Rules of processing personal data of HOTEL VISTULA*** Guests
- Personal data controller
Please be advised that the controller of your personal data is Przedsiębiorstwo RAMATECH spółka z ograniczoną odpowiedzialnością, ul. Księcia Józefa 24a, 30-206 Kraków, KRS 0000323445, NIP 6772322853, called hereafter the “Hotel”, email address: firstname.lastname@example.org
- How we got your personal data
We acquired your personal data by telephone, email contact, during the registration in the hotel, booking, providing services related to hotel activities, eg providing access to non-supervised parking lot, receiving items in deposit. We also obtain your personal data from the entities with which we cooperate when you make booking through portals that offer this service.
- Objectives and basis of processing personal data
The Hotel informs that it processes your personal data in order to provide services related to its activities. This processing is done on the basis of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) called in short GDPR (PL: RODO), as well as other regulations of the law as regards the protection of personal data.
We process your personal data for the purpose of:
- booking, valuation of the service,
- providing hotel services,
- carrying out a contract on an additional service related to the profile of operations of the Hotel, eg using a non-supervised hotel parking lot, providing items to deposit storage, using catering services offered by the restaurant,
- for execution of payment for services and its settlement,
- to examine complaints, if any,
- to contact you in reference to the necessity of carrying out the contract
We process your personal data collected for the above purposes pursuant to Article 6.1b GDPR, which constitutes the necessity of carrying out the contract or initiating actions before the conclusion of the contract.
Children’s data, such as age, are collected solely from their parents or legal guardians for the purpose of determining their age and discounts due for them, and for statistical purposes (a GUS obligation and local charge) on the basis of Article 6.1c and f GDPR. Providing services customised to the needs of the Guests is then a legally legitimate interest of the Hotel.
We process your personal data also for the purpose of:
- making out an invoice and fulfilling other duties resulting from the regulations of the law, eg tax laws or the accounting act,
- fulfilling the statistical obligation to GUS.
- Fulfilling duties resulting from the regulations concerning the protection of personal data, including to document situations in which you exercise your rights related to the processing of personal data by the Hotel.
In this case, the basis for processing of the data is Article 6.1c GDPR, which allows to process personal data if this processing is necessary for the Hotel to fulfil its duties resulting from the law;
The Hotel also processes your personal data to:
- determine, assert or defend against claims,
- conduct correspondence with you,
- archive data, be able to exercise the principle of accountability and fulfil the duties resulting from the regulations of the law,
- carry out direct marketing of own services,
The legal basis of this processing of data is Article 6.1f GDPR, which allows to process personal data if the Hotel executes its legitimate interest (in this case the interest of the Hotel is having personal data which will allow to determine, assert or defend against claims, including those of clients and third parties, archiving documents, marketing of own products);
The Hotel processes your personal data, if you consented to it, in order to:
- send commercial information to the provided email address,
- included in the kept book of guests
Processing these data is done pursuant to Article 6.1a GDPR, that is on the basis of consent.
The Hotel processes also personal data collected through visual monitoring for observance of the order, protection of property, ensuring safety and detecting crime in the premises of the Hotel. The legal basis is a legitimate interest of the Hotel (the basis: Article 6.1f GDPR), that consists in ensuring protection of property, safety, detection of crime.
- Recipients of personal data
The hotel uses the help of other entities. For this reason, your personal data may be transferred to these entities, if necessary, but only when it is necessary to fulfil the purpose of processing personal data. These entities include a law firm, a hosting company, banks, payment companies, IT companies, equipment service companies, companies providing mail servers, insurance companies.
If you register in the guest book, your personal data may be transferred to other people who also make an entry.
The hotel may also transfer your personal data to other entities if this results from the obligation imposed on it.
- Period of processing personal data
The Hotel processes your personal data:
- When the basis for processing is performance of the contract – for the duration of the contract, and then up to the end of the period of limitation of claims arising therefrom,
- Collected during the valuation of the service, but when the contract has not been concluded – for 6 months as a maximum,
- In the case of a legal obligation imposed on the Hotel – up to the moment of its implementation,
- Given on the basis of consent – until its withdrawal,
- The data collected through video monitoring are processed for a period of 14 days, unless its extension takes place on the basis of applicable law or to protect the rights of the Administrator or third parties.
- Based on the legitimate interest of the Hotel – until the moment of its implementation or for the submission of an objection by you, and then up to the expiration of the period of limitation of claims arising therefrom,
The period of personal data processing may be extended to the maximum time needed to investigate or defend against claims.
After the processing of your personal data has ended, they will be deleted or anonymised.
- Requirement of providing personal data
Providing your personal data is voluntary. However, the Hotel informs that providing personal data specified in forms or contracts as mandatory, eg in the registration card, the borrower’s statement, is necessary for you to use the services offered by the hotel.
The hotel may request you to provide personal data when it is necessary to perform their duties.
If you request a VAT invoice, you must provide the personal data necessary to make it out. Without providing them, the Hotel is not able to make it out in the manner compliant with the applicable regulations.
If your consent is the base for processing, providing personal data is voluntary. However, failure to do so results with the inability to provide some services to you, such as sending business information.
Providing personal data for the entry in the Guest Book is voluntary.
In order to enable the Hotel to contact you by phone or email regarding matters related to the service, it is necessary to provide a phone number or an email address – without this information the Hotel is unable to contact you by phone or send the confirmation of the reservation.
- Transferring personal data to third countries
We do not transfer your personal data outside of the European Union and the European Economic Area.
- Rights concerning processing of your personal data
Please be advised that you have the right to:
- Access your data and receive their copy
- Rectify (amend) your data
- Have your data removed
- Have the processing of your data limited
- Make an objection against processing of data:
- Transfer the data:
- Make a complaint with the supervisory body
If you believe that we process your data contrary to the law, you may file a complaint in this matter with the President of the Office for Protection of Personal Data.
- Withdraw consent for processing personal data
At any time, you have the right to withdraw consent for processing of the personal data that we process on the basis of your consent. The withdrawal of the consent will not affect the compliance of the processing with the law in the reference to each your consent was given before its withdrawal.
If you intend to exercise these rights, we request personal contact through traditional mail or by email with the following data:
Przedsiębiorstwo RAMATECH spółka z ograniczoną odpowiedzialnością, ul. Księcia Józefa 24a, 30-206 Kraków
- Automated making decisions and profiling
Please be advised that we do not make any automated decisions in reference to you, including those based on profiling.