;
- request for rectification of personal data;
- right to object to the processing of data;
- request to delete personal data;
- request to limit data processing;
- request for data transfer;
- right to lodge a complaint to the supervisory body - i.e. to the President of the Personal Data Protection Office.
In processing of your data, there is no automated decision-making, in particular there is no profiling.
In addition, we would like to inform you that you have also the right to revoke the consent granted to the Administrator for the processing of personal data. Withdrawal of consent will be recorded by the Administrator without undue delay, which will result in the cessation of sending further marketing information. Withdrawal of consent does not mean that the current processing of consent took place without an appropriate legal basis and applies only "for the future".