INFORMATION CLAUSE - PERSONAL DATA PROCESSING (GDPR)
INFORMATION ABOUT PERSONAL DATA PROCESSING
NADWIŚLAŃSKA TOURIST AGENCY LTD. LLC.
Pursuant to Article 13(1) and (2) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, we inform that
The controller of your personal data is: Nadwiślańska Agencja Turystyczna Sp. z o.o., based in Tychy, ul. Towarowa 23, 43-100 Tychy
The controller has appointed a Data Protection Officer, Mr. Paweł Chochół, who can be contacted by phone at +48 606 487 587, by mail at the correspondence address: Data Protection Officer Nadwiślańska Agencja Turystyczna Sp. z o.o. ul. Towarowa 23, 43-100 Tychy or by email: iodo@nat.pl
Is providing personal data a contractual or legal requirement?
Providing personal data including name and surname, residential address, and identity document number is a necessary requirement for concluding a hotel services agreement. Failure to provide personal data will prevent the company from concluding a hotel services agreement.
In accordance with legal requirements, to identify a minor staying in the hotel facility and their relation to the adult accompanying them in the facility, it may be necessary to present the minor's identity document and/or a document indicating kinship.
What are the purposes of processing hotel guests' personal data?
Data will be processed for the purpose of concluding and fulfilling the hotel services agreement. Additionally, the purposes of processing personal data are:
- to ensure the highest quality of hotel services for guests,
- to document the service for tax purposes,
- to pursue any civil claims by Nadwiślańska Agencja Turystyczna sp. z o.o. based in Tychy,
The purpose of processing data from video surveillance is to ensure order, the safety of persons and property, and the good reputation of the data controller. Areas covered by video surveillance are marked. Only images are recorded.
If the guest consents to the processing of personal data for marketing purposes, the company processes personal data for this purpose.
The company also processes, only after prior guest consent, transmission data necessary to provide Internet access services, including IP/MAC address, date and time of IP address use, information about the internet package, data on the amount of sent and received data, and the number of the network port used to prevent fraud and abuse and to ensure the safety of guests using the hotel/resort internet network.
What is the legal basis for processing personal data?
The legal basis for processing personal data necessary for the provision of hotel services, obtained by the company, is the hotel services agreement.
The legal basis for processing data from video surveillance is the legitimate interest pursued by the data controller, consisting in ensuring order, safety of persons staying in the facility and on the premises managed by the data controller, including ensuring employee safety and the protection of property and good reputation of the controller, employees, and guests.
The legal basis for processing personal data used for marketing purposes is the guest's consent. Marketing consent can be withdrawn by the guest at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
To whom may personal data be disclosed?
Personal data may be shared with the following categories of entities:
- companies providing IT support services for the hotel,
- accounting firms and law firms,
- transport companies when guests order transport or shipments.
If required by law, we provide personal data to authorized entities, including competent law enforcement authorities.
Nadwiślańska Agencja Turystyczna sp. z o.o. does not transfer personal data to countries outside the EEA.
How long will personal data be processed?
Personal data collected:
- in connection with the performance of the hotel services agreement will be processed for the statute of limitations period of tax claims or civil claims, depending on which of these claims expires later,
- for marketing purposes will be processed for the duration of the given consent,
- in connection with the provision of Internet access services will be processed for two years and then permanently deleted
Video surveillance recordings will be stored for no longer than 30 days.
What rights do guests have regarding their personal data processing?
Every guest has the right to access their personal data, rectify, delete, or restrict processing. Additionally, every guest has the right to object to processing.
Data protection supervisory authority.
If a person considers that personal data processing violates GDPR or other data protection laws, they may file a complaint with the President of the Personal Data Protection Office.
Do we process your personal data automatically (including profiling) in a manner affecting your rights?
Nadwiślańska Agencja Turystyczna sp. z o.o. does not make automated decisions based on personal data, including profiling.
Download pdf file
