Informative clause Polish Hospitality Group sp. z o.o. sp.k. - APARTMENTS
1. The Controller: Polish Hospitality Group sp. z o.o. sp.k. with its registered office in Kraków, at ul. Rynek Główny 44, 30-017 Kraków, KRS (National Court Register number): 0000522508, NIP (Tax Identification Number): 9452062777 REGON (National Official Business Register number): 120295927
2. Purposes and bases of processing:
- To execute the Apartment lease agreement, to which the data subject is a party (the basis constitutes Article 6(1)(b) of RODO),
- To book an apartment, which constitutes actions preceding conclusion of the agreement performed on the request of the data subject (the basis constitutes Article 6(1)(b) of RODO),
- For the purpose of making a settlement in connection with the booking and using the apartment, which constitutes the execution of the agreement, to which the data subject is a party (the basis constitutes Article 6(1)(b) of RODO),
- For archiving purposes (evidencing) to secure information in case of a legal necessity to demonstrate facts, which constitute a legitimate interest of the Controller (the basis constitutes Article 6(1)(f) of RODO),
- For the purpose of a possible establishment, exercising and defence against claims, which constitutes a legitimate interest of the Controller (the basis constitutes Article 6(1)(f) of RODO).
3. Categories of the processed data:
Basic contact details: first name, surname, e-mail address, telephone number, credit card number, bank account number, tax identification number (NIP), business activity address.
4. Data recipients:
Personal data can be transferred to the bodies, which services are used by the Controller when processing the data, i.e. accounting firms, law firms, companies that manage reservation systems.
5. Transferring data to third countries or international organizations:
Personal data will not be transferred outside of the EU/European Economic Area.
6. Data storage period:
Personal data that are basic contact details shall be stored by the Controller to provide services rendered by the Controller (renting hotel rooms, making reservations in restaurants) until the end of period when the potential claims become expired, or until the Controller finds out by himself that the data are invalid.
7. Rights of data subjects:
A person who left his or her personal data has a right to:
a) have access to his or her personal data and receive a copy of these data,
b) request that the personal data are corrected and completed,
c) request that the personal data are erased – if the data subject decides that there are no grounds for the Controller to process his or her personal data, he or she may request that these data are erased.
d) restrict processing of his or her personal data – the data subject can request from the Controller to limit the processing of his or her personal data solely for the purpose of storing or performing other activities agreed on with him or her if the data are incorrect or processed without any legal ground, or the data subject does not want the data to be erased due to the necessity to keep the data for the purpose of establishing, exercising and defending claims, or for the time of deciding about the objection to the personal data processing.
e) Lodging an objection to the processing of personal data:
- Processing personal data for the purpose of direct marketing: The data subject can object to the processing of his or her personal data for direct marketing purposes. Exercising this right will make the Controller stop the processing of the personal data.
- Objection due to a specific situation: The data subject can, on the basis of a legitimate interest, object to the processing of his or her personal data for other purposes than the direct marketing purposes. Then, it must be indicated in the objection what specific situation concerns the data subject that justifies the request to stop the processing of his or her personal data. The Controller will stop processing personal data for these purposes, unless he demonstrates that the grounds for further processing override the rights of the data subject, or that these data are necessary to establish, exercise and defend claims.
f) Data portability – the data subject has the right to receive, in a structured, commonly used and machine-readable format, his or her personal data that were transferred to the Controller on the basis of a given consent. The data subject can order the Controller to send these data directly to another body.
g) Lodge a complaint with a supervisory authority – the data subject who thinks that his or her personal data are processed illegally can lodge a complaint in this regard with the President of the Office for Personal Data Protection or another competent body.
h) Withdraw consent to the processing of personal data – the data subject may, at any time, withdraw consent to the processing of his or her personal data processed on the basis of his or her consent. Withdrawal of the consent does not influence the legality of data processing performed prior to its withdrawal.
In order for the data subject to exercise his or her rights, he or she should submit an appropriate request to the Controller, to the e-mail address: firstname.lastname@example.org
8. Information on voluntary character of providing data:
Providing data is necessary for the appropriate performance of services rendered by the Controller. Failure to provide the data will make it impossible to use the services rendered by the Controller.
9. Information on the possibility to withdraw consent:
In case where personal data are processed on the basis of a consent, the Controller informs that the consent can be withdrawn at any time. Withdrawal of the consent does not influence the legality of the personal data processing that was performed prior to its withdrawal.