PRIVACY POLICY


I.            GENERAL PROVISIONS 

  1. The Administrator of your personal data collected and processed via the website is Anna Gajewska who runs the business under the name of: „VESPER” Anna Gajewska at the address: ul. Fahrenheita 3, 80-214 Gdańsk, with tax identification number: 9570327843 (hereinafter also as: „Administrator” or „Vesper”).
  2. Please send all inquiries or requests regarding the exercise of your rights in connection with the processing of your personal data to the following e-mail address: biuro@hotelvesper.pl
  3. The data processed on the basis of this Privacy Policy are processed in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016  on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as: "GDPR") and the Act of 10 May 2018 on the protection of personal data.
  4. We process and collect personal data in accordance with the following principles:
    4.1.1.      reliability and honesty;
    4.1.2.      based on the appropriate legal basis (legality principle);
    4.1.3.      transparent and clearly;
    4.1.4.      with attention to data compliance (the principle of data correctness);
    4.1.5.      for specific purposes (the principle of minimization);
    4.1.6.      in accordance with the principle of time (the principle of limiting data storage);
    4.1.7.      in a manner that ensures the confidentiality and integrity of data.

 

II.         SCOPE OF COLLECTED DATA 

  1. The scope of collected and processed data depends on the specific purpose stipulated in point III., the services provided by the Administrator and the type of data that you have provided to the Administrator. Each time, all processes of data are carried out on the basis of appropriate legal grounds.
  2. The personal data processed by the Administrator mainly includes: data indicated in the message sent to us, e-mail address, telephone number.
  3. The provision of personal data by the User is voluntary. The user is not obliged to provide their personal data, however, if you want to use some services (e.g. contact form), the lack of voluntary transfer of personal data will prevent their performance.

 

III.       PURPOSES AND LEGAL BASIS FOR DATA PROCESSING

Your data is processed for the purpose:

  1. replying to your questions by e-mail, via the contact form or by phone (including information about the Administrator's offers for the provision of hotel services) – based on Article. 6 sec. 1 lit. f GDPR as part of the Administrator's legitimate interest, which is to strive to sell its services and build contact with customers and potential customers and art. 6 sec. 1 letter b GDPR, i.e. in order to carry out the activities necessary to conclude a contract;
  2. providing hotel services and accompanying services (including accepting reservations) – based on Article. 6 sec. 1 letter b GDPR as data necessary to perform the contract;
  3. sending marketing content via means of communication for which you have voluntarily consented - by e-mail or by phone (also via SMS) – based on Article. 6 sec. 1 letter f as part of the Administrator's legitimate interest, which is marketing of own services, presenting the offer to potential customers and enabling the conclusion of a contract and building relationships with customers;
  4. administering and developing the Administrator's website - based on Article. 6 sec. 1 lit. f GDPR as part of the Administrator's legitimate interest, which is to ensure the development of communication channels with potential customers, including: transparency and readability of the website as well as correcting and adjusting the offer presented on the Administrator's website to the market realities.

 

IV.        PERIOD OF DATA PROCESSING 

  1. Your data will be processed for the period necessary to achieve the indicated purpose for which we have started processing the data. After this period, your data will be deleted.
  2. After the end of the service by electronic means, the Administrator does not process personal data, except for the possibility of further use of the data, which are necessary for the proper settlement of the service or for the pursuit of claims for payment for the use of services.
  3. The data processed on the basis of consent will be processed until the purpose for which the processing procedure was initiated is achieved, however not longer than until its cancellation. After the consent is withdrawn, personal data will not be processed and will be deleted.

 

V.           DATA RECIPIENTS 

  1. The Administrator may transfer your data to trusted external entities (data recipients), which include the following categories of entities:
    -       entities providing payment services;
    -       entities providing services accompanying hotel services;
    -       IT service providers;
    -       entities supporting the Administrator's marketing activities;
    -       entities providing legal and accounting services (law firms, accounting offices);
    -       public authorities, tax authorities at their request.
  2. As a rule, your personal data will not be transferred outside the European Economic Area, but due to the fact that the Administrator also uses services and technologies offered by entities, which do not have their headquarters outside the European Union, which include, among others: Facebook Inc., Google Inc. and Microsoft – it is possible to transfer your data also outside the European Economic Area. In this case, however, the transfer of personal data to the above-mentioned entities will be held on the basis of standard clauses adopted by the European Commission and thus - will be subject to the appropriate protection measures.

 

VI.        RIGHTS RELATED TO DATA PROCESSING 

  1. In connection with the processing of personal data by the Administrator, you have the following rights:
    1.1.       request for data access;
    1.2.       request for data rectification;
    1.3.       request to delete data ("the right to be forgotten");
    1.4.       request to restrict processing;
    1.5.       request for data transfer – including receipt of the data and sending it to another administrator or to request, if technically possible, to send the data directly to another administrator;
    1.6.       the right to object to data processing;
    1.7.       the right to lodge a complaint with the supervisory authority – i.e. to the President of the Personal Data Protection Office.
  2. In the processes of your data by us, there is no automated decision-making, in particular there is no profiling.
  3. Please be advised that you also have the right to revoke the consent granted to the Administrator for the processing of personal data. For this purpose, please send similar information from the telephone number or e-mail address that you reported as a channel for receiving marketing information.
  4. To take advantage of the rights guaranteed by the generally applicable provisions of law and the provisions of this Privacy Policy, please contact us by the e-mail address: biuro@hotelvesper.pl or by sending correspondence to the address of the registered office, i.e. ul. Fahrenheita 3, 80-214 Gdańsk.
  5. Demands arising from the rights specified in point VI. 1. will be considered by the Administrator without undue delay, no later than within 1 month. This period may be extended by another two months, but in this case, the Administrator will indicate the reasons thereof and specify the period for which the deadline for examining the request of the data subject is to be extended.
  6. In the case of exercising the right to access data (point VI. 1.1.) and the right to transfer data (point VI 1.5.), a copy of the data concerning is attached to the answer given to the requesting party in commonly known and available machine-readable formats.

 

VII.      POLICY FOR THE USE OF "COOKIES" 

  1. The Administrator on their website and in the course of providing services to website users applies the technologies aimed at collecting and saving information by means of: voluntarily entering information in the forms on the website and by collecting cookies, i.e. short text information (strings), saved on a computer, phone, tablet or other user's device (end device). These files are sent to the clipboard of the browser used by the user, which re-sends them on subsequent visits to the website. Cookies contain information necessary for the proper functioning of the website.
  2. Cookies have numerous functions, which include: ensuring security (they are used to authenticate users), have an impact on the performance of the website (they are required to enable the use of many website functions, e.g. by remembering settings), save the state of the session (allow for the identification of errors that may appear on subpages) and allow the creation of statistics aimed at the continuous development of the website.
  3. The Administrator uses the following cookies:
    3.1.    permanent - i.e. files that remain in the browser's memory until they are deleted by the user;
    3.2.    session - i.e. files that remain in the browser memory until you turn off or log out of the website;
    3.3.    necessary - i.e. files that are required for the proper operation of the website (e.g. user authentication); without saving them, it is not possible for users to use the website;
    3.4.    functional - i.e. files that enable more efficient use of the website (e.g. saving user settings); without saving them, the use of some functionalities of the Administrator's website may be difficult or limited.
  4. Your browsers allow the use of cookies by default. If you do not change your browser settings, you give your consent to their use. In order to manage the appropriate cookie settings, please read the relevant instructions indicated in the web browser you use.
  5. The consent to the processing of cookies is voluntary. However, please remember that if restrictions in their use are introduced, the use of the website may be difficult or it may become impossible to use some of the functionalities of the Administrator's website.
  6. The Administrator informs also that they may use cookies also applied by entities not established in the EEA, such as – Facebook Inc. and Google Inc. These files can be used to connect accounts on social networks with user accounts or to use certain website functions related to accounts on social networks.

 

VIII.    FINAL PROVISIONS 

  1. The provisions of this Privacy Policy may be updated or changed. Any changes to the Privacy Policy will be made available in an easily accessible and visible manner on the Administrator's website.
  2. To the extent not covered by this Privacy Policy, the generally applicable provisions on the protection of personal data shall apply.
  3. This Privacy Policy shall apply from 16 April 2021.
 
 
 

 

INFORMATION CLAUSE FOR CUSTOMERS AND POTENTIAL CUSTOMERS

 

 

The Administrator of your personal data is Anna Gajewska who runs the business under the name of: „VESPER” Anna Gajewska with the seat in Gdańsk (80-178) at 3 Tuchomska street, with tax identification number: 9570327843 (hereinafter referred to as: „Administrator”).

In matters related to the processing of your personal data by the Administrator, please contact the person responsible for the protection of personal data at the e-mail address: biuro@hotelvesper.pl or to the postal address: ul. Fahrenheita 3, 80-214 Gdańsk.

The processing of personal data takes place in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC – hereinafter referred to as: „GDPR”.


I.    Purposes of data processing and legal basis

Your data is processed for the purpose:

NO.

PURPOSE

BASIS

JUSTIFICATION

SCOPE

1.

conclusion and performance of hotel services and accompanying services 

 

(does not apply to data required only for marketing purposes; the provision of our services does not depend on the expression or withdrawal of marketing consent)

 

art. 6 sec. 1 letter b GDPR

as data necessary to perform the contract

 

 

the data processed by us for this purpose is the data disclosed on the registration cards and in the reservation system to which they belong: name and surname, address, identification document number, telephone number, credit card number - if provided, vehicle registration number - if provided

2.

issuing accounting documents and keeping accounting and tax documentation

6 sec. 1 letter c GDPR

as part of the Administrator's fulfilment of their legal obligation, which in this case is related to the regulation of the Accounting Act

the data processed by us for this purpose are: name and surname, address of residence or registered office, tax identification number - if provided, booking number

3.

ensuring the safety of services performed by using monitoring in clearly marked places

art. 6 sec. 1 letter f GDPR

as part of the Administrator's legitimate interest, which is to ensure the safety of hotel guests and employees on the premises of the facility run by the Administrator

data processed by us for this purpose is: the image of people staying in the facility

4.

sending marketing content based on the Customer's express consent via the communication channel selected by the customer by e-mail or by phone (also via SMS)

art. 6 sec. 1 letter a GDPR

as personal data processed on the basis of the consent expressed by the Customer

the data processed by us for this purpose are: name and surname; address e-mail; telephone number - if provided

5.

considering complaints submitted by you

art. 6 sec. 1 letter b GDPR

as data necessary to perform the contract

the data processed by us for this purpose are: name and surname, e-mail address, booking number, (possibly) home address — if the money is refunded, (possibly) the bank account number - if the money is refunded

6.

sending questionnaires aimed at developing the quality of services

art. 6 sec. 1 letter f GDPR

as part of the Administrator's legitimate interest, which is the development and improvement of the quality of services provided by the Administrator;

the data processed by us for this purpose is: e-mail address, name and surname

7.

investigation or defence against claims

art. 6 sec. 1 letter f GDPR

as part of the Administrator's legitimate interest, which is judicial enforcement of claims and defence of the Administrator's rights

the data processed by us for this purpose are: name and surname, address of residence - if provided, PESEL number or tax identification number - if provided, e-mail address, reservation number, ID document number.

8.

administering the Administrator's website: www.hotelvesper.pl

art. 6 sec. 1 letter f GDPR

as part of the Administrator's legitimate interest, which is comprehensive and efficient provision of hotel services, creating communication channels with potential customers and enabling the presentation of its offer to a wider range of recipients

the data processed by us for this purpose are: IP address, server date and time, information about the web browser, information about the operating system.

 

The provision of your data for marketing purposes (point 4) and sending surveys is voluntary and does not affect the performance of our services. At the same time, the indication of other data processed by us for the purposes indicated above is voluntary, but necessary to perform / conclude a contract or fulfil our statutory obligations (point 2). Failure to provide this data will result in the inability to conclude a contract or provide services to you.


II.  Period of data processing by the Administrator 

  1. Your data will be processed by us for a period of time:
    -        in the scope of point 1 and 5 above – for the duration of the contract; in relation to the data provided to the Administrator as part of the submitted request for services, which did not lead to the conclusion of the contract – for 1 year;
    -        in the scope of point 2 – for a period of 5 years from the end of the calendar year in which the contract was terminated or expired;
    -        in the scope of point 3 – for a period of 30 days from the date of recording the monitoring on the Administrator's servers;
    -        in the scope of point 4 and 6 – for the period necessary to achieve the purpose for which they were collected, no later than until the consent is revoked / objection raised;
    -        in the scope of point 7 above – for the period of limitation of claims (the period of limitation of claims depends on the type of claim);
  2. The data processing periods indicated in the point above, indicated in years, are counted from the end of the year in which the Administrator began processing the personal data. Such a solution is to facilitate the process of deleting or destroying personal data and to avoid major organizational and financial difficulties if it is necessary to count the period of data processing by the Administrator for each process separately. If you exercise your right to be forgotten, the Administrator will consider the case individually.

 

III. Data recipients

Like most entrepreneurs, we also use the services of third parties, which may require the transfer of your personal data to other entities. However, we make sure that all data provided by us is processed safely also by external entities.

In connection with the above, your data may be transferred to the following categories of entities: entities providing payment services; entities providing services accompanying hotel services; IT service providers; entities supporting the Administrator's marketing activities; entities providing legal and accounting services (law firms, accounting offices); public authorities, tax authorities at their request.

In addition, we also use services and technologies offered by entities that are not based outside the European Union, to which they belong: Facebook, Google Inc. and Microsoft Corporation, therefore, the transfer of your data may also take place outside the European Economic Area. In this case, however, the transfer of your personal data to the above-mentioned entities will be held on the basis of standard clauses adopted by the European Commission and thus - will be subject to appropriate protection measures.


IV.  Rights related to the processing of personal data

In connection with the processing of your personal data by us, you have the following rights:

    1. request for access to personal data;
    2. request for rectification of personal data;
    3. right to object to the processing of data;
    4. request to delete personal data;
    5. request to limit data processing;
    6. request for data transfer;
    7. right to lodge a complaint to the supervisory body - i.e. to the President of the Personal Data Protection Office.

In processing of your data, there is no automated decision-making, in particular there is no profiling.

In addition, we would like to inform you that you have also the right to revoke the consent granted to the Administrator for the processing of personal data. Withdrawal of consent will be recorded by the Administrator without undue delay, which will result in the cessation of sending further marketing information. Withdrawal of consent does not mean that the current processing of consent took place without an appropriate legal basis and applies only "for the future".