POLITYKA PRYWATNOŚCI

PRIVACY POLICY

 www.archehotelpoloneza.pl
Table of Contents
PREAMBLE    2
§1 Definitions    2
§2 Data Controller and Data Protection Officer    3
§3 Data Protection Officer    3
§4 Purposes of processing your personal data    3
§4A Processing of personal data in order to respond to your requests/inquiries submitted through the contact channels available on the Website, including through our fan pages on social media platforms    3
§4B Processing of data for the purpose of concluding and properly performing an agreement for the provision of hotel services or taking steps at your request prior to entering into such an agreement    4
§5 Joint controllership of personal data for the purpose of sending commercial information about promotions, offers and events organized by the Joint Controllers, including sending a newsletter by email, direct marketing    6
§6 Your rights    7
§7 Automated decision-making    8
§8 Security of personal data    8
§9 Cookies    9
PREAMBLE
The Privacy Policy of www.archehotelpoloneza.pl sets out the rules under which your data will be processed and identifies the entity responsible for its processing, in accordance with generally applicable law. The Privacy Policy also defines the purposes for which your personal data will be processed, the scope of such processing and the rights you have in connection with our processing of your personal data.
§1 Definitions
The terms used in this document shall have the following meanings:
Policy – the Privacy Policy of the website www.archehotelpoloneza.pl.
Website – www.archehotelpoloneza.pl.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, General Data Protection Regulation, OJ EU L 119 of 2016, p. 1, as amended.
Personal data – any information relating to an identified or identifiable natural person, data subject. An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name and surname, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing – any operation or set of operations performed on personal data or sets of personal data, whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller – a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data.
Joint Controller – two or more controllers jointly determining the purposes and means of processing your personal data.
Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient – a natural or legal person, public authority, agency or other body to which personal data is disclosed, whether or not it is a third party. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
§2 Data Controller and Data Protection Officer
The Controller of your personal data is Arche S.A. with its registered office in Warsaw, postal code: 02-801, at ul. Puławska 361, entered in the Register of Entrepreneurs of the National Court Register by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, under KRS number: 0000831001, NIP: 8211639335, REGON: 71002127700000, with share capital of PLN 2,982,300.00, fully paid up.
You may contact the Controller by traditional mail at the Controller’s registered office address indicated above or by email at: rodo@arche.pl.
§3 Data Protection Officer
The Controller has appointed a Data Protection Officer, whom you may contact in all matters related to our processing of your personal data:
by traditional mail to the Controller’s registered office address indicated in §2 section 1 of this Policy, marked “Data Protection Officer”;
by email at: rodo@arche.pl.
§4 Purposes of processing your personal data
Your personal data will be processed by us for the following purposes:
Responding to your requests/inquiries submitted through the contact channels available on the Website, including through our fan pages on social media platforms.
Concluding and properly performing an agreement for the provision of hotel services or taking steps at your request prior to entering into such an agreement.
Sending you commercial information about promotions, offers and events organized by the Joint Controllers, including sending a newsletter to your email address, direct marketing, if you consent to such activities. These activities will be carried out under joint controllership of personal data, as referred to in §5 of the Policy.
§4A Processing of personal data in order to respond to your requests/inquiries submitted through the contact channels available on the Website, including through our fan pages on social media platforms
Your personal data will be processed by us in order to respond to your message/inquiry if you decide to contact us through our communication channels available on the Website, including, among others, via the contact form, by email or through our fan pages on social media platforms such as Facebook and Instagram.
The legal basis for our processing of your personal data will be Article 6(1)(f) GDPR, i.e. the Controller’s legitimate interest consisting in handling your requests or inquiries and responding to them.
If you send us an inquiry or request through our profile on a social media platform:
Facebook and Instagram – the recipient of your personal data will be Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter: Meta Facebook Platforms.
More information about the processing of your personal data by Facebook and Instagram can be found at the following links:
https://www.facebook.com/privacy/center/.
https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.
If your data is transferred within the above-mentioned social media fan pages to a location in a third country, outside the European Economic Area, this will only take place with appropriate data security safeguards, standard contractual clauses.
In addition, recipients of your personal data may include entities providing the Controller with IT and legal services.
We will store your personal data for the period necessary to conduct correspondence with you, including in particular the period necessary to respond to your messages/inquiries.
Providing your personal data is mandatory if you wish to contact us and receive a response to your inquiry or request.
§4B Processing of data for the purpose of concluding and properly performing an agreement for the provision of hotel services or taking steps at your request prior to entering into such an agreement
Your personal data will be processed for the following purposes:
concluding and properly performing an agreement for the provision of services, hereinafter: the Agreement, or taking steps at your request prior to entering into the Agreement;
fulfilling legal obligations imposed on the Controller by generally applicable law;
pursuing or defending against any claims that may arise during the performance of the Agreement or after its termination;
ensuring the safety of hotel guests and other persons staying on the premises of Arche Hotel Poloneza by means of video surveillance.
The legal basis for our processing of your personal data will be:
for the purpose of concluding and properly performing the Agreement or taking steps at your request prior to entering into it – Article 6(1)(b) GDPR;
for the purpose of fulfilling legal obligations imposed on the Controller by generally applicable law – Article 6(1)(c) GDPR in connection with Article 70 of the Act of 29 August 1997, Tax Ordinance, and Article 74 of the Act of 29 September 1994 on Accounting;
for the purpose of pursuing or defending against any claims that may arise during the performance of the Agreement or after its termination, as well as ensuring the safety of hotel guests and other persons staying on the premises of Arche Hotel Poloneza by means of video surveillance – our legitimate interest consisting in the implementation of the above-mentioned purposes, i.e. Article 6(1)(f) GDPR.
Recipients of your personal data will be entities providing the Controller with legal, financial and IT services.
Your personal data will be stored:
for the purpose of concluding and properly performing the Agreement or taking steps at your request prior to entering into it – for the period necessary to conclude or properly perform the Agreement;
for the purpose of fulfilling legal obligations imposed on the Controller by generally applicable law – no longer than 5 years, counted from the end of the calendar year in which the basis for calculating public-law liabilities occurred;
for the purpose of pursuing or defending against any claims that may arise during the performance of the Agreement or after its termination – for the period provided for by generally applicable law, depending on the legal relationship from which the claim arises;
for the purpose of ensuring the safety of hotel guests and other persons staying on the premises of Arche Hotel Poloneza by means of video surveillance – for a period not exceeding 90 days. However, if a video surveillance recording is used as evidence in civil, criminal or misdemeanor proceedings, such recordings will be stored until the final conclusion of the relevant proceedings.
Providing your personal data, referred to in §4B section 1 point a of the Policy, is a condition for entering into the agreement, as without such data we will not be able to conclude it with you. Providing the remaining personal data is mandatory, as without such data we will not be able to fulfill the legal obligations imposed on us or pursue our legitimate interests.
§5 Joint controllership of personal data for the purpose of sending commercial information about promotions, offers and events organized by the Joint Controllers, including sending a newsletter by email, direct marketing
The Joint Controllers of your personal data will be the following entities, which will process your personal data based on a Joint Controllership Agreement, hereinafter: the Joint Controllers:
“ARCHE” S.A. with its registered office in Warsaw, postal code: 02-801, at ul. Puławska 361.
Arche Podróże Sp. z o.o. with its registered office in Warsaw, postal code: 02-801, at ul. Puławska 361.
Fundacja Leny Grochowskiej with its registered office in Siedlce, postal code: 08-110, at ul. Brzeska 134.
WG Inwestycje S.A. with its registered office in Warsaw, postal code: 02-826, at ul. Poloneza 85B.
WG Inwestycje Spółka Akcyjna Alternatywna Spółka Inwestycyjna S.K.A. with its registered office in Warsaw, postal code: 02-826, at ul. Poloneza 85B.
WG 1 SPV sp. z o.o. with its registered office in Warsaw, postal code: 02-826 Warsaw, at ul. Poloneza 85B.
At the same time, we indicate that the current list of Joint Controllers may change in the future. The current list of Joint Controllers can always be found on the website www.arche.pl.
The Joint Controllers are jointly responsible for protecting your personal data.
The contact point for you in matters related to the protection of your personal data is Auraco Sp. z o.o. with its registered office in Warsaw, postal code: 00-382, at ul. Solec 81B/73A, which you may contact at the registered office address indicated above or by email at: arche.marketing@auraco.pl.
The Joint Controllers will process your personal data for the purpose of conducting marketing activities toward you by sending personalized commercial information to your email address and/or telephone number about promotions and current offers of the Joint Controllers’ products and services, as well as events concerning the Joint Controllers and their activities.
The legal basis for the processing of your personal data will be your consent to the processing of your data for the above purposes, i.e. Article 6(1)(a) GDPR, which you may withdraw at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
Recipients of your personal data may include intermediaries offering our services or products or supporting our projects, as well as entities supporting our marketing activities, i.e. providers of systems used to manage marketing databases and entities providing us with IT and telecommunications services. Under no circumstances, however, will your personal data be transferred by the Joint Controllers outside the European Economic Area.
We will store your personal data until you withdraw your consent to its processing or until the purposes of the Joint Controllers for which the data was collected cease to exist, for example if marketing campaigns are discontinued.
Providing your personal data is entirely voluntary, but without providing it, the Joint Controllers will not be able to send commercial information about promotions and current offers of their products and services to your email address and/or telephone number.
We will analyze your history of relations with us, for example the services you have used, and information obtained through analysis of interactions with our websites in order to determine your preferences and interests, which will allow us to send personalized commercial information about products, offers and events organized by the Joint Controllers.
We will not process your personal data for the purpose of automated decision-making.
§6 Your rights
In connection with our processing of your personal data, you have the right to:
withdraw your consent to the processing of your personal data at any time, where we process your personal data based on your consent;
object to the processing of personal data, in the cases specified in Articles 21 and 22 GDPR;
data portability, where the legal basis for our processing of your personal data is your consent to its processing or the conclusion and proper performance of the Agreement;
access your personal data and obtain a copy of it, Article 15 GDPR;
rectify inaccurate personal data and complete incomplete data, Article 16 GDPR;
erase your personal data, the so-called right to be forgotten, in the cases specified in Article 17 GDPR;
restrict the processing of your personal data, in the cases specified in Article 18 GDPR.
If you determine that we process your personal data in a manner inconsistent with generally applicable law, you have the right to lodge a complaint with the supervisory authority, which in the territory of the Republic of Poland is the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.
§7 Automated decision-making
We will not process your personal data for the purpose of automated decision-making.
§8 Security of personal data
The Website has a valid certificate issued by a trusted certification authority. This means that information such as passwords or credit card details is securely transmitted to this website and cannot be intercepted.
The IT employee grants users of the Controller’s IT systems authorization to process personal data in the Controller’s IT systems immediately after receiving from the user a statement on maintaining the confidentiality of personal data and methods of protecting it.
Access to the Controller’s IT systems used for processing personal data is possible only after entering a unique identifier and password.
Data is encrypted, in particular data transmitted over a public network.
Each person employed/cooperating in the processing of personal data has been authorized to process such data.
Data processing agreements within the meaning of Article 28 GDPR have been concluded with third parties processing data on behalf of the data controller.
Authorized persons have been trained in the principles of secure personal data processing.
Responsibility for activities related to personal data security has been defined.
Persons processing personal data have provided a statement on maintaining the confidentiality of personal data and methods of protecting personal data.
The integrity of databases is periodically verified by restoring data from backup copies.
Emergency power supply for servers and workstations has been introduced by means of UPS units or a dedicated power supply network.
§9 Cookies
A cookie is a small text file that a website uses to store information on the user’s computer or mobile device when the user uses the website.
Cookies may be installed by the Website and may be read only by the Website, first-party cookies. The Website may also use cookies from external services. In such cases, the data may be read by the owner of the cookie, e.g. Google. The Website uses Google Tag Manager, which enables the management of tags and scripts. Through Google Tag Manager, Google Analytics and Google Ads tools may be activated. Google Analytics is used to analyze website traffic, traffic sources and the way users use the website. Google Ads is used for conversion measurement, remarketing and ad personalization. We also use Google Search Console, which helps analyze the Website’s visibility in Google search results and diagnose technical issues related to the Website’s presence in the search engine. In connection with the use of these tools, user data may be transferred to Google Ireland Limited, in accordance with the consents granted and the rules applicable to the respective services.
Cookies can be divided into persistent cookies, which are stored on the user’s computer and are not automatically deleted after closing the browser, being stored for a specified period, and session cookies, which are deleted after closing the browser.
Cookies store individual information about the configuration of the user’s device and the user’s preferences, e.g. username, language, etc. Cookies may also be used to compile anonymous statistics on the use of websites. Thanks to cookies, it is not necessary to re-enter the same data during subsequent visits to the website or to read the cookie notice each time.
The Website uses the Controller’s cookies and cookies from external services. The number, type and function of cookies used by external services may vary between individual users due to their individual characteristics, e.g. whether they have an account on a social media platform, etc.
The Website uses four types of cookies:
necessary;
other, unclassified cookies, i.e. cookies that we are in the process of classifying together with the providers of individual services, such as ProfitroomToken-www.archehotelpoloneza.pl, ubtrs and ubtru;
analytical;
marketing.
The Website uses the following necessary cookies:
laravel_session – this cookie is used by website owners when submitting or refreshing website content. It is stored for one day.
Cookies can be freely managed and deleted. More information can be found in the instructions for using the browser, links listed below:
Google Chrome;
Mozilla Firefox;
Microsoft Edge;
Opera;
Safari.
All cookies on the device can be deleted entirely or selectively by selecting a specific file. Please note, however, that this may result in the loss of saved information, such as saved login details or website preferences.
Browser settings can be used to block cookies entirely or selectively, including cookies from a specific website. More information on managing cookies from specific websites can be found in the privacy and cookie settings of the selected browser.
Most modern browsers can be used to prevent cookies from being placed on the device, but then preferences may need to be set again each time the website is visited. Some services and functions may not work properly, e.g. logging into a profile.
Processing of data through functional/necessary cookies, which are essential for the proper operation of the website, is carried out for the purpose of pursuing the Controller’s legitimate interest, which is to provide the highest quality content on the Website.
Processing of data through other cookies is based on the consent of the website user.
The Controller will transfer personal data to other recipients entrusted with the processing of personal data on behalf of and for the benefit of the Controller, e.g. entities responsible for the technical aspects of the website’s operation. In addition, the Controller will disclose personal data to other recipients where such an obligation arises from legal provisions.
Data within individual cookies will be stored for the period corresponding to their validity period saved on the user’s device. Cookies on the device can be deleted entirely or selectively by selecting a specific file.
Manage cookie settings