Regulations and personal data processing policy

These Terms and Conditions of entrusting personal data define the principles of processing of personal data entrusted to Hotel przy Młynie Sp. z o.o., 44- 200 Rybnik, ul. Młyńska 17, NIP: 6423234398, hereinafter referred to as the controller, for the purpose of providing the services provided by the company.

1 The Regulations constitute compliance with the information obligation under Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119 of 4.05.2016, p. 1) (hereinafter: RODO).

Personal data controller, processor

The personal data controller / processor is: Hotel przy Młynie Sp. z o.o., 44- 200 Rybnik, Młyńska 17 Street, NIP: 6423234398, correspondence address: Hotel "Przy Młynie", 44-200 Rybnik, Młyńska 17 Street, personal data contact: recepcja@hotelprzymlynie.pl.

Purpose and scope of data processing

3 The data controller/processor declares that it processes Users' personal data in accordance with: Article 6(1)(b) - i.e. the processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract; or Article 6(1)(a) i.e. on the basis of the data subject's consent in other cases.

4 The controller/processor shall process the personal data for the purpose of performing the contract for the provision of the service. The data controller processes the data only to the extent necessary for these purposes and for the period necessary for the performance of the contract or until the data entrustor withdraws his consent, or until the data entrustor ceases its activities.

5 The entrustment covers the processing of personal data for the purpose of the Processor performing the following activities:
a. Storing, collecting, organising, capturing, organising, storing, processing, transmitting, sharing, deleting personal data.
b. Operations on personal data read, edit, delete.
c. Making backups.

6 The administrator does not carry out profiling activities.

7 The recipients (processors of entrustment) of the personal data will be: entities providing the operation, maintenance and implementation of the services provided by the Administrator. In this respect, these include: hosting service, legal service, accounting and HR service, IT service. The exchange of personal data with these entities is regulated through personal data entrustment agreements and regulations applied in cooperation with them.

(8) Personal data shall not be disclosed to third parties, except under applicable law, obliging the personal data controller to disclose such data to authorised entities.

User rights

9. In accordance with Articles 15-22 of the RODO, each User shall have the following rights:

a. To request access to personal data from the Data Controller.
b. To request the Data Controller to complete, rectify personal data.
c. To request the Controller to erase or restrict the processing of personal data.
d. Object to the processing of personal data.
e. Requests for the transfer of personal data.

(10) The user may exercise his/her rights by sending an appropriate request to the e-mail address: recepcja@hotelprzymlynie.pl. The request can also be made by letter by sending a registered letter containing such request to the correspondence address of the company run by the Administrator.

(11) In accordance with the law, the Administrator shall, within one month, respond to the person who made the request about the action taken. If the Administrator does not take such action, it will inform the person making the request.

12 You have the right to lodge a complaint against the actions of the Administrator to the Supervisory Authority, which is the President of the Office for Personal Data Protection.

Security

13 The controller/processor shall apply security measures designed to protect the personal data being processed against loss, modification or misuse.

Final provisions

1 These Regulations shall enter into force on 25.05.2018.

(2) Users will be informed of changes to the content of the regulations by email. The changes will also be published on the website of the controller / processor - at www.hotelprzymlynie.pl.