PERSONAL DATA PROTECTION AT RESTAURANT AND BANQUET HALL ‘AS’ – ACCOMODATION
Restaurant and Banquet Hall “AS” – Accommodation makes every effort to process guest data in compliance with the highest security standards and in accordance with the General Data Protection Regulation of 27 April 2016 (Journal of Laws UE L 119 of 4 May 2016), hereinafter referred to as the GDPR.
1. The controller of your personal data is: Karol Wilczyński, carrying out business activity under the business name Restauracja i Sala Bankietowa „AS”- Noclegi (Restaurant and Banquet Hall “AS” – Accommodation) with its registered office in Słodków Kolonia 68c, 62-700 Turek, NIP number: 668-000-74-34, REGON: 310129194, phone number: 63 280-34-93, email address: firstname.lastname@example.org, registered in the Central Electronic Register and Information on Economic Activity maintained by the Ministry of Entrepreneurship and Technology.
2. The purpose of data processing is:
a. handling of submitted queries – pursuant to Article 6(1)(a) of the GDPR – consent of the data subject
b. booking accommodation – pursuant to Article 6(1)(a) of the GDPR – consent of the data subject
c. performance of an accommodation service agreement – pursuant to Article 6(1)(b) of the GDPR
d. performance of an agreement for the organisation of a special event or another catering service – pursuant to Article 6(1)(b) of the GDPR
e. marketing activities of the personal data controller – pursuant to Article 6(1)(a) of the GDPR – with the consent of the data subject
f. ensuring the safety of persons and property in the hotel and restaurant by means of video monitoring – pursuant to Article 6(1)(f) of the GDPR
f. ensuring the safety of persons and property in the hotel and restaurant through the identification of all people inside the hotel – pursuant to Article 6(1)(f) of the GDPR
h. to pursue a legitimate interest (issuing an invoice documenting the performance of a service) – pursuant to Article 6(1)(c) of the GDPR
i. to secure or exercise claims, which is a legitimate interest of the controller pursuant to Article 6(1)(f) of the GDPR
3. Personal data shall be store for:
a. concerning submitted enquiries – for a period of 30 days from the end date of correspondence
b. concerning a booking – for a period of 12 months from making a booking
c. concerning the performance of an accommodation service agreement or required for the issuance of an invoice – for a period of 5 years from the end of the year in which the stay at the hotel took place
d. concerning the performance of an agreement for the organisation of a special event or another catering service – for a period of 5 years from the end of the year in which the special event or another catering service was held
e. processing for marketing purposes – until the consent is revoked by the data subject or until there is a business need to do so
f. in video surveillance systems – for 30 days and then the data shall be permanently deleted
4. The recipients of personal data may be:
a. an external accountancy office
b. provider of the accommodation service booking platform (if the booking is received through websites such as Idosell Booking, Booking.com, eholiday.pl, Nocleg.pl, Expedia Group, Facebook, etc.)
c. companies providing marketing services (relates to persons who have agreed to receive commercial communications)
d. companies providing IT support services and IT software
e. transport and taxi companies if the guest orders transport or a courier service
f. entities entitled to obtain personal data on the basis of legal regulations
5. You have the right to request from the Data Controller access to your personal data, the right to correct the data, and the right to data portability – this applies to purposes resulting from the Data Controller’s legitimate interests, the performance of an accommodation service agreement, the performance of an agreement for the organisation of a special event or another catering service, and for the purpose specified in the consent – you also have the right to erase or restrict the processing of your personal data, the right to object to the processing of your personal data, and the right to withdraw your consent at any time.
6. You also have the right to lodge a complaint with a supervisory authority, i.e. the Inspector General for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.
7. The provision of personal data is voluntary; however, the refusal to provide such data may result in:
a. a refusal to provide accommodation services – in the case of data processed in order to perform the accommodation service agreement
b. a refusal to provide services linked to the organisation of a special event or another catering service – in the case of data processed in order to perform the agreement for the organisation of a special event or another catering service
c. a refusal to make a booking – when booking a room
8. Contact the Data Protection Officer at: email@example.com, phone number: :+48 607858363
9. Your personal data shall not be profiled.
10. Information about the processing of your personal data is also available on the following website:
http://en.restauracja-as.pl (hereinafter: the Website)
The controller of your personal data is: Karol Wilczyński, carrying out business activity under the business name Restauracja i Sala Bankietowa „AS”- Noclegi (Restaurant and Banquet Hall “AS” – Accommodation) with its registered office in Słodków Kolonia 68c, 62-700 Turek, NIP number: 668-000-74-34, REGON: 310129194, phone number: 63 280-34-93, email address: firstname.lastname@example.org, registered in the Central Electronic Register and Information on Economic Activity maintained by the Ministry of Entrepreneurship and Technology (hereinafter: Controller).
1. In the interest of the security of the entrusted personal data, the Data Controller acts in accordance with internal procedures and recommendations which are compliant with the applicable legal acts linked to personal data protection, including in particular the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
2. The Controller shall protect the interests of data subjects with due care, and in particular shall ensure that personal data:
a. the data are processed lawfully;
b. the data are collected for specified and legitimate purposes and no further processed in a way incompatible with the intended purposes;
c. the data are relevant and adequate to the purposes for which they are processed;
d. the data are kept in a form which permits the identification of the data subjects no longer than it is necessary for the purposes for which they are processed.
3. Personal data are processed on the basis of consent given by website users and in cases where the provisions of applicable law entitle the Data Controller to process personal data.
4. The Data Controller processes the personal data voluntarily provided by website users, only for the purpose of: responding to users’ enquiries made using the contact form, in the following scope:
a. full name
b. email address
c. phone number
5. The personal data of users of the website: https://www.restauracja-as.pl users are not sold or made available to third parties and are subject to profiling, i.e. automated processing in order to assess and determine the personal characteristics or needs of users.
6. The data processed by the Data Controller may be viewed by the website user who provided the data. The user also has the right to modify this data, request that it be passed onto another party and restrict or stop the processing of their personal data at any time. At any time, the user may also withdraw their prior consent to the processing of their data and request that their personal data be deleted from the website.
7. In order to exercise their rights specified in point 8 above, the website user should contact the Data Controller using the same email address or telephone number submitted to the website, by sending an email to: email@example.com
8. The Data Controller performs the function of gathering information about the users in the following manner:
a. through information voluntarily entered in the form,
b. by collecting cookie files
10. The installation of cookies is necessary for the proper provision of services on the Website. Cookies contain information necessary for the proper functioning of the Website, in particular actions requiring authorisation. The user may at any time change the settings of the browser so that cookies are either accepted or rejected, or so that the user is notified when such files are not placed on the computer.
11. The following types of cookies are used on the Website:
a. session cookies – temporary files which are stored in the web browser until the user logs out or switches off the web browser,
b. persistent cookies – stored in the web browser until the user deletes them manually or for the time specified in the parameters of the cookies.
12. The Website may contain links to other websites which operate independently of the Website and are not in any way supervised by the Website. These websites may have their own privacy policies and rules, which we recommend to read carefully.