The Service does not collect any information in an automated way, except for information included in the cookie files.
1. Cookie files are IT data, especially text files that are stored in the Service User’s end device and are intended for the use of the Service web pages. Usually, cookies contain name of a web page of their origin, time for which they are stored in the end device and a unique number.
2. An entity that puts cookie files in the Service User’s end device and gets access to them is the Service operator - Polish Hospitality Group sp. z o.o. sp.k., with its registered office in: Cracow, 44 Rynek Główny.
3. Cookie files are used to:
a) adjust content of the Service web pages to the User’s preferences and optimize the use of web pages; in particular, these files allow to recognize the Service User’s device and properly display a web page that is adjusted to his individual needs;
b) create statistics that help to understand a manner, in which the Service Users use the web pages. This allows to improve their structure and content;
c) keep the Service User’s session (after logging in), due to which the User is not forced to repeatedly enter login and password on every subpage.
4. The Service uses two basic types of cookie files: session cookies and persistent cookies. Session cookies are temporary files that are stored in the User’s end device until logging out, navigation out of the web page or deactivation of the software (browser). Persistent cookies are stored in the User’s end device for a time determined in the cookie files parameters or until they are removed by the User.
5. The Service uses the following types of cookie files:
a) “necessary” cookie files enabling the use of services available within the Service, e.g. authenticating cookie files used for services that require authentication as part of the Service;
b) cookies used to ensure security, e.g. used to detect authentication abuses within the Service;
c) “performance” cookie files that allow to collect information about the use of the Service web pages;
d) “functional” cookie files that allow to “remember” the settings selected by the User and the User interface personalization, e.g. concerning language or region of the User’s origin, size of font, view of the web page, etc.;
e) “advertising” cookie files that allow to provide the Users with advertising content that is more precisely adjusted to their interests.
6. In many cases, the software used to browse web pages (browser) allows to store cookies in the User’s end device by default. The Service Users can make changes in the settings of cookies at any time. These settings can particularly be changed to block automatic handling of cookies in the browser or each time inform about them being put in the Service User’s end device. Detailed information concerning the possibility and methods of handling cookies are available in the software settings (browser).
7. The Service Operator informs that limitations in using cookies can affect certain functionalities available on the Service web pages.
8. Cookies are put in the Service User’s end device and can also be used by individuals cooperating with the Service operator.
1. The Controller: Polish Hospitality Group sp. z o.o. sp.k. with its registered office in Kraków, at ul. Rynek Główny 44, 30-017 Kraków, KRS (National Court Register number): 0000522508, NIP (Tax Identification Number): 9452062777 REGON (National Official Business Register number): 120295927
Purposes and bases of processing:
- To make reservations in the following restaurants: Virtuoso, Karczma Staropolska and Polski Pub, which constitutes actions preceding conclusion of the agreement performed on the request of the data subject (the basis constitutes Article 6(1)(b) of RODO),
- To render gastronomic services where there was made a prior booking in the following restaurants: Virtuoso, Karczma Staropolska and Polski Pub, which constitutes the execution of an agreement concluded with the data subject (the basis constitutes Article 6(1)(b) of RODO),
- For the purpose of making a settlement in connection with gastronomic services, which constitutes the execution of an agreement concluded with the data subject (the basis constitutes Article 6(1)(b) of RODO),
- For archiving purposes (evidencing) to secure information in case of a legal necessity to demonstrate facts, which constitute a legitimate interest of the Controller (the basis constitutes Article 6(1)(f) of RODO),
- For the purpose of a possible establishment, exercising and defence against claims, which constitutes a legitimate interest of the Controller (the basis constitutes Article 6(1)(f) of RODO).
3. Categories of the processed data:
- Basic contact details: first name, surname, e-mail address, telephone number, credit card number, bank account number, tax identification number (NIP), business activity address.
4. Data recipients:
Personal data can be transferred to the bodies, which services are used by the Controller when processing the data, i.e. accounting firms, law firms, IT companies that manage reservation systems.
5. Transferring data to third countries or international organizations:
Personal data will not be transferred outside of the EU/European Economic Area.
6. Data storage period:
Personal data that are basic contact details shall be stored by the Controller to provide services rendered by the Controller (renting hotel rooms, making reservations in restaurants) until the end of period when the potential claims become expired, or until the Controller finds out by himself that the data are invalid.
7. Rights of data subjects:
A person who left his or her personal data has a right to:
a) have access to his or her personal data and receive a copy of these data,
b) request that the personal data are corrected and completed,
c) request that the personal data are erased – if the data subject decides that there are no grounds for the Controller to process his or her personal data, he or she may request that these data are erased.
d) restrict processing of his or her personal data – the data subject can request from the Controller to limit the processing of his or her personal data solely for the purpose of storing or performing other activities agreed on with him or her if the data are incorrect or processed without any legal ground, or the data subject does not want the data to be erased due to the necessity to keep the data for the purpose of establishing, exercising and defending claims, or for the time of deciding about the objection to the personal data processing.
e) Lodging an objection to the processing of personal data:
- Processing personal data for the purpose of direct marketing: The data subject can object to the processing of his or her personal data for direct marketing purposes. Exercising this right will make the Controller stop the processing of the personal data.
- Objection due to a specific situation: The data subject can, on the basis of a legitimate interest, object to the processing of his or her personal data for other purposes than the direct marketing purposes. Then, it must be indicated in the objection what specific situation concerns the data subject that justifies the request to stop the processing of his or her personal data. The Controller will stop processing personal data for these purposes, unless he demonstrates that the grounds for further processing override the rights of the data subject, or that these data are necessary to establish, exercise and defend claims.
f) Data portability – the data subject has the right to receive, in a structured, commonly used and machine-readable format, his or her personal data that were transferred to the Controller on the basis of a given consent. The data subject can order the Controller to send these data directly to another body.
g) Lodge a complaint with a supervisory authority – the data subject who thinks that his or her personal data are processed illegally can lodge a complaint in this regard with the President of the Office for Personal Data Protection or another competent body.
h) Withdraw consent to the processing of personal data – the data subject may, at any time, withdraw consent to the processing of his or her personal data processed on the basis of his or her consent. Withdrawal of the consent does not influence the legality of data processing performed prior to its withdrawal.
In order for the data subject to exercise his or her rights, he or she should submit an appropriate request to the Controller, to the e-mail address: firstname.lastname@example.org
8. Information on voluntary character of providing data:
Providing data is necessary for the appropriate performance of services rendered by the Controller. Failure to provide the data will make it impossible to use the services rendered by the Controller.
9. Information on the possibility to withdraw consent:
In case where personal data are processed on the basis of a consent, the Controller informs that the consent can be withdrawn at any time. Withdrawal of the consent does not influence the legality of the personal data processing that was performed prior to its withdrawal.