Data Protection Policy

The controller of the personal data of the hotel guests of hotel Shuma (the “Hotel”) is Hotel Shuma Spółka Jawna LATOS [general partnership company], Żeglarska Street 20, 41-303 Dąbrowa Górnicza, Poland, share capital of PLN 120 000, KRS [National Court Register number]: 0000536516, District Court for Katowice-Wschód in Katowice, 8th Commercial Division of the National Court Register.

Person in charge is the President of Hotel Shuma Spółka Jawna LATOS, correspondence address is the same as the hotel address, e-mail: ,hotel@hotelshuma.pl, phone 32-264-43-71.

The Hotel processes the personal data to conclude and perform the contract for hotel services. Furthermore, the Hotel processes the personal data to:

1. help the Hotel seek claims for damage caused by the guests or defend against the guests’ claims towards the Hotel;

2. document the service performance for tax purposes (Article 86 of the Polish Tax Act);

3. ensure top quality of guest services;

4. fulfil statistical obligations (Article 30 of the Polish Public Statistics Act).

If a guest consents to the processing of his or her personal data for marketing purposes, the Hotel will process the data for that purpose, i.e. to send marketing materials and product and service offers to the guest.

Moreover, the Hotel processes the personal data of its guests collected through the hotel CCTV to ensure the safety and security of the Hotel guests and other visitors to the Hotel.

The legal basis for the processing of the guest’s personal data obtained by the Hotel is the contract for hotel services and/or the reservation made in the computer system.

The legal basis for the processing of the guest’s personal data for marketing purposes is the guest’s consent. The consent may be revoked at any time. The revocation of consent does not affect the processing which occurred before the revocation.

The legal basis for the processing of the guest’s personal data through the CCTV is the protection of the vital interests of the Hotel and other individuals and the legitimate purpose of the controller, that is, to ensure safety and security in the Hotel.

The legal basis for the processing of the guest’s personal data to ensure the top quality of hotel services is the legitimate purpose of the controller, that is, to achieve its business objectives.

The Hotel transfers the personal data to the following categories of entities:

1. suppliers of IT software;

2. transportation and taxi companies whenever a guest requests transportation or courier mail;

3. suppliers of legal services (law firms) who provide legal advice and legal representation.

The personal data will be processed for the following periods:

1. data collected in connection with the contract for hotel services will be processed for the duration of the statute of limitations of tax obligations or civil law claims of the Hotel or the guests, whichever is later;

2. data collected on the basis of the consent for marketing purposes will be processed for the duration of the consent for marketing purposes;

3. data collected in the CCTV will be processed for maximum 30 days of their recording and then will be permanently erased.

Every guest has the right to access his or her data, the right to rectification, erasure or restriction of processing of their data. Moreover, every guest has the right to object the processing and the right to data portability. The data are available on the Hotel premises. Moreover, the Hotel makes available the following e-mail address: hotel@hotelshuma.pl which can be used in matters related to personal data.

Every guest has the right to complain to the supervisory authority, namely the General Inspector for Personal Data Protection, ulica Stawki 2, 00-193 Warsaw.

The personal data including first name and last name, ID card number and the residence address are required to conclude a contract for hotel services. Without those personal data the Hotel is unable to conclude a contract for hotel services.

The Hotel does not take any automated decisions on the basis of personal data and does not carry out profiling.

The Hotel may receive personal data from providers of hotel reservation services. Additional information about entities involved in a specific reservation are available at the Hotel’s reception.