Hotel Vesper House

Privacy

  1. This Privacy Policy sets out the principles for the processing and protection of personal data provided by users in connection with their use of the services offered by the Hotel Vesper House website (hereinafter: the Website).
  2. The administrator of the personal data contained in the Website is HOTEL VESPER HOUSE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office at ul. Daniela Fahrenheita 3, code 80-214 in Gdańsk, registered in the Register of Entrepreneurs of the National Court Register kept by the District Court Gdańsk-Północ in Gdańsk, with KRS number 0001165481, NIP 9571186480, REGON 541337812 and share capital of PLN 5,000 (hereinafter: APD).
  3. With a view to ensuring the security of the personal data entrusted to it, the APD operates on the basis of internal procedures and recommendations, in compliance with the relevant legal acts on the protection of personal data, and in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 EC.
  4. The APD shall take particular care to protect the interests of data subjects and in particular shall ensure that personal data are:
    1. processed lawfully,
    2. collected for specified, legitimate purposes and not further processed in a way incompatible with those purposes,
    3. factually correct and adequate in relation to the purposes for which they are processed,
    4. kept in a form which permits identification of the individuals to whom they relate for no longer than is necessary to achieve the purpose of the processing.
  5. APD performs functions to obtain information about users and their behaviour by voluntarily entering information in forms, in order to:
    1. to respond to user enquiries made using the contact form on the basis of Article 6(1)(f) of the GDPR,
    2. the acceptance of a booking using the online booking system on the basis of Article 6(1)(b) of the GDPR,
    3. the performance of the services provided by the APD on the basis of Article 6(1)(b) of the GDPR,
    4. marketing, including the sending of commercial information to an email address, if the Customer has consented to this by ticking the relevant box in the booking process on the basis of Article 6(1)(a) of the GDPR. Consent to the processing of data for marketing purposes and the sending of commercial information may be withdrawn by clicking on the relevant link in the message received or by sending such a request to APD's email address,
    5. to pursue the legitimate interest of the APD in specific cases on the basis of Article 6(1)(f) of the GDPR, e.g. debt collection,
  6. The first time you visit the Hotel Vesper House website, you are informed of the use of cookies. By remaining on the website, the user accepts the use of cookies on the website. Failure to change, on the part of the user, the settings of the browser, is tantamount to consenting to the use of cookies.
  7. You will change your cookie settings when you restart or refresh your session on the APD website.
  8. The installation of ‘cookies necessary for the basic functionality of the Website’ is necessary for proper operation, in particular required for authentication.
  9. Cookies necessary for the operation of the website can be changed by changing the settings of your browser, with the understanding that changing the settings may cause the website to function incorrectly.
  10. More information on cookies is available in the ‘Help’ section of the user's browser menu.
  11. Users who, after having consulted the information available on the Website, do not wish the cookies to be retained on their device's web browser, should delete them from their browser at the end of their visit to the Website. The following types of cookies are used within the Service:
    1. session - remain in your browser until you switch it off, or log out of the Website,
    2. permanent - they remain on the device's web browser until the user deletes them, or until a predetermined time specified in the parameters of the cookie.
  12. In terms of the functionality of each cookie, they can be divided into:
    1. analytics files that help improve the user experience by understanding how users use and convert on the website,
    2. marketing files, used to personalise the content of advertisements, target appropriately and analyse the performance of marketing and sales channels,
    3. essential files, i.e. files that are fundamental to the basic functionality of the Website.
  13. The cookies we use allow us to develop our website.
  14. Some cookies may be placed by the Online Booking System provider for the sole purpose of:
    1. improving and supporting the booking process,
    2. to analyse and collect statistical data on the use of the website and the online booking system in order to improve them,
    3. the Online Reservation System provider informs the user interface of the Online Reservation System about the cookies installed
  15. APD may use automated decision-making, including profiling, for marketing purposes (including the automated matching of advertising to your interests and measuring its effectiveness), and the tailoring of the offer on the basis of Article 6(1)(a) of the GDPR.
  16. Recipients of personal data may be authorities, institutions and entities authorised by law, as well as entities providing services to APD (e.g. legal, IT, marketing, accounting services and other entities participating in the provision of the requested service).
  17. We use the following analytical tools: Google Analytics, Facebook Pixel.
  18. The data processed by the APD shall be available for inspection by the user of the Service who submitted it. The user also has the right to modify this data, to request its deletion and to limit or stop the processing of his/her personal data at any time. The user may also request the deletion of his/her personal data from the Service at any time. The right to data portability does not apply as there is no established standard for the exchange of such data between hotel properties.
  19. In order to exercise their rights indicated above, the user of the Service should contact APD using the same email address or telephone number provided to the Service by contacting at: rezerwacje@hotelvesper.pl.
  20. The Service User has the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal, by contacting APD directly or, in the case of technology, by changing the cookie settings.
  21. Any user of the Service may lodge a complaint with the Data Protection Authority.
  22. The Website may contain links to other websites that operate independently of the Website and are not supervised by the Website in any way. These websites may have their own privacy policies and regulations, which we recommend you read carefully.
  23. APD reserves the right to change the privacy policy of the Service, which may be caused by developments in Internet technology, possible changes in the law on the protection of personal data, and the development of the Service. We will inform users of any changes in a visible and understandable manner.

PRIVACY POLICY

I. GENERAL PROVISIONS
  1. The administrator of your personal data is HOTEL VESPER HOUSE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office at ul. Daniela Fahrenheita 3, code 80-214 in Gdańsk (hereinafter: the Company) - registered in the Register of Entrepreneurs of the National Court Register kept by the District Court Gdańsk-Północ in Gdańsk, with KRS number 0001165481, NIP 9571186480, REGON 541337812 and share capital of PLN 5,000 (hereinafter: the ‘Administrator’).
  2. Please send all inquiries or requests regarding the exercise of your rights in connection with the processing of your personal data to the following e-mail address: biuro@hotelvesper.pl.
  3. The data processed on the basis of this Privacy Policy are processed in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as: "GDPR") and the Act of 10 May 2018 on the protection of personal data.
  4. We process and collect personal data in accordance with the following principles:
    1. reliability and honesty;
    2. based on the appropriate legal basis (legality principle);
    3. transparent and clearly;
    4. with attention to data compliance (the principle of data correctness);
    5. for specific purposes (the principle of minimization);
    6. in accordance with the principle of time (the principle of limiting data storage);
    7. in a manner that ensures the confidentiality and integrity of data.
II. SCOPE OF COLLECTED DATA
  1. The scope of collected and processed data depends on the specific purpose stipulated in point III., the services provided by the Administrator and the type of data that you have provided to the Administrator. Each time, all processes of data are carried out on the basis of appropriate legal grounds.
  2. The personal data processed by the Administrator mainly includes: data indicated in the message sent to us, e-mail address, telephone number.
  3. The provision of personal data by the User is voluntary. The user is not obliged to provide their personal data, however, if you want to use some services (e.g. contact form), the lack of voluntary transfer of personal data will prevent their performance.
III. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING

Your data is processed for the purpose:

  1. replying to your questions by e-mail, via the contact form or by phone (including information about the Administrator's offers for the provision of hotel services) – based on Article. 6 sec. 1 lit. f GDPR as part of the Administrator's legitimate interest, which is to strive to sell its services and build contact with customers and potential customers and art. 6 sec. 1 letter b GDPR, i.e. in order to carry out the activities necessary to conclude a contract;
  2. providing hotel services and accompanying services (including accepting reservations) – based on Article. 6 sec. 1 letter b GDPR as data necessary to perform the contract;
  3. sending marketing content via means of communication for which you have voluntarily consented - by e-mail or by phone (also via SMS) – based on Article. 6 sec. 1 letter f as part of the Administrator's legitimate interest, which is marketing of own services, presenting the offer to potential customers and enabling the conclusion of a contract and building relationships with customers;
  4. administering and developing the Administrator's website - based on Article. 6 sec. 1 lit. f GDPR as part of the Administrator's legitimate interest, which is to ensure the development of communication channels with potential customers, including: transparency and readability of the website as well as correcting and adjusting the offer presented on the Administrator's website to the market realities.
IV. PERIOD OF DATA PROCESSING
  1. Your data will be processed for the period necessary to achieve the indicated purpose for which we have started processing the data. After this period, your data will be deleted.
  2. After the end of the service by electronic means, the Administrator does not process personal data, except for the possibility of further use of the data, which are necessary for the proper settlement of the service or for the pursuit of claims for payment for the use of services.
  3. The data processed on the basis of consent will be processed until the purpose for which the processing procedure was initiated is achieved, however not longer than until its cancellation. After the consent is withdrawn, personal data will not be processed and will be deleted.
V. DATA RECIPIENTS
  1. The Administrator may transfer your data to trusted external entities (data recipients), which include the following categories of entities: - entities providing payment services; - entities providing services accompanying hotel services; - IT service providers; - entities supporting the Administrator's marketing activities; - entities providing legal and accounting services (law firms, accounting offices); - public authorities, tax authorities at their request.
  2. As a rule, your personal data will not be transferred outside the European Economic Area, but due to the fact that the Administrator also uses services and technologies offered by entities, which do not have their headquarters outside the European Union, which include, among others: Facebook Inc., Google Inc. and Microsoft – it is possible to transfer your data also outside the European Economic Area. In this case, however, the transfer of personal data to the above-mentioned entities will be held on the basis of standard clauses adopted by the European Commission and thus - will be subject to the appropriate protection measures.
VI. RIGHTS RELATED TO DATA PROCESSING
  1. In connection with the processing of personal data by the Administrator, you have the following rights:
    1. request for data access;
    2. request for data rectification;
    3. request to delete data ("the right to be forgotten");
    4. request to restrict processing;
    5. request for data transfer – including receipt of the data and sending it to another administrator or to request, if technically possible, to send the data directly to another administrator;
    6. the right to object to data processing;
    7. the right to lodge a complaint with the supervisory authority – i.e. to the President of the Personal Data Protection Office.
  2. In the processes of your data by us, there is no automated decision-making, in particular there is no profiling.
  3. Please be advised that you also have the right to revoke the consent granted to the Administrator for the processing of personal data. For this purpose, please send similar information from the telephone number or e-mail address that you reported as a channel for receiving marketing information.
  4. To take advantage of the rights guaranteed by the generally applicable provisions of law and the provisions of this Privacy Policy, please contact us by the e-mail address: biuro@hotelvesper.pl or by sending correspondence to the address of the registered office, i.e. ul. Daniela Fahrenheita 3, 80-214 Gdańsk.
  5. Demands arising from the rights specified in point VI. 1. will be considered by the Administrator without undue delay, no later than within 1 month. This period may be extended by another two months, but in this case, the Administrator will indicate the reasons thereof and specify the period for which the deadline for examining the request of the data subject is to be extended.
  6. In the case of exercising the right to access data (point VI. 1.1.) and the right to transfer data (point VI 1.5.), a copy of the data concerning is attached to the answer given to the requesting party in commonly known and available machine-readable formats.
VII. POLICY FOR THE USE OF "COOKIES"
  1. The Administrator on their website and in the course of providing services to website users applies the technologies aimed at collecting and saving information by means of: voluntarily entering information in the forms on the website and by collecting cookies, i.e. short text information (strings), saved on a computer, phone, tablet or other user's device (end device). These files are sent to the clipboard of the browser used by the user, which re-sends them on subsequent visits to the website. Cookies contain information necessary for the proper functioning of the website.
  2. Cookies have numerous functions, which include: ensuring security (they are used to authenticate users), have an impact on the performance of the website (they are required to enable the use of many website functions, e.g. by remembering settings), save the state of the session (allow for the identification of errors that may appear on subpages) and allow the creation of statistics aimed at the continuous development of the website.
  3. The Administrator uses the following cookies:
    1. permanent - i.e. files that remain in the browser's memory until they are deleted by the user;
    2. session - i.e. files that remain in the browser memory until you turn off or log out of the website;
    3. necessary - i.e. files that are required for the proper operation of the website (e.g. user authentication); without saving them, it is not possible for users to use the website;
    4. functional - i.e. files that enable more efficient use of the website (e.g. saving user settings); without saving them, the use of some functionalities of the Administrator's website may be difficult or limited.
  4. Your browsers allow the use of cookies by default. If you do not change your browser settings, you give your consent to their use. In order to manage the appropriate cookie settings, please read the relevant instructions indicated in the web browser you use.
  5. The consent to the processing of cookies is voluntary. However, please remember that if restrictions in their use are introduced, the use of the website may be difficult or it may become impossible to use some of the functionalities of the Administrator's website.
  6. The Administrator informs also that they may use cookies also applied by entities not established in the EEA, such as – Facebook Inc. and Google Inc. These files can be used to connect accounts on social networks with user accounts or to use certain website functions related to accounts on social networks.
VIII. FINAL PROVISIONS
  1. The provisions of this Privacy Policy may be updated or changed. Any changes to the Privacy Policy will be made available in an easily accessible and visible manner on the Administrator's website.
  2. To the extent not covered by this Privacy Policy, the generally applicable provisions on the protection of personal data shall apply.
  3. This Privacy Policy shall apply from 01 July 2025.

INFORMATION CLAUSE FOR CUSTOMERS AND POTENTIAL CUSTOMERS

The Administrator of your personal data is HOTEL VESPER HOUSE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office at ul. Daniela Fahrenheita 3, code 80-214 in Gdańsk (hereinafter: the Company) - registered in the Register of Entrepreneurs of the National Court Register kept by the District Court Gdańsk-Północ in Gdańsk, with KRS number 0001165481, NIP 9571186480, REGON 541337812 and share capital of PLN 5,000 (hereinafter: the ‘Administrator’).

In matters related to the processing of your personal data by the Administrator, please contact the person responsible for the protection of personal data at the e- mail address: biuro@hotelvesper.pl or to the postal address: ul. Daniela Fahrenheita 3, 80-214 Gdańsk.

The processing of personal data takes place in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC – hereinafter referred to as: „GDPR”.

  1. Purposes of data processing and legal basis Your data is processed for the purpose:
    NO. PURPOSE BASIS JUSTIFICATION SCOPE
    1. conclusion and performance of hotel services and accompanying services (does not apply to data required only for marketing purposes; the provision of our services does not depend on the expression or withdrawal of marketing consent) art. 6 sec. 1 letter b GDPR as data necessary to perform the contract the data processed by us for this purpose is the data disclosed on the registration cards and in the reservation system to which they belong: name and surname, address, identification document number, telephone number, credit card number - if provided, vehicle registration number - if provided
    2. issuing accounting documents and keeping accounting and tax documentation art 6 sec. 1 letter c GDPR as part of the Administrator's fulfilment of their legal obligation, which in this case is related to the regulation of the Accounting Act the data processed by us for this purpose are: name and surname, address of residence or registered office, tax identification number - if provided, booking number
    3. ensuring the safety of services performed by using monitoring in clearly marked places art. 6 sec. 1 letter f GDPR as part of the Administrator's legitimate interest, which is to ensure the safety of hotel guests and employees on the premises of the facility run by the Administrator data processed by us for this purpose is: the image of people staying in the facility
    4. sending marketing content based on the Customer's express consent via the communication channel selected by the customer by e-mail or by phone (also via SMS) art. 6 sec. 1 letter a GDPR as personal data processed on the basis of the consent expressed by the Customer the data processed by us for this purpose are: name and surname; address e-mail; telephone number - if provided
    5. considering complaints submitted by you art. 6 sec. 1 letter b GDPR as data necessary to perform the contract the data processed by us for this purpose are: name and surname, e- mail address, booking number, (possibly) home address — if the money is refunded, (possibly) the bank account number - if the money is refunded
    6. sending questionnaires aimed at developing the quality of services art. 6 sec. 1 letter f GDPR as part of the Administrator's legitimate interest, which is the development and improvement of the quality of services provided by the Administrator the data processed by us for this purpose is: e-mail address, name and surname
    7. investigation or defence against claims art. 6 sec. 1 letter f GDPR as part of the Administrator's legitimate interest, which is judicial enforcement of claims and defence of the Administrator's rights the data processed by us for this purpose are: name and surname, address of residence - if provided, PESEL number or tax identification number - if provided, e mail address, reservation number, ID document number
    8. administering the Administrator's website: www.hotelvesper.pl art. 6 sec. 1 letter f GDPR as part of the Administrator's legitimate interest, which is comprehensive and efficient provision of hotel services, creating communication channels with potential customers and enabling the presentation of its offer to a wider range of recipients the data processed by us for this purpose are: IP address, server date and time, information about the web browser, information about the operating system
    The provision of your data for marketing purposes (point 4) and sending surveys is voluntary and does not affect the performance of our services. At the same time, the indication of other data processed by us for the purposes indicated above is voluntary, but necessary to perform / conclude a contract or fulfil our statutory obligations (point 2). Failure to provide this data will result in the inability to conclude a contract or provide services to you.
  2. Period of data processing by the Administrator
    1. Your data will be processed by us for a period of time: - in the scope of point 1 and 5 above – for the duration of the contract; in relation to the data provided to the Administrator as part of the submitted request for services, which did not lead to the conclusion of the contract – for 1 year; - in the scope of point 2 – for a period of 5 years from the end of the calendar year in which the contract was terminated or expired; - in the scope of point 3 – for a period of 30 days from the date of recording the monitoring on the Administrator's servers; - in the scope of point 4 and 6 – for the period necessary to achieve the purpose for which they were collected, no later than until the consent is revoked / objection raised; - in the scope of point 7 above – for the period of limitation of claims (the period of limitation of claims depends on the type of claim);
    2. The data processing periods indicated in the point above, indicated in years, are counted from the end of the year in which the Administrator began processing the personal data. Such a solution is to facilitate the process of deleting or destroying personal data and to avoid major organizational and financial difficulties if it is necessary to count the period of data processing by the Administrator for each process separately. If you exercise your right to be forgotten, the Administrator will consider the case individually.

3. Data recipients

Like most entrepreneurs, we also use the services of third parties, which may require the transfer of your personal data to other entities. However, we make sure that all data provided by us is processed safely also by external entities.
In connection with the above, your data may be transferred to the following categories of entities: entities providing payment services; entities providing services accompanying hotel services; IT service providers; entities supporting the Administrator's marketing activities; entities providing legal and accounting services (law firms, accounting offices); public authorities, tax authorities at their request.
In addition, we also use services and technologies offered by entities that are not based outside the European Union, to which they belong: Facebook, Google Inc. and Microsoft Corporation, therefore, the transfer of your data may also take place outside the European Economic Area. In this case, however, the transfer of your personal data to the above-mentioned entities will be held on the basis of standard clauses adopted by the European Commission and thus - will be subject to appropriate protection measures.

4. Rights related to the processing of personal data

In connection with the processing of your personal data by us, you have the following rights: 1. request for access to personal data; 2. request for rectification of personal data; 3. right to object to the processing of data; 4. request to delete personal data; 5. request to limit data processing; 6. request for data transfer; 7. right to lodge a complaint to the supervisory body - i.e. to the President of the Personal Data Protection Office.

In processing of your data, there is no automated decision-making, in particular there is no profiling.

In addition, we would like to inform you that you have also the right to revoke the consent granted to the Administrator for the processing of personal data. Withdrawalof consent will be recorded by the Administrator without undue delay, which will result in the cessation of sending further marketing information. Withdrawal of consent does not mean that the current processing of consent took place without an appropriate legal basis and applies only "for the future".