I. Personal Data Controller
1. The Administrator of your personal data processed for the purpose of using hotel services and accompanying services are the following companies:
a) Dobry Hotel spółka z ograniczoną odpowiedzialnością (Limited Partnership) with its registered office in Sopot at 18-20 Pułaskiego Street, entered into the register of entrepreneurs of the National Court Register (Krajowy Rejestr Sądowy) kept by the District Court Gdańsk-Północ in Gdańsk, VIII Commercial Division of the National Court Register under number 0000360212, Tax Identification Number (NIP) 585 145 58 78, Statistical Number (REGON): 221051940, (hereinafter referred to as the: „Dobry Hotel”),
b) Altus Hotel Mięczkowski spółka komandytowa (Limited Partnership) with its registered office in Sopot at 18-20 Pułaskiego Street, entered into the register of entrepreneurs of the National Court Register (Krajowy Rejestr Sądowy) kept by the District Court Gdańsk-Północ in Gdańsk, VIII Commercial Division of the National Court Register under number 0000593450, Tax Identification Number (NIP): 5851472954, Statistical Number (REGON): 363350641,
c) Unicus Dobry Hotel spółka z ograniczoną odpowiedzialnością sp.k. (Limited Partnership) with its registered office in Sopot at 18-20 Pułaskiego Street, entered into the register of entrepreneurs of the National Court Register (Krajowy Rejestr Sądowy) kept by the District Court Gdańsk-Północ in Gdańsk, VIII Commercial Division of the National Court Register under number: 0000328042, Tax Identification Number (NIP): 5851448140, Statistical Number (REGON): 220774659,
(hereinafter jointly referred to as the „Companies”)
2. The Companies are joint controllers of your data, which means they together set the purposes and methods of processing your data. In matters related to the processing of your personal data by the Companies, please contact the person responsible for the protection of personal data at the following e-mail address: email@example.com or at the following address: Dobry Hotel spółka z ograniczoną odpowiedzialnością., al. Grunwaldzka 229, 80-226 Gdańsk. This is a joint contact for all the Companies.
3. Dobry Hotel – as the joint controller - is responsible for providing you with the information about how the Companies process your personal data.
4. Dobry Hotel is also responsible for the exercising of your rights under personal data protection regulations. Dobry Hotel performs those duties on its own behalf and on behalf of the Companies
5. The Companies have entered into the agreement; this agreement does not limit the liability of each of the Companies. You can execute your rights against each of the Companies (joint and several liability of the Companies).
II. The contact details of the controllers representatives in the matter of personal data protection
In matters related to the processing of your personal data by the Companies, please contact the person responsible for the protection of personal data at the following e-mail address: firstname.lastname@example.org or at the following address: Dobry Hotel spółka z ograniczoną odpowiedzialnością sp. k. ., al. Grunwaldzka 229, 80-226 Gdańsk.
This is a joint contact for all the Companies.
III. Purposes and legal basis for processing personal data
In order to provide services within the scope of the company’s operations, we will process your personal data, for a variety of purposes, all of which are in compliance with the law. Below you can find a detailed list of the purposes for which your personal data is processed along with the legal basis for such processing.
Your personal data are being processed by the Companies in connection with services rendered by the Companies on your request. The purpose of this processing is primarily to ensure proper performance of the service agreement and to present to you our special offers presenting. Below you will find purposes for the processing of personal data along with the legal basis.
2. Cookies have many functions on the website, in particular:
• they provide security – cookies are used to verify and authenticate users and to prevent unauthorised access to the client panel. In this way they protect your personal data from access by unauthorised parties.
• they increase the efficiency and comfort of using the website – cookies are used to make your experience browsing the website run more smoothly and to ensure that you have full access to its functionality, which is possible among other reasons thanks to cookies remembering your settings from visit to visit. Thanks to this it is easy to smoothly move from page to page.
• cookies identify session status — cookies frequently store information on how you use the website, such as which subpages are most often displayed. These cookies help us identify display errors in the website.
• cookies maintain session status — once you have logged into the reservation system, cookies allow your session to be maintained. This means that it is not necessary to log into the system again every time you visit a subpage, undoubtedly increasing the comfort of use of the system.
• they create statistics —cookies are used to analyse how users are using the website (for example how many people visit the site, how long they remain on the site, which contents generate the most interest, etc.). Thanks to this information, we can improve the website and adapt its operations to the preferences of its users. In order to monitor page activity and create statistics, we use Google tools such as Google Analytics; in addition to reporting on usage statistics for the website, Google Analytics may also be used together with some of the types of cookies mentioned above to provide the user with more tailored and relevant content in Google services (such as the Google search engine) and throughout the Internet.
3. It is important to remember that many cookies have an anonymous nature; that is, they cannot be used to identify the individual user.
V. Right to withdraw consent
1. If processing of your personal data takes place on the basis of your consent, you may withdraw that consent at any time and for any reason,
2. If you choose to withdraw consent for the processing of your personal data, it is sufficient to:
• send an e-mail directly to the company at the address email@example.com or by traditional mail to the company’s postal address:
• Dobry Hotel spółka z ograniczoną odpowiedzialnością sp.k. ., al. Grunwaldzka 229, 80-226 Gdańsk
VI. The obligation to provide the personal data
1. Dear Customer, the use of hotel services provided by the Company or access services to the booking system is fully voluntary, however, for the proper performance of the contract, personal data is necessary.
2. For the purpose of rendering services through the booking system, the Companies process following personal data: first name and surname, e-mail address.
3. In order to issue an invoice and fulfill other obligations resulting from the provisions of tax law, the Companies process personal data such as: first name and surname, address of residence or headquarters address, tax identification number (if provided).
4. You also provide your telephone number or e-mail address on a voluntary basis. The companies point out, however, that in the absence of these data, they will not be able to submit their offers.
5. In order to use the loyalty program, the Companies process personal data such as: first name and surname, phone number, e-mail address.
VII. Other ways of data processing
1. One of the ways of processing your personal data is the profiling. Profiling means that each of the Companies may - based on your preferences - adapt services and content sent to you electronically by the Companies. For its part, each of the Companies guarantees that the data is not processed automatically, that is, without human interference
VIII. The recipients of the personal data
1. Bearing in mind how valuable your personal data is at every step, the Companies try to ensure that their processing takes place in accordance with the law, and in the case of transferring these data outside the structures of the Companies, we make sure that the entities which are entrusted with your data ensure the appropriate standard of their protection and they keep them confidential
2. Bearing in mind how valuable your personal data is at every step, the Companies try to ensure that their processing takes place in accordance with the law, and in the case of transferring these data outside the structures of the Companies, we make sure that the entities which are entrusted with your data ensure the appropriate standard of their protection and they keep them confidential. We would like to draw your attention to the fact that, like most entrepreneurs, the Company uses the help of third parties in its operations, which may involve the transfer of your personal data. In connection with the above, if necessary, the Company provides your data to:
1) entities providing additional services accompanying hotel services (in particular access to water attractions, access to wellness services or access to sports facilities),
2) entities providing payment services,
3) IT service providers and services supporting marketing activities of companies (e.g. entities providing mailing services),
4) suppliers of legal and advisory services and supporting the Companies in pursuing claims due (e.g. law firms, debt collection companies)
5) public authorities (e.g. fighting against fraud or abuse) or tax authorities
6) insurance and brokerage companies,
7) owners of facilities in which there are hotels.
IX. Personal data transfer to third countries
1. Like most entrepreneurs, the Companies use various popular services and technologies offered by such entities as Facebook, Microsoft or Google. These companies are based outside the European Union and therefore, in the light of the provisions of the GDPR, they can be treated as third countries.
2. Due to the fact that each of the Companies uses the services of different suppliers, your personal data may be transferred outside the European Union and the European Economic Area. The companies ensure, however, that in such a case the data transfer will take place on the basis of a contract between the Companies and this entity, containing exemplary clauses on data protection adopted by the European Commission.
X. The period for which the personal data will be stored
1. In accordance with the applicable law, we do not process your personal information "indefinitely", but for the time that is needed to achieve the purpose. After this period, your personal data will be irreparably removed or destroyed
2. In a situation where the Companies do not need to perform other operations on your personal data than storing (e.g. when the content of the order is stored for defenses against claims), until the permanent removal or destruction of the data are additionally protected - for example by pseudonymization. Pseudonymisation consists of such encryption of personal data or a personal data set that it is impossible to read them without an additional key, and thus such information becomes completely useless to the unauthorized person.
3. Regarding particular periods of personal data processing, the Companies indicate that personal data is processed for the period of:
• duration of the contract - in relation to personal data processed in order to conclude and perform the contract;
• limitation of claims - in relation to personal data processed in order to establish, assert or defend claims (the length of the period depends on whether both parties are entrepreneurs or not);
• 30 days - in relation to personal data processed for the needs of video monitoring, unless a longer period results from the relevant orders of public authorities;
• 1 year - in relation to personal data that were collected when asking for services (e.g. room availability), and at the same time the contract was not concluded immediately;
• 5 years - in relation to personal data related to the fulfillment of obligations arising from tax law;
• pending the withdrawal of consent or the achievement of the purpose of processing - in relation to personal data processed on the basis of consent;
• until the opposition has been effectively raised or the purpose of processing is achieved - in relation to personal data processed on the basis of the legitimate interests of the Companies or for marketing purposes;
• until obsolescence or obsolescence, but no more than 5 years - in relation to personal data processed mainly for analytical purposes.
4. Please note that periods in years are counted from the end of the year in which the Companies began processing personal data. Such actions are primarily aimed at improving the process of removing or destroying personal data
5. Please note that a separate counting of the deadline for each contract would entail significant
organizational and technical difficulties for the Companies as well as significant financial
expenses, therefore setting one date for removing or destroying personal data allows the Companies
to manage this process more efficiently and effectively.
6. However, if you exercise the right to be forgotten by the Company, such situations are considered
and solved individually.
7. The additional year associated with the processing of personal data collected for the performance
of the contract is dictated by the fact that you can hypothetically claim a moment before the expiry
of the limitation period, the request may be delivered with a significant delay or you may
incorrectly determine the limitation period of your claim.
XI. Rights of the data subject
1. The company informs you of your right to:
• acces your personal data
• rectify your personal data
• delete your personal data
• restrict processing of your personal data
• lodge a complaint about the processing of your personal data
• transfer your personal data to another data controller
2. The rights described above are honoured by the company, and the company shall make efforts to ensure that the exercise of these rights is as easy as possible.
3. The company would also like to inform you that the rights listed above are not absolute rights, and that in some situations the company may choose to or be required to refuse to honour these rights. However, such rights shall only be refused after thorough and careful analysis and only when absolutely necessary.
4. Regarding the right to lodge a complaint about the processing of personal data, the company informs you that at any time you may object to the processing of your personal data based on the legitimate business interest of the company (these are listed in Point 3) based on your own particular situation. It is important to remember, w-however, that we may be required to refuse such a request in order to comply with the law if it can be shown that:
• there is a legally justified rationale for processing the data which overrides your personal interest, rights and freedoms
• there is a basis for the establishment, settlement or defence of claims
5. Additionally, at any time you may object to the processing of your personal data for marketing purposes. In such a case, processing will cease after we receive your request.
6. You can exercise your rights by:
• sending an e-mail directly to the company at the address: firstname.lastname@example.org
• sending written information to the address:
Dobry Hotel spółka z ograniczoną odpowiedzialnością sp.k. al. Grunwaldzka 229, 80-226 Gdańsk.
XII. Right to lodge a complaint
1. If you feel that your personal data have been processed in violation of applicable law, you may lodge a complaint with the President of the Office of Personal Data Protection.
XIII. Final provisions