I. Abbreviations and definitions
- GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – OJ L 2016.119.1 of 4 May 2016;
- Client – an entity whose personal data are processed on any basis specified in Article 6 of the GDPR, hereinafter also ‘you’;
- Cookies – text files saved by a browser on a PC or mobile devices;
- Profiling – any form of automated combination of information about a given person used for decision-making concerning that person or analysis or prediction of their preferences, behaviour and attitudes.
II. General provisions
1. The Co-Controllers of your personal data shall be the following entities:
- Puro Hotels Sp. z o. o., with its registered office in Warsaw (00-133), al. Jana Pawła II 22, KRS (National Court Register number): 0000326960, NIP (taxpayer ID number): 7010192105, REGON (statistical enterprise ID number): 141931350;
- Puro Hotel Wrocław Sp. z o.o., with its registered office in Warsaw (00-133), al. Jana Pawła II 22, KRS: 0000344215, NIP: 7010211972, REGON: 142165076;
- Puro Hotel Kraków Sp. z o.o., with its registered office in Warsaw (00-133), al. Jana Pawła II 22, KRS: 0000429005, NIP: 7010350981, REGON: 146237045;
- Puro Hotel Poznań Sp. z o.o., with its registered office in Warsaw (00-133), al. Jana Pawła II 22, KRS: 0000456486, NIP: 5252551251, REGON: 146613241;
- Puro Hotel Gdańsk Sp. z o.o., with its registered office in Warsaw (00-133), al. Jana Pawła II 22, KRS: 0000458238, NIP: 5252552351, REGON: 146629762;
- Puro Hotel Warszawa Sp. z o.o., with its registered office in Warsaw (00-133), al. Jana Pawła II 22, KRS: 0000628114, NIP: 5252669478, REGON: 364979542;
- Puro Hotel Kazimierz Sp. z o.o., with its registered office in Warsaw (00-133), al. Jana Pawła II 22, KRS: 0000628873, NIP: 5252670412, REGON: 365014143;
- Puro Hotel Łódź Sp. z o.o., with its registered office in Warsaw (00-133), al. Jana Pawła II 22, KRS: 0000693884, NIP: 5252722221, REGON: 368236826;
- Puro Hotel Development Sp. z o.o. with its registered office in Warsaw (00-133), al. Jana Pawła II 22, KRS: 0000844009, NIP: 5252824861, REGON: 386222075.
2. In a co-control agreement, the Co-Controllers have defined the scope of their respective liability as regards the performance of obligations stemming from the GDPR. In particular, they have agreed as follows:
- the Co-Controllers shall be jointly responsible for the performance of their information provision obligation towards the Clients;
- the Co-Controllers shall be jointly responsible for the facilitation for the Clients of the exercise of their rights stemming from the GDPR.
Given the above, you may exercise your rights towards either of the Co-Controllers.
3. PURO respects the right of privacy and makes sure your data are safe and secure. To that end, it ensures a security level corresponding to the risk of infringements on the rights and freedoms of natural persons as a consequence of personal data processing.
III. Contact data
1. In matters related to personal data protection, you may get in touch with the Co-Controllers by email to: [email protected] or by post to: Puro Hotels Sp. z o.o., Al. Jana Pawła II 22, 00-133 Warsaw, Poland.
IV. Purpose and basis of processing
1. Your personal data shall be processed by PURO for the purpose of:
- taking steps at the request of the data subject prior to entering into a contract or performing a hotel service provision contract to which the data subject is party (the data required for entering into a contract are shown in the hotel service booking and sale form) – pursuant to 6(1)(b) of the GDPR;
- compliance with a legal obligation to which the Co-Controllers are subject (inter alia tax obligations, related to the state of epidemics, caused by SARS-CoV-2 virus infections) – pursuant to Article 6(1)(c) of the GDPR;
- the legitimate interests pursued by the Co-Controllers (inter alia pursuing or securing claims, ensuring safety and protection of persons and property) – pursuant to Article 6(1)(f) of the GDPR;
- marketing the Co-Controllers’ own services, presenting offers and promotions, sending information to the Clients by electronic means – under a separate consent of the data subject, i.e. pursuant to Article 6(1)(a) of the GDPR.
2. The submission of your personal data shall be voluntary yet in the case of data required for the provision of hotel services it is necessary for the conclusion and performance of the contract.
3. The monitoring system have been mounted in general-access areas of the hotels in order to ensure safety of the Clients and property protection.
V. Categories of processed data
1. We process the following categories of the Clients’ personal data:
- When you stay at our hotels:
- First name and surname;
- Personal identification number;
- Residence address;
- Email address;
- Telephone number;
- Credit card data (when payment is done by credit card);
- Information on date of stay;
- Information about stay preferences;
- Number of adults covered by the contract;
- Number and age of children covered by the contract;
- Required information for a VAT invoices;
- Preferred contact language;
2. When you subscribe for receiving PURO newsletter basing on your given consent we process:
- First name and surname;
- Email address
VI. Data recipients
1. We may make your personal data available to the following recipients:
- Profitroom Sp. z o. o., with its registered office in Poznań (60-829) at ul. Roosevelta 9/3, which manages the booking module launched on our web portal;
- Other companies (including IT companies) with whom we cooperate regarding the management of the services provided..
VII. Transfer of data to third countries or international organisations
1. This is to inform you that your personal data are not transferred beyond the European Economic Area.
VIII. Period of client data storage
1. Your personal data processed for the purpose of entering into and performing a contract as well as fulfilling a legal obligation or pursuing the legitimate interests of either of the Co-Controllers shall be stored over the duration of the contract and then for a time necessary for:
- securing or pursuing possible claims;
- fulfilling a legal obligation of either of the Co-Controllers (e.g. one stemming from tax legislation).
2. The personal data processed on the basis of a separate voluntary consent shall be stored until the revocation of the consent granted, filing an objection against their processing or until the processing is no longer necessary for the attainment of the said objective. After that time, they shall be stored until the period of limitation of possible claims has expired.
3. The personal data in the form of images in recordings from the monitoring system shall be stored for a period of 30 days, after which they shall be removed by overwritting.
IX. Your rights
1. You shall have the right to:
- access to your data and receive their copy;
- rectify (make correct) your data;
- erase the data;
- restrict the processing of the data;
- object to the processing of your data;
- transfer the data;
- lodge a complaint with a supervisory body;
- revoke your consent to have your personal data processed at any time, if your data are processed on the basis of the consent granted – its revocation shall have no bearing on the legality of the processing performed under your consent before the revocation.
2. In order to exercise your rights, please send a relevant request by email to: [email protected] or by surface mail to: Puro Hotels Sp. z o.o., Al. Jana Pawła II 22, 00-133 Warsaw, Poland.
X. Information concerning the obligatory/voluntary nature of data submission
1. Entering into the contract shall be subject to your submission of the data listed in paragraph 1 of section V. If they have not been submitted, we may refuse to enter into the contract.
2. Your submission of data listed in paragraph 2 of section V. shall be voluntary and you may revoke the consent granted at any time.
XI. Information concerning data source
1. If you have not provided us with your personal data yourself, we have received them from a company you are bound with (e.g. under an employment contract) under a hotel service provision contract concluded with it.
1. All content and information featuring on our web portal are property of the Co-Controller Puro Hotels sp. z o. o., with its registered office in Warsaw, and shall be subject to protection in compliance with the Act of 4 February 1994 on copyright and related rights (i.e. OJ of 2017, item 880, as amended), in particular as regards use, presentation, copying, transfer, dissemination, amending or erasure.
2. All activities of the scope defined in in paragraph 1 above shall be subject to a written consent of Puro Hotels sp. z o. o., or they will be considered illegal and constitute an infringement of the company’s intellectual property.
2. The Client may manage cookies within an internet browser.
3. Deactivation of cookies management may hinder the correct operation of the service.
XIV. Final provisions