In this Privacy Policy, we want to clearly, concisely, and transparently inform about the collection, use, processing, storage, etc. of personal data in accordance with the information obligation arising from the personal data protection regulations (GDPR).
For the purposes of this Privacy Policy, Guest or User means a former, current, and potential Guest or user of the service offered by Belmonte, visiting us in Krynica or one of our websites: https://www.belmonte.com.pl, http://belmontehotelresort1.wa.profitroom.com
1. The personal data controller is:
Belmonte Hotel limited partnership joint-stock company
based in Warsaw, ul. Puławska 2, 02-566 Warsaw,
hereinafter referred to as the "Administrator" or the "Hotel"
Usually, data is collected by the Hotel directly from Guests or via the sites: https://www.belmonte.com.pl and http://belmontehotelresort1.wa.profitroom.com
and other agents cooperating with the Hotel servicing room reservations,
as well as through Belmonte's Fanpage:
https://www.instagram.com/belmontehotelkrynica/
https://www.facebook.com/BelmonteHotelKrynica
https://www.linkedin.com/company/hotel-belmonte-krynica-zdr-j/
2. A Data Protection Officer has been appointed, Dorota Gross, whom you can contact in matters related to data protection and associated issues via e-mail: rodo@belmonte.com.pl or in writing at the address of our headquarters indicated in point 1.
3. Purposes, bases, scope, and duration of data processing by the Hotel
3.1. Activities related to personal data processing:
3.2. Each time, the purpose, basis, period, scope, and recipients of the personal data processed by the Hotel result from the activities undertaken within the scope of the services or activities listed below.
| Purpose of data processing | Legal basis for processing and data retention period | Maximum scope of processed data |
|---|---|---|
| Performance of a contract or a contract for the provision of paid or free services, as well as undertaking actions at the request of the data subject before concluding the above-mentioned contracts, including reservations | Art. 6 para. 1 letter b) GDPR – CONTRACT Data is stored for the period necessary to perform, terminate, or expire the contract (up to 6 years). | First name, last name, PESEL number, ID card or other identity document number, date of birth, residential address, phone number, e-mail address. |
| Correspondence including contact form | Art. 6 para. 1 letter f) GDPR – LEGITIMATE INTEREST OF THE CONTROLLER Data from correspondence are stored for up to 2 years. | Identification data, first name and last name, postal address, e-mail address, IP, data from correspondence. |
| Settlement of services | Art. 6 para. 1 letter c) – LEGAL OBLIGATION Data are stored for the period required by law, which obliges the Controller to keep accounting books (5 years, counting from the beginning of the year following the financial year to which the data relate). | First and last name, residential/business address/headquarters (if different from delivery address), company name and tax identification number (NIP) of the Guest, Service Recipient, or Client. |
| Enforcement of rights | Art. 6 para. 1 letter f) GDPR – LEGITIMATE INTEREST Data are stored until the expiration of rights or claims related to service provision. | Data necessary for conducting proceedings. |
| Reporting irregularities – legal violations | Art. 6 para. 1 letter c) – LEGAL OBLIGATION Data are stored until the resolution of the report (concerning whistleblowers/minors’ standards), and after that for up to 3 years. | Identification data provided by the reporting person, including employee data and data contained in the report, including data of persons/minors that the potential report concerns. |
| Marketing, including Newsletter – information about products, services, and managing the Hotel’s Fanpage | Art. 6 para. 1 letter a) – CONSENT Data are stored for the entire duration of the service or until the withdrawal of consent by the data subject. | IP address, first and last name, phone number, email address. |
| Recruitment | Art. 6 para. 1 letter a) – CONSENT Data are stored for up to 2 years or until withdrawal of consent by the data subject. | First and last name, address, contact data, professional experience, others listed in the CV. |
| Monitoring and improving the quality of provided services | Art. 6 para. 1 letter f) – LEGITIMATE INTEREST Data stored as completed surveys (up to 1 year). | First and last name, e-mail address, date of stay, answers to questions concerning service satisfaction. |
| Video surveillance | Art. 6 para. 1 letter f) GDPR – LEGITIMATE INTEREST Video surveillance data are stored for up to 30 days. | Video surveillance data on the Hotel premises and its surroundings. |
• Data are permanently deleted or anonymized after the specified periods.
3.3. Legal regulations:
4. Data recipients are:
Data recipients and separate controllers regarding data processing on Facebook and Instagram pages are Meta Platforms, Inc. – each service collects and shares personal data of the Service Recipient using the applications or social plugins in accordance with Meta's privacy policies.
LinkedIn Corporation – The Administrator uses LinkedIn to establish business contacts; data processing policies are available here.
The websites may embed video materials from YouTube – playing them requires Google LLC cookies; if you do not consent to cookies, please refrain from playing the videos.
5. Profiling and data transfer
Your personal data will not be transferred to third countries or international organizations. They will not be subject to automated decision-making without the Administrator's involvement, except for profiling by data recipients who are obliged to inform you about this fact.
6. Cookies and Analytics
Cookies are small text files sent by the server and stored on the user's device. Details can be found here.
The Administrator may process cookie data for the purposes of:
Everyone can manage cookies in the browser settings (limit or disable saving). Details available in the browser help.
The Hotel's website stores:
We use Hotjar to better understand the needs of our users and optimize our site and user experience. Hotjar is a technology that helps us analyze user behavior (e.g., how much time they spend on specific subpages, which links they click, what they like and dislike), enabling us to improve our services based on their feedback. Hotjar uses cookies and other technologies to collect data about user behavior and devices – including IP address (processed during the session and stored in anonymized form), screen size, device type, browser information, geographic location (country only), and preferred language. This information is stored by Hotjar in a pseudonymized user profile. Hotjar is prohibited from selling any data collected on our behalf.
7. Rights of individuals
8. Changes
In case of changes to this document, appropriate modifications will be made to the above provisions.
Last modification: 21.01.2025
Administrator's Statement
Belmonte Hotel declares that the organizational and technical measures applied to ensure the security of personal data processing comply with GDPR requirements, particularly Article 32. To exercise your rights or obtain information related to data protection, please contact: rodo@belmonte.com.pl
Detailed information will be available at the reception of Belmonte Hotel.
i) Personal data is processed by the Administrator in accordance with applicable laws, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as 'GDPR' or the 'GDPR Regulation.' Official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679