Personal data processing
Personal data is processed in order to implement the booking process, to consider complaints, as well as to clarify the circumstances of any violation of the Regulations or the applicable law.
In accordance with art. 13, section 1 and item 2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of individuals, with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR), we inform that:
• The Administrator of personal data obtained in the booking process – within the meaning of applicable provisions of generally applicable law – is Tatrovia, an accommodation facility located at Droga do Daniela 1C Street, 34-500 Zakopane, which is owned by the company Apartamenty Rodzinne Pod Szczytami Grażyna Bryniarska, with its registered office at ul. Heleny Marusarzówny 11/4, 34-500 Zakopane, NIP 7361071947, REGON 490668652.
• The Processing Entity of thepersonal data is an online booking system Hotres.pl, which belongs to LEMONPIXEL.pl Roman Korczyński, a company with its registered office in Jelenia Góra, 58-570, ul. Młyńska 12A, hereinafter referred to as Hotres.pl.
- For the purposes connected to the booking process/issuing a sales proof, the Guest's personal data is collected. Providing personal data is voluntary, and yet necessary for the completion of the booking process.
- The Guest has the right to access their personal data, the right to rectify it, delete it, as well as the right to limit the scope of their processing.
- An optional consent of the Guest to allow for processing the data for marketing purposes requires checking the appropriate 'checkbox' in the booking process. Such consent may be withdrawn by sending an appropriate message to the e-mail address: email@example.com.
- Detailed purposes and scope of personal data processing in the Hotres.pl system are set out in the Annex.
- The Administrator ensures by using their knowledge and experience that the Guest's personal data is not disclosed to third parties and will take the necessary measures in this respect to maintain this assurance.
- The Administrator retains the right to disclose personal data to authorized entities (Sub-processors) and in cases provided for by the generally applicable law. In particular, this applies to entities such as: online payments systems and reception software.
- The Administrator is obliged to respect the secrecy and confidentiality of information obtained for the purpose of implementing the booking process. Said commitment remains in force for an indefinite period.
- Hotres.pl as the Processing Entity of the Guest's personal data, ensures the implementation of appropriate technical and organizational measures, and additional IT security systems, based on proven servers and personal data processing systems in services provided electronically.
- Hotres.pl declares that the IT systems used to process personal data meet the requirements of applicable law, in particular they are protected to a high degree – within the meaning of the Regulation of the Minister of the Interior and Administration of 29 April 2004 on the documentation of personal data processing and technical and organizational conditions – with which information devices and systems used to process personal data are met.
- Subcontractors and employees of Hotres.pl will be duly authorized to process personal data in connection with the implementation of the booking process, to which the Administrator and the Guest give their consent.
- In order to ensure the highest security in the storage of personal data, in accordance with the requirements of the GDPR, Hotres.pl is obliged to:
a). encryption and anonymization of personal data transmission;
b). continuous ensuring of confidentiality, integrity, availability and resilience of systems and processing services;
c). maintaining the ability to quickly restore the availability of personal data and access to it in the event of a physical or technical incident;
d). regular testing, measuring and assessing the effectiveness of technical and organizational procedures to ensure security of data processing.
The Administrator is entitled to amend the provisions of these Regulations at any time and depending on their own decision. In particular, they may amend the provisions of these Regulations in the case of:
- the need to adapt the Regulations to mandatory provisions or to changes in law affecting the content of the Regulations;
- the need to adapt the Regulations to a recommendation, interpretation, ruling, order or decision of a public authority or court decision affecting the content of the Regulations;
- expansion or changes in the functionalities of Hotres.pl.