Privacy Policy (of the website)

§1. General Information

The privacy policy of the website covers information regarding the processing of personal data and other information concerning users of the website located at krakowairporthotel.pl (hereinafter: "website" or "service").

The controller of personal data is Kraków Airport Hotel Spółka z ograniczoną odpowiedzialnością with its registered office in Balice at the address: 32-083 Balice, ul. Kpt. Medweckiego 3, entered into the Register of Entrepreneurs of the National Court Register under the number KRS 0000335628 by the District Court for Kraków - Śródmieście in Kraków, XII Commercial Division of the National Court Register, share capital PLN 34,935,000, NIP: 5130189547, REGON: 120944716, BDO 000423003 tel.: + 48 12 340 00 00 (hereinafter: "Controller" or "Kraków Airport Hotel").

The Controller attaches particular importance to the protection of personal data and respect for the right to privacy of the users of the service. By using the service, the User accepts these privacy policy rules, including those relating to cookies. The Controller, while operating the Services, applies technical measures provided for by law, the purpose of which is to protect the processed personal data against unauthorized access or use by unauthorized persons.

§2. Website User Data

For the purpose of operating the website, the Controller may process information such as: information regarding the User's device in order to ensure the correct operation of the service, e.g.: the device's IP address, information contained in cookies, session data, web browser data, and data on website activity. This information does not contain data regarding the identity of Users, however, in combination with other information, it may constitute personal data, therefore the Controller ensures the protection of this information appropriate for the protection of personal data and informs Users about its processing.

We process data for the following purposes:

  1. performance of a contract or taking steps at the request of the data subject prior to entering into a contract (legal basis: Article 6(1)(b) GDPR),
  2. handling inquiries (Article 6(1)(f) of GDPR),
  3. handling complaints and claims (Article 6(1)(b) of GDPR),
  4. storing documentation and fulfilling legal obligations incumbent on the Controller (Article 6(1)(c) GDPR),
  5. sending a newsletter (Article 6(1)(a) of GDPR),
  6. monitoring and improving the quality of services provided – requesting to complete a survey or answer a few questions regarding the quality of services provided (Article 6(1)(f) GDPR),
  7. displaying personalized commercial information on social networks (Art. 6(1)(a) of GDPR)

Providing data is voluntary, however, it is necessary to use the services or relevant functionalities of the website. In the case of data processed on the basis of consent, its provision is voluntary but may be necessary to use the services. Consent is given by accepting/clicking the appropriate field in the form provided on the website.

The processing of data collected through the website does not violate the rights and freedoms of Users.

Visitors to the Website may fill out a form and subscribe to the newsletter or provide an email address and/or phone number which will be the basis for automatic contact

§3. Contact form

Kraków Airport Hotel provides a contact form on its website, through which it is possible for Users to contact the hotel.

The data provided via the contact form will be processed in order to ensure contact between Users and the Controller, and to provide responses or fulfill other expectations of Users, depending on the content of the inquiry. The following categories of data are processed: name and surname, email address, telephone number (optional - if provided), and the content of the inquiry submitted by the User.

The legal basis for the processing of data submitted via the contact form is the legitimate interest of the Controller, which consists in ensuring the possibility of contact with Users and conducting its own marketing activities (Article 6(1)(f) GDPR). Marketing information may be sent using the data provided in the contact form if the content of the inquiry submitted by the User indicates an expectation to receive such information. The basis for data processing in this case is the User's consent expressed through clear affirmative actions, consisting in submitting an inquiry with specific content (Article 6(1)(a) GDPR).

§4. Newsletter

The Controller enables the User to subscribe to the newsletter after the User signs up by filling out a form on the website. Providing personal data is voluntary but necessary to conclude the contract. Your personal data will be processed for the purpose of marketing our own products and services by providing the newsletter. The basis for processing is the consent given (Article 6(1)(a) GDPR). You can withdraw your consent at any time, which does not affect the legality of the processing before the withdrawal of consent. For the purpose of providing the newsletter subscription service, the following categories of personal data will be processed: email address. Personal data will be processed for the duration of the newsletter subscription.

§5. Data of social media Users

Kraków Airport Hotel uses and includes links on its website to the following social media services: Facebook, Instagram, LinkedIn, YouTube.

The Controller does not post user data on social media platforms, but such data is posted by the Users themselves or automatically when using the Controller's Fanpage or other services.

Data entered by Users of social media platforms may be processed by the following entities in accordance with their privacy policies listed below:

a) Meta Platforms Ireland Limited ATTN: Privacy Operations Merrion Road Dublin 4D04 X2K5, Ireland https://www.facebook.com/privacy/policy?section_id=18-LegalBasisInformationConsent

b) LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irlandia https://pl.linkedin.com/legal/impressum

c) Google Ireland Limited - for users of Google services in the European Economic Area and Switzerland - with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland https://policies.google.com/privacy?hl=pl#enforcement

In order to enable the use of social media services, the Controller may process the following user data: name and surname or other name of the User, information about liking the fan page, activity on the fan page, content of comments and posts posted by Users, photos posted by Users.

In order to enable contact between Users and the Controller, the Controller processes data of persons contacting the Controller via Meta messengers such as Messenger or WhatsApp. The following are processed: name and surname or User name, content of correspondence (messages, threads). This data is not stored by the Controller anywhere other than the account on the Meta platform, in particular, the Controller does not save this data on its own servers.

On the fan page and other accounts on social media platforms, the Controller may post marketing information regarding the services provided, as well as events or contests and promotional campaigns that it organizes or participates in.

Due to the specific nature of social media platforms, information about people following the fan page, likes, and the content of comments, posts, photos, and other information posted by Users may be visible to other users and third parties, over which the Controller has no control. Data is processed for the duration of communication with Users and then deleted.

§6. External Links

Our website and other forms of communication may contain links to external services. Personal data transmitted through such websites, services, and links are not subject to this privacy policy and we are not responsible for the processing of personal data through such websites. The services to which links are located on our website have their own privacy policies specifying the way in which user data is processed.

§7. Reservation system

Kraków Airport Hotel does not use its own reservation system on the website but includes a link to the Hilton reservation system.

Kraków Airport Hotel, as a franchisee, operates the Hotel under the Hilton Garden Inn Kraków Airport brand and is part of the Hilton Worldwide hotel chain. The entities of the Hilton Worldwide Holdings Inc. group are independent from Kraków Airport Hotel sp. z o.o. as personal data controllers:

a) Hilton Reservations Worldwide, L.L.C. is the controller with respect to the processing of data provided when making a reservation at the Hotel.

b) Hilton Honors Worldwide, L.L.C. is the controller with respect to the processing of personal data in connection with the operation of the Hilton Honors program.

c) Hilton Domestic Operating Company Inc. is the controller with respect to the processing of personal data in connection with Hilton's marketing activities.

Hilton Reservations Worldwide, L.L.C., Hilton Honors Worldwide, L.L.C., and Hilton Domestic Operating Company Inc. can be contacted in the following ways:

a) Hilton Privacy Department, 7930 Jones Branch Drive, McLean, VA 22102, USA or by sending an email to: privacy@hilton.com

b) Hilton Office of the Data Protection Officer, 7930 Jones Branch Drive McLean, VA 22102, USA or by sending an email to: DataProtectionOffice@hilton.com

Hilton may share your personal data with other members of the Hilton brand portfolio, Hilton service providers, and other third parties only in accordance with the Global Privacy Statement available at the link: https://www.hilton.com/en/p/global-privacy-statement/

Data entered into the Hilton reservation system is processed by entities of the Hilton Worldwide Holdings Inc. group outside the EEA (USA). Due to the lack of a decision by the European Commission establishing an adequate level of protection, safeguards in the form of standard contractual clauses are applied, and in their absence, data may be transferred on the basis of Article 49(1)(b) GDPR - the transfer of data is necessary for the performance of a contract between the User and the Controller. Under the arrangements between the controllers, the Hotel is responsible for the personal data of Hotel Guests locally, while the other controllers are responsible for personal data globally in the areas specified above.

§8. Cookies

Cookies are transmitted to web browsers and then stored in the device's memory and read by the server each time a connection is made to the Website.

Saving cookies on the User's device does not allow the Controller access to the User's private device or to read data other than that stored in the cookies. The Controller uses so-called technical cookies, which enable the correct use of message transmission and remembering the User's settings, as well as creating simple statistics for the Service.

The Controller uses cookies and data collection technologies that help us analyze traffic on the Website. This enables optimization of its operation, improvement of solutions that enjoy the greatest interest, and display of dedicated messages and offers. The User may consent, not consent, withdraw consent, or manage settings by clicking here.

The Website may use the following types of cookies:

1. Essential cookies

Cookies necessary for the operation of services available on the website, enabling browsing offers or making reservations, supporting security mechanisms, including: user authentication and fraud detection. These cookies are required for the proper functioning of the website. They do not require the User's consent.

2. Analytical cookies

Cookies that enable the collection of information about how the User uses the website in order to optimize its functioning and adapt it to the user's expectations. By consenting to these cookies, the User agrees to the processing of data regarding the User's activity on the website for analytical purposes.

3. Marketing cookies

Cookies that enable the display of marketing content tailored to the User's preferences and the sending of notifications about marketing offers corresponding to their interests, including information about the User's activity, products and services of the Controller and third parties. Consent to these cookies means that the User's data may be used to personalize advertisements and analyze the effectiveness of our advertising campaigns.

§9. Data Recipients

Data may be shared with entities processing on behalf of and in the name of the Controller for the purpose of providing services necessary for the performance of the contract by the Controller, such as IT services (e.g., hosting, providing or maintaining IT systems), accounting services, legal services, postal services, etc. Such entities process data on the basis of a contract concluded with the Controller. These contracts include data processing principles and confidentiality. This data is not shared and none of these companies has the right to process data in any way other than as specified in the contract. The User's data, if the company has access to it, may be processed only for the purposes of proper provision of services.

§10. Data Retention period

In the case of consent to data processing (legal basis: Article 6(1)(a) GDPR), the data is processed until the withdrawal of consent, but after this period, information about who and when and what consent was given may be archived (for the purposes of establishing, pursuing, or defending legal claims). In other cases, data is processed for a period justified by the fulfillment of the purpose (e.g., performance of a contract, providing answers to questions, tax regulations, etc.). The processing period depends on the possibility of establishing, pursuing, or defending claims or when data retention is required due to tax regulations. Consent may be withdrawn at any time. Withdrawal of consent is possible by sending an email to: iod@krakowairporthotel.pl or by using the appropriate functionality provided for this purpose (e.g., via a link in the newsletter content).

§11. Rights of Data Subjects

You have the right to access your data and the right to request its rectification (if it is inconsistent with the actual state), erasure, or restriction of processing (in cases provided for by applicable law). To the extent that the processing of your personal data is based on the legitimate interest of the Controller, you have the right to object to the processing of personal data. To the extent that the processing of your personal data is based on consent, you have the right to withdraw consent. Withdrawal of consent does not affect the lawfulness of processing until the withdrawal of consent. You also have the right to data portability, i.e., to receive from the Controller, in a structured, commonly used, machine-readable format. The right to data portability does not apply to data that constitutes a trade secret, may not adversely affect the rights and freedoms of others, including trade secrets or intellectual property, and will be implemented to the extent technically possible. The first copy of the data is free of charge.

In order to exercise the rights indicated above, please contact the Controller at the correspondence address indicated in point I.

§12. Right to Lodge a Complaint with a Supervisory Authority

You also have the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office (00-193 Warsaw, ul. Stawki 2, e-mail: [kancelaria@uodo.gov.pl).

§13. Automated Decision-Making

The data provided by you will not be used in automated decision-making processes (including profiling).

Disclaimer

This English language version is for the convenience of users. Only the Polish language version is binding, the provisions of which shall prevail in the event of any discrepancies.