1. This Privacy Policy sets out the principles of processing and protection of personal data provided by users in connection with their use of the services offered by the Elements Hotel & Spa website – www.elements-hotel.pl (hereinafter: the Service), and also describes the principles of processing personal data by Operator Świeradów spółka z ograniczoną odpowiedzialnością spółka komandytowa with its registered office in Warsaw.
2. The controller of personal data processed within the Service is Operator Świeradów Zdrój spółka z ograniczoną odpowiedzialnością spółka komandytowa, Warsaw 00-023, ul. Widok 8, entered into the register of entrepreneurs under KRS number: 0000774092, NIP: 5213858235 (hereinafter: the Controller).
3. In order to ensure the security of entrusted personal data, the Controller operates on the basis of internal procedures and recommendations, compliant with relevant legal acts in the field of personal data protection, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
4. The Controller exercises particular diligence in order to protect the interests of persons whose data are concerned, and in particular ensures that personal data are:
a) processed lawfully,
b) collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes,
c) factually correct and adequate in relation to the purposes for which they are processed,
d) stored in a form permitting identification of data subjects for no longer than is necessary to achieve the purpose of processing.
5. The Controller performs functions of obtaining information about users and their behaviour through voluntary input of information by users in forms, in order to:
a) provide responses to user inquiries submitted via the contact form on the basis of Article 6(1)(f) GDPR,
b) accept reservations using the online reservation system on the basis of Article 6(1)(b) GDPR,
c) perform services provided by the Controller on the basis of Article 6(1)(b) GDPR,
d) conduct direct marketing of Elements Hotel & Spa products and services, including sending commercial information and marketing offers to the e-mail address and via SMS messages to the provided phone number, whereby:
1) the basis for processing personal data (in particular the e-mail address and phone number) for the purpose of direct marketing is the legitimate interest of the Controller consisting in promoting its own services (Article 6(1)(f) GDPR), with the right to object at any time to the processing of data for direct marketing purposes;
2) the use by the Controller of the user's e-mail address or phone number for sending commercial information and marketing offers via electronic communication means (including SMS messages) requires prior, separate consent of the user for the use of a given communication channel, granted in accordance with Article 398 of the Act of 12 July 2024 – Electronic Communications Law; this consent is voluntary and may be withdrawn at any time without affecting the lawfulness of processing carried out before its withdrawal, in particular by clicking the appropriate unsubscribe link in the received e-mail message or by contacting the Controller using the contact details indicated in the Policy,
e) pursue the legitimate interest of the Controller in specific cases on the basis of Article 6(1)(f) GDPR, e.g. debt collection, defence against claims.
6. For the purpose of sending marketing offers and commercial information via SMS messages, the Controller processes in particular the mobile phone number provided by the user, as well as the user's identification data necessary for proper addressing of the offer (e.g. name, surname). Providing the phone number for SMS marketing purposes is voluntary, but necessary for the user to receive marketing content via SMS.
7. During the first visit to the Elements Hotel & Spa website, the user is informed about the use of cookies. By remaining on the website, the user accepts the use of cookies on the website. Failure by the user to change browser settings is equivalent to consent to the use of “cookies”.
8. Changing cookie settings will take effect after restarting or refreshing the session on the Controller’s website.
9. Installation of cookies necessary for the basic functionality of the Service is required for its proper operation, in particular those required for authorization.
10. Cookies necessary for the operation of the website can be changed by modifying browser settings, however it should be noted that changing settings may result in improper functioning of the website.
11. More information about cookies is available in the “Help” section in the menu of the user’s web browser.
12. Users who, after reading the information available in the Service, do not want cookies to remain stored in the web browser of their device, should delete them from their browser after finishing the visit to the Service. Within the Service, the following types of cookies are used:
a) session cookies – remain in the browser until it is closed or the user logs out of the Service,
b) persistent cookies – remain in the web browser of the device until they are deleted by the user or until the time specified in the cookie parameters.
13. In terms of functionality, each cookie can be divided into:
a) analytical cookies, which help improve the comfort of using the website by understanding how users use it and how they convert on it,
b) marketing cookies, used to personalize advertising content, properly target it and analyze the performance of marketing channels and sales channels,
c) necessary cookies, i.e. fundamental for the basic functionality of the Service.
14. The cookies we use allow us to develop our website.
15. Some cookies may be placed by the Online Reservation System provider only for the purpose of:
a) improving and supporting the reservation process,
b) analyzing and collecting statistical data regarding the use of the website and the online reservation system in order to improve them,
c) the provider of the Online Reservation System informs about installed cookies in the user interface of that system.
16. The Controller may use automated decision-making, including profiling, for marketing purposes (including automated matching of advertisements to your interests and measuring their effectiveness), and for adapting the offer on the basis of Article 6(1)(a) GDPR.
17. Recipients of personal data may be authorities, institutions and entities authorized under the law, as well as entities providing services to the Controller (e.g. legal, IT, marketing, accounting services, an entity performing mass e-mail and SMS sending on behalf of the Controller or providing tools for such sending, and other entities participating in the performance of the ordered service).
18. We use the following analytical tools:
Google Analytics
19. The user of the Service who has provided their data has the right to access the processed data. The user also has the right to modify such data, request its deletion and restriction or cessation of processing of their personal data at any time. At any time, the user may also request deletion of their personal data from the Service. With regard to data processed for the purpose of sending marketing offers and commercial information via SMS, the user has in particular the right to withdraw consent to receive such messages and to request deletion of the phone number from the Controller's marketing database.
20. Personal data processed for the purpose of sending commercial information and marketing offers via SMS messages will be processed until the user withdraws consent or objects to the processing of data for marketing purposes, but no longer than for the period of limitation of possible claims related to the Controller’s marketing activities.
21. In order to exercise the rights indicated above, the user of the Service should contact the Data Protection Officer appointed by the Controller at the address: rodo@elements-hotel.pl.
22. The user of the Service has the right to withdraw any consent given (including consent to use the e-mail address and phone number for sending commercial information and marketing offers via SMS messages) at any time, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal. Withdrawal of consent may take place in particular by:
a) clicking the appropriate unsubscribe link in the received e-mail message,
b) contacting the Controller or the Data Protection Officer appointed by it at the correspondence address or e-mail address rodo@elements-hotel.pl.
23. In the case of technologies using cookies, the user may withdraw consent by changing the settings of their web browser.
24. Each user of the Service may lodge a complaint with the Personal Data Protection Office.
25. The Service may contain links to other websites which operate independently of the Service and are not supervised in any way by the Service. These websites may have their own privacy policies and regulations, which we recommend reading carefully.
26. The Controller reserves the right to make changes to the privacy policy of the Service, which may be caused by the development of internet technology, possible changes in the law on personal data protection, and the development of the Service. We will inform users about any changes in a visible and understandable manner.
