Administrator The Hotel Guest's personal data is Molo Sp. z o.o. with its registered seat in Smardzewice (97-213) at 16 Klonowa St., entered in the register of entrepreneurs of the National Court Register under the number: 0000124516 in the District Court for Łódź-Śródmieście in Łódź, XX Commercial Department of the National Court Register, the amount of share capital: 4 700 000 PLN, NIP: 773 22 05 366, REGON: 472412323, hereinafter referred to as the Administrator.
1. personal data inspector
The Administrator has appointed as Data Protection Officer (DPO) -- contact at the mailing address Bronisławów, Żeglarska 35/31, 97-320 Wolbórz, e-mail address: firstname.lastname@example.org
2 Purpose of personal data processing
Personal Information are processed for the purpose of booking and providing hotel services. Furthermore, the purpose of their processing is to document the performance of the service in accordance with the provisions of tax law, as well as to provide the Parties with the right to assert potential claims that may arise in connection with the stay in the hotel. In the case of consent to the processing of personal data for marketing and commercial purposes, the Administrator processes personal data in order to send marketing and commercial information to the Guest. Moreover, the Administrator processes personal data obtained from the hotel video surveillance system (without sound recording) in order to ensure safety of hotel Guests and other persons staying in the hotel premises.
3 Legal Basis
Legal basis The processing of the Visitor's personal data is contract for the provision of hotel services in Magellan Business&SPA*** Hotel. The legal basis for the processing of personal data used for marketing and commercial purposes are separately expressed consents of the Guest, which are requested on the stay card. The processing of personal data by video surveillance is necessary for the purposes arising from the legally justified interests pursued by the Administrator. We also ask for the Guest's consent on the Guest's Stay Card for the processing of personal data: telephone number and e-mail to ensure contact if necessary during or after the Guest's stay at the hotel. Providing personal data is voluntary, but necessary to conclude the contract for hotel services. Failure to provide personal data will prevent the Administrator from providing the ordered hotel service.
4 Transfer of personal data
Administrator passes on personal data to the following categories of entitiesTo companies that provide IT support services (Information Technology) to the hotel, to transportation companies and cab companies when the Guest requests transportation, to government bodies authorized by applicable law to obtain personal data.
5 Time limits for processing personal data
Personal data collected in connection with the concluded contract for the provision of hotel services will be processed until the statute of limitations for tax claims or civil law claims of the Administrator or the Guest, depending on which of these events occurs later. Personal data obtained on the basis of consent for marketing and commercial purposes will be processed until the consent is revoked. Personal data obtained in connection with monitoring will be processed for 30 days from the date of recording, and then will be permanently deleted.
6. access and deletion of consent to data processing
Each Visitor has the right to access, rectify, erase or restrict processing of personal data. In addition, each Visitor has the right to object to processing, the right to data portability, and the right to erasure. The right to erasure may be restricted to the extent that the processing is necessary for the Administrator to comply with a legal obligation to process the data under specific provisions of national law (e.g.: tax law). Access to personal data is possible in the Administrator's seat. In addition, the Administrator provides an e-mail address for contact: email@example.com. Each visitor has the right to lodge a complaint to the supervisory authority. The Administrator does not intend to transfer personal data outside the EEA. The Administrator does not make automated decisions on the basis of personal data and does not perform profiling as referred to in Article 22 (1) and (4) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.