Privacy policy

Privacy policy

Information on personal data and privacy at the Grand Hotel Kielce

Przedsiębiorstwo Turystyczne “Łysogóry” Sp. z o.o. with its registered office in Kielce (hereinafter: the Company or the Hotel) attaches great importance to the privacy of its Guests and other persons whose personal data is processed by the Company. The Company applies in its activities to privacy protection regulations, in particular to the General Regulation on Personal Data Protection No. 679/2016 (called RODO in Polish). The Company strives to ensure that each person whose personal data is processed by the Company has full information about the scope, purpose and method of processing one’s personal data and information about one’s rights. The company uses only necessary data in its activities to achieve each of the purposes for which personal data are processed.

Processing of personal data obtained for marketing or similar purposes

If the Company has obtained your personal data for marketing or similar purposes, you have the right to object to such processing. The objection may be filed at any time. If the Company has no other legal basis to process your personal data, data processing will be terminated. The legal basis for the objection is Art. 21 RODO.

Processing of personal data obtained on the basis of consent, including for marketing purposes

If the Company has obtained your personal data on the basis of consent, you have the right to withdraw this consent at any time. This does not affect the validity of the processing of personal data at the time the consent was in force. The basis for the withdrawal of consent is Art. 7 RODO. If you object to the processing of personal data referred to above, we will assume that you have withdrawn your consent for the processing of personal data. You can withdraw your consent by contacting us, as well as by clicking on the “unsubscribe me” field or a similar field in the message received from us.

Making a reservation via the website

The Company informs that making a reservation of accommodation through the website of the Hotel www.grandhotelkielce.pl, may involve the transfer of personal data of the booking person to entities that provide us with IT tools for the booking website, i.e. to Bookassist Polska Sp. z o.o. based in Poland and to Automatic Netware Limited based in Ireland, to which the Bookassist booking system belongs. Guest’s personal data may be transferred to these companies by entering them into the information systems of the booking website. We encourage you to read the Bookassist personal data protection policy available at https://www.bookassist.com/global/pl/security.jsp After making the reservation, your personal data will go to the hotel’s IT systems.

Personal data of Guests – people who stayed or will stay at the Hotel

1. The Guests’ personal data are processed on the basis of a contract for the provision of hotel services or a reservation made between the Guest and the Hotel. The purpose of processing personal data is to provide hotel services or other similar services that are provided by the Hotel at the Guest’s request. In addition, the Guest’s personal data may be processed by video surveillance used at the Hotel. The purpose of video monitoring is to protect the Guest and other people staying at the Hotel or in its vicinity.
2. The Company informs that providing personal data is a contractual as well as statutory requirement (when documenting a sale made to a Guest with a VAT invoice). Failure to provide personal data makes it impossible to conclude a contract with the Hotel, and also prevents the issuance of a VAT invoice.
3. The Guest’s contact details (telephone number, e-mail address) may be used to contact the Guest in order to determine the preferences regarding the stay (type of room, time of arrival, etc.).
4. The Guest’s personal data may also be processed for the purpose of conducting Guest satisfaction surveys in connection with the services provided by the Hotel. The legal basis for the processing of personal data for this purpose is the legitimate interest of the Company (Art. 6 par.1 letter f of the RODO). The hotel has assessed the impact of measures taken for this purpose on privacy. This assessment led the Company to the conclusion that the processing of personal data as part of a legitimate interest does not interfere too much with the privacy of the Guest. In addition, this method of processing the Guest’s personal data is to lead to an improvement in the quality of services provided by the Hotel, which is to bring benefits to the Guest in the form of a better understanding of the Guest’s needs. Therefore, the interests of the Guest will not be affected.
5. The Hotel informs that the Guest’s personal data will be kept for the entire period of providing the hotel service to the Guest, as well as the data will be kept for the period of limitation of possible claims, including tax and civil claims. Personal data processed by video surveillance will be stored for a period of up to 30 days, unless due to a special circumstance (e.g. an accident) it will be necessary to store the surveillance recording for a longer period.
6. The Hotel informs that the Guests’ personal data may be disclosed to following data recipients:

• accounting / auditing companies cooperating with the Hotel,
• law firms cooperating with the Hotel,
• insurance companies cooperating with the Hotel,
• IT companies and companies providing support and management of the hotel’s IT infrastructure,
• courier and postal companies,
• travel agencies.

If a stay at the Hotel is booked through a travel agency or booking portal, the categories of Guest’s personal data provided to the Hotel by these entities may include, in particular, the name and surname, date of stay, e-mail address, and telephone number of the Guest. Information on the exact source from which the Hotel obtained the Guest’s personal data can be obtained at the Reception.

Common information

1. The hotel informs that everyone has the right to access their personal data (Art.15 RODO) and to correct and update them (Art. 16 RODO). Everyone also has the right to transfer data (Art.20 RODO), object to processing (Art. 21) and delete personal data (Art.17), limit processing (Art. 18 RODO), if there are legal grounds for this.
2. The hotel informs about the right to lodge a complaint with the supervisory body supervising the processing of personal data. From May 25, 2018, this authority will be the President of the Office for Personal Data Protection.