- The Controller of personal data is Lublin Grand Hotel Management Ltd., a company registered in Poland in the register of entrepreneurs under the KRS number: 0000145390 (hereinafter: the “Controller”). Contact: Krakowskie Przedmieście 56, Lublin 20-002, firstname.lastname@example.org. The Controller determines the purposes and means of the processing of your personal data, therefore he is responsible for their processing in accordance with the law, including the GDPR, which protects the fundamental rights and freedoms of natural persons, in particular the right to protection of personal data.
- We have received your personal data, in connection with your accommodation in hotel or other services provided by the Controller, in place where he conducts business activity, including websites, as well as other cases of contact with the Controller, e.g. participation in promotions, expressing opinions or participating in loyalty programs.
- The Controller ensures that every person whose personal data is processed has full information about the scope, purpose and manner of processing his personal data and information about his rights. The Controller uses only the data necessary to achieve each of the purposes for which personal data is processed.
- The purpose of data processing is to conclude and perform the contract to which you are a party or to take action before concluding the contract, such as: making a reservation, providing hotel services, providing services by electronic means, e.g. newsletter, implementation of loyalty programs, expression of opinions, assessments or comments, handling of various applications (e.g. via the internet contact form), as well as on-going contact with you. In such cases, the basis for processing your data is the need to perform the contract or take the necessary steps prior to entering into a contract (Article 6 (1) (b) GDPR).
Therefore, in accordance with the applicable regulations, the basis for the processing your data will also be the need to fulfil the legal obligation imposed on Controller (Article 6 (1) (c) of the GDPR), in particular, issue and store invoices and accounting documents, processing complaints, providing data to state authorities within the limits and under the law, e.g. for tax and accounting purposes.
We also process your data for the purposes set out below, based on Controller legitimate interest (Article 6 (1) (f) GDPR):
- Provide direct marketing of Controller’s products and services
- Improve the quality of goods or services sold by Controller by consulting or surveying satisfaction
- Provide support for payment, credit, or insurance services for the purchased service
- Manage the activity on Controller websites, by monitoring it, to improve the functionality of the service, analyse needs, adjust ads according to the previously viewed content
- Handle communications, opinions, or requests when they are not related to the performance of the contract
- Detect and prevent abuse, investigate or defend against claims, and conduct proceedings before public authorities or courts
- Protect property, health, and life by recording images (monitoring) of the hotel premises and its surroundings
- Create and archive analyses, summaries, and statistics, including ensure accountability (i.e. demonstrate Controller compliance with legal obligations).
The Controller has assessed the impact of actions taken for the above purposes on your rights and freedoms. This assessment has led to the conclusion that the processing of personal data within the legitimate interest does not interfere with your privacy. In addition, this way of processing your personal data is to lead to an improvement in the quality of services provided by the Controller, which is to bring better understanding of your needs. Therefore, your interests will not be infringed.
In the event of consent to the processing of personal data, this consent will be the basis for data processing (art. 6 (1) (a) GDPR), and the content of this consent will each time determine the purpose of data processing. Consent to the processing of personal data can be withdrawn at any time.
- Providing us with your personal data is a condition for the conclusion of the contract. Where required by law, we may require you to provide the data required by law. A refusal to provide data to the extent necessary to conclude or perform the contract and to the extent required by law will make it impossible to conclude the contract. In the case of collecting personal data on the basis of consent, the provision of your data is voluntary.
- Recipients of personal data, for the purposes and on the grounds described above, may be institutions and entitles authorized under law, as well as entities providing services to the Controller (e.g. legal, IT, marketing, accounting, audit and advisory services) and other entities participating in the implementation of the ordered service, business partners and the service providers cooperating with the hotel (e.g. in the case of organizing the transfer, booking a table in a restaurant), as well as entities associated with the Controller within the group of IBB Hotel Collection - https://www.ibbhotels.com/.
- In the case of booking accommodation at the hotel through a travel agency or booking portal, the Guest’s personal data provided to the hotel by these entities may include, in particular name and surname, date of stay, e-mail address, and telephone number of the Guest. The exact source from which the hotel obtained the Guest’s personal data can be obtained at the reception of the hotel.
- All persons, whose personal data are processed by Controller, have the following rights under GDPR:
- Right of access to personal data (information about the data processed by Controller, including the right to obtain a copy of such data)
- Right to request the rectification (correction) of personal data when the data are incorrect or incomplete
- Right to request the erasure of personal data (“right to be forgotten”) when the data are no longer necessary for the purposes for which they were collected or otherwise processed, the data subject has objected to the processing of the data, the data subject has withdrawn the consent on which the processing is based and there is no other legal basis for the processing, the data are processed unlawfully, the data must be deleted to comply with an obligation under the law;
- Right to request a restriction of the processing of personal data when the data subject contests the accuracy of the personal data, the processing is unlawful, and the data subject opposes the erasure of the data, requesting a restriction of the data instead, the controller no longer needs the data for its purposes, but the data subject needs the data to establish, defend, or assert claim, the data subject has objected to the processing of the data – until it has been established whether the legitimate grounds on the part of the controller take precedence over the grounds for objection;
- Right to transfer data to another controller or to you (under the terms of Article 20 of the GDPR).
- If you have given your consent to the processing of your data, you have the right to withdraw your consent at any time (withdrawal of consent does not affect the lawfulness of the processing that was performed on the basis of your consent before its withdrawal).
Right to object
You may object at any time, on grounds relating to your specific situation, to the processing of your data based on Controller legitimate interest or the public interest (Article 6 (1) (e) and (f) GDPR), including to profiling on the basis of these provisions. Controller will no longer process these personal data unless we demonstrate that there are compelling legitimate grounds for processing over your interests, rights, and freedoms, or unless we demonstrate that there is a basis for establishing, asserting, or defending claims.
If we process personal data for the purposes of direct marketing, you have the right at any time to object to the processing of your data for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing. Once you object, we will no longer process your data for such purposes.
You may exercise the above rights by applying to the address indicated in section 2 of this information.
If you apply, we may ask you to provide additional information to verify your identity.
Complaint to the supervisory authority
You have the right to lodge a complaint with the supervisory authority – The President of the Personal Data Protection Office -regarding processing of your personal data by the Controller.
- For the purposes described in section 5, with the exception of processing for the purpose of complying with a legal obligation, we will profile your data, i.e. automatically analyse it to obtain information about your preferences or interests (e.g., to examine which offer may best suit you). This processing will not produce legal effects or have a similar significant impact on you.
- We process your data for the period necessary to fulfil the purposes indicated in section 5 above, i.e. for the period of implementation of the contract concluded with you, and after that time for the period and to the extent required by the law and the period after which the claims arising from the contract become time-barred.
If we process personal data on the basis of legitimate interest, in particular, for the purpose of direct marketing, we retain data until you object to such processing. After that time, the data will no longer be processed for this purpose, i.e. direct marketing, but further storage may be necessary due to the implementation of a contract or a legal provision.
Personal data processed by visual monitoring will be stored for a period of 30 days, unless due to special circumstances (e.g. accident) it will be necessary to store the monitoring recording for a longer period.
Cookie files (cookies) and system information (system logs)
- As you navigate through the website(s) of Controller, information may be passively collected from you (i.e., without you actively providing such information). This information is provided using various technologies such as cookies or system logs, is safe for your devices, does not cause any configuration changes, or does not transfer viruses or unwanted or malicious software.
System information (system logs):
Your web browser automatically transfers data to us in the form of system logs (IT records). It includes information such as the address (URL) of the website you visited previously, the IP address, the version of the browser currently used by your computer, as well as the access time, and amount of data transferred.
Controller can analyse the system logs described above. The information obtained in this way is used for administrative purposes (recognising and removing problems with the operation of servers, including breaches of their security) and for statistical analyses. This information is not linked to your data.
- Cookie files (cookies):
In the course of using Controller websites, text files, i.e. cookies, may be stored on your devices. These files contain IT data which are read when you visit our website again and help to adapt it to your preferences and serve statistical purposes.
The purpose of saving cookies is to ensure that you can effectively use our websites, for example
- Maintain the session, thanks to which the contents of the website or information about logging in are remembered – thanks to that you do not have to enter your login and password again on each subpage of the website and the contents of the shopping cart from the previous visit are available on each visit to the website
- Recognise the user device – to display pages according to your preferences, e.g. font settings, preferred store selection
- Customise websites – providing content tailored to your interests, improving the way website work and their content
- Analyse the effectiveness of our advertising.
- You can set your web browser to warn you when a cookie is sent or block the transfer of such files at all, but in such case some functions of the website may not work. Using our websites without disabling cookies in your browser means that they will be stored in your device memory.
- Information on how to manage cookies is usually found in the “Help” section of each browser; below we describe how to disable cookies in the most popular web browsers:
In the “Tools” menu, select “Options”, and then the “Privacy” tab.
Your browser allows you to choose between deleting the cookies of individual or all sites.
Microsoft Internet Explorer
In the “Tools” menu, select “Internet Options”, and then the “Privacy” tab.
A special slider can be used to adjust the general level of privacy or the “Websites” button to manage the settings of individual websites.
In the menu hidden under the three horizontal bars in the top right-hand corner of your browser, select “Settings”, then “Advanced”. In the “Privacy and Security” section, click the “Content settings” button. You can change your cookie settings in the “Cookies” section.
- In the “Tools” menu, select “Preferences” and then the “Advanced” tab.
Cookies are determined by whether or not your select “Cookies” item.
- In the “Safari” menu, select “Preferences” and click the “Security” icon.
Under “Accept cookies”, you can change your cookie settings.
In mobile phones, tablets, and other mobile devices
Each device model can handle cookies in a different way. Therefore, we encourage you to read about the privacy options in the documentation on the website of your mobile device manufacturer.