The administrator of personal data of hotel guests is PPHU PLASTPOM based in Świdwin (78-300) at ul. Katowicka 1, being the owner of the Villa Meduza hotel at ul. Borzymowskiego 1 in Kołobrzeg, hereinafter referred to as the Administrator.
Personal data is processed for the purpose of booking and providing hotel services. In addition, the purpose of their processing is to document the performance of the service in accordance with the provisions of tax law, as well as to provide the Parties with the right to pursue any claims that may arise in connection with the stay at the hotel. In the event of consent to the processing of personal data for marketing and commercial purposes, the Administrator processes personal data in order to send marketing and commercial information to the Guest. In addition, the Administrator processes personal data obtained from hotel video monitoring (without sound recording) in order to ensure the safety of hotel guests and other people staying at the hotel premises.
The legal basis for the processing of the Guest’s personal data is the contract for the provision of hotel services at Villa Meduza. The legal basis for the processing of personal data used for marketing and commercial purposes are the separate consent of the Guest, which we ask for on the back of the residence card. The processing of personal data by video surveillance is necessary for the purposes of the legitimate interests pursued by the Administrator. We also ask for consent on the back of the Guest’s Residence Card for the processing of personal data: telephone number and e-mail address in order to provide contact, if necessary, during or after the Guest’s stay at the hotel. Providing personal data is voluntary, but necessary to conclude a contract for hotel services. Failure to provide personal data will prevent the Administrator from performing the ordered hotel service.
The administrator provides personal data to the following categories of entities: companies providing IT support services, state authorities authorized under the relevant provisions to obtain personal data.
Personal data obtained in connection with the concluded contract for the provision of hotel services will be processed until the tax claims or civil law claims of the Administrator or the Guest are time-barred, depending on which of these events occurs later. Personal data obtained on the basis of consent for marketing and commercial purposes will be processed until the consent is revoked. Personal data obtained in connection with the monitoring will be processed for 30 days from the date of recording, and then will be permanently deleted.
We collect information on the use of the Website by its users and their IP addresses based on the analysis of access logs. We use this information to diagnose problems related to the server’s operation, to analyze possible security breaches and to manage the website. The IP address is also used by us for statistical purposes, i.e. to collect and analyze demographic data of website visitors (e.g. information about the region from which the connection was made). They usually include information about the website viewership. However, as we emphasize, these statements do not contain any data allowing for the identification (determination of identity) of a given user of the www.villameduza.pl website. At the same time, we would like to inform you that we may be required to disclose information regarding the IP number of a given user of the website www.villameduza.pl at the request of authorized entities: based on applicable legal provisions, state authorities in connection with their proceedings.
Each guest has the right to access personal data, rectify it, delete it or limit processing. In addition, each guest has the right to object to the processing, the right to transfer personal data, as well as the right to delete data. The right to delete data may be limited to the extent that processing is necessary for the Administrator to fulfill the legal obligation to process data under specific provisions of national law (e.g. tax law). Access to personal data is possible at the Controller’s seat. Each guest has the right to lodge a complaint with the supervisory body. The administrator does not intend to transfer personal data outside the EEA. The administrator does not make automated decisions based on personal data and does not profile them, as referred to in art. 22 sec. 1 and 4 of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016