INFORMATION ON THE PROCESSING OF PERSONAL DATA
by Apartament Sun House Barbara Woźnica
In conjunction with the processing of your personal data, we inform you – in accordance with art. 13 section 1 and section 2 of the Regulation of the European Parliament and the Council (EU) 2016/679 of 27/04/2016. on the protection of personal data and the free movement of such data and repealing Directive 95/6 / EC (General Data Protection Regulation) (Journal of Laws UE L of 04.05.2016, No. 119, p. 1) hereinafter referred to as “GDPR” that:
I. DATA ADMINISTRATOR
The administrator of your personal data is Apartament Sun House Barbara Woźnica. The Administrator can be contacted in writing by traditional mail at the following address: Apartament Sun House Barbara Woźnica ul. Modrzewiowa 12b / 6 43-370 Szczyrk, by e-mail: firstname.lastname@example.org or by phone: +48 797 820 084.
II. LEGAL BASIS AND PURPOSES OF THE PROCESSING OF PERSONAL DATA
Your data will be processed for the purpose of:
1. Conclusion and performance of the contract or taking other actions at your request before concluding the contract with us (legal basis: Article 6 (1) (b) of the GDPR).
2. Making settlements, including enabling you to pay for services electronically (legal basis: Article 6 (1) (b) and (f) of the GDPR).
3. Fulfillment of tax and accounting obligations as well as other legal obligations incumbent on the Administrator, including issuing and storing invoices (legal basis: Article 6 (1) (c) of the GDPR).
4. Providing your safety and property protection by using video monitoring and an access control system to the building and rooms (legal basis: Article 6 (1) (f) of the GDPR).
5. Receiving commercial information from us regarding the services we offer – only based on your consent (Article 6 (1) (a) of the GDPR).
6. Conducting direct marketing of our services by us or external entities acting on our behalf (legal basis: Article 6 (1) (f) of the GDPR).
7. Possible determination or pursuit of claims or defense against claims (legal basis: Article 6 (1) (f) of the GDPR).
III. INFORMATION ON THE REQUIREMENT / VOLUNTARY PROVISION OF DATA AND THE CONSEQUENCES OF NOT PROVIDING PERSONAL DATA
Providing personal data is voluntary, but if you do not provide us with personal data that we deem necessary, then we will not be able to take action at your request, conclude contracts with you, provide our services to you, send the ordered commercial information or conduct correspondence with you – without providing personal data it will not be possible to achieve these goals. Providing the data necessary to issue an invoice is a statutory obligation and results from the Act on tax on goods and services
IV. PERSONAL DATA RECIPIENTS
1. The recipients of your personal data will only be entities authorized under the law, including National Tax Administration or other state authorities. Your personal data will also be made available to banks with which the Administrator has bank accounts.
2. Your data may be transferred to entities processing personal data at the request of the Administrator, e.g. IT service providers, entities providing accounting, HR and payroll, legal and advisory services, and other entities processing data for the purpose specified by the Administrator – such entities process data only on the basis of an agreement with the Administrator.
3. Your personal data may also be transferred to our partners, i.e. companies with whom we cooperate by combining services.
V. PERIOD OF STORAGE OF PERSONAL DATA
Your personal data will be processed for the duration of the contract, and then:
1. For tax and accounting purposes – for a period of 5 years from the end of the calendar year in which the tax payment deadline expired.
2. For the purpose of possible determination or pursuit of claims or defense against claims – for a period of 3 years from the end of cooperation/performance of the contract, and in the case of pending proceedings until its final completion and until the claims are time-barred.
3. For the purposes of video monitoring – for a period no longer than 3 months from the date of recording. After this period, they are permanently deleted or overwritten. In justified cases, when the video surveillance recordings constitute or may constitute evidence in the proceedings conducted under the provisions of law (e.g. when the video surveillance system devices registered an event related to the breach of the safety of persons and property), these data will be processed in order to pursue claims or defense against claims – for a period of 1 year, and in the event of initiation of proceedings – until the final conclusion of the proceedings and the expiry of the limitation period for claims, calculated from the new deadlines arising from the proceedings.
4. Until the consent is withdrawn if the processing of certain categories of personal data is based on the consent given to us.
VI. RIGHTS OF PERSONS WHO THE DATA CONCERNS
In connection with the processing of personal data, you have the right to:
1. Access to the content of your personal data – i.e. the right to obtain confirmation whether the Administrator processes data and information regarding such processing.
2. Receiving a copy of personal data – i.e. the right to obtain a copy of your personal data that is processed by the Administrator, the first copy is free, while for the next one the Administrator is entitled to charge a reasonable fee.
3. Correction of personal data – if the data processed by the Administrator is incorrect or incomplete.
4. Deletion of personal data – when the data is no longer necessary for the purposes for which it was collected, the consent to data processing will be withdrawn, an objection to data processing will be raised, the data will be processed unlawfully.
5. Restrictions on the processing of personal data – when the data is incorrect, you may request a restriction of data processing for a period that allows you to check the correctness of this data, the data will be processed unlawfully, but you will not want it to be deleted, the data will not be needed Administrator, but you may need it to defend or pursue claims or if you object to the processing of data – until it is determined whether the legal basis of the Administrator override the basis of the objection.
6. Transfer of personal data – that is, you have the right to receive your personal data in a structured, commonly used machine-readable format, provided to the administrator, and you have the right to send this personal data to another administrator without any obstacles from the Administrator, to whom this personal data was provided if the data processing is based on consent or contract and the processing is automatic.
7.Objection to the processing of personal data – you have the right to object at any time – for reasons related to your special situation – when your personal data is processed by the Administrator in order to perform a task carried out in the public interest or under exercising public authority, entrusted to the Administrator or on the basis of the legitimate interest of the Administrator or to the processing of data for direct marketing.
8. Withdrawal of consent to the processing of personal data at any time without affecting the lawfulness of the processing that was carried out before its withdrawal – if the processing takes place on the basis of consent granted to us.
In the cases and under the conditions set out in the GDPR. The rights listed in points 1-8 above can be exercised by contacting the Administrator.
VII. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
You have the right to lodge a complaint to the President of the Personal Data Protection Office when it is justified that your personal data is processed by the controller contrary to the provisions of the GDPR.
VIII. AUTOMATED DECISION MAKING, INCLUDING PROFILING
Your personal data will not be processed in an automated manner, including in the form of profiling.
IX. TRANSMISSION OF PERSONAL DATA TO A THIRD COUNTRY OR AN INTERNATIONAL ORGANIZATION
Your personal data will not be transferred to international organizations, however, it may be transferred to third countries (including the USA) through the Administrator’s use of tools of companies with registered offices or branches outside the EU.
The full text of the General European Data Protection Regulation (GDPR) can be found at: