Privacy

INFORMATION CLAUSE

GENERAL PRINCIPLES OF PERSONAL DATA PROCESSING BY THE PERSONAL DATA ADMINISTRATOR – ZAMEK GIŻYCKI SP. Z O.O. BASED IN GIŻYCKO

Hereby, acting on its own behalf, the Administrator – ZAMEK GIŻYCKI Sp. z o.o. based in Giżycko: Hotel ST. BRUNO****, ul. Św. Brunona 1, 11-500 Giżycko, Hotel Zamek** based in Giżycko, ul. Moniuszki 1, acting pursuant to Article 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), kindly informs you of the following:

  1. ZAMEK GIŻYCKI Sp. z o.o. processes personal data in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as "GDPR".
  2. ZAMEK GIŻYCKI Sp. z o.o. limits the processing of personal data to the minimum necessary to achieve the purpose for which they are collected.
  3. Personal data collected by ZAMEK GIŻYCKI Sp. z o.o. are processed for the following purposes:
    1. undertaking actions prior to concluding a contract;
    2. performance of concluded contracts;
    3. fulfillment of legal obligations incumbent on the Administrator;
    4. legitimate interests of the Administrator, namely:
      1. establishing and maintaining contacts with contractors;
      2. making offers regarding its services and products;
      3. detecting and preventing possible abuses;
      4. ensuring the security of property and persons;
      5. determining, pursuing and defending claims;
      6. creating reports, analyses, and statistics for internal purposes;
      7. providing hotel services;
      8. handling complaints;
      9. handling inquiries and submissions you send to us (e.g., via contact form);
      10. managing transaction security;
      11. ensuring the best customer service
  4. Personal data may also be processed based on the consent of the data subject, for the purpose specified in the consent statement. Consent may be withdrawn at any time, but withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  5. Personal data may also be obtained by the Administrator from other legally permitted sources, e.g.:
    1. from banks and other institutions;
    2. from public sources, including KRS, CEIDG registers.
  6. While using the Administrator's websites, information identifying the end of a telecommunications network or IT system from which the connection was made may be recorded (including time stamp, IP address).
  7. Personal data are stored for the period necessary to achieve the purpose for which they were collected and then for the period after which claims arising from that purpose become time-barred, as well as for the period prescribed by law for data retention. The Administrator may also store personal data longer solely for justified reasons if the law permits such storage.
  8. Personal data collected by the Administrator, taking into account applicable regulations, may be disclosed to the following recipients:
    1. entities operating IT systems or providing IT tools;
    2. entities providing advisory, consulting, auditing, debt collection, legal, tax, accounting, payroll, and human resources services;
    3. entities conducting payment activities;
    4. entities providing physical protection of the Administrator's premises;
    5. entities conducting postal or courier activities;
    6. entities conducting debt collection or acquiring receivables;
    7. other entities if disclosure of data is necessary for legal reasons.
  9. All persons whose personal data are processed by the Administrator have the following rights under the GDPR:
    1. right to access personal data and to obtain a copy (Art. 15 GDPR),
    2. right to request correction or completion of personal data (Art. 16 GDPR),
    3. right to request deletion of personal data (Art. 17 GDPR),
    4. right to request restriction of personal data processing (Art. 18 GDPR),
    5. right to data portability (Art. 20 GDPR),
    6. right to object (Art. 21 GDPR).

The scope of each of these rights and the situations in which they can be exercised result from applicable law. The above rights can be exercised by submitting a request directly at the Company’s registered office – ul. św. Brunona 1, 11-500 Giżycko

R.O.D.O. Privacy Policy