Personal Data Processing Information
In accordance with Article 13(1) and (2) of the General Data Protection Regulation (GDPR) of 27 April 2016 concerning the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), applicable from 25 May 2018, we inform you about the processing of personal data and the rights related to their processing. Details regarding this can be found below.
I. Personal Data Controller
Baltic Komfort Przemysław Ślepko with its registered office at 05-800 Pruszków, ul. Ołówkowa 27 is the Data Controller of your personal data.
II. Data Protection Officer
We have appointed a Data Protection Officer whom you can contact regarding the protection of your personal data and the exercise of your rights via email: iod@baltickomfort.pl or in writing to the address of our registered office specified in point I.
III. Purposes and Legal Bases of Processing
Your personal data will be processed for the following purposes:
- The conclusion and execution of a hotel service agreement or taking actions at the request of the data subject prior to concluding a hotel service agreement (e.g., reservation, determining arrival/departure dates), in accordance with Article 6(1)(b) of the GDPR. Email addresses and phone numbers will not be used for marketing communication without the Guest’s consent.
- Fulfillment of the obligation to keep accounts (e.g., issuing sales documents, reporting to tax authorities), in accordance with Article 6(1)(c) of the GDPR.
- Pursuing claims, in accordance with Article 6(1)(f) of the GDPR.
- Conducting marketing of our own services (direct marketing) based on your consent, in accordance with Article 6(1)(a) of the GDPR.
- Protection of the vital interests of individuals who are our guests (e.g., during interventions by services such as fire brigade, healthcare services, during evacuations, in connection with video surveillance of the premises, property protection, guest safety), in accordance with Article 6(1)(d) of the GDPR.
IV. Data Recipients
We may disclose your personal data to entities authorized under the law, processors (companies processing data on our behalf, e.g., accounting firms).
V. Transfer of Data to Third Countries or International Organizations
We do not transfer your personal data outside the EU / European Economic Area.
VI. Data Retention Period
The data will be processed for the period necessary to achieve the processing purposes indicated in point III.
- Data included on registration cards will be processed until departure and settlement of the hotel stay.
- In fulfilling legal obligations imposed on the Administrator, data will be processed for the duration of fulfilling these obligations.
- Data necessary for pursuing claims will be processed for a period of 6 years.
- In the event of giving consent to the processing of data for marketing purposes, the data will be stored until the favorable consideration of the objection raised by you against data processing or until the withdrawal of this consent.
VII. Your Rights:
You have the right:
- The right to access your data and receive a copy of it
- The right to rectify (correct) your data
- The right to erasure of data.
If you believe there are no grounds for us to process your data, you can request that we delete it.
- The right to restrict processing of data
You may request that we limit the processing of your personal data solely to their storage or to performing actions agreed with you if you believe we have incorrect data about you or process them unlawfully; or you do not want us to delete them because you need them to establish, pursue, or defend claims; or during the period of your objection to data processing.
- The right to data portability
You have the right to receive from us in a structured, commonly used machine-readable format (e.g. “.csv” format) the personal data concerning you that you have provided to us on the basis of a contract or your consent. You may also instruct us to send this data directly to another entity
- Right to lodge a complaint with a supervisory authority.
If you believe that we are processing your data unlawfully, you can lodge a complaint about it with the President of the Office for Personal Data Protection or any other competent supervisory authority
- The right to withdraw consent to the processing of personal data.
To exercise your rights, direct your request to the following email address: iod@bursztynspa.pl. Remember, before exercising your rights we will need to make sure that you are you, i.e. identify you appropriately.
VIII. Information on data requirements/voluntariness
Failure to provide the data necessary to enter into a contract for the provision of hotel services will prevent us from providing these services and fulfilling the contract.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data
and on the free flow of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119, p. 1)