The protection of personal data is the highest priority for Restauracja Festiwale Smaków 1 Sp. z.o.o. Sp. K. The following information describes personal data handling.
Article 1 GENERAL TERMS
- The Controller of your personal data collected via the website https://ventusrosa.pl is Aparthotel Spółka z ograniczona odpowiedzialnością Spółka komandytowa (hereinafter: Aparthotel Sp. z.o.o. Sp. K.) with its registered office in Kraków, 31-072 at ul. Wielopole 15, Tax ID (NIP) No.: 676-245-46-07, hereinafter referred to as the “Controller” (as well as the Service Provider, the Company).
- The Service Provider allows Users to take advantage of free electronic services described in this Article, via the website, for 24 hours a day, 7 days a week. These services enable Users to take advantage of the Internet resources, in particular to get acquainted with the materials presented on the website and to use various IT mechanisms functioning there.
- The following electronic services are available via the website:
- Contact form as a service enabling the User to send messages to the Service Provider. The contract for the provision of a service consisting in provision of an interactive form is concluded for a fixed period and is terminated as soon as the message reaches the Controller.
- Booking form – the use of the form consists in entering the required user data, including personal data, in order to conclude a contract with the Controller as part of its business activities and services provided. The contract for the provision of a service allowing the user to use the form for booking purposes is concluded for a fixed period and is terminated as soon as the Controller receives the data for the needs of booking.
- The Service Provider reserves the right to choose and change the type, form, time and method of providing access to the selected services, and shall inform the Users thereof in a manner appropriate to amend the Policy.
- Users’ personal data are processed in accordance with the General Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”) and with the national regulations regarding the protection of personal data and the Act on the provision of electronic services of 18 July 2002 (consolidated text – Journal of Laws Dz.U.2017.1219, as amended).
- The Controller shall take the utmost care to protect the interests of the data subjects, and in particular shall ensure that the collected data are processed in accordance with the law; that they are collected for specified, legitimate purposes and are not subject to further processing incompatible with these purposes; are substantively correct and adequate to the purposes of processing and are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
- The Data Controller has not appointed the Personal Data Officer.
- It is possible to visit the website maintained by the Controller without entering personal data. Providing personal data is voluntary, but it may be necessary to conclude a contract or other agreement to which the person providing the data will give his/her consent.
Article 2 PURPOSE, SCOPE AND BASIS FOR COLLECTION OF DATA
- The purpose of collecting personal data by the Controller is:
- Establishing, shaping the contents, changing, executing or terminating the contractual relationship between the Service Provider and the Customer consisting in the provision of electronic services,
- Direct marketing of own products or services of the Controller;
- In the case of Users using the booking form provided by the Controller, personal data entered there are processed for the purposes of and in order to conclude a contract within the framework of business activity carried out by the Controller, including services provided thereby.
- The Controller processes the following personal data of Users: IP, name and surname; e-mail address; contact phone number; the Controller may process other categories of data if they are entered independently and voluntarily by the User to the forms available on the website.
- Providing personal data referred to in paragraph 2 of this Article is voluntary, but it may be necessary for the Service Provider to provide Services within the framework of the website and for the booking processes. Failure to provide the required data prior to commencing the given service shall result in the refusal to provide the specific Service due to the impossibility of its performance. The User shall be informed of the scope of required data each time before the provision of the specific Service.
- User’s personal data processing is based on his/her consent or on the need to perform the contract that the User is a party of, or on the need to take action on his/her request before or after its conclusion, as well as the need for direct marketing of own products or services of the Controller.
- The personal data provided by the Users will not be made available to other entities except those who have an appropriate legal basis, such as data processing contracts in a manner not less restrictive than that provided by the Data Controller.
Article 3 OPERATING DATA
- The Controller may process, using the appropriate software, the following data characterising the way the User uses the website (operating data):
- Symbols that identify end of telecom network or ICT system which the Customer was using;
- Information on the start, end and scope of each use by the Customer of the services provided electronically;
- Information on the use by the Customer of services provided electronically;
- Operating data are aggregate and anonymous, i.e. they do not contain features that identify visitors to the website and are not disclosed to third parties.
Article 4 RIGHT OF CONTROL, ACCESS TO THE CONTENTS OF ONE’S DATA AND OF THEIR RECTIFICATION
- The User has the right of access to his/her data and the right of their rectification, erasure or restriction of processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal;
- Each person has the right to control the processing of data contained in the Controller’s filing system, especially the right to have incomplete personal data completed, the right to data updating, rectifying, temporary or definitive limitation including a ban on processing; or the right to demand their removal, especially if they are incomplete, out of date, false or have been collected in violation of the law or are no longer necessary to achieve the purpose for which they have been collected.
- In the case of data processing for the purpose of direct marketing of the Controller’s own products or services, the data subject is also entitled to submit a written request to cease processing his/her data and to object to the processing of his/her data.
- In order to exercise the rights referred to above, the User may send a relevant request by e-mail to the following address: email@example.com or write to the address of the Controller’s office.
- Each person has the right to lodge a complaint with the President of the Personal Data Protection Authority (formerly GIODO) when he/she considers that the processing of his/her personal data violates the provisions of the General Data Protection Regulation of 27 April 2016
- The personal data shall not be transferred to a third country / international organisation.
- The personal data shall be kept for the period necessary to perform the contract for the provision of electronic services and necessary for the purpose for which the contract has been concluded, and in the case of data necessary to make a reservation, for the period of contract performance, and for the period necessary to exercise claims related thereto.
- The data shall not be processed by the Controller in an automated way, including in the form of profiling. However, it should be borne in mind that the Partners cooperating with the Controller, who are indicated in Article 5 of this policy, process data collected through the website https://ventusrosa.pl and its subpages for the purposes of conducting analyses, testing user preferences and adjusting the website to their expectations, including also for the purposes of providing the users with interest-based advertising. These are in particular the following data: IP address (Internet Protocol), geolocation data from the User’s IP address, mobile advertising identifier (MAID) (which allows mobile application developers to determine who uses their mobile applications), mobile application ID, browser type, browser language, operating system type and the date and time at which the End User visited the Publisher’s website, the behaviour on the Publisher’s site, such as how long the User viewed the Publisher’s website, the end User’s behaviour in the content on the Publisher’s website, content shared by the end User and his/her interests, the URL address and methods of Web searches used by the User to locate and visit the Publisher’s website, information on use by the Users of tools (to search for specific content on the website, or to share content) offered by Publisher’s Partners and made available on the Publisher’s website. These data allow to create marketing profiles of advertisements recipients and to analyse the functionality of the website in order to adjust it to user preferences.
- Cookies are small text-numeric files placed on the User’s computer during his/her visit to the website. Cookies allow websites to recognise User’s computer. These files in most cases do not permit identification of the web user’s identity. Cookies do not cause any damage to User’s computer and do not contain viruses.
- Two types of cookies are commonly used: session cookies and persistent cookies. Session cookies are temporary files that remain on User’s device until he/she logs out or disables the web browser. Persistent cookies remain in the User’s device memory for the time specified in their parameters or until they are manually removed.
- The Controller may use own cookies, in particular: for the correct configuration of the website, for the processes necessary for its full functionality, for User’s authentication on the website and ensuring the continuity of User’s session on the website, for noting User’s location, for analysis and research, and auditing website traffic, for the purpose of advertising services.
- The Controller may use third-party cookies, in particular: regarding the use of analytical tools, for providing advertising services, inter alia in order to identify Users who share specific interests, which allows to provide them with better-targeted advertisements, to enable sharing the website content on other websites and to allow the User direct access to other websites, including social networking sites where the Controller has its profiles.
- The Controller uses the following third-party cookies:
- Using Google technologies, including Goggles Analitycs to analyse traffic on the Controller’s website and adjust the website to User’s needs (third-party cookie Controller: Google Inc. with its registered office in the USA) See also: https://policies.google.com/privacy?hl=pl Data generated by Google Analytics can be linked by the Google Analytics customer, using Google technology, to third-party cookies related to visits to other websites.
- Using Pixel FB technology that allows to analyse Users’ activities on the website and to use data from these analyses in order to identify target groups and provide them with advertisements tailored to their needs and tastes. See also: https://www.facebook.com/business/help/651294705016616
- To enable the User to make a reservation using technologies (widgets) provided by:
- To allow the User to like the Controller’s website or to provide him/her with direct access to the Controller’s profile on social networking sites and other websites such as:
- Facebook via Facebook Connect, regardless of whether the User has a Facebook account and is logged in to Facebook (third-party cookie Controller: Facebook Inc. based in the USA or Facebook Ireland based in Ireland), see also: https://www.facebook.com/policies/cookies
- Instagram, regardless of whether the User has an Instagram account and is logged in (third-party cookie Controller: Facebook Inc. based in the USA, see also: https://www.facebook.com/help/instagram/155833707900388
- Tripadvisor – www.tripadvisor.com, regardless of whether the User has a Tripadvisor account and is logged in (third-party cookie Controller: TripAdvisor LLC), see also: https://tripadvisor.mediaroom.com/PL-privacy-policy
- Yelp – https://www.yelp.pl regardless of whether the User has a Yelp account and is logged in, third-party cookie Controller
- If Users do not wish cookies to be used, they may at any time manage their use, inter alia resign of this form of data collection in the following way:
- By modifying the settings of the web browser, where the User can allow or block temporary and persistently memorised cookies in his/her security settings. Detailed information about the possibilities and ways of handling cookies are available in the Help tab in the menu of each browser.
- By visiting websites indicated in paragraph 5, in order to opt out of the use of third-party cookies, including cookies for the display of interest-based advertising (if the provider or advertising network provides this option).
- Through specially designed tools for handling consumer choices, which are used to manage cookies used to display advertisements, based on the interests of Users, available e.g. Here https://www.youronlinechoices.eu/ or here https://www.aboutads.info/choices/.
- If cookies are deactivated, using the methods set out in this Article, there is a risk that some functionalities on our website will be unavailable, some websites will be displayed incorrectly, in particular you will not be able to make a reservation. Without the explicit consent of the User, we shall not associate the data.
Article 6 FINAL PROVISIONS
- The website and its content, including in particular software, graphic and functional layout, works, trademarks, databases, texts, photos, graphics, sounds, computer programs and multimedia materials are subject to legal protection provided for in applicable laws, in particular in the Act of 4 February 1994 on copyright and related rights (Journal of Laws – Dz.U.2017.880, consolidated text), the Act of 27 July 2001 on the protection of databases (Journal of Laws – Dz.U.2001.128.1402), the Act of 30 June 2000 – the Industrial Property Law (Journal of Laws – Dz.U.2017.776, consolidated text) and the Act of 16 April 1993 on combating unfair competition (Journal of Laws – Dz.U.2018.419, consolidated text).
- All rights to the website and to all its elements referred to in the preceding paragraph are held by the Company or third parties. The content on which third parties hold copyrights is made available by the Company on its website on the basis of applicable laws or concluded contracts.
- It is forbidden to use the website for purposes inconsistent with this Policy or with the provisions of generally applicable law.
- The Company reserves the right to amend or modify this Policy to the extent permitted by applicable law.
- All comments, requests and complaints regarding the website and electronic services provided via the website should be sent to the email address firstname.lastname@example.org or in writing to the Controller’s address provided at the beginning of this Policy.
- The Controller uses technical and organisational measures to ensure protection of personal data being processed adequate to the risks and category of data being protected, in particular to secure the data against unauthorised disclosure, takeover by an unauthorised person, processing with violation of the law as well as change, loss, damage or destruction, in accordance with applicable law.