Package for girlfriends

We make every effort to adequately secure your personal data and show you in a transparent way how we use it.

Since 25 May 2018, European data protection laws have been in force in the form of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (Journal of Laws. EU L 119, 4.05.2016, p. 1) (“GDPR”).

Therefore, we would like to inform you about the processing of your personal data that you provide to us in connection with the use of the website: www.hotelglar.pl, contact form, contact via e-mail, newsletter and fan page on social networks for the purpose of contacting us, receiving marketing communications from us, including offers regarding our products and services.

The administrator of personal data is “Poręlenia Kredytowe” Sp. z o.o. with its registered office in Warsaw, postal code 00-814, ul. Miedziana 3A lok. 22, entered in the National Court Register maintained by the District Court for the capital city of Warsaw in Warsaw, XIII Commercial Division of the National Court Register under KRS number 0000233310, REGON 14009630, NIP 118-18 178-35-60.

Contact details of the Controller's Personal Data Inspector: e-mail: iodo@pksp.pl

Our website and communication through other channels may contain links to external services. Personal data provided through such websites, websites and links are not subject to this privacy policy and we are not responsible for the processing of personal data through such websites. The websites linked to on our website have their own privacy policy specifying how user data is processed.

When using the Hotel GLAR profile and Loans and Credit Guarantees on Facebook, the data entered by Users of social networks may be processed by Meta Platform Ireland Limited, MERRION ROAD, DUBLIN 4, D04 X2K5, IRELAND. The operators of social networks process personal data on their own, in accordance with the privacy policy they have introduced. The privacy policy of individual social networks can be read at the following addresses:

• Facebook: https://www.facebook.com/privacy/explanation/
• Messenger: https://www.facebook.com/policy.php

Personal data will be processed by the Administrator only for the purposes for which they were provided or collected. The processing of your personal data takes place for at least one of the following purposes in the table:

General objective Specific purpose and legal basis Processing period

Use of the www.hotelglar.pl website and tools available there, including, among others, the newsletter, contact form, including communication via e-mail Enabling the use of the website, i.e. flawless presentation and optimization of the website and use of the functionality of the required cookies - based on our legitimate interest (Article 6 (1) (f) of the GDPR). For the period indicated below in the section named as Cookie Policy.

Providing the possibility of using the functionality of optional cookies — based on your consent (Article 6 (1) (a) of the GDPR). Until its withdrawal, deletion of the history of “cookies”, however, no longer than by the actions of cookies, specified in detail in the Cookie Policy.

Information about new services of the Administrator, for marketing purposes of conducting research and analysis of sales and quality of services pursuant to Article 6 (1) (a) of the GDPR via newsletter. Until withdrawal of consent or for the period of pursuing possible claims, and in the absence of confirmation of receiving the newsletter, your data will be processed for 48 hours.

Direct marketing, including the presentation of services and products offered by the Administrator (except marketing conducted electronically) — on the basis of a legitimate interest (Article 6 (1) (f) of the GDPR). No longer than is necessary for the purposes for which these data are processed.

Conducting communication and answering the question asked - the legal basis for data processing is the necessity of processing to fulfill the legitimate interest of the Controller. The legitimate interest of the Administrator is in this case the possibility of responding and conducting communication (Article 6 (1) (f) of the GDPR). For a period of 12 months counted from January of the following year in which the request was sent.

Determination, defence and assertion of claims (Article 6 (1) (f) of the GDPR). For the period indicated in the provisions of law for the limitation of individual types of claims.

Using a fan page on social networks Communication and responding to comments and messages posted on the profile or sent through it (Article 6 (1) (f) of the GDPR). For a period of 12 months counted from January of the following year in which the request was sent.

Conclusion and implementation of the contract — if the contact via the portal concerns issues related to the conclusion of cooperation (Article 6 (1) (b) of the GDPR). For a period of 5 years (counting from the end of the calendar year in which the accounting document was issued).

Responding to complaints — if the contact via the portal concerns the submission of a complaint (Article 6 (1) (c) of the GDPR). For the period indicated in the provisions of law for the limitation of individual types of claims/complaints.

Direct marketing and statistical objectives (Article 6 (1) (f) of the GDPR). No longer than is necessary for the purposes for which these data are processed.

Possible investigation or defence of claims (Article 6 (1) (f) of the GDPR). For the period indicated in the provisions of law for the limitation of individual types of claims.

In order to operate the website, the Administrator may process information such as: information about the User's device in order to ensure the correct operation of the service, e.g.: IP address of the device, information contained in cookies, session data, web browser data, data on website activity. This information does not contain data concerning the identity of the Users, however, in combination with other information, it may constitute personal data, so the Administrator ensures the protection of this information appropriate for the protection of personal data and informs Users about its processing. The processing of data collected via the website does not violate the rights and freedoms of Users.

The data administrator on the website: www.hotelglar.pl provides a contact form through which it is possible to contact the Users. In connection with the above, the following categories of data are processed: name, e-mail address, telephone number (optional) and the content of the request submitted by the User.

In order to enable Users to contact the Administrator, the Administrator processes the data of persons contacting the Administrator via the Messanger messenger. Processed are: name or surname of the User, the content of the correspondence (messages, threads). These data are not stored by the Administrator in a place other than the account on the Facebook portal, in particular the Administrator does not save this data on its own servers.

On the fan page and other accounts on social networks, the Administrator may post marketing information regarding the services provided and events or competitions and promotional campaigns that he organizes or in which he participates.

Due to the specificity of social networks, information about fanpage followers, likes and content of comments, posts, photos and other information posted by Users may be made public to other users and third parties, which the Administrator has no influence over.

The data controller does not use its own reservation system on the website, but contains a link to the reservation system thanks to the Profitroom application — created by: Profitroom S.A., ul. Franklin Roosevelt 9, Poznań 60-829, NIP: 5252423458.

If you made a reservation through an intermediary (e.g. a booking platform), we received the data from this intermediary. It can be:

• https://www.booking.com/ - B.V., Herengracht 597, 1017 CE Amsterdam, Netherlands.
• https://www.expedia.com/ - Inc., Attn: IP/Trademark Legal Dept., DMCA Complaints, 1111 Expedia Group Way W., Seattle, WA 98119
• https://www.hrs.com/ - HRS GmbH, Breslauer Platz 4, 50668 Cologne, Germany
• https://www.kurzurlaub.de/ - Super Urlaub GmbH, Werderstraße 74 D, 19055 Schwerin, Germany
• https://www.secretescapes.com/ - Secret Escapes Limited, 4th Floor, 120 Holborn, London EC1N 2TD
• https://www.travelcircus.de/ - Travelcircus GmbH, Aroser Allee 76, 13407 Berlin
• https://www.slevomat.cz/ - Slevomat.cz, s.r.o., Sídlo: Pernerova 691/42, 186 00 Praha 8 — Karlín Zapsaná v: Obchodní rejstřík vedený Městským soudem v Praze, oddíl C, vložka 166961
• https://www.tui.pl/ - TUI Poland Sp. z o.o. and TUI Poland Distribution Sp. z o.o. with its registered office in Warsaw at 22a Wołoska Street, 02-675 Warsaw
• https://triverna.pl/ - Triverna Sp. z o.o., 17A Niemierzyńska Street, 71-441 Szczecin, TIN: 6351830569,
• https://travelist.pl/ - Travelist limited liability company with its registered office in Warsaw, at ul. Fabryczna 5, 00-446 Warsaw, NIP 7010359657.
• https://www.unityline.pl/ - UNITY LINE LIMITED Sp. z o.o. Branch in Poland, with its registered office in Szczecin at Pl. Rodle 8, 70-419 Szczecin, TIN: 3020001748.
• https://www.tripadvisor.com/ - Tripadvisor Inc., 400 1st Avenue, Needham, MA, USA 02494.

If the booking was made directly at Hotel GLAR Conference & SPA, we received the personal data directly from the person making the booking.

If you use an electronic payment, data on the transfer made via the PolCard application will be received from: Fiserv Polska S.A. (owner of the Polcard trademark), Al. Jerozolimskie 100, 00-807 Warsaw, Registry Court: District Court for the capital city of Warsaw, KRS no. 0000061293, NIP: 526-02-10-429.

Your personal data is or may be transferred to the following categories of recipients:

a) persons authorized by the Administrator, employees and associates, members of the Administrator's bodies, who must have access to personal data in order to perform their duties,

b) service providers, including those supplying the Administrator with technical and organizational solutions enabling management of the Administrator's organization (in particular providers of ICT, postal, forwarding, legal, accounting, audit, security and data storage, tax and accounting services, protection of persons and property), on the basis of relevant data processing entrustment agreements.

Your personal data will not be transferred to third countries (outside the EEA) or international organisations and are not subject to automated decision-making, including profiling.

You have:

1) the right of access to data (Art. 15 GDPR),

2) the right to rectification of data (Art. 16 GDPR),

3) the right to erasure data (Art. 17 GDPR),

4) the right to restrict data processing (Art. 18 GDPR),

5) the right to object to data processing (Art. 21 GDPR),

6) the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw (Art. 77 GDPR).

The Data Controller reserves the right to make changes to the Privacy Policy if required by law or changes introduced in the functionality of the Services.

Current version of the Privacy Policy: 17.04.2024 r.

In connection with the provision of the content of the website, so-called cookies are used, i.e. information stored by servers on the user's terminal device, which can be read each time they connect to this terminal device, may also use other technologies with functions similar or identical to cookies. Cookies (so-called “cookies”) are IT data, in particular text files, which are stored on the end device of the website user. They usually contain the domain name of the website from which they come, the time they are stored on the end device, and a unique number.

Cookies are used to:

a. adapting the content of the websites of the Websites to the User's preferences and optimizing the use of the websites; in particular, these files allow to recognize the User's device and properly display the website tailored to his individual needs - the legal basis for processing is Article 6 (1) (a) of the GDPR - consent of the data subject. The data subject has the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing, which was carried out on the basis of consent before its withdrawal,

b. creating statistics that help to understand how Users use websites, which makes it possible to improve their structure and content - the legal basis for processing is Art. 6 para. 1 lit. f GDPR - legitimate interest of the Administrator, consisting in conducting analyses of Users' activity, as well as their preferences, in order to improve the applied functionalities and services provided.

As part of the provision of services at the highest level, the website uses the following “cookies”:

1) Necessary cookies - Cookies necessary for the operation of services available on the website, enabling viewing offers or making reservations, supporting security mechanisms, including: authentication of users and detection of abuse. These files are required for the proper functioning of the website. They do not require your consent.

2) Analytical cookies - Cookies enabling the collection of information about the way the user uses the website in order to optimize its functioning and adapt to the expectations of the user. By agreeing to these cookies, you agree to the processing of data concerning your activity on the website for analytical purposes.

3) Marketing cookies - Cookies enabling the user to display marketing content tailored to his/her preferences and to send notifications about marketing offers corresponding to his/her interests, including information on the user's activity, products and services of the website administrator and third parties. Consent to these cookies means that your data can be used to personalize advertising and analyze the effectiveness of our advertising campaigns.

In many cases, web browsing software (web browser) allows cookies to be stored on the user's end device by default. Users of the website can change the settings for cookies at any time. These settings may be changed in particular in such a way as to block the automatic handling of cookies in the settings of the web browser or to inform about each time they are placed in the device of the website user.

In this table we describe details about the use of cookies on the website: