Privacy Policy and GDPR Notice
on the processing of personal data in accordance with Article 13(1) and (2) of the GDPR
In accordance with Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the GDPR), we inform you about the rules for the processing of your personal data by Willa Na Wierchu.
1. Data Controller
The controller of your personal data is:
Przedsiębiorstwo Usługowo-Handlowe Rafał Ciołek
Zamoyskiego 38 B, 34-500 Zakopane, Poland
Tax ID (NIP): 736-000-05-89
Business ID (REGON): 004419799
The property Willa Na Wierchu (Kościeliska 67 D, 34-500 Zakopane) is operated by Ms Lucyna Bobak, who handles guests' data on behalf of the controller.
2. Contact with the Data Protection Officer
To contact the data protection officer, you may use the following channels:
- by e-mail: willa@nawierchu.com
- by post: 34-500 Zakopane, ul. Zamoyskiego 38 B, Poland
- by phone: +48 18 20 63 355
3. What data we collect
We collect only the personal data that is strictly necessary:
- Data from phone and e-mail contact, name, e-mail address, optionally phone number, stay dates, number of guests, message.
- Check-in data, name, ID document number, address (under Article 19a of the Polish Hospitality Services Act).
- CCTV footage, images of guests, accompanying persons and licence plates of cars on the property (for the safety of people and property).
The website does not use tracking cookies or analytics tools (Google Analytics, Facebook Pixel etc.). We do not profile our visitors.
4. Purposes and legal basis of processing
Your personal data will be processed for the purposes of:
- handling inquiries received by phone and e-mail, Art. 6(1)(b) GDPR (pre-contractual steps);
- making reservations and providing the hospitality service contract, Art. 6(1)(b) GDPR;
- fulfilling the obligation to keep financial and tax records for the period required by Article 70 § 1 in conjunction with Article 86 § 1 of the Polish Tax Ordinance of 29 August 1997, i.e. for 5 years from the end of the calendar year in which the tax payment was due, Art. 6(1)(c) GDPR (legal obligation);
- ensuring the safety of people and property at the villa through CCTV, Art. 6(1)(f) GDPR (legitimate interest of the controller);
- pursuing or securing claims, which constitutes the controller's legitimate interest, Art. 6(1)(f) GDPR.
5. Recipients of data
Recipients of your personal data may only be entities authorised under applicable law and, to the extent necessary, our subcontractors:
- IT service providers (hosting, Booking.com reservation system),
- our accounting office (for check-in and billing data),
- state authorities, where required by law.
We do not sell or share data for marketing purposes with third parties.
6. Data retention period
Your personal data will be retained for the following periods:
- inquiry data, for 30 days after the end of correspondence;
- reservation data, for 12 months from the date of the reservation;
- contract / invoicing data, for 5 years from the end of the year of stay;
- CCTV footage, for 30 days.
7. Your rights
In connection with the processing by PUH Rafał Ciołek you have the right to:
- access your data and obtain a copy (Art. 15 GDPR),
- rectify inaccurate data (Art. 16 GDPR),
- erase or restrict processing (Art. 17 and 18 GDPR),
- object to processing based on the controller's legitimate interest (Art. 21 GDPR), we will stop processing your data in that scope unless we can demonstrate that they are necessary for the establishment, exercise or defence of legal claims;
- data portability (Art. 20 GDPR),
- lodge a complaint with the supervisory authority, the President of the Polish Personal Data Protection Office in Warsaw (uodo.gov.pl).
To exercise these rights, please contact us at willa@nawierchu.com.
8. Automated decision-making
We do not use profiling or automated decision-making.
9. Voluntary provision of data
Providing personal data is voluntary; however, refusal to provide data may result in the refusal to enter into a hospitality services contract.
10. Changes to the policy
We may update this policy. The current version is always available at nawierchu.com/en/privacy.html.