Privacy policy

I. Personal Data Controller

1. The Administrator of your personal data processed for the purpose of using hotel services and accompanying services are the following companies:
1) Dobry Hotel Mięczkowski Spółka Komandytowa (Limited Partnership) with its registered office in Sopot at 18-20 Pułaskiego Street, entered into the register of entrepreneurs of the National Court Register (Krajowy Rejestr Sądowy) kept by the District Court Gdańsk-Północ in Gdańsk, VIII Commercial Division of the National Court Register under number 0000360212, Tax Identification Number (NIP) 585 145 58 78, Statistical Number (REGON): 221051940, (hereinafter referred to as the: „Dobry Hotel”),
2) Altus Hotel Mięczkowski spółka komandytowa (Limited Partnership) with its registered office in Sopot at 18-20 Pułaskiego Street, entered into the register of entrepreneurs of the National Court Register (Krajowy Rejestr Sądowy) kept by the District Court Gdańsk-Północ in Gdańsk, VIII Commercial Division of the National Court Register under number 0000593450, Tax Identification Number (NIP): 5851472954, Statistical Number (REGON): 363350641,
3) Hotel Aureus Mięczkowski spółka komandytowa (Limited Partnership) with its registered office in Sopot at 18-20 Pułaskiego Street, entered into the register of entrepreneurs of the National Court Register (Krajowy Rejestr Sądowy) kept by the District Court Gdańsk-Północ in Gdańsk, VIII Commercial Division of the National Court Register under number 0000339867, Tax Identification Number (NIP): 5851451159, Statistical Number (REGON): 220890058,
4) Hotel Unicus Mięczkowski spółka komandytowa (Limited Partnership) with its registered office in Sopot at 18-20 Pułaskiego Street, entered into the register of entrepreneurs of the National Court Register (Krajowy Rejestr Sądowy) kept by the District Court Gdańsk-Północ in Gdańsk, VIII Commercial Division of the National Court Register under number: 0000328042, Tax Identification Number (NIP): 5851448140, Statistical Number (REGON): 220774659,
(hereinafter jointly referred to as the „Companies”)

2. The Companies are joint controllers of your data, which means they together set the purposes and methods of processing your data. In matters related to the processing of your personal data by the Companies, please contact the person responsible for the protection of personal data at the following e-mail address: rodo@dobryhotel.com or at the following address: Dobry Hotel Mięczkowski Sp. k., al. Grunwaldzka 229, 80-226 Gdańsk. This is a joint contact for all the Companies.
3. Dobry Hotel – as the joint controller - is responsible for providing you with the information about how the Companies process your personal data.
4. Dobry Hotel is also responsible for the exercising of your rights under personal data protection regulations. Dobry Hotel performs those duties on its own behalf and on behalf of the Companies
5. The Companies have entered into the agreement; this agreement does not limit the liability of each of the Companies. You can execute your rights against each of the Companies (joint and several liability of the Companies).

II. The contact details of the controllers representatives in the matter of personal data protection

In matters related to the processing of your personal data by the Companies, please contact the person responsible for the protection of personal data at the following e-mail address: rodo@dobryhotel.com or at the following address: Dobry Hotel Mięczkowski Sp. k., al. Grunwaldzka 229, 80-226 Gdańsk.
This is a joint contact for all the Companies.

III. Purposes and legal basis for processing personal data

In order to provide services within the scope of the company’s operations, we will process your personal data, for a variety of purposes, all of which are in compliance with the law. Below you can find a detailed list of the purposes for which your personal data is processed along with the legal basis for such processing.
Your personal data are being processed by the Companies in connection with services rendered by the Companies on your request. The purpose of this processing is primarily to ensure proper performance of the service agreement and to present to you our special offers presenting. Below you will find purposes for the processing of personal data along with the legal basis.

 Purpose of the processing data  Legal basis

For the purpose of proper fulfillment of the hotel service agreement the Companies processing your personal data given in the registration card, i.e.:
• first name and surname,
• place and address of the residence,
• id card number,
• phone number,
• date of birth,
• nationality,
• credit card number (if provided),
• car registration number (if provided).

Under art. 6 paragraph 1 b GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance) - processing is necessary for the performance of a contract to which the you are the party or in order to take steps at the request of the data subject prior to entering into a contract.

For the purpose of rendering services through the booking system (including information send by the system) available on the website www.dobryhotel.com the Companies process following personal data:
• first name and surname,
• e-mail address.

Under art. 6 paragraph 1 b GDPR - processing is necessary for the performance of a contract to which you are the party or in order to take steps at the request of the data subject prior to entering into a contract.

In order to process a complaint, the Companies process personal data, such as:
• first name and surname,
• e-mail address,
• booking number,
• address of the residence (if there is a refund),
• bank account number (if there is a refund).

Under art. 6 paragraph 1 b GDPR - processing is necessary for the performance of a contract to which the you are the party or in order to take steps at the request of the data subject prior to entering into a contract.

Ensuring the quality of the services provided to you is a priority for the Companies, which is why during the period of the service or after completing a given service, the Companies may send you short surveys with request for your feedback. The companies may also send you offers covering the services they provide. In this case, the Companies process personal data such as:
• first name and surname,
• e-mail address
You can inform the Companies at any time that you do not wish to receive such content. Upon your request the information will cease to be sent.

Under art. 6 paragraph 1 f GDPR - processing is necessary for the purposes of the legitimate interests of the Companies. In this particular situation this purpose shall mean development and improvement quality of the services rendered by the Companies.
The information may only be provided upon your consent given under the Act on the provision of electronic services and the Act on the telecommunications law.

In order to ensure safety and security at facilities managing by the Companies, we use video monitoring. Therefore, the Companies process data such as:
• images of the natural person.

Under art. 6 paragraph 1 f GDPR - processing is necessary for the purposes of the legitimate interests of the Companies. In this particular situation this purpose shall mean providing security to another legally protected good (e.g. company resources, personal safety in or around premises).

For archiving and evidence purposes, the Companies process personal data such as:
• name and surname,
• e-mail address,
• booking number.

Under art. 6 paragraph 1 f GDPR - processing is necessary for the purposes of the legitimate interests of the Companies. In this particular situation this purpose shall mean possession of personal data that will allow to prove certain facts related to the provision of services, e.g. needed at the request of public authorities.

In order to establish, investigate or defend against claims, the Companies process personal data such as:
• first name and surname,
• address/place of residence (if provided),
• PESEL number or NIP number (if provided),
• e-mail address,
• booking number,
• identification number.

Under art. 6 paragraph 1 f GDPR - processing is necessary for the purposes legitimate interests pursued by the Companies. In this particular situation this purpose shall mean establishing, investigating or defending the Companies rights.

In order to use the loyalty program, the Companies process personal data such as:
• first name and surname,
• phone number,
• e-mail address.

Under art. 6 paragraph 1 a GDPR – you have given consent to the processing of your personal data for one or more specific purposes.

In order to create registers and records related to the GDPR, including for example the register of guests who raised objections or exercise the right to limit the processing of their data in accordance with the GDPR, the Companies process personal data such as:
• first name and surname,
• e-mail address.

These data are processed primarily because the GDPR imposes on the Companies numerous documentary obligations to demonstrate the compliance of the processing with the law and the possibility of demonstrating such compliance (in order to implement one of the basic principles of GDPR, that is accountability). In addition, if you submit, for example, an objection to the processing of personal data for marketing purposes, the companies need to know who should not use direct marketing, because they do not want it. Under art. 6 paragraph 1 c GDPR - processing is necessary for compliance with a legal obligation to which the controller is a subject to.

Under art. 6 paragraph 1 f GDPR - processing is necessary for the purposes of the legitimate interests of the Companies. In this particular situation this purpose shall mean having knowledge about people who exercise their rights resulting from the GDPR.

In order to issue an invoice and fulfill other obligations resulting from tax law regulations, such as storing accounting records for 5 years, the Companies process personal data such as:
• first name and surname,
• address of residence or headquarters address,
• tax identification number (if provided),
• booking number.

Art. 6 paragraph 1 c GDPR in relation to regulations contained in the Accounting Act dated on 29 September 1994.
To enable the use of cookies on the website, we also process text information (cookies are described in a separate section). Article 6 para. 1a of the GDPR, which allows personal data to be processed on the basis of voluntary consent (during the first visit to the website, a request for consent to the use of cookies will appear).

For the purpose of the administration of a website, the Companies process personal data such as:
• IP address,
• server date and time,
• information about the web browser,
• information about the operating system - these data are automatically saved in the server logs, while using the page belonging to the Companies. It would not be possible to administrate the website without using the server and without this automatic savings.

Under art. 6 paragraph 1 f GDPR - processing is necessary for the purposes of the legitimate interests of the Companies. In this particular situation this purpose shall mean proper website.

For the analytical purpose, i.e. providing research and analysis of the activity on the website www.dobryhotel.com, the Companies process such personal data as:
• date and time of visiting the website,
• type of operating system,
• approximate location,
• type of web browser used to browse the website,
• time spent on the site,
• subpages visited.

Under art. 6 paragraph 1 f GDPR - processing is necessary for the purposes of the legitimate interests of the Companies. In this particular situation this purpose shall mean having knowledge about client’s activity on the website. 

VI.Cookies

1. The company uses cookies on its website (as well as on the home pages of the individual hotels within the company), as do many companies and institutions. These cookies are short text files which are saved on the end user’s electronic device, such as a computer, smartphone or tablet. They may be read by the system managed by the company, as well as by systems belonging to other entities whose services the company uses, such as Facebook or Google.
2. Cookies have many functions on the website, in particular:
• they provide security – cookies are used to verify and authenticate users and to prevent unauthorised access to the client panel. In this way they protect your personal data from access by unauthorised parties.
• they increase the efficiency and comfort of using the website – cookies are used to make your experience browsing the website run more smoothly and to ensure that you have full access to its functionality, which is possible among other reasons thanks to cookies remembering your settings from visit to visit. Thanks to this it is easy to smoothly move from page to page.
• cookies identify session status — cookies frequently store information on how you use the website, such as which subpages are most often displayed. These cookies help us identify display errors in the website.
• cookies maintain session status — once you have logged into the reservation system, cookies allow your session to be maintained. This means that it is not necessary to log into the system again every time you visit a subpage, undoubtedly increasing the comfort of use of the system.
• they create statistics —cookies are used to analyse how users are using the website (for example how many people visit the site, how long they remain on the site, which contents generate the most interest, etc.). Thanks to this information, we can improve the website and adapt its operations to the preferences of its users. In order to monitor page activity and create statistics, we use Google tools such as Google Analytics; in addition to reporting on usage statistics for the website, Google Analytics may also be used together with some of the types of cookies mentioned above to provide the user with more tailored and relevant content in Google services (such as the Google search engine) and throughout the Internet.
• cookies have a function in social networks — our website features a Facebook pixel which allows visitors to like our funpage by simply clicking on it while visiting our website. For this feature to be available, we must use cookies supplied by Facebook.
3. It is important to remember that many cookies have an anonymous nature; that is, they cannot be used to identify the individual user.
4. By default, your browser accepts the use of cookies on your device, which is why we ask for your consent for this during your first visit. If however you do not wish your browser to accept cookies when visiting the website, you may change your browser settings to completely block cookies or to require notification each time a cookie is placed on your device. These settings may be changed at any time.
5. With full respect for your freedom to decide about such matters, we would also like to inform you that blocking or restricting the use of cookies may cause serious difficulties in using the website, such as making it necessary to log into every subpage, restricting the functionality of the site, or making it impossible to like us on Facebook, etc.

V. Right to withdraw consent

1. If processing of your personal data takes place on the basis of your consent, you may withdraw that consent at any time and for any reason,
2. If you choose to withdraw consent for the processing of your personal data, it is sufficient to:
• send an e-mail directly to the company at the address rodo@dobryhotel.com or by traditional mail to the company’s postal address:
• Dobry Hotel Mięczkowski Sp. k., al. Grunwaldzka 229, 80-226 Gdańsk

VI. The obligation to provide the personal data

1. Dear Customer, the use of hotel services provided by the Company or access services to the booking system is fully voluntary, however, for the proper performance of the contract, personal data is necessary.
2. For the purpose of rendering services through the booking system, the Companies process following personal data: first name and surname, e-mail address.
3. In order to issue an invoice and fulfill other obligations resulting from the provisions of tax law, the Companies process personal data such as: first name and surname, address of residence or headquarters address, tax identification number (if provided).
4. You also provide your telephone number or e-mail address on a voluntary basis. The companies point out, however, that in the absence of these data, they will not be able to submit their offers.
5. In order to use the loyalty program, the Companies process personal data such as: first name and surname, phone number, e-mail address.

VII. Other ways of data processing

1. One of the ways of processing your personal data is the profiling. Profiling means that each of the Companies may - based on your preferences - adapt services and content sent to you electronically by the Companies. For its part, each of the Companies guarantees that the data is not processed automatically, that is, without human interference

VIII. The recipients of the personal data

1. Bearing in mind how valuable your personal data is at every step, the Companies try to ensure that their processing takes place in accordance with the law, and in the case of transferring these data outside the structures of the Companies, we make sure that the entities which are entrusted with your data ensure the appropriate standard of their protection and they keep them confidential
2. Bearing in mind how valuable your personal data is at every step, the Companies try to ensure that their processing takes place in accordance with the law, and in the case of transferring these data outside the structures of the Companies, we make sure that the entities which are entrusted with your data ensure the appropriate standard of their protection and they keep them confidential. We would like to draw your attention to the fact that, like most entrepreneurs, the Company uses the help of third parties in its operations, which may involve the transfer of your personal data. In connection with the above, if necessary, the Company provides your data to:
1) entities providing additional services accompanying hotel services (in particular access to water attractions, access to wellness services or access to sports facilities),
2) entities providing payment services,
3) IT service providers and services supporting marketing activities of companies (e.g. entities providing mailing services),
4) suppliers of legal and advisory services and supporting the Companies in pursuing claims due (e.g. law firms, debt collection companies)
5) public authorities (e.g. fighting against fraud or abuse) or tax authorities
6) insurance and brokerage companies,
7) owners of facilities in which there are hotels.

IX. Personal data transfer to third countries

1. Like most entrepreneurs, the Companies use various popular services and technologies offered by such entities as Facebook, Microsoft or Google. These companies are based outside the European Union and therefore, in the light of the provisions of the GDPR, they can be treated as third countries.
2. Due to the fact that each of the Companies uses the services of different suppliers, your personal data may be transferred outside the European Union and the European Economic Area. The companies ensure, however, that in such a case the data transfer will take place on the basis of a contract between the Companies and this entity, containing exemplary clauses on data protection adopted by the European Commission.

X. The period for which the personal data will be stored

1. In accordance with the applicable law, we do not process your personal information "indefinitely", but for the time that is needed to achieve the purpose. After this period, your personal data will be irreparably removed or destroyed
2. In a situation where the Companies do not need to perform other operations on your personal data than storing (e.g. when the content of the order is stored for defenses against claims), until the permanent removal or destruction of the data are additionally protected - for example by pseudonymization. Pseudonymisation consists of such encryption of personal data or a personal data set that it is impossible to read them without an additional key, and thus such information becomes completely useless to the unauthorized person.
3. Regarding particular periods of personal data processing, the Companies indicate that personal data is processed for the period of:
• duration of the contract - in relation to personal data processed in order to conclude and perform the contract;
• limitation of claims - in relation to personal data processed in order to establish, assert or defend claims (the length of the period depends on whether both parties are entrepreneurs or not);
• 30 days - in relation to personal data processed for the needs of video monitoring, unless a longer period results from the relevant orders of public authorities;
• 1 year - in relation to personal data that were collected when asking for services (e.g. room availability), and at the same time the contract was not concluded immediately;
• 5 years - in relation to personal data related to the fulfillment of obligations arising from tax law;
• pending the withdrawal of consent or the achievement of the purpose of processing - in relation to personal data processed on the basis of consent;
• until the opposition has been effectively raised or the purpose of processing is achieved - in relation to personal data processed on the basis of the legitimate interests of the Companies or for marketing purposes;
• until obsolescence or obsolescence, but no more than 5 years - in relation to personal data processed mainly for analytical purposes.
4. Please note that periods in years are counted from the end of the year in which the Companies began processing personal data. Such actions are primarily aimed at improving the process of removing or destroying personal data
5. Please note that a separate counting of the deadline for each contract would entail significant
organizational and technical difficulties for the Companies as well as significant financial
expenses, therefore setting one date for removing or destroying personal data allows the Companies
to manage this process more efficiently and effectively.
6. However, if you exercise the right to be forgotten by the Company, such situations are considered
and solved individually.
7. The additional year associated with the processing of personal data collected for the performance
of the contract is dictated by the fact that you can hypothetically claim a moment before the expiry
of the limitation period, the request may be delivered with a significant delay or you may
incorrectly determine the limitation period of your claim.

XI. Rights of the data subject

1. The company informs you of your right to:
• acces your personal data
• rectify your personal data
• delete your personal data
• restrict processing of your personal data
• lodge a complaint about the processing of your personal data
• transfer your personal data to another data controller
2. The rights described above are honoured by the company, and the company shall make efforts to ensure that the exercise of these rights is as easy as possible.
3. The company would also like to inform you that the rights listed above are not absolute rights, and that in some situations the company may choose to or be required to refuse to honour these rights. However, such rights shall only be refused after thorough and careful analysis and only when absolutely necessary.
4. Regarding the right to lodge a complaint about the processing of personal data, the company informs you that at any time you may object to the processing of your personal data based on the legitimate business interest of the company (these are listed in Point 3) based on your own particular situation. It is important to remember, w-however, that we may be required to refuse such a request in order to comply with the law if it can be shown that:
• there is a legally justified rationale for processing the data which overrides your personal interest, rights and freedoms
• there is a basis for the establishment, settlement or defence of claims
5. Additionally, at any time you may object to the processing of your personal data for marketing purposes. In such a case, processing will cease after we receive your request.
6. You can exercise your rights by:
• sending an e-mail directly to the company at the address: rodo@dobryhotel.com
• sending written information to the address:
Dobry Hotel Mięczkowski Sp.k.  al. Grunwaldzka 229, 80-226 Gdańsk.

XII. Right to lodge a complaint

1. If you feel that your personal data have been processed in violation of applicable law, you may lodge a complaint with the President of the Office of Personal Data Protection.

XIII. Final provisions

1. Matters not covered by this Privacy Policy are subject to the relevant provisions of laws on the protection of personal data
2. Any changes to this Privacy Policy shall be announced via e-mail.
3. This Privacy Policy is valid from 25 May 2018.