hidden

Privacy and cookies policy

DISCLAIMER: This page has been machine translated for your convenience. The regulations written in Polish apply legally.

 

This Privacy Policy sets out the principles for the processing and protection of personal data provided by users in connection with their use of the services offered by the website rental.okopowa.waw.pl (hereinafter referred to as the Website) and third-party booking services such as booking.com, airbnb.com, and expedia.com.

 

Part I. Data Controller

1. The controller of personal data contained on the Website is T24 COMPETENCE CENTRE SP. Z O.O., ul. Okopowa 56/33, 01-042 Warsaw, NIP: 5272794620, email: rental@okopowa.waw.pl, telephone: +48 22 100 53 61 (hereinafter referred to as the Controller).

2. The Controller has not appointed a Data Protection Officer (DPO). In all matters related to the GDPR, please contact us directly using the above details.

 

Part II. Recipients, Profiling, and Security

1. Data Recipients (Processors):

Your data may be transferred to entities that process it on our behalf based on data processing agreements:

  • IT and hosting service providers: server and email service providers
  • Accounting services: entities providing accounting and bookkeeping services (invoices)
  • Legal services: entities providing legal services
  • Analytics and marketing providers:
    • Google LLC,
    • Meta Platforms Ireland Ltd.
  • PMS/reservation system operators: Hotres Sp. z o.o., KRS 0000947675, NIP 6112816201
  • Sales channel operators:
    • Booking.com Sp. z o.o., KRS 0000288695, Tax Identification Number (NIP): 5252398341, and other parent/affiliated entities of this company (Booking.com Holdings),
    • Airbnb Inc., 888 Brannan St., San Francisco, CA 94103, USA, and other entities of this company (AirBNB Group),
    • Expedia Poland Sp. z o.o., KRS 0000296519, Tax Identification Number (NIP): 1070009685, and other parent/affiliated entities of this company (Expedia Group),
  • Payment operators: banks and payment gateways (e.g., mElements joint-stock company / payment services under the "Paynow" brand)
  • other personal Data Controllers processing data on their own behalf, i.e.:
    • entities conducting postal or courier activities,
    • entities conducting payment activities (e.g., banks),
    • entities collaborating with us in the implementation of projects and individual orders, as well as in handling accounting, tax, legal, and other matters – to the extent they become data controllers.

2. Data Transfer Outside the EEA (USA)

Due to the use of Google and Meta tools, data may be transferred to the USA. The transfer is legally based on the Data Privacy Framework (DPF) decision, guaranteeing data security at the EU level.

3. Profiling

Data may be used for marketing profiling (advertising targeting), but this does not have any legal consequences for the User.

4. Voluntary provision of data
Providing data is:

a. Necessary: ​​to conclude a reservation agreement and issue an invoice.

b. Voluntary: for marketing, cookie, and contact purposes.

5. Security
We use SSL encryption, access control, and other technical measures to protect data against leakage.

 

Part III. Purposes and Processing Activities

1. Website and Cookies Necessary

Purpose: Proper operation of the website, security.

Basis: Article 6, paragraph 1, letter b of the GDPR (necessary for the performance of the service/contract) and Article 173, paragraph 3 of the Telecommunications Law.

Retention: Session duration (until the browser is closed).

2. Newsletter

Purpose: Sending offers and commercial information.

Legal basis: Article 6(1)(a) GDPR (voluntary consent).

Retention: Until consent is withdrawn (unsubscribed).

3. Contact (Email / Form / WhatsApp / chat on third-party services, e.g., booking.com, airbnb.com)

Purpose: Processing inquiries.

Legal basis: Article 6(1)(f) or (b) GDPR.

Retention: Until the matter is completed or the contract is concluded (accounting periods apply).

4. Reservations and "Lex Kamilek" (Accommodation Establishments)

Purpose: Providing hotel services, identity verification.

Legal basis: Article 6(1)(b) GDPR (contract) and Article 6(1)(c) GDPR (legal obligation).

Retention:

- Tax data: 5 years (Accounting Act).

- Data regarding the protection of minors: for the period required by specific provisions.

⚠️ Lex Kamilek (Act of July 28, 2023 amending the Act – Family and Guardianship Code and certain other acts): The property has a legal obligation to verify the child's identity and their relationship with the adult.

5. Analytical and marketing tools/scripts used:

a. Google Analytics 4

 

Part IV. Additional provisions

1. The entity processing personal data is the online booking system Hotres.pl (so-called Channel Manager / Property Management System), owned by HOTRES SP. Z O. O. with its registered office at ul. Osiedle Robotnicze 10/4, 58-500 Jelenia Góra, Tax Identification Number (NIP): 6112816201, hereinafter referred to as Hotres.pl.

2. To ensure the security of the personal data entrusted to it, the Controller operates based on internal procedures and recommendations, consistent with relevant legal acts on personal data protection, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

3. The Controller exercises due diligence to protect the interests of data subjects, and in particular ensures that personal data are:

a. processed lawfully;

b. collected for specified, legitimate purposes and not further processed incompatible with those purposes;

c. factually accurate and adequate in relation to the purposes for which they are processed;

d. stored in a form that permits the identification of data subjects for no longer than necessary to achieve the purpose of processing;

4. personal data are processed based on the consent expressed by Website users and in cases where applicable law authorizes the Controller to process personal data.

5. The Controller processes personal data voluntarily provided by Website users solely for the following purposes:

a. responding to user inquiries submitted via the contact form;

b. accepting reservations using the online reservation system;

c. implementing the services provided by the Controller pursuant to Art. 6, paragraph 1, letter b) of the GDPR;

d. marketing, including sending commercial information to an email address, if the Customer has consented, by checking the appropriate box during the booking process or submitting an inquiry via the contact form. Consent to the processing of data for marketing purposes and the sending of commercial information may be withdrawn by clicking the appropriate link in the received message or by sending such a request to the Controller's email address;

e.       the legitimate interest of the Personal Data Controller in specific cases pursuant to Art. 6, Section 1, Letter f) of the GDPR, e.g., debt collection or video monitoring of traffic on the premises of the Property.

6.       Recipients of personal data may include authorities, institutions, and entities authorized by law, as well as entities providing services to the Data Controller (e.g., legal, IT, marketing, accounting services), and other entities participating in the implementation of the ordered service.

7.       The Data Controller may use automated decision-making, including profiling, for marketing purposes and to tailor the offer.

8.       The data processed by the Data Controller may be accessed by the Website user who provided it. The User also has the right to modify this data, request its deletion, and limit or cease the processing of their personal data at any time. The User may also request the deletion of their personal data from the Website at any time. The right to data portability does not apply, as no standard has been established for the exchange of such data between tourist facilities.

9. The Website User has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

10. To exercise their rights indicated in point 8 above, the Website User should contact the Administrator using the same email address or telephone number provided to the Website, by contacting info@okopowa.waw.pl.

11. Each Website User may file a complaint with the Office for Personal Data Protection.

12. The Administrator collects information about users and their behavior in the following ways:

a. by voluntarily entering information in forms;

b. by collecting cookies;

c. Upon their first visit to rental.okopowa.waw.pl, the User is informed of the use of cookies. By remaining on the website, the User accepts the use of cookies. Failure to change browser settings by the user constitutes consent to the use of cookies.

13. Installing cookies is necessary for the proper provision of services on the Website. Cookies contain information necessary for the proper functioning of the website, particularly those requiring authorization. The user may change their browser settings regarding the use and storage of cookies at any time.

14. The following types of cookies are used within the Website:

a. session cookies - remain in the browser until the user closes it or logs out of the website on which they are placed;

b. persistent cookies - remain in the device's web browser until the user deletes them or until a predetermined time specified in the cookie file parameters.

15. In terms of functionality, each cookie can be divided into:

a. conversion cookies, which allow for the analysis of the performance of various sales channels;

b. tracking cookies, which, in conjunction with conversions, help analyze the performance of various sales channels;

c. marketing cookies, used to personalize advertising content and target it appropriately;

d. marketing cookies, used to personalize advertising content and target it appropriately;

e. analytical tools, which help improve the user experience by understanding how users use the website;

f. necessary files, i.e., files fundamental to the basic functionality of the website.

16. Some cookies may be placed by the website and online booking system provider solely for the following purposes:

a.       improving and supporting the booking process;

b.       analyzing and collecting statistical data regarding the use of the website and online booking system in order to improve them.

17. The Website may contain links to other websites that operate independently of the Website and are not in any way supervised by the Website. These websites may have their own privacy policies and terms and conditions, which we recommend that you review.

18. The Administrator reserves the right to change the website's privacy policy, which may be caused by the development of internet technology, possible changes in personal data protection law, and the development of the Website. We will inform users of any changes in a visible and understandable manner.

19. Hotres.pl, as the entity processing the Guest's personal data, ensures the implementation of appropriate technical and organizational measures, as well as additional IT security measures, based on proven servers and systems for processing personal data in services provided electronically.

20. Hotres.pl declares that the IT systems used to process personal data meet the requirements of applicable law, in particular that they are protected to a high degree within the meaning of the Regulation of the Minister of Internal Affairs and Administration of April 29, 2004, regarding personal data processing documentation and technical and organizational conditions to be met by devices and information systems used for personal data processing.

21. Hotres.pl's subcontractors and employees will be duly authorized to process personal data in connection with the booking process, to which the Administrator and the Guest consent.

22. In order to ensure the highest level of security in storing personal data in accordance with the requirements of the GDPR, Hotres.pl is committed to:

a.       encrypting and anonymizing the transmission of personal data;

b.       continuously ensure the confidentiality, integrity, availability, and resilience of processing systems and services;

c.       the ability to quickly restore the availability and access to personal data in the event of a physical or technical incident;

d.       regularly test, measure, and evaluate the effectiveness of technical and organizational measures designed to ensure the security of data processing.

23. The Controller is entitled to amend the provisions of these Terms and Conditions at any time and at its sole discretion. In particular, it may amend the provisions of these Terms and Conditions in the event of:

a.       the need to adapt the Terms and Conditions to mandatory provisions or changes in legal provisions affecting the content of these Terms and Conditions;

b.       the need to adapt the Terms and Conditions to a recommendation, interpretation, ruling, resolution, or decision of a public authority or court ruling affecting the content of these Terms and Conditions;

c.       expansion or change of Hotres.pl functionality.

 

Download the policy in digital form

Book now
Location
Call us