rezerwacje@movenpickkarpacz.pl

Privacy

Dear Sir or Madam, We ensure to protect the personal data we collect in accordance with national regulations and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119 of 04.05.2016, p. 1, with changes announced in Official Journal of the EU L 127 of 23.05.2018, p. 2) (hereinafter referred to as "GDPR").

We present to you our Privacy Policy so that every person with whom we establish a relationship is aware of:

  • who is the administrator or joint administrator of their personal data,
  • the scope, purposes, and legal bases on which we process data, as well as to whom we disclose it,
  • what rights they have concerning data processing, according to Articles 13 and 14 of the GDPR.

The Privacy Policy may be supplemented with information provided during the collection of personal data (e.g., in booking, contact, or newsletter subscription forms) or within a reasonable time – no later than within one month – when collecting data from indirect sources, i.e., not directly from the persons concerned.

  1. PERSONAL DATA ADMINISTRATOR
  1. The personal data administrator is Piemonte sp. z o.o. based in Warsaw at Wioślarska 8, 00-411 Warsaw, registered in the Register of Entrepreneurs of the National Court Register conducted by the District Court for the capital city of Warsaw in Warsaw, XII Commercial Division of the National Court Register, under the number KRS 0000877696, share capital of PLN 5,000.00, with Regon 387925689, NIP 7011013205.
  1. In certain cases, we may process data also as recipients, joint administrators, or processors.
  1. JOINT PERSONAL DATA ADMINISTRATORS FORMING THE CONDO.PL HOTEL GROUP
  1. If the person concerned gives consent by ticking the appropriate box (e.g., at the content of the consent clause) or providing an email address in an appropriate form (e.g., for the newsletter, to contact us) and activating it (e.g., by clicking "send message"), their personal data will be processed for the purpose of receiving commercial information about news, events, and promotions via email from the joint administrators forming the Condo.pl Hotel Group (Art. 6(1)(a) GDPR).
  1. The Condo.pl Hotel Group is a commercial initiative created by the following joint administrators:
  1. Orkan Real Estate sp. z o.o. based in Warsaw at Mińska 25, 03-808 Warsaw, registered in the Register of Entrepreneurs of the National Court Register conducted by the District Court for the capital city of Warsaw in Warsaw, XIV Commercial Division of the National Court Register under the number KRS 0000737396, with Regon 380574867, NIP 1132977442, represented by the general partner Orkan Real Estate sp. z o.o. based in Warsaw at Mińska 25, 03-808 Warsaw, registered in the National Court Register by the same court under number KRS 0000740375, share capital: PLN 5,000.00, Regon: 380749255, NIP: 1132978967,
  1. OakProperty sp. z o.o. based in Warsaw at Wioślarska 8, 00-411 Warsaw, registered in the Register of Entrepreneurs of the National Court Register conducted by the District Court for the capital city of Warsaw in Warsaw, XIV Commercial Division of the National Court Register under number KRS 0000543907, share capital: PLN 5,000.00, Regon: 360816754, NIP: 7010468263,
  1. Apartamenty Na Wydmach sp. z o.o. based in Warsaw at Wioślarska 8, 00-411 Warsaw, registered in the Register of Entrepreneurs of the National Court Register conducted by the District Court for the capital city of Warsaw in Warsaw, XII Commercial Division of the National Court Register under number KRS 0000816696, share capital PLN 5,000.00, Regon 384989453, NIP 7010957938,
  1. House Cloud sp. z o.o. based in Warsaw at Wioślarska 8, 00-411 Warsaw, registered in the Register of Entrepreneurs of the National Court Register conducted by the District Court for the capital city of Warsaw in Warsaw, XII Commercial Division of the National Court Register under number KRS 0000544057, share capital PLN 5,000.00, Regon 360823620, NIP 7010468493,
  1. HP Szklarska sp. z o.o. based in Warsaw at Wioślarska 8, 00-411 Warsaw, registered in the Register of Entrepreneurs of the National Court Register conducted by the District Court for the capital city of Warsaw in Warsaw, XII Commercial Division of the National Court Register under number KRS 0000887951, share capital PLN 5,000.00, Regon 388388199, NIP 7011024048,
  1. Piemonte sp. z o.o. based in Warsaw at Wioślarska 8, 00-411 Warsaw, registered in the Register of Entrepreneurs of the National Court Register conducted by the District Court for the capital city of Warsaw in Warsaw, XII Commercial Division of the National Court Register under number KRS 0000877696, share capital PLN 5,000.00, Regon 387925689, NIP 7011013205,
  1. Tremonti sp. z o.o. based in Warsaw at Wioślarska 8, 00-411 Warsaw, registered in the Register of Entrepreneurs of the National Court Register conducted by the District Court for the capital city of Warsaw in Warsaw, XII Commercial Division of the National Court Register under number KRS 0000751396, share capital PLN 5,000.00, Regon 381466387, NIP 7010871131.
  1. The purpose of the Condo.pl Hotel Group is to provide current commercial information about news, events, and promotions of the joint administrators under the Condo.pl brand.
  1. DATA PROTECTION OFFICER (DPO)
  1. To oversee matters related to personal data protection and provide detailed information, we have appointed, as administrator or joint administrator, a data protection officer (DPO), who is Maciej Strycharz.
  1. You can contact the DPO by email at iod@condo.pl or by mail at our headquarters address.
  1. DATA SUBJECTS
  1. Bookers or buyers
  1. As administrator, we process personal data for the purpose of concluding and/or performing a contract (Art. 6(1)(b) GDPR) concerning the provision of hotel, accommodation, room rental, and event organization services (business meetings, conferences, trainings, banquets, integrations, receptions, and special events). This also includes related or additional catering, entertainment, care, sports, cosmetic, grooming, relaxation, parking, and gift services. Additionally, data is processed to fulfill the purposes resulting from legitimate interests (Art. 6(1)(f) GDPR) such as communication, answering inquiries, conducting sales analyses (analytical profiling: sales or marketing related to reserved or ordered services), and the establishment, defense, and pursuit of claims, as well as (Art. 6(1)(c) GDPR) in connection with fulfilling legal obligations incumbent on the administrator, e.g., for reporting and accounting obligations, counteracting sexual crime risks, and protecting minors.
  1. Categories of processed data may include: identification data such as name and surname; contact and address data such as email address, phone number, and address.
  1. Data will be stored for at least 5 years, counting from the end of the calendar year in which the tax payment deadline passed. After the end of our relationship, data will be archived for the standard period of 6 years, ending on the last day of the calendar year, unless otherwise required by law. In case of an ongoing dispute or proceedings, the archiving period counts from the final legal conclusion of the last one. If the law provides for a longer retention period or statute of limitations, we apply that longer period.
  1. The booker has the right to access the data, correct it, delete it, restrict processing, and object to data processing. They also have the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw). Detailed information on the rights is included further in the Privacy Policy.
  1. Personal data may be processed in the form of analytical, sales, and marketing profiling.
  1. Guests
  1. As administrator, we process personal data for the purpose of concluding and/or performing contracts (Art. 6(1)(b) GDPR) concerning provision of hotel, accommodation, room rental, and event organization services (business meetings, conferences, trainings, banquets, integrations, receptions, and special events). This also includes related or additional catering, entertainment, care, sports, cosmetic, grooming, relaxation, parking, and gift services. Additionally, data is processed for the legitimate interests of the administrator (Art. 6(1)(f) GDPR), such as sales analyses (analytical, sales and marketing profiling), establishment, defense, and pursuit of claims, as well as video surveillance to ensure the safety of persons and property in our facility and its surroundings. Also (Art. 6(1)(c) GDPR) for fulfilling legal obligations incumbent on the administrator, e.g., for reporting and accounting duties, counteracting sexual crime threats, and protecting minors.
  1. Furthermore, based on a separate consent (Art. 6(1)(a) GDPR), we may send commercial information to the provided email address. Consent can be withdrawn at any time without affecting the legality of processing prior to withdrawal.
  1. Categories of processed data may include: identification data such as name, surname, PESEL or identity document number; contact and address data such as email, phone number, and residence address; and additional information for persons conducting business activity.
  1. Data will be kept for at least 5 years from the end of the calendar year in which the tax payment deadline passed. After the end of our relationship, data will be archived for the standard period of 6 years, ending on the last day of the calendar year unless the law states otherwise. For ongoing disputes or proceedings, archiving starts upon the final conclusion of the last of them. If the law provides longer retention or limitation periods, that longer period applies.
  1. Guests are entitled to access their data, correct it, delete it, restrict processing, object to data processing, and lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw). Detailed information about these rights is included later in the Privacy Policy.
  1. Personal data may be processed in analytical, sales, and marketing profiling forms.
  1. Recipients of commercial information, including administrator’s newsletter subscribers
  1. As an administrator, we process personal data based on voluntarily given consent (Art. 6(1)(a) GDPR). Consent can be expressed by ticking the appropriate checkbox or implied by actions such as providing an email address in a form. Data is processed for sending commercial information, especially about news, events, and promotions. Consent can be withdrawn anytime by clicking the relevant link in the received message or sending a request to the email iod@condo.pl. Withdrawal does not affect the legality of prior processing.
  1. Categories of processed data may include identification data such as name and surname, and contact data such as email address.
  1. Data will be stored until consent is withdrawn.
  1. Recipients of commercial information, including newsletter subscribers of joint administrators forming the Condo.pl Hotel Group
  1. As joint administrators, we process personal data based on voluntarily given consent (Art. 6(1)(a) GDPR). Consent can be expressed by ticking a checkbox or implicitly, such as by providing an email address in a form. We process data to send commercial information, primarily about news, events, and promotions. Consent may be withdrawn at any time by clicking the relevant link in received messages or sending a request to iod@condo.pl. Withdrawal does not affect lawful processing before withdrawal.
  1. Categories of processed data may include identification data such as name and surname, and contact data such as email address.
  1. Data will be stored until consent is withdrawn.
  1. Recipients of commercial information, including newsletter subscribers of joint administrators forming the Condo.pl Hotel Group
  1. Suppliers of goods and services, contractors, and partners
  1. As administrator, we process personal data to perform a contract or take actions prior to its conclusion (Art. 6(1)(b) GDPR) and for the purposes of legitimate interests (Art. 6(1)(f) GDPR).
  1. Categories of processed data may include: identification data such as name, surname, PESEL, NIP, REGON, KRS; business contact and address data such as email, phone number, business address or seat, job position or function.
  1. Data will be stored for a minimum of 5 years from the end of the calendar year in which the tax payment deadline passed. After the end of our relationship, data will be archived for a standard 6-year period, ending with the last day of the calendar year, unless law states otherwise. For ongoing disputes or proceedings, archiving counts from the day of the final resolution of the last one. If the law foresees a longer storage or limitation period, we apply the longer one.
  1. Suppliers, contractors, or partners have rights to access, correct, delete, restrict processing, object, and lodge complaints to the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw). Detailed information about rights is found further in the Privacy Policy.
  1. Providing personal data is a contractual requirement. Failure to provide data may prevent contract conclusion or execution.
  1. Users of online forms
  1. As administrator, we process personal data for legitimate interests (Art. 6(1)(f) GDPR), such as communication and answering questions. In specific cases, e.g., submitting data via our forms, we may process data based on consent expressed by implied action (filling form and clicking "send") in accordance with Art. 6(1)(a) GDPR.
  1. Categories of processed data may include: identification data such as name and surname; contact or address data such as email or phone number.
  1. Data will be stored for the period necessary to respond to inquiries.
  1. Users of our forms have rights to access, correct, delete, restrict processing, object to processing, and lodge complaints with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw). Detailed information about rights is included further in the Privacy Policy.
  1. DATA RECIPIENTS
  1. Recipients of personal data may be independent administrators, joint administrators, or processors in accordance with Art. 28 GDPR, such as providers of reservation, communication, marketing, and hosting services.
  1. Each partner to whom we entrust personal data processing (processor) or to whom we disclose data (separate administrator) will process data according to relevant laws, agreements, and for performing contracts, agreements, or collaborations. Processing will comply with applicable laws and our internal policies, procedures, and standards.
  1. Personal data may also be accessed by public authorities according to applicable law.
  1. TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
  1. As a rule, we process personal data locally within Poland or the European Economic Area. This also applies to partners whose services we use or may use in the future.
  1. In cases where data transfer outside the EEA is necessary, we will provide adequate safeguards according to Articles 44-49 GDPR.
  1. RIGHTS RELATING TO PERSONAL DATA PROCESSING
  1. The right to withdraw consent at any time (Art. 7(3) GDPR).

If data is processed based on given consent, the person may at any time withdraw further processing on that basis. We will then immediately stop data processing for the purpose for which consent was given. However, withdrawal does not affect the legality of prior processing.

  1. The right to access personal data and obtain a copy (Art. 15 GDPR).

You can receive information about personal data processing and get a copy. The copy will be provided in a common file format. The first copy is free, but we may charge a fee for subsequent copies according to GDPR conditions.

  1. The right to rectification (Art. 16 GDPR).

We must ensure processed data accuracy. You can request correction or deletion if data is inaccurate, incomplete, or unlawfully collected. The burden of proof lies with the person concerned.

  1. The right to erasure, including the "right to be forgotten" (Art. 17 GDPR).

We must delete personal data upon request in the following cases:

  1. The purposes for which the data was collected have been fulfilled.
  1. The only legal basis for processing was consent that was then withdrawn, and there is no other lawful basis for further processing.
  1. The only legal basis was consent given by a person under thirteen years old.
  1. An objection under Art. 21 GDPR has been made, and we have no overriding lawful grounds to continue processing.
  1. Personal data was processed unlawfully, i.e., for unlawful purposes or without any basis.
  1. "Right to be forgotten" as a specific form of the right to erasure.

If data was published, for example on this website, and is subject to erasure rights, we must delete all copies and links to this data. We must also ensure that other entities processing this data delete it. However, this right is not absolute — we must consider available technology and costs, which may affect its scope.

  1. The right to restrict processing (Art. 18 GDPR).

We must restrict processing upon request by refraining from any data operation other than storage. If the data subject doubts data accuracy, we restrict processing for a period allowing verification. We also restrict processing if the data subject objects to processing.

  1. The right to data portability (Art. 20 GDPR).

The data subject has the right to receive personal data and transmit it to another chosen personal data administrator. This right applies when we process data based on consent (Art. 6(1)(a) GDPR) or to perform a contract (Art. 6(1)(b) GDPR), and the processing is automated, i.e., without human intervention.

  1. The right to object (Art. 21 GDPR).

The data subject can request to stop processing personal data, especially for reasons related to their particular situation. The objection does not apply if processing is based on consent. In that case, consent withdrawal applies — the effect is the same, but legally objection and withdrawal are different and used in different situations. An effective objection cannot be made if:

  1. processing is necessary to perform a contract (Art. 6(1)(b) GDPR);
  1. processing is necessary to comply with a legal obligation (Art. 6(1)(c) GDPR);
  1. processing is necessary to protect vital interests of the data subject or another natural person (Art. 6(1)(d) GDPR).
  1. The right not to be subject to automated decisions in individual cases, including profiling (Art. 22 GDPR).

The data subject has the right not to be subject to decisions based solely on automated processing, including profiling, if such decisions have legal effects or similarly significantly impact them. Automated processing, including profiling, is allowed if:

  1. it is necessary to enter into or perform a contract;
  1. it is permitted by European Union or member state law to which we are subject, and which provides suitable safeguards for rights, freedoms, and legitimate interests;
  1. it is based on explicit (not implied) consent.
  1. The right to lodge a complaint to a supervisory authority (Art. 77 GDPR).

If the data subject believes that our data processing violates their rights, they can file a complaint with the supervisory authority, an independent public authority responsible for monitoring GDPR compliance. In Poland, this is the President of the Personal Data Protection Office. Contact can be made:

  1. by mail: ul. Stawki 2, 00-193 Warsaw;
  1. electronically via ePUAP mailbox of the Personal Data Protection Office: /UODO/SkrytkaESP;
  1. by phone at hotline number: 606 950 000.
  1. The above rights may be limited in some situations, for example, if we can prove a legal obligation to process data. To exercise rights, send a request using contact details in the Privacy Policy.
  1. PERSONAL DATA COLLECTION
  1. Personal data generally comes directly from the data subjects (Section IV of Privacy Policy). In some cases, it may be sourced from:
  1. The booker – personal data of guests other than the booker may be obtained directly from the person making the booking.
  1. Third parties – personal data may be acquired from third parties, e.g., when a supplier, contractor, or partner is recommended by a known person.
  1. Other business partners – personal data may be provided by business partners with whom we cooperate under contracts, projects, or other sales activities (e.g., operators of Booksy.com, Booking.com).
  1. In all data sourcing from other sources, we take actions to ensure data was provided according to law, and the person concerned was adequately informed about processing.
  1. TYPES AND PURPOSES OF COOKIES USED
  1. The administrator uses the following types of cookies for:
  1. Proper website functioning and security. These cookies are called essential as they enable browsing, booking, authentication, and abuse detection. They will be used without asking user consent.
  1. Gathering info on website usage and user activity, optimizing content and functionality, and tailoring the site to user expectations. These are called analytical cookies. They will be used only with user consent.
  1. Displaying marketing content tailored to user preferences and sending notifications of marketing offers matching interests (ad personalization and campaign effectiveness analysis), covering user activity and products/services of the administrator and third parties. These are marketing cookies and will be used only with user consent.
  1. The user may limit or disable cookie access to their device.
  1. COOKIE SETTINGS
  1. The user can select which cookies to agree to upon the first visit, excluding those mentioned in Section IX 1 (a) of the Privacy Policy.
  1. The user can change cookie settings at any time via browser settings, excluding cookies from Section IX 1 (a) of the Privacy Policy.
  1. The user can delete cookies at any time, excluding cookies from Section IX 1 (a) of the Privacy Policy, using browser features.
  1. CHANGES TO THE POLICY
  1. We reserve the right to update the Privacy Policy in the following cases:
  1. The need to adapt to applicable law.
  1. Changes in legal interpretation.
  1. The necessity to comply with court rulings, decisions, recommendations, or instructions of competent offices or authorities.
  1. The need to fix mistakes or typos.
  1. Changes in identification or contact information.
  1. Changes in provided services or data collection channels.
  1. All changes will be published on our websites and come into effect immediately upon posting.

Last update: 16 September 2024

Road map Call us