Pursuant to Art. 13 sec. 1 and sec. 2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (general regulation on data protection , hereinafter also GDPR), we inform our Guests that:
- The administrator of the personal data is Foundation of Social Innovation, which is the owner of the So Stay Hotel.
- In matters related to the processing of your personal data and the exercise of rights regarding the processing of personal data, you can contact us:
- by letter to the following address: ul. Gościnna 14, 80-032 Gdańsk
- by e-mail at the following address: firstname.lastname@example.org
- We process your personal data:
- in order to provide hotel services pursuant to art. 6 section 1 letter b, c, art. 2 lit. c GDPR and the provisions of the Act on "hotel" services,
- for the purposes related to the initiation (recruitment) and the course of the employment process / contract of mandate / cooperation, pursuant to art. 6 sec. 1 lit. a, b, c and art. 9 sec. 2 lit. b and h GDPR,
- in order to fulfill the legal obligations incumbent on the Administrator, e.g. in the field of tax law, accounting regulations, labor law, among others in order to fulfill the legal obligations incumbent on the administrator in connection with the recruitment and employment of employees and contractors (legal basis: Article 6 (1c) of the GDPR),
- for purposes resulting from the legitimate interests pursued by the Administrator, e.g. to ensure order and safety of persons staying on the premises of the Social Economy Entity, fire and flood protection and property protection (video monitoring of the building and the area around it), in order to confirm or cancel the service , as well as in the field of using direct marketing and determining, investigating or defending any claims (legal basis: Article 6 (1) (b) and (f) of the GDPR).
- Your personal data may be processed for other marketing, promotional, etc. purposes, provided that you consent (legal basis: Article 6 (1) (a) of the GDPR, Article 172 of the Pr. Tel.), When the Administrator requests For your consent. Such consent may be withdrawn at any time in the same way as it was expressed. In order to withdraw consent, you can also send an e-mail to the e-mail address email@example.com. Withdrawal of consent does not affect the lawfulness of the processing carried out before its withdrawal.
- Depending on the situation, there may be other grounds listed in Articles 6 and 9 of the GDPR legalizing the processing of personal data by the Administrator.
- Due to the organization of the provision of hotel services and our activity as entrepreneurs, your personal data may be transferred to the following categories of recipients:
- entities authorized by law;
- entities entrusted with the processing of data on behalf of the Administrator, e.g. entities performing service activities, cooperating with the Administrator, in order to provide tourist services, as well as service providers supplying the Administrator with technical and organizational solutions, enabling the business to be run to the minimum extent necessary and justified by the performance of these services (including e.g. accounting, invoicing, IT services, suppliers);
- Personal data in accordance with the provisions of the GDPR will not be transferred to a third country or an international organization (i.e. outside the European Union and to countries outside the European Economic Area).
- The Administrator stores your personal data:
- in the case of processing personal data on the basis of a contract, the processing period lasts until the end of this contract,
- in a situation where the Administrator processes personal data on the basis of consent, the processing period lasts until the consent is withdrawn,
- however, irrespective of the above, it is possible to store personal data on the basis of legal provisions for the periods specified by these provisions, in order for the Administrator to fulfill legal obligations, e.g. obligations specified in tax law or, for example, in the scope of storing employee documentation,
- also in the case of processing personal data on the basis of the legitimate interest of the Data Administrator, the storage period lasts until the end of the above-mentioned interest (e.g. the limitation period for civil law claims in accordance with the provisions of the Civil Code) or until the data subject objects to further processing - in situations where such objection is permitted under the law,
- for archiving purposes in the field of data necessary, for example, to prove accountability, i.e. to prove compliance with the provisions on the processing of personal data, the Administrator stores data for the period in which he is obliged to keep data or documents containing them to document the fulfillment of legal requirements and enable control of their compliance by the authorities public.
- The Administrator guarantees the fulfillment of all rights resulting from the GDPR and to the extent indicated therein, i.e. the right to access, rectify, limit the processing of personal data, the right to transfer them, not to be subject to automated decision making, including profiling, and the right to object to the processing of personal data. However, the right to delete data, i.e. the right to be forgotten, is not an absolute right and is limited to the extent indicated in art. 17 sec. 3 GDPR (the exception applies to, inter alia, data contained in employee documentation and data necessary to establish, assert or defend claims).
- The administrator currently does not use automated decision-making, including profiling.
- In accordance with the requirements of the GDPR, the Administrator informs you about your right to lodge a complaint with the supervisory body of PUODO (the President of the Personal Data Protection Office) in connection with the processing of personal data (address: Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw).