Privacy Policy

Privacy Policy

Privacy Policy of the willadrako.pl Website

Introduction

  1. The protection of Users' personal data is of the utmost importance to the Owner of this website. We make every effort to ensure that Users feel secure when entrusting their personal data while using the website.

  2. A User is any natural person, legal person, or organizational unit without legal personality to which the law grants legal capacity, using the electronic services available on the website.

  3. This privacy policy explains the principles and scope of processing the User's personal data, their rights, the obligations of the administrator, and provides information on the use of cookies.

  4. The Administrator applies appropriate technical and organizational measures to ensure a high level of protection for the processed personal data and to safeguard it against unauthorized access.

I. Personal Data Administrator

The administrator of personal data is: ES Art Music, Adama Mickiewicza 56A, 05-462 Góraszka, Poland, NIP: 5322107746, KRS: 0001064596 e-mail address: biuro@willadrako.pl (hereinafter referred to as: the "Owner").

II. Purposes of Personal Data Processing

  1. The Administrator processes Uers' personal data for the purpose of properly providing accommodation services, including in particular:

    • making reservations online or by phone,

    • conclusion and performance of the accommodation contract,

    • tax and accounting settlements,

    • fulfillment of the hotel check-in obligation,

    • handling complaints and consumer claims.

  2. In order to ensure the safety of hotel employees and guests, and to prevent fraud, we process personal data such as:

    • Data from the key card system;

    • Facial image obtained from the CCTV monitoring system;

    • First and last name;

    • E-mail address;

    • Phone number;

    • IP address.

  3. The User may consent to receive information about news and promotions. In this case, the data is processed for the purpose of sending commercial information (e.g., newsletter).

  4. Data is also processed to fulfill legal obligations incumbent on the administrator (e.g., tax regulations, population registration).

  5. Data may be used for the purpose of securing and pursuing claims, as well as for the marketing of own services.

III. Type of Data

  1. The Administrator processes the following personal data:

    • first and last name,

    • e-mail address,

    • phone number,

    • residential or correspondence address,

    • data necessary to issue an invoice (NIP/Tax ID, company name – if applicable),

    • image captured by the CCTV monitoring system.

  2. Data provided optionally:

    • PESEL number (or national ID/passport number if required for check-in under applicable regulations),

    • bank account number (in the case of refunds).

IV. Legal Basis for Processing

  1. Personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

  2. Bases for processing:

    • necessity for the performance of a contract (Art. 6(1)(b) GDPR),

    • legal obligation incumbent on the administrator (Art. 6(1)(c) GDPR),

    • legitimate interest of the administrator (Art. 6(1)(f) GDPR),

    • User's consent – solely in the scope of marketing (Art. 6(1)(a) GDPR).

V. User Rights

The User has the right to:

  1. access their personal data,

  2. rectify the data,

  3. erase the data ("the right to be forgotten"),

  4. restrict processing,

  5. transfer data to another administrator,

  6. object to the processing,

  7. withdraw consent at any time (if processing is based on consent),

  8. lodge a complaint with the President of the Personal Data Protection Office (UODO).

VI. Data Retention Period

  1. Data is stored as long as necessary for the performance of the contract and fulfillment of legal obligations.

  2. Accounting documents – 5 years (in accordance with the Accounting Act).

  3. Check-in data – 5 years (in accordance with the Population Registration Act).

  4. Data processed on the basis of consent – until its withdrawal.

VII. Data Sharing

  1. Data may be transferred to entities cooperating with the administrator, in particular: the accounting office, booking and IT system providers, and payment processors.

  2. Data is not transferred outside the European Economic Area unless required by the use of an IT service provider – in such cases, appropriate safeguards in line with the GDPR are applied (e.g., standard contractual clauses).

VIII. Cookies

  1. The website uses cookies to ensure its proper operation, collect visit statistics, and customize content.

  2. Cookies can be:

    • session cookies (deleted after closing the browser),

    • persistent cookies (stored for a specified period),

    • analytical cookies (e.g., Google Analytics),

    • marketing cookies (e.g., Facebook Pixel – with the user's consent).

  3. The User can manage cookies through browser settings or express/withdraw consent in the cookie banner.

  4. Blocking cookies may affect the functionality of the website.