Privacy and Cookies Policy of the Website
- Data administrator and definitions
- The administrator of the personal data of the Website Guests/Users is: Małgorzata Grażyna Zembol Company,+48 500 093 773, 5480057912.
- The Data Controller can be contacted:
- at the mailing address: 1 Maja 21, 43-460, Wisła
- at the following e-mail address: rezerwacje@willowano5.pl
- User of the Website – a natural person accessing the page(s) presenting the Offer and making it possible to conclude a contract for the rental of accommodation or using the services or functionalities described in this Privacy and Cookies Policy.
- Service provider – Zenon Zembol, Firma Małgorzata Grażyna Zembol, 5480057912, 1 Maja 21, 43-460, Wisła.
- Offer – accommodation offered by the Service Provider for the purpose of concluding a contract for the rental of accommodation through the Website.
- Guest – a natural person with full legal capacity, a legal person or an organisational unit referred to in Article 331 of the Civil Code, concluding an accommodation contract with the Service Provider.
- Service – the presentation of the Service Provider’s Offer on the Internet, enabling the conclusion of an Accommodation Contract online;
- Newsletter – information, including commercial information within the meaning of the Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws of 2020, item 344) originating from the Service Provider sent to the Guest/User electronically; its receipt is voluntary and requires the Guest/User’s consent.
- Account – a set of data stored on the Website and in the Service Provider’s ICT system relating to a given Visitor/User and the bookings he/she makes and contracts he/she concludes, using which a Visitor/User of the Website may place orders and conclude contracts.
- RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
- Aims, legal basis and duration of data processing
- For the purpose of fulfilling the Remote Accommodation Agreement, the Service Provider shall process
- information about your device in order to ensure the correct functioning of the services: your computer’s IP address, information contained in cookies or other similar technologies, session data, browser data, device data, data about your activity on the Site, including on individual pages.
- geolocation information if the Visitor/User has consented to the service provider’s access to geolocation. Geolocation information is used to provide more tailored offers of products and services.
- users’ personal data: name, surname, address of the registered office, address for correspondence, e-mail address, telephone number, Tax Identification Number, bank account number or other personal data required by the Administrator in the booking process.
- This information does not contain data concerning the identity of Visitors/Users, but in combination with other information may constitute personal data and therefore the Administrator covers it with the full protection afforded under the DPA.
- The data is processed in accordance with Article 6(1)(b) of the RODO, for the purpose of performing the service, i.e. the contract for the provision of electronic services in accordance with the Terms and Conditions, and in accordance with Article 6(1)(a) of the RODO, in connection with the consent to the use of certain cookies or other similar technologies expressed by the relevant settings of the Internet browser in accordance with the Telecommunications Law or in connection with the consent to geolocalisation. The data is processed until the Visitor/User’s use of the Website is terminated.
- The Administrator undertakes to take all measures required under Article 32 RODO, i.e., taking into account the state of the art, the cost of implementation and the nature, scope and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and seriousness, the Administrator implements appropriate technical and organisational measures to ensure a degree of security appropriate to the risk.
- Marketing activities of the controller
- The Data Controller may display marketing information about its products or services on the Website. The display of this content is carried out by the Data Controller in accordance with Article 6(1)(f) of the RODO, i.e. in accordance with the legitimate interest of the Data Controller to publish content related to the services provided and promotional content of campaigns in which the Data Controller is involved. At the same time, this action does not infringe on the rights and freedoms of the Visitors/Users, the Visitors/Users expect to receive content of similar content, or even expect to do so, or it is their direct purpose for visiting the website/s of the Service.
- Recipients of user data
- The Data Controller shall only disclose Users’ personal data to processors under contracts concluded for the entrustment of the processing of personal data in order to provide services to the Data Controller, e.g. hosting and maintenance of the Site, IT services, marketing and PR services.
- Transmission of personal data to third countries
- Personal data will not be processed in third countries.
- Rights of data subjects
- Every data subject shall have the right:
- access (Article 15 RODO) – to obtain confirmation from the Data Controller as to whether or not personal data about him or her is being processed. If data about a person is processed, he or she is entitled to access it and to obtain the following information: about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the data have been or will be disclosed, the period for which the data are stored or the criteria for determining it, the data subject’s right to request rectification, erasure or restriction of the processing of personal data and to object to such processing;
- to obtain a copy of the data (Article 15(3) RODO) – to obtain a copy of the data undergoing processing, the first copy being free of charge and for subsequent copies the Data Controller may charge a reasonable fee based on administrative costs;
- to rectification (Article 16 RODO) – to request the rectification of personal data concerning him/her which is inaccurate or the completion of incomplete data;
- to erasure (Article 17 of the DPA) – to request the erasure of her personal data if the Controller no longer has a legal basis for the processing or the data are no longer necessary for the purposes of the processing;
- to restrict processing (Article 18 RODO) – to request the restriction of processing of personal data when:
- the data subject contests the accuracy of the personal data, for a period enabling the Controller to verify the accuracy of the data,
- the processing is unlawful and the data subject opposes their erasure by requesting a restriction of their use,
- The controller no longer needs the data, but the data are needed by the data subject to establish, assert or defend a claim,
- the data subject has objected to the processing, until such time as it is established whether the legitimate grounds on the part of the controller override the grounds for the data subject’s objection.
- the right to data portability (Article 20 RODO) – to receive in a structured, commonly used and machine-readable format the personal data concerning him or her which he or she has provided to the Controller, and to request that these data be sent to another Controller where the data are processed on the basis of the data subject’s consent or a contract concluded with him or her and where the data are processed by automated means;
- to object (Article 21 RODO) – to object to the processing of his/her personal data for the legitimate purposes of the controller on grounds relating to his/her particular situation, including profiling. The Controller shall then assess the existence of valid legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for establishing, asserting or defending claims. If, according to the assessment, the interests of the data subject outweigh the interests of the controller, the Controller shall be obliged to cease processing for these purposes.
- to withdraw consent at any time and without giving any reason, but the processing of personal data carried out before the withdrawal of consent will continue to be lawful. Withdrawal of consent will result in the Administrator ceasing to process the personal data for the purpose for which the consent was given.
- In order to exercise the aforementioned rights, the data subject should contact, using the contact details provided, the Data Controller and inform him/her of which right and to what extent he/she wishes to exercise it.
- President of the Office for the Protection of Personal Data
- The data subject shall have the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Office for Personal Data Protection with its seat in Warsaw, ul. Stawki 2, who may be contacted as follows::
- by letter: ul. Stawki 2, 00-193 Warsaw.
- via electronic sub-box available at: https://www.uodo.gov.pl/pl/p/kontakt.
- telephone: 606-950-0000.
- Data Protection Officer
- In any case, the data subject may also directly contact the Data Protection Officer of the Controller by email or in writing to the address of the Controller as set out in Section I, point 2 of this Privacy and Cookies Policy.
- Changes to the Privacy Policy
- The Privacy and Cookies Policy may be supplemented or updated according to the Administrator’s current needs in order to provide up-to-date and reliable information to Guests/Users..
- Cookies
- The service performs the functions of obtaining information about Guests, Service users and their behaviour as follows:
- through the information voluntarily entered in the forms for purposes arising from the function of the specific form;
- by storing cookies (so-called “cookies”) on terminal equipment;
- through the collection of web server logs by the webshop’s hosting operator (necessary for the correct operation of the website).
- Cookies are IT data, in particular text files, which are stored on the Website Visitor/User’s terminal equipment and are intended for the use of the Website. Cookies usually contain the name of the website they come from, the time they are stored on the end device and a unique number.
- The Website uses cookies only after the Visitor/User of the Website has given his/her prior consent in this respect. Consent to the Service’s use of all cookies is given by clicking on the button: “I agree, I wish to proceed to the site” when the message about the Service’s use of cookies is displayed or by closing the message.
- The consent referred to in the preceding paragraph may include only selected cookies. In this case, the Visitor/User of the Website should use the option: “Cookie settings”, available in the notice on the use of cookies by the Online Shop. At the same time, the Data Controller stipulates that disabling cookies necessary for authentication processes, security, maintenance of the Service Visitor/User’s preferences may hinder, and in extreme cases may make it impossible to use the Service..
- If the Visitor/User of the Website does not agree to the Website’s use of cookies, he/she can use the option: “I do not give my consent”, which is also available in the message about the use of cookies by the Online Shop, or make changes in the settings of the Internet browser he/she is currently using (this may, however, result in incorrect operation of the Website).
- To manage your cookie settings, please select your browser/system from the list below and follow the instructions:
- Internet Explorer
- Chrome
- Safari
- Firefox
- Opera
- Android
- Safari (iOS)
- Windows Phone
- The legal basis for the processing of personal data derived from cookies is the legitimate interests of the Data Controller in providing quality services, ensuring the security of services.
- The Website uses two main types of cookies: “session” cookies and “permanent” cookies (persistent cookies). “Session” cookies are temporary files that are stored in the Service User’s terminal equipment until they log off, leave the Service or switch off the software (web browser). “Persistent” cookies are stored on the Service Visitor/User’s terminal equipment for the time specified in the parameters of the cookies or until they are deleted by the Service Visitor/User..
- Cookies are used for the following purposes:
- the creation of statistics which help us to understand how the Visitor(s) to the Website use(s) the websites, which enables us to improve their structure and content;
- maintaining a session of the Visitor/User of the Website (after logging in), thanks to which the Visitor/User of the Website does not have to re-enter his/her login and password on each sub-page of the Website;
- define a profile of the visitor/service user in order to display product recommendations and customised material on advertising networks, in particular the Google network
- The web browsing software (web browser) usually allows cookies to be stored on the Visitor/User’s terminal device by default. Visitors/Users may change their settings in this respect. The web browser allows you to delete cookies. It is also possible to automatically block cookies.
- Restrictions on the use of cookies may affect some of the functionality available on the web pages of the Online Shop.
- Cookies are placed on a visitor’s or user’s terminal equipment and may also be used by advertisers and Service partners cooperating with the Service.
- Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to the Visitor/User’s use of the Website. For this purpose, they may retain information about the Visitor/User’s navigation path or the length of time spent on a particular page.
- We recommend that the Visitor/User reads the privacy policies of these companies to understand the use of cookies used in statistics: Google Analytics privacy policy.
- Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to the way the Visitor/User uses the Website. For this purpose, they may retain information about the user’s navigation path or the length of time they stayed on a particular page.
- With regard to the information about the Visitor/User’s preferences collected by the Google advertising network, the Visitor/User can view and edit the information resulting from the cookies using the tool: https://www.google.com/ads/preferences/.
- There are plug-ins on the Website that may transmit Guest/User data to Administrators such as.:
- Facebook
- Google
- In order to properly perform the Remote Accommodation Rental Agreement, the Administrator may share the data of Guests/Users with online payment systems. Currently available payment methods in the form of prepayments on the Website are https://www.idobooking.com/pl/integracja-z-innymi-systemami/systemy-platnosci-zintegrowane-z-idobooking/.
- Newsletter
- The Visitor/User may give his/her consent to receive commercial information by e-mail by ticking the appropriate option in the registration form or at a later date in the relevant tab. In the case of such consent, the Visitor/User will receive information (Newsletter) of the Website as well as other commercial information sent by the Vendor to the email address provided by him/her..
- The Visitor/User may unsubscribe from the Newsletter at any time by unchecking the box on their Account page or by clicking on the relevant link in each Newsletter or via Customer Service.
- Account
- The Visitor/User must not post on the Site or provide the Service Provider with content, including opinions and other data of an unlawful nature.
- The Visitor/User gains access to the Account after registration..
- As part of the registration, the Go/User provides the account type or gender, first name, surname, company name, TIN, details for the sales document, e-mail address and selects a password. The Go/User warrants that the data provided by him/her in the registration form, are correct. Registration requires that the Visitor/User has carefully read the Terms and Conditions and indicates on the registration form that the Visitor/User has read the Terms and Conditions and fully accepts all their provisions.
- Upon granting access to the Account, an agreement for the provision of electronic services concerning the Account is concluded between the Service Provider and the Visitor/User for an indefinite period of time.
- Registration of an Account on one of the pages of the Website shall simultaneously constitute registration allowing access to the other pages under which the Website is available.
- The Visitor/User may terminate the contract for the provision of services by electronic means at any time with immediate effect by informing the Service Provider by email or in writing to the Data Controller’s address as set out in Section I, item 2 of this Privacy and Cookies Policy.
- The service provider has the right to terminate the agreement for the provision of services regarding the Account in the event of discontinuation of service provision or transfer of the Service to a third party, a violation of the Guest/User’s rights or provisions of the Terms and Conditions, as well as in the event of the Guest/User’s inactivity for a period of 6 months. Termination of the agreement is subject to a seven-day notice period. The service provider may reserve the right to require the service provider’s permission for re-registration of the Account.