The following Privacy Policy defines the rules for saving and accessing data on Users' Devices using the Website for the purposes of providing services electronically by the Administrator, as well as the rules for collecting and processing Users' personal data, which they provide personally and voluntarily using the tools available on the Website. The following Privacy Policy is an integral part of the Website Terms and Conditions, which define the rules, rights, and obligations of Users using the Website.

§1 Definitions

• Website - the website of HOSPITALITY WARSAW brand operating at https://hospitalitywarsaw.com/
• External Website - websites of partners, service providers, or service recipients cooperating with the Administrator
• Website/Data Administrator - The Website Administrator and Data Administrator (hereinafter referred to as the Administrator) is MRS MILENA RAFAŁKO, ul. Krucza 11/23, 05-091 Ząbki, NIP: 5272975089, REGON: 520260129.
• User - a natural person for whom the Administrator provides services electronically via the Website.
• Device - an electronic device with software through which the User accesses the Website
• Cookies - text data collected in the form of files placed on the User's Device
  GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
• Personal data - means information relating to an identified or identifiable natural person ("data subject"); An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Processing - means an operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; Restriction of processing - means marking stored personal data for the purpose of limiting their future processing.
• Profiling - means any form of automated processing of personal data that involves the use of personal data to evaluate certain personal aspects of an individual, in particular to analyze or predict aspects relating to that individual's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
• Consent - means the voluntary, specific, informed, and unambiguous expression of the data subject's will by which the data subject, in the form of a declaration or a clear affirmative action, agrees to the processing of personal data concerning him or her.
• Personal data breach - means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
• Pseudonymization - means the processing of personal data in such a way that they can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and covered by Technical and organizational measures that prevent their assignment to an identified or identifiable natural person.
• Anonymization - Data anonymization is an irreversible data operation that destroys/overwrites "personal data," making it impossible to identify or link a given record to a specific user or natural person.

§2 Data Protection Officer

Pursuant to Article 37 of the GDPR, the Controller has not appointed a Data Protection Officer. In matters concerning data processing, including personal data, please contact the Controller directly.

§3 Types of Cookies

• Internal Cookies - files placed and read from the User's Device by the Website's IT system.
• External Cookies - files placed and read from the User's Device by the IT systems of external Services. Scripts from external Services that may place Cookies on User's Devices have been intentionally placed on the Website through scripts and services provided and installed on the Website.
• Session Cookies - files placed and read from the User's Device by the Website during a single session of a given Device. After the session ends, the files are deleted from the User's Device.
• Persistent Cookies - files placed and read from the User's Device by the Website until they are manually deleted. Files are not deleted automatically after the Device session ends, unless the User's Device configuration is set to delete Cookies after the Device session ends.

§4 Data Storage Security

• Cookie Storage and Reading Mechanisms - The mechanisms for storing, reading, and exchanging data between Cookies stored on the User's Device and the Website are implemented through built-in web browser mechanisms and do not allow for the downloading of other data from the User's Device or data from other websites the User has visited, including personal data or confidential information. Transferring viruses, Trojan horses, and other worms to the User's Device is also practically impossible.
• Internal Cookies - Cookies used by the Administrator are safe for Users' Devices and do not contain scripts, content, or information that may threaten the security of personal data or the security of the Device used by the User.
• External Cookies - The Administrator takes all possible measures to verify and select the website's partners with the security of Users in mind. The Administrator selects well-known, large partners with global public trust for cooperation. However, the Administrator does not have full control over the content of Cookies from external partners. The Administrator is not responsible for the security of cookies, their content, or their licensed use by Scripts installed on the website, originating from external websites, to the extent permitted by law. A list of partners is included later in this Privacy Policy.
• Cookie Control The User may, at any time, independently change the settings for saving, deleting, and accessing saved Cookie data on any website. Information on how to disable Cookies in the most popular computer browsers is available at: how to disable cookies or from one of the indicated providers:
  • Cookie Management in Chrome
  • Cookie Management in Opera
  • Cookie Management in Firefox
  • Cookie Management in Edge
  • Cookie Management in Safari
  • Cookie Management in Internet Explorer 11
    The User may, at any time, delete any previously saved Cookies using the tools of the User's Device through which the User uses the Website's services.
• User Threats - The Administrator uses all possible technical measures to ensure the security of data stored in Cookies. However, it should be noted that ensuring the security of this data depends on both parties, including the User's activity. The Administrator is not responsible for the interception of this data, impersonation of a User session, or its deletion, as a result of the User's conscious or unconscious activity, viruses, Trojan horses, or other spyware that may have infected or infected the User's Device. To protect themselves against these threats, Users should follow the recommendations for using the network.
• Personal Data Storage - The Administrator ensures that every effort is made to ensure that the processed personal data voluntarily entered by Users is secure, that access to it is limited, and that it is processed in accordance with its intended purpose and the purposes of processing. The Administrator also ensures that every effort is made to protect its data against loss by using appropriate physical and organizational security measures.
• Password Storage - The Administrator declares that passwords are stored in encrypted form, using the latest standards and guidelines in this area. Decrypting the account access passwords provided on the Website is practically impossible.

§5 Purposes for which Cookies are used

• Improving and facilitating access to the Website
• Personalizing the Website for Users
• Enabling Login to the Website
• Marketing, Remarketing on External Websites
• Advertising Services
• Affiliate Services
• Statistics (users, number of visits, device types, connection, etc.)
• Providing Multimedia Services
• Providing Social Media Services

§6 Purposes of Personal Data Processing

Personal data voluntarily provided by Users is processed for one of the following purposes:

• Providing electronic services:
  • Registering and maintaining a User account on the Website and related functionalities
  • Newsletter services (including sending advertising content with consent)
  • Commenting on/liking posts on the Website without the need to register
  • Sharing information about content posted on the Website on social media or other websites
• Communicating with Users on matters related to the Website and data protection
• Ensuring the Controller's legitimate interest

User data collected anonymously and automatically is processed for one of the following purposes:

• Maintaining statistics
• Remarketing
• Serving advertisements tailored to User preferences
• Operating affiliate programs
• Ensuring the Controller's legitimate interest

§7 Cookies from Third-Party Services

The Administrator uses JavaScript and web components from partners on the Website, which may place their own cookies on the User's Device. Please note that you can control the cookies used by individual websites in your browser settings. Below is a list of partners or their services implemented on the Website that may place cookies:

• Multimedia Services: YouTube
• Social/Combined Services: (Registration, Login, Content Sharing, Communication, etc.): Twitter/X.com, Facebook
• Newsletter Services: Freshmail, MailChimp
• Statistics: Google Analytics, WordPress Stats (Automattic Inc.)
  Other Services: Google Maps

Services provided by third parties are beyond the Administrator's control. These entities may change their terms of service, privacy policies, data processing purposes and cookie usage methods at any time.

§8 Types of Collected Data

The Website collects data about Users. Some data is collected automatically and anonymously, while some data is personal data provided voluntarily by Users when signing up for individual services offered by the Website.

• Anonymous Data Collected Automatically
  • IP address; Browser type; Screen resolution; Approximate location; Website subpages accessed; Time spent on the relevant website subpage; Operating system type; Previous subpage address; Referrer address; Browser language; Internet connection speed; Internet service provider
• Data Collected During Registration
  • Name/Surname/Pseudonym; Login; Email address; IP address (automatically collected)
• Data Collected When Subscribing to the Newsletter Service
  • Name/Surname/Pseudonym; Email address; IP address (automatically collected)
• Data Collected When Posting a Comment
  • Name and surname/Pseudonym; Email address; Website address; IP address (collected automatically)
• Some data (without identifying data) may be stored in cookies. Some data (without identifying data) may be transferred to a statistical service provider.

§9 Access to Personal Data by Third Parties

As a general rule, the Administrator is the sole recipient of personal data provided by Users. Data collected as part of the services provided is not transferred or sold to third parties. Entities responsible for maintaining the infrastructure and services necessary to operate the website may have access to the data (usually under a Data Processing Agreement), including: Companies through which the Newsletter service is provided.

Personal Data Processing - Newsletter: To provide the Newsletter service, the Administrator uses the services of a third party – Freshmail and MailChimp. Data entered in the newsletter subscription form is transferred, stored, and processed on an external service provider. Please be advised that the indicated partner may modify this privacy policy without the Administrator's consent.

§10 Method of Personal Data Processing

Personal data provided voluntarily by Users

• Personal data will not be transferred outside the European Union, unless published as a result of an individual action by the User (e.g., entering a comment or entry), which will make the data available to every visitor to the website.
• Personal data will not be used for automated decision-making (profiling).
• Personal data will not be sold to third parties.

Anonymous data (without personal data) collected automatically

• Anonymous data (without personal data) will be transferred outside the European Union.
• Anonymous data (without personal data) may be used for automated decision-making (profiling).
• Profiling of anonymous data (without personal data) has no legal effect or similarly significantly affects the data subject to automated decision-making.
• Anonymous data (without personal data) will not be sold to third parties.

§11 Legal Basis for Personal Data Processing

The Website collects and processes User data based on:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
  • Article 6(1)(a) The data subject has consented to the processing of their personal data for one or more specific purposes
  • Article 6(1)(b) Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract
  • Article 6(1)(b) f Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party
• Polish Law Act of 10 May 2018 on Personal Data Protection (Journal of Laws 2018, item 1000)
• Polish Law Act of 16 July 2004 - Telecommunications Law (Journal of Laws 2004, No. 171, item 1800)
• Polish Law Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994, No. 24, item 83)

§12 Personal Data Processing Period

Personal Data Voluntarily Provided by Users: As a general rule, the personal data indicated is stored only for the duration of the Service provided by the Administrator within the Website. It is deleted or anonymized within 30 days of the termination of the service (e.g., deletion of a registered user account, unsubscription from the Newsletter list, etc.).

An exception is a situation that requires the Administrator to secure legitimate purposes for further processing of this data. In such a situation, the Administrator will store the indicated data from the time the User requests its deletion, but no longer than 3 years in the event of a violation or suspected violation of the Website Terms and Conditions by the User.

Anonymous Data (without Personal Data) Collected Automatically: Anonymous statistical data, not constituting personal data, is stored by the Administrator for the purpose of maintaining website statistics for an indefinite period.

§13 User Rights Related to Personal Data Processing

The Website collects and processes User data based on:

• Right to Access Personal Data: Users have the right to access their personal data, upon request submitted to the Administrator.
• Right to Rectify Personal Data: Users have the right to request the Administrator to immediately rectify inaccurate personal data and/or to complete incomplete personal data, upon request submitted to the Administrator.
• Right to Delete Personal Data: Users have the right to request the Administrator to immediately delete personal data, upon request submitted to the Administrator. In the case of user accounts, data deletion involves the anonymization of data that allows for the User's identification. The Administrator reserves the right to withhold the processing of a request to delete data in order to protect the Administrator's legitimate interest (e.g., if the User has violated the Terms of Service or the data was obtained through correspondence). In the case of the Newsletter service, the User can delete their personal data themselves using the link provided in each email.
• Right to restrict the processing of personal data: Users have the right to restrict the processing of personal data in the cases specified in Article 18 of the GDPR, including questioning the accuracy of personal data, upon request submitted to the Controller.
• Right to personal data portability: Users have the right to obtain from the Controller personal data concerning the User in a structured, commonly used, machine-readable format, upon request submitted to the Controller.
• Right to object to the processing of personal data: Users have the right to object to the processing of their personal data in the cases specified in Article 21 of the GDPR, upon request submitted to the Controller.
• Right to file a complaint: Users have the right to file a complaint with the supervisory authority responsible for personal data protection.

§14 Contacting the Administrator

You can contact the Administrator in one of the following ways:

• Mailing address - MRS MILENA RAFAŁKO, ul. Krucza 11/23, 05-091 Ząbki
• Email address - concierge@hospitalitywarsaw.com
• Contact form available on the website.

§15 Website Requirements

Restricting the storage and access to cookies on the User's Device may result in some Website features not functioning properly. The Administrator is not responsible for any malfunctioning Website features if the User restricts the storage and access of cookies in any way.

§16 External Links

The Website – articles, posts, entries, or User comments – may contain links to external websites with which the Website Owner has no cooperation. These links, and the pages or files linked to them, may be dangerous to your Device or pose a security risk to your data. The Administrator is not responsible for content located outside the Website.

§17 Changes to the Privacy Policy

• The Administrator reserves the right to change this Privacy Policy at any time without notice to Users regarding the use and utilization of anonymous data or the use of cookies.
• The Administrator reserves the right to change this Privacy Policy at any time regarding the processing of Personal Data. Users with user accounts or those subscribed to the newsletter service will be notified of such changes via email within 7 days of the change. Continued use of the services constitutes acceptance of the changes to the Privacy Policy. If the User does not agree with the changes, they must delete their account from the Website or unsubscribe from the Newsletter service.
• Changes to the Privacy Policy will be published on this subpage of the Website.
• Changes will take effect upon publication.