Privacy

Privacy Policy of the website www.termykarkonosze.pl and the use of cookies

Hereby we inform you that in connection with using the www.termykarkonosze.pl website, hereinafter the Service, we process your personal data. Details can be found below.

Data Controller

The controller of your personal data is Karkonosze Springs Limited Partnership with its registered office in Staniszów, registered and business address: 58-500 Staniszów, Zdrojowa 2 Street, KRS 0000739814, NIP 5213833554, REGON 380718020, e-mail address: recepcja@termykarkonosze.pl. In case of questions or doubts, you can also contact us via the contact form available on the Service's website, if such a form is provided on the Service site.

Purposes, legal basis and processing period

We process your personal data in accordance with the law, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter GDPR.

We process your data for the purpose of:

  • handling reservations you have made for hotel services at our facility Termy Karkonosze Resort & Spa, at Zdrojowa 2, 58-500 Staniszów, hereinafter the Hotel, and providing hotel services to you at the Hotel to perform the contract concluded by you with us – based on Art. 6 para. 1 letter b GDPR (processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract) – until the expiry of the limitation period for potential claims arising from legal provisions,

  • processing complaints – based on Art. 6 para. 1 letter f GDPR (legitimate interest of the controller) – until the expiry of the limitation period for potential claims arising from legal provisions,

  • if you give consent, for storing data in cookies and collecting data from websites and mobile applications – based on Art. 6 para. 1 letter a GDPR – until consent is withdrawn,

  • if you give consent, to conduct promotional or marketing campaigns or other activities – based on Art. 6 para. 1 letter a GDPR – until consent is withdrawn, provided that sometimes these data may also be processed after this period based on our legitimate interest described below, but only if permitted or required under applicable law, e.g., processing for archival or accountability purposes,

  • if you give consent, to send commercial information about our products and services, promotions, as well as products and services of entities cooperating with us, by electronic communication means (SMS, MMS, e-mail) or direct marketing performed by telecommunication terminal equipment (phone, tablet) to the e-mail address or phone number you provide – based on Art. 6 para. 1 letter a GDPR – until consent is withdrawn,

  • direct marketing in traditional (paper) form – based on Art. 6 para. 1 letter f GDPR (legitimate interest of the controller) – until objection is raised,

  • for archival (evidential) purposes to secure information in case of legal need to prove facts – based on Art. 6 para. 1 letter f GDPR (legitimate interest of the controller) – for the period in which the controller is obliged to keep data or documents containing them to document compliance with legal requirements and to enable control of such compliance by public authorities,
  • for possible determination, pursuit or defense of claims – based on Art. 6 para. 1 letter f GDPR (legitimate interest of the controller) – until the expiry of the limitation period of potential claims arising from legal provisions.

What data do we process?

We process data you provide as part of using the Service. These are primarily identification data given in connection with your hotel service reservation at the Hotel or in connection with the provision of hotel services to you at the Hotel, including first name, last name, address of residence, e-mail address. We inform that while using the Service automatic access to data may also be obtained through cookies or Google Analytics as described below.

Recipients of data

We may share your personal data with the following categories of entities:

  • subcontractors, including entities cooperating with us in the operation of the electronic hotel service reservation system at the Hotel,
  • entities with whom we cooperate in promotional, marketing or other actions, e.g., promoters, organizers of contests or other promotional activities,
  • accounting firms,
  • legal firms,
  • entities capital or organizationally related to the Company,
  • IT companies,
  • banks,
  • entities providing postal and courier services.

We inform that we may share your personal data with competent authorities, courts or third parties who request such information, based on appropriate legal grounds and in accordance with applicable law.

Data transfer to third countries

We do not transfer your personal data outside the European Economic Area.

Your rights

You have the right to:

  • access your data and receive a copy of them,
  • rectify (correct) your personal data,
  • delete personal data – if you believe there is no reason for us to process your data, you may request their deletion,
  • restrict processing – you may request that we limit the processing of your personal data solely to their storage or the performance of agreed actions with you, if you believe we hold incorrect data or process them unlawfully; or if you do not want us to delete them because you need them to establish, pursue or defend claims; or for the period of your objection to data processing,
  • object to processing – marketing objection: you have the right to object to processing of your data for direct marketing purposes – if you exercise this right we will stop processing data for this purpose; objection due to particular situation: you should then indicate your particular situation which you believe justifies stopping the processing subject to objection; we will stop processing your data unless we demonstrate legitimate grounds overriding your rights or that your data are necessary to establish, pursue or defend claims,
  • data portability – you have the right to receive from us in a structured, commonly used machine-readable format the personal data concerning you which you have provided based on a contract or your consent; or to order us to send those data directly to another entity,
  • file a complaint to the supervisory authority (President of the Personal Data Protection Office or other competent supervisory authority),
  • withdraw consent to personal data processing at any time – withdrawal of consent will not affect the lawfulness of processing performed on the basis of your consent before its withdrawal.

To exercise your rights you may send a request to our mailing address or the e-mail address indicated above, or via the contact form available on the Service’s website if such form is provided on the Service. Please note that before executing your rights we must verify your identity to ensure that you are the data subject.

COOKIES

The Service uses cookies (so-called "cookies"). Cookies are IT data, especially text files, which are stored in an end device (e.g., computer memory) and intended for using the websites of the Service. Cookies do not cause configuration changes in the User’s device or software installed on the User’s device.

We use cookies for the purposes of:

  • adapting the content of the Service’s website to the individual preferences of the User, mainly these files allow recognizing the User's device to properly display the website tailored to their preferences (cookies are associated only with the browser of a specific device, without providing the first or last name – the user is anonymous),
  • preparing statistics helping to understand how Users use websites, allowing to improve their structure and content,
  • ensuring the security of the Service.

You can configure your browser at any time to receive information about cookie settings and accept cookies individually, disable cookie acceptance or delete cookies on your device, and after their removal we will no longer be able to process the information saved in such a cookie.

Deactivating cookies may limit the functionality of the Service.

GOOGLE ANALYTICS

The Service uses Google Analytics, an online tool for analyzing website statistics and internet analytics giving insights into the traffic of the Service data, used for marketing activities supplied by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google Inc. Privacy Policy is available at: https://policies.google.com/privacy?hl=pl.

Social network

The Service may contain links to external social network portals such as Facebook, Instagram. Functions assigned to individual links, especially transmission of information and personal data, activate only after clicking on the given link. Then, a so-called social plugin of respective social network portals is activated, and your browser connects you to that service.

If you click on a selected link during your visit to the Service, your personal data are transferred and processed by the given social network portal. If, while visiting the Service, you click on a selected link and are logged into that portal simultaneously, information about your visiting our Service may be sent via your account in that portal and the fact may be saved on your account in the social network portal. To avoid such action, you should log out from your account on the social network portal before clicking the link.

The purpose and scope of personal data processing by social network portals and the related rights and obligations of the administrator protecting users' privacy can be found in the data protection section of the respective portal site. The social network portal is responsible for data processing triggered by clicking on the given link.

Security

All data we collect are protected by rational technical and organizational means and security procedures to protect them against unauthorized access or unauthorized use. Entities related to the Company, trusted partners, and external service providers have committed to managing data according to our adopted security and privacy protection requirements.