§1 Personal Data Administrator
1. The personal data administrator is the District Medical Chamber, based in Krakow, at Krupnicza Street 11a, 31-123 Krakow, NIP: 6761044020.
2. For matters related to personal data protection, you can contact:
a. by email: rodo@medhotel.pl,
b. by mail: District Medical Chamber, Krupnicza Street 11a, 31-123 Krakow.
§2 Purposes and Legal Basis for Data Processing
1. Personal data is processed for the following purposes:
a. Hotel services execution – conclusion and performance of the hotel services agreement (Article 6(1)(b) GDPR).
b. User account management – creating and maintaining a user account on the website (Article 6(1)(b) GDPR).
c. Direct marketing – with the user’s consent, sending promotional offers (Article 6(1)(a) GDPR).
d. Ensuring security – video surveillance in the common areas of the property (Article 6(1)(f) GDPR).
§3 Scope of Processed Data
1. Depending on the purpose of processing, MedHotel processes the following data:
a. Identification data: first name, last name, address of residence.
b. Contact data: email address, phone number.
c. Identity document data, if required by law.
d. Reservation data: stay history, preferences, additional services.
§4 Sharing Personal Data
1. Personal data may be shared with:
a. Entities supporting the execution of services, such as IT providers, payment operators, courier companies.
b. Authorities authorized by law, such as the police, tax authorities.
2. Data processors operate based on data processing agreements and are obliged to maintain confidentiality.
§5 Data Retention Period
1. Personal data is retained:
a. Based on the contract – for the duration of the contract and for the period required by law (e.g., 5 years for tax purposes).
b. Based on consent – until it is withdrawn.
c. From video surveillance – for 30 days, unless the recordings are evidence in a legal proceeding.
§6 Rights of Data Subjects
1. Data subjects have the right to:
a. Access their personal data.
b. Rectify data if incorrect.
c. Erase data (“right to be forgotten”) in cases specified in Article 17 of the GDPR.
d. Restrict data processing.
e. Transfer data to another controller.
f. Object to data processing under Article 6(1)(e) or (f) of the GDPR.
g. Withdraw consent to the processing of personal data at any time.
h. File a complaint with the supervisory authority (President of the Office for Personal Data Protection).
§7 Data Transfers Outside the EEA
1. Personal data is not transferred outside the European Economic Area (EEA).
§8 Data Security
1. MedHotel applies technical and organizational measures to ensure the protection of personal data against:
a. Loss,
b. Unauthorized access,
c. Improper use.
§9 Video Surveillance in Common Areas
1. Video surveillance covers selected common areas of the property (e.g., corridors, lobby) to ensure security.
2. Data from the surveillance is retained:
a. For a maximum of 30 days.
b. For a longer period if it serves as evidence in proceedings.
3. Access to recordings is granted only to:
a. Authorized persons.
b. Authorities specified by law.
§10 Cookies
1. MedHotel uses cookies for the following purposes:
a. Customizing website content to user preferences.
b. Enabling the proper functioning of the website.
c. Statistical analysis using tools such as Google Analytics.
2. Users can manage cookies through their browser settings.
§11 Changes to the Privacy Policy
1. MedHotel reserves the right to make changes to the Privacy Policy.
2. Users will be informed of any significant changes at least 7 days before they take effect.
3. The current version of the Privacy Policy is always available on the Hotel’s website.
§12 Contact Regarding Privacy Protection
1. Any questions regarding the Privacy Policy can be directed to:
a. By email: info@medhotel.pl.
b. By mail: District Medical Chamber, Krupnicza Street 11a, 31-123 Krakow.