Each time we mention “data” we mean your personal details, such as your name and surname, e-mail address or telephone number, that you’ve provided us with or that we’ve obtained from the other sources.
CONTROLLER OF PERSONAL DATA
The controller of the personal data is Agata Dudar, the owner of enterprise operating under name Grand Apartments Agata Dudar that is registered in Central Business Register and Information Service operated by the Minister of Development and Finance, NIP 9581408887, REGON: 221582376 with headquarters in Sopot 81-838, on al. Niepodległości 753/U4.
PERSONAL DATA AND PRIVACY
1. Situations in which we are processing your data
If you’re going to use our services, we’ll ask you to give us your personal data. Your personal data is processed by us for the purposes defined below and that are connected with the functioning of our website and providing the services presented on it. That means that we are processing your personal data each time when you are using our services, for example when you are booking the apartment with the use of our website. Each time you are approaching us with your request or complaint or when you are using the contact form on our website, this are the situations in which we are processing your personal data. The other examples of situations in which we are processing your personal data is when we are sending you commercial information or when you are taking participation in the contests and promotional events that we organize.
2. The purpose of processing
Your personal data is processed mainly in order to provide you with the services offered on our website and when it is necessary to conclude and to fulfil the contract, including the claim handling process or undertaking the actions required by you before concluding the contract. If it is necessary, we can, from our initiative, contact you about the organizational details, for example regarding your reservation. Processing of some of your personal data is necessary also in order to fulfil by us the requirements arising from the rules of law, for example regarding the rules on the length of time personal data can be stored, on the gathering the information for verification and identification of the user or on the transmitting personal data to the entitled authorities and entities that arises from the tax or accounting law. Your personal data is processed also in other rightful purposes, for example in order to:
a) monitor your activity on our website (that includes the usage of cookie files and the other tools used by us),
b) be able to create the profile of your interests and needs (also with the usage of cookie files) in order to provide you only with the services that can interest you,
c) be able to provide the direct marketing of our products and services- in that way we can inform you about our offer,
d) establish, exercise or defend by us the potential legal claims arising from the enterprise that we operate,
e) monitor, prevent and detect the potential frauds or abuses committed through the services that we provide.
If you gave us your permission, we can send you our newsletter or to contact you regarding our new offers either by the phone, e-mail address or by sending the message to your mobile phone. When you are participating in the contests organized by us or in any other promotional event, we are processing your personal data on the basis of your permission in order to organize the contest or promotion, to choose the winners and to award the prizes.
3. What data we process
We process data that you’ve provided us with, as well as data that we’ve had compiled ourselves (for example by using cookie files or other tools that we work with) or that was shared with us by the other data controllers, for example reservation systems or your bank. We also process the data provided by the device through which you are using our services (cookie files). We are concerned about using only as much data as is required to accomplish the purpose of collecting them (data minimization).
4. Basis of processing
The legal basis of processing personal data is:
1. entering and performance of a contract or the steps taken at your request in order to enter such contract for providing services or the actions undertaken on your demand in order to conclude such contract (article 6, passage 1, lit. b of GDPR), or
2. your consent (article 6, passage 1, lit. a of GDPR), or
3. legitimate interests pursued by the controller (article 6, passage 1, lit. f of GDPR). By such interests we understand for example:
a) processing the data in order to establish, exercise or defend by us the potential legal claims,
b) processing the data for analytical and statistic purposes,
c) surveying customer satisfaction, or
4. processing that is necessary for compliance with a legal obligation, such as accounting (article 6, passage 1, lit. c of GDPR), and resulting, for example, from:
a) Accountancy Act of 29.09.1994,
b) Value-Added Tax Act of 11.03.2004,
c) Act on Rendering Electronic Services of 8.07.2002,
d) Telecommunication Law of 16.07.2014.
We process your personal data in accordance with regulations regarding personal data protection, including GDPR.
5. Provision of personal data
Providing your personal data is not obligatory, however there are situations in which it may be necessary, for example in order to enter into a contract, in order to provide our services correctly or in order to comply with legal obligations that we have to abide. That means that in some situations not providing your data may cause inability to use the services on our website.
DURATION OF THE PROCESSING
Your personal data will be processed for as short time as it is possible, that means the period of time when we will have a legal basis to process your personal data. It means that we will stop processing your personal data when:
a) we will not be longer legally obliged to process your personal data,
b) the concluded contract will no longer be in force and when the possibility of making claims regarding the concluded contract will cease,
c) you will withdraw your consent to process your personal data that you’ve given for the specific purpose,
d) your objection regarding processing your personal data will be accepted- in the situation when the processing of your personal data was legally based on the legitimate interest of the controller or when the personal data was processed for direct marketing purposes, including profiling.
SAFETY OF PERSONAL DATA
When processing your personal data we are using the proper organizational and technical safety measures that are in accordance with applicable law and whose purpose is to protect your personal data from unauthorized or unlawful processing or accidental loss, destruction or damage of your personal data. Therefore we take full responsibility for the safety of your personal data. Not only we protect your personal data by using the newest technologies in the way that enables us to abide the applicable law regulations, but we are also using additional solutions that ensure the safety of your personal data. The basic security measure is the use of safe connections (for example SSL protocols), data encryption and the use of other technical, programmatic and organizational solutions (such as limitation and control of access to the data). We assure that your personal data is processed only by the authorized persons and parties.
1) You have the right to request from us an information whether or not your personal data is being processed by us, why we are processing it, which categories of your personal data we possess, what are the categories of recipients of your personal data and what is the planned period of time for which the personal data will be stored.
2) You have the right to request the access to your personal data, to rectify the personal data that are incorrect and to complete the incomplete data.
3) You have the right to request erasure of your personal data that we process. Your request will be fulfilled immediately, unless there are no overriding legal grounds for the processing or there are no legal requirements that we are obliged to fulfil or when your personal data are necessary for us to establish, exercise or defend legal claims. Your personal data will be erased when:
a) it will no longer be necessary for the purposes for which it was collected or processed in other way,
b) we were processing your personal data on the basis of your consent that you’ve later withdrawn and there is no other legitimate reason for us to process your personal data further,
c) you’ve objected processing your personal data within the rights of realization legitimate interest of the controller and there are no other circumstances that would justify the further processing of your data,
d) your personal data was processed unlawfully,
e) your personal data must be erased for compliance with a legal obligation.
4) You have the right to withdraw your consent for personal data processing as long as the processing of your data was based on your consent; it means that processing of personal data will be legal until you withdraw your consent.
5) You have the right to request the restriction of processing your personal data in situations when:
a) you inform us that personal data we process is incorrect; the restriction is in force for a period enabling us to verify of correctness of personal data,
b) there is no legal obligation for us to process your personal data but you object the definitive erasure of your personal data,
c) we no longer need the personal data for the purpose for which it was collected, but you need them in order to establish, exercise or defend legal claims,
d) you’ve objected the processing of your personal data; the restriction is in force until we verify whether there are legitimate grounds that override your objection.
6) You have the right to object the processing of your data by us anytime, whenever:
a) the particular situation has occurred – against processing your personal data for the purposes of the legitimate interests pursued by the controller (article 6, passage 1, lit. f of GDPR) – in such situation we will stop processing your personal data with an immediate effect, unless there are other legitimate grounds that override your objection.
b) if your personal data is processed for the direct marketing purposes.
7) As the result of using your rights described in points 3-6 above, there is a possibility that we will stop providing (entirely or partially) you with some of our services for which processing your personal data is necessary.
8) You have the right to request to receive the personal data that you’ve provided us with in machine-readable format and to transfer that data to the other controller. It is applicable for the automated processing of personal data:
a) that we process on the basis of your consent or
b) that we process on the basis of the contract that we’ve concluded with you.
Please contact us if you want to exercise your rights.
If you think that your personal data is processed unlawfully or that your rights has been violated, you can lodge a complaint to the supervisory authority that is Inspector General for the Protection of Personal Data or its successor- Chairman of Personal Data Protection Office.
TRANSFER OF DATA, EXTERNAL SERVICES, RECIPIENTS OF DATA
We don’t transfer your personal data to any third persons or parties. The only exception for that is when:
1) You will voluntarily give your consent to such transfer; you can withdraw your consent anytime,
2) Such transfer is necessary in order to perform the service or to implement the tasks related to the proper performance of the service- in such situation (with us still being the controller of your personal data and being responsible for its’ safety) your personal data can be transferred for the particular purposes to the external parties, including our subcontractors, that help us to provide our services, such as:
a) the persons that are cooperating with us on the basis of civil law contracts and that are supporting our on-going activities,
b) provider of software that is necessary for operating of our website,
c) company that provides us with hosting services,
d) accountancy office,
e) the party that simplifies the optimization of our website,
f) the party that provides us with technical support.
3) In the particular situations we may be asked to transfer your personal data to the entitled parties authorized by the applicable law in force (such as law-enforcement agencies). We carefully examine each request for such transfer and the transfer is being made only in situation in which, after the examination of that request, we state that there is an important and effective legal basis for the request of such parties for disclosing your personal data.
We do not transfer your personal data to the third countries.
Our website, like the most of Internet sites, is using so called “cookie files”. A cookie file is an electronic information, most often in the form of small text file, that is saved and stored in the memory of the device through which you are using our website.
1. We use cookie files and similar technologies in order to store the information or to gain the access to the information stored on the device through which you are using our website.
2. We are using cookies to adapt our website to your individual needs and, if needed, for profiling and monitoring your activity on our website. Cookie files include the name of the domain from which they come from, the period for which they will be stored on the device and the assigned value.
3. The cookies that we use are safe for your devices, that especially means that they are no viruses or any other kind of malicious software and that they are free from such viruses and software. The mechanism of cookie files does not allow downloading any information from you device, but only gains the access to the chosen information.
4. The cookies that we use differ from each other by their type and durability.
4.1. Considering how long cookie file will be stored on the device, the cookie files used on our website can be divided to:
a) session cookies: are stored on the your device and they stay there until the end of the session of given web browser. Saved information are then permanently removed from the memory of the device;
b) persistent cookies: are stored on the your device and they stay there until they are removed or expired. Ending the session of given web browser or turning off the device will not remove them from the memory of your device.
4.2. Considering where they are coming from, the cookies used on our website can be divided to:
a) our cookies: placed on the website directly by us;
b) external cookies: placed on the website by the external parties, whose web pages components' were called by Grand Apartments (e.g. Google Analytics, Facebook etc.)
a) configure the website- especially to optimize it and to personalize content or features of the website to your preferences;
b) create anonymous statistics that allow us to analyse how the visitors of website are using it. Such statistics help to improve the content and structure of the website;
c) gather the information about the source from which the user came to our website (e.g. web banner displayed on the website of third party, Google Adwords etc.);
d) provide the safety and reliability of our website.
6. The use of cookie files in order store the information or to gain the access to the information stored on the device through which you are using our website is possible only when you gill give your consent for such action; unless the storage or gaining access to the information is necessary to provide you with the service that you’ve requested electronically – in such situation your consent is not required.
6.1. The consent can be given through the settings of the software used to use the website, for example through the settings of the web browser that you are using or settings of the software installed on the device that you use.
6.2. You are not required to give your consent or you can withdraw consent already given anytime by changing the settings of web browser or the software installed on the device that you use.
7. In many situations the software that allows you to use our website (it applies mainly to web browsers) is by default set to accept cookies and to store them on your device. That’s why we encourage you to check the settings and to change them so they will suit your privacy preferences. Remember that you can change the settings in order to prevent automatic acceptance. To find out how to manage the cookie files, including how to disable them in your web browser, you can use the help section of your web browser.
9. Remember that disabling cookie files may cause difficulties in using some of the features of our website.
By providing our services electronically we can also install the software on your device or use that software. However we will inform you before installing such order and we will ask for your permission for installing and using it.
CONTACT WITH DATA CONTROLLER
Send us an e-mail on firstname.lastname@example.org or a letter to Grand Apartments Agata Dudar, al. Niepodległości 753/U4, 81-838 Sopot, with annotation “ochrona danych osobowych”.