GDPR Consent

Privacy Policy

§1 Definitions
Service – the website hotelconrad.pl operating at https://hotelconrad.pl
External Service – websites of partners, service providers, or clients cooperating with the Data Controller
Data/Service Administrator – the Data Controller of the Service and Data is Ośrodek Żeglarstwa i Turystyki Wodnej Camp Pisz Marek Łachacz, NIP: 8490006438
User – a natural person for whom the Administrator provides electronic services via the Service
Device – any electronic device with software used by the User to access the Service
Cookies – text data stored as files on the User’s Device
GDPR – Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data
Personal Data – information relating to an identified or identifiable natural person (“data subject”)
Processing – any operation performed on personal data, automated or manual, including collection, storage, organization, modification, use, disclosure, restriction, or deletion
Restriction of Processing – marking stored personal data to limit its future processing
Profiling – automated processing of personal data to evaluate personal aspects, including work performance, economic situation, health, preferences, reliability, behavior, location, or movement
Consent – a voluntary, specific, informed, and unambiguous expression of the data subject’s will to allow processing of their personal data
Data Breach – accidental or unlawful destruction, loss, modification, unauthorized disclosure, or access to personal data
Pseudonymization – processing personal data so it cannot be attributed to a specific person without additional information, which is kept separately
Anonymization – irreversible processing of data to prevent identification or linking to a specific person
§2 Data Protection Officer 
Under Art. 37 GDPR, the Administrator has not appointed a Data Protection Officer. For all matters concerning data processing, including personal data, contact the Administrator directly. 
§3 Types of Cookies Internal Cookies 
Placed and read by the Service on the User’s Device
External Cookies – placed and read by external services integrated into the Service
Session Cookies – stored temporarily for one session and deleted after session ends
Persistent Cookies – stored until manually deleted, even after session ends
§4 Data Storage Security Cookies 
Are stored and accessed using browser mechanisms and cannot access other data on the User’s Device or other websites. Internal cookies are safe and do not contain scripts or data that could compromise the User’s device or personal data.
External cookies are chosen from trusted global partners. The Administrator cannot fully control their content or use and is not liable for external cookies beyond legal limits.
Users can change cookie settings or delete cookies at any time via their device or browser. 
§5 Purpose of Using Cookies 
To facilitate and improve access to the Service
Personalization of the Service for Users
Conducting statistics (visits, devices, connections, etc.)
§6 Purpose of Personal Data Processing 
Voluntarily provided data – for providing electronic services, communication with the Administrator, and legally justified interests
Automatically collected anonymous data – for statistics and legally justified interests
§7 External Service Cookies 
External partners may place cookies via scripts. Users can manage their browser settings to allow or block cookies. Third-party services may change their policies independently. 
§8 Types of Data Collected 
Automatically collected anonymous data: IP address
Browser type
Screen resolution
Approximate location
Pages visited and time spent
Operating system
Referring site
Browser language
Internet speed and provider
Data collected during registration: Name / surname / nickname
Email address
IP address (automatically collected)
Newsletter registration: Email address
Some non-identifiable data may be stored in cookies or sent to analytics providers. 
§9 Third-Party Access Personal 
Data is generally only accessible by the Administrator. Third parties maintaining infrastructure may access data under contractual agreements. 
§10 Processing of Personal Data 
Personal data is not transferred outside the EU, except when voluntarily made public by the User
Personal data is not used for automated decision-making or profiling
Data is not sold to third parties
Anonymous data may be processed or transferred outside the EU but is not sold or used for profiling. 
§11 Legal Basis for Processing GDPR 
Art. 6(1)(a) – consent
GDPR Art. 6(1)(b) – contract or pre-contractual actions
GDPR Art. 6(1)(f) – legitimate interests
Personal Data Protection Act (10 May 2018)
Telecommunications Law (16 July 2004)
Copyright and Related Rights Act (4 Feb 1994)
§12 Data Retention Period Voluntarily 
Provided personal data: stored during the provision of services, deleted or anonymized within 30 days after termination
Exceptions for legally justified purposes: up to 3 years
Automatically collected anonymous data: stored indefinitely for statistics
§13 Users’ Rights Access 
Request personal data
Rectification – correct inaccurate or incomplete data
Deletion – request deletion or anonymization of data
Restriction – limit processing (Art. 18 GDPR)
Data portability – receive data in a structured, machine-readable format
Objection – object to processing (Art. 21 GDPR)
Complaint – file a complaint with the supervisory authority
Newsletter users can unsubscribe using links in emails. 
§14 Contact with Administrator 
Contact via email: recepcja@hotelconrad.pl 
§15 Service Requirements 
Limiting or blocking cookies may affect website functionality. The Administrator is not responsible for malfunctions caused by blocked cookies. 
§16 External Links 
External links in the Service may lead to unsafe websites. The Administrator is not responsible for external content. 
§17 Changes to Privacy Policy 
The Administrator reserves the right to update this Privacy Policy at any time. Changes related to personal data will be communicated via email to registered users or newsletter subscribers within 7 days. Continued use of the Service indicates acceptance of the changes. Changes are effective immediately upon publication.