Informative clause Polish Hospitality Group Sułowski spółka komandytowa – APARTMENTS

  1. The Controller: Polish Hospitality Group Sułowski spółka komandytowa with its registered office in Kraków, at ul. Rynek Główny 44, 30-017 Kraków, KRS (National Court Register number): 0000522508, NIP (Tax Identification Number): 9452062777 REGON (National Official Business Register number): 120295927
  2. Purposes and bases of processing:

To execute the Apartment lease agreement, to which the data subject is a party (the basis constitutes Article 6(1)(b) of RODO),
To book an apartment, which constitutes actions preceding conclusion of the agreement performed on the request of the data subject (the basis constitutes Article 6(1)(b) of RODO),
For the purpose of making a settlement in connection with the booking and using the apartment, which constitutes the execution of the agreement, to which the data subject is a party (the basis constitutes Article 6(1)(b) of RODO),
For archiving purposes (evidencing) to secure information in case of a legal necessity to demonstrate facts, which constitute a legitimate interest of the Controller (the basis constitutes Article 6(1)(f) of RODO),
For the purpose of a possible establishment, exercising and defence against claims, which constitutes a legitimate interest of the Controller (the basis constitutes Article 6(1)(f) of RODO).

  1. Categories of the processed data:
    Basic contact details: first name, surname, e-mail address, telephone number, credit card number, bank account number, tax identification number (NIP), business activity address.
  2. Data recipients:
    Personal data can be transferred to the bodies, which services are used by the Controller when processing the data, i.e. accounting firms, law firms, companies that manage reservation systems.
  3. Transferring data to third countries or international organizations:
    Personal data will not be transferred outside of the EU/European Economic Area.
  4. Data storage period:
    Personal data that are basic contact details shall be stored by the Controller to provide services rendered by the Controller (renting hotel rooms, making reservations in restaurants) until the end of period when the potential claims become expired, or until the Controller finds out by himself that the data are invalid.
  5. Rights of data subjects:
    A person who left his or her personal data has a right to:
    a) have access to his or her personal data and receive a copy of these data,
    b) request that the personal data are corrected and completed,
    c) request that the personal data are erased – if the data subject decides that there are no grounds for the Controller to process his or her personal data, he or she may request that these data are erased.
    d) restrict processing of his or her personal data – the data subject can request from the Controller to limit the processing of his or her personal data solely for the purpose of storing or performing other activities agreed on with him or her if the data are incorrect or processed without any legal ground, or the data subject does not want the data to be erased due to the necessity to keep the data for the purpose of establishing, exercising and defending claims, or for the time of deciding about the objection to the personal data processing.
    e) Lodging an objection to the processing of personal data:

Processing personal data for the purpose of direct marketing: The data subject can object to the processing of his or her personal data for direct marketing purposes. Exercising this right will make the Controller stop the processing of the personal data.
Objection due to a specific situation: The data subject can, on the basis of a legitimate interest, object to the processing of his or her personal data for other purposes than the direct marketing purposes. Then, it must be indicated in the objection what specific situation concerns the data subject that justifies the request to stop the processing of his or her personal data. The Controller will stop processing personal data for these purposes, unless he demonstrates that the grounds for further processing override the rights of the data subject, or that these data are necessary to establish, exercise and defend claims.

f) Data portability – the data subject has the right to receive, in a structured, commonly used and machine-readable format, his or her personal data that were transferred to the Controller on the basis of a given consent. The data subject can order the Controller to send these data directly to another body.
g) Lodge a complaint with a supervisory authority – the data subject who thinks that his or her personal data are processed illegally can lodge a complaint in this regard with the President of the Office for Personal Data Protection or another competent body.
h) Withdraw consent to the processing of personal data – the data subject may, at any time, withdraw consent to the processing of his or her personal data processed on the basis of his or her consent. Withdrawal of the consent does not influence the legality of data processing performed prior to its withdrawal.
In order for the data subject to exercise his or her rights, he or she should submit an appropriate request to the Controller, to the e-mail address: daneosobowekontakt@rynek44.pl

  1. Information on voluntary character of providing data:
    Providing data is necessary for the appropriate performance of services rendered by the Controller. Failure to provide the data will make it impossible to use the services rendered by the Controller.
  2. Information on the possibility to withdraw consent:
    In case where personal data are processed on the basis of a consent, the Controller informs that the consent can be withdrawn at any time. Withdrawal of the consent does not influence the legality of the personal data processing that was performed prior to its withdrawal.

PRIVACY AND COOKIES POLICY

I. General Information

Polish Hospitality Group Sułowski Spółka Komandytowa exercises the highest standards of care in protecting privacy. We respect the right to personal data protection and ensure that all information provided to us is processed securely, in compliance with applicable laws, and with full confidentiality.

The purpose of this Privacy Policy is to explain the principles governing the processing of personal data and to outline the rights of individuals whose data is being processed.

For the purposes of this document, the following definitions shall apply:

  • “Personal Data” – any information relating to an identified or identifiable natural person, directly or indirectly, in accordance with Article 4(1) of the GDPR;
  • “Data Processing” – any operation performed on personal data, including collection, storage, organization, modification, use, disclosure, or deletion of data;
  • “GDPR” – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of personal data;
  • “Administrator” – Polish Hospitality Group Sułowski Spółka Komandytowa, with its registered office at Rynek Główny 44, 31-017 Kraków, Poland, VAT No. (NIP): 9452062777.

II. Data Controller

The controller of your personal data is Polish Hospitality Group Sułowski Spółka Komandytowa, with its registered office at Rynek Główny 44, 31-017 Kraków, Poland.

For matters related to personal data protection, you may contact the Administrator:

III. Website Usage and Cookies

While using our website, certain technical information may be automatically collected and stored within IT systems, including but not limited to IP address, browser type, device type, and the time of website access. Such data is used exclusively for administrative, statistical, and website performance improvement purposes.

Our website uses cookies, which are small text files stored on the user’s device. Cookies help us to:

  • ensure the proper functioning of the website;
  • improve website security;
  • remember user preferences;
  • analyze website traffic;
  • conduct marketing and promotional activities related to hotel services.

The legal basis for processing data collected through cookies is the legitimate interest of the Administrator pursuant to Article 6(1)(f) of the GDPR.

Users may modify cookie settings in their web browser at any time or disable cookies entirely. Please note that restricting cookies may affect the proper functioning of certain website features.

IV. Purposes and Legal Bases for Processing Personal Data

Your personal data may be processed in particular for the following purposes:

  • processing hotel reservations and providing accommodation services;
  • communicating with Guests before, during, and after their stay;
  • responding to inquiries submitted via contact forms, e-mail, or telephone;
  • fulfilling legal obligations, particularly those arising from tax and accounting regulations;
  • establishing, pursuing, or defending against potential legal claims;
  • conducting marketing activities concerning the Administrator’s own services and special offers.

Personal data is processed only for the period necessary to achieve the above purposes or for the duration required under applicable law.

V. Rights of Data Subjects

Every individual whose personal data is processed has the right to:

  • access their personal data;
  • rectify inaccurate or incomplete data;
  • request deletion of data (“right to be forgotten”);
  • request restriction of data processing;
  • data portability;
  • object to the processing of personal data;
  • withdraw consent to the processing of personal data at any time, where processing is based on consent.

Data subjects also have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO) if they believe that the processing of personal data violates applicable laws.

VI. Disclosure of Personal Data

Personal data may be shared with entities cooperating with the Administrator solely to the extent necessary for the provision of services, including in particular IT service providers, payment operators, accounting firms, marketing service providers, or partners operating reservation systems.

The Administrator may also disclose personal data to authorized public authorities where required under applicable law.

VII. Data Security

The Administrator applies appropriate technical and organizational measures to protect personal data against loss, unauthorized access, disclosure, destruction, or alteration.

Access to personal data is granted exclusively to authorized persons who are obligated to maintain confidentiality.

VIII. Final Provisions

The Administrator reserves the right to amend this Privacy Policy in the event of changes in legal regulations, technological developments, or modifications to the website.

The current version of the Privacy Policy is always available on the hotel’s website.