Book without
a broker
Breakfast included in the price of the room
Check out at 12
10% discount in M17 Restaurant
Car park

This Personal Data Protection Policy contains the rules for data processing personal data by the company Firma “ŻEBROWSKI” Marian Żebrowski 87-300 Brodnica, ul.Gajdy 2, NIP:8741018931, hereinafter referred to as the Administrator, in order to provide services provided by company.

The policy fulfills the information obligation under Art. 13 Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (general regulation on the protection of personal data) (Journal of Laws UE L 119 of 4 May 2016, p.1) (hereinafter referred to as: GDPR).

Personal data controller, processor

The administrator of the personal data of clients and contractors is company Firma “ŻEBROWSKI” represented by the owner, Mr. Marian Żebrowski, based in Brodnica on the street Gajdy 2. You can contact us as follows:

  • by letter to the address: Młyńska 17 street, 44-200 Rybnik,
  • by phone: 32 422 11 24 or 517 293 938, or in person during working hours from Monday to Friday from 7:00 a.m till 4 p.m.
  • by e-mail:

Purpose and scope of data processing

Personal data will be processed for the purpose of:

  • provision of services provided by the Administrator pursuant to art. 6 sec. 1 lit. b) GDPR,  i.e.  processing is necessary to perform the contract to which the person is a party,the data subject or taking action at the request of the data subject,before concluding the contract;
  • marketing, including sending commercial information and answering e-mail address, if the Customer has consented to it, by checking the appropriate field in the booking process. Consent to process data for purposes marketing and sending commercial information can be withdrawn via clicking the appropriate link in the received message or sent one notifications to the Administrator’s e-mail address;
  • accepting reservations using the form on the website based on the consent the customer expressed;
  • implementation of the legitimate interest of the Administrator of personal data in specific cases pursuant to Art. 6 sec. 1 lit. f) GDPR, e.g. debt collection or for purpose using video monitoring on the premises of the Facility.

The data administrator processes personal data in order to perform the service contract. The data controller processes data only to the extent necessary for these purposes and for the period necessary to perform the contract or until the entity withdraws its consent entrusting data or until the end of its activity.

Processing time

Customer’s personal data will be kept for the period resulting from the provisions of the ordinance tax, provisions of the Accounting Act and other generally applicable provisions legal provisions on the basis of which the Administrator operates.

The monitoring record is kept for a maximum of 14 days or until overwriting. In situations where the monitoring record is secured as material the evidential storage period results from the conducted proceedings.

Data recipients

Personal data will be shared with external entities when such disclosure results from applicable law, obliging the personal data administrator to transfer them to authorized entities.

The data controller provides personal data of its clients to entities that cooperates with, among others legal, IT, marketing, accounting and other entities participating in the implementation of the Services with which the Administrator has signed a contract for cooperation.

The Customer’s personal data will not be obliged outside the EEA.

User permissions

The customer is entitled to :

  • access to your data, correct or withdraw it at any time (withdrawal of consent does not affect the lawfulness of the processing that has been carried out on its basis before its withdrawal);
  • request deletion of data (the right to be forgotten);
  • data processing restrictions;
  • object to the use of automatic pickup decisions (including profiling); 
  • lodging a complaint to the President of the Personal Data Protection Office.


The administrator declares that he applies organizational and technical measures to ensure security of processed personal data against loss, modification or misuse.