Privacy Policy and the use of cookies


  1. This Privacy Policy provides why and on what basis we process your personal data, including making you aware of your rights related to the processing of personal data and how to exercise them. It is one of the elements of our implementation of the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/CE (General Data Protection Regulation, GDPR).
  2. The Controller of personal data is Lublin Grand Hotel Management Ltd., a company registered in Poland in the register of entrepreneurs under the KRS number: 0000145390 (hereinafter: the “Controller”).  Contact: Krakowskie PrzedmieĊ›cie 56, Lublin 20-002, The Controller determines the purposes and means of the processing of your personal data, therefore he is responsible for their processing in accordance with the law, including the GDPR, which protects the fundamental rights and freedoms of natural persons, in particular the right to protection of personal data.
  3. We have received your personal data, in connection with your accommodation in hotel or other services provided by the Controller,  in place where he conducts business activity, including websites, as well as other cases of contact with the Controller, e.g. participation in promotions, expressing opinions or participating in loyalty programs.
  4. The Controller ensures that every person whose personal data is processed has full information about the scope, purpose and manner of processing his personal data and information about his rights. The Controller uses only the data necessary to achieve each of the purposes for which personal data is processed.
  5. The purpose of data processing is to conclude and perform the contract to which you are a party or to take action before concluding the contract, such as: making a reservation, providing hotel services, providing services by electronic means, e.g. newsletter, implementation of loyalty programs, expression of opinions, assessments or comments, handling of various applications (e.g. via the internet contact form), as well as on-going contact with you. In such cases, the basis for processing your data is the need to perform the contract or take the necessary steps prior to entering into a contract (Article 6 (1) (b) GDPR).

Therefore, in accordance with the applicable regulations, the basis for the processing your data will also be the need to fulfil the legal obligation imposed on Controller (Article 6 (1) (c) of the GDPR), in particular, issue and store invoices and accounting documents, processing complaints, providing data to state authorities within the limits and under the law, e.g. for tax and accounting purposes.

We also process your data for the purposes set out below, based on Controller legitimate interest (Article 6 (1) (f) GDPR):

The Controller has assessed the impact of actions taken for the above purposes on your rights and freedoms. This assessment has led to the conclusion that the processing of personal data within the legitimate interest does not interfere with your privacy. In addition, this way of processing your personal data is to lead to an improvement in the quality of services provided by the Controller, which is to bring better understanding of your needs. Therefore, your interests will not be infringed.

In the event of consent to the processing of personal data, this consent will be the basis for data processing (art. 6 (1) (a) GDPR), and the content of this consent will each time determine the purpose of data processing. Consent to the processing of personal data can be withdrawn at any time.

  1. Providing us with your personal data is a condition for the conclusion of the contract. Where required by law, we may require you to provide the data required by law. A refusal to provide data to the extent necessary to conclude or perform the contract and to the extent required by law will make it impossible to conclude the contract. In the case of collecting personal data on the basis of consent, the provision of your data is voluntary.
  2. Recipients of personal data, for the purposes and on the grounds described above, may be institutions and entitles authorized under law, as well as entities providing services to the Controller (e.g. legal, IT, marketing, accounting, audit and advisory services) and other entities participating in the implementation of the ordered service, business partners and the service providers cooperating with the hotel (e.g. in the case of organizing the transfer, booking a table in a restaurant), as well as entities associated with the Controller within the group of IBB Hotel Collection -
  3. In the case of  booking accommodation at the hotel through a travel agency or booking portal, the Guest’s personal data provided to the hotel by these entities may include, in particular name and surname, date of stay, e-mail address, and telephone number of the Guest. The exact source from which the hotel obtained the Guest’s personal data can be obtained at the reception of the hotel.
  4. All persons, whose personal data are processed by Controller, have the following rights under GDPR:

Right to object

You may object at any time, on grounds relating to your specific situation, to the processing of your data based on Controller legitimate interest or the public interest (Article 6 (1) (e) and (f) GDPR), including to profiling on the basis of these provisions. Controller will no longer process these personal data unless we demonstrate that there are compelling legitimate grounds for processing over your interests, rights, and freedoms, or unless we demonstrate that there is a basis for establishing, asserting, or defending claims.

If we process personal data for the purposes of direct marketing, you have the right at any time to object to the processing of your data for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing. Once you object, we will no longer process your data for such purposes.

You may exercise the above rights by applying to the address indicated in section 2 of this information.
If you apply, we may ask you to provide additional information to verify your identity.

Complaint to the supervisory authority

You have the right to lodge a complaint with the supervisory authority – The President of the Personal Data Protection Office -regarding processing of your personal data by the Controller.

  1. We currently do not plan to transfer your data outside the European Economic Area (comprising the European Union, Norway, Liechtenstein, and Iceland), (“EEA”). If we decide to transfer data outside the EEA, it will only be done for the purpose and to the extent permitted by law. The current information about it can be found on in the privacy policy and at the hotel’s reception desk.
  2. For the purposes described in section 5, with the exception of processing for the purpose of complying with a legal obligation, we will profile your data, i.e. automatically analyse it to obtain information about your preferences or interests (e.g., to examine which offer may best suit you). This processing will not produce legal effects or have a similar significant impact on you.
  3. We process your data for the period necessary to fulfil the purposes indicated in section 5 above, i.e. for the period of implementation of the contract concluded with you, and after that time for the period and to the extent required by the law and the period after which the claims arising from the contract become time-barred.

If we process personal data on the basis of legitimate interest, in particular, for the purpose of direct marketing, we retain data until you object to such processing. After that time, the data will no longer be processed for this purpose, i.e. direct marketing, but further storage may be necessary due to the implementation of a contract or a legal provision.

Personal data processed by visual monitoring will be stored for a period of 30 days, unless due to special circumstances (e.g. accident) it will be necessary to store the monitoring recording for a longer period.


Cookie files (cookies) and system information (system logs)

  1. As you navigate through the website(s) of Controller, information may be passively collected from you  (i.e., without you actively providing such information). This information is provided using various technologies such as cookies or system logs, is safe for your devices, does not cause any configuration changes, or does not transfer viruses or unwanted or malicious software.

System information (system logs):

Your web browser automatically transfers data to us in the form of system logs (IT records). It includes information such as the address (URL) of the website you visited previously, the IP address, the version of the browser currently used by your computer, as well as the access time, and amount of data transferred.

Controller can analyse the system logs described above. The information obtained in this way is used for administrative purposes (recognising and removing problems with the operation of servers, including breaches of their security) and for statistical analyses. This information is not linked to your data.

  1. Cookie files (cookies):

In the course of using Controller websites, text files, i.e. cookies, may be stored on your devices. These files contain IT data which are read when you visit our website again and help to adapt it to your preferences and serve statistical purposes.

The purpose of saving cookies is to ensure that you can effectively use our websites, for example

  1. You can set your web browser to warn you when a cookie is sent or block the transfer of such files at all, but in such case some functions of the website may not work. Using our websites without disabling cookies in your browser means that they will be stored in your device memory.
  2. Information on how to manage cookies is usually found in the “Help” section of each browser; below we describe how to disable cookies in the most popular web browsers:

Mozilla Firefox
In the “Tools” menu, select “Options”, and then the “Privacy” tab.
Your browser allows you to choose between deleting the cookies of individual or all sites.

Microsoft Internet Explorer
In the “Tools” menu, select “Internet Options”, and then the “Privacy” tab.
A special slider can be used to adjust the general level of privacy or the “Websites” button to manage the settings of individual websites.

Google Chrome
In the menu hidden under the three horizontal bars in the top right-hand corner of your browser, select “Settings”, then “Advanced”. In the “Privacy and Security” section, click the “Content settings” button. You can change your cookie settings in the “Cookies” section.

In mobile phones, tablets, and other mobile devices

Each device model can handle cookies in a different way. Therefore, we encourage you to read about the privacy options in the documentation on the website of your mobile device manufacturer.