Privacy policy

Activities aimed at concluding and implementing a contract with the client or persons acting on behalf of the client in the scope of the administrator’s activities, including for the purpose of booking a stay, renting mountain bikes, booking training rooms and other

art. 6 section 1 letter b
(concerning customers);
art. 6 section 1 letter f RODO
(concerning people cooperating with us on behalf of the client/contractor).
The need to contact clients/employees/collaborators of clients and contractors in connection with actions taken to conclude a contract or implement it

Consideration of complaints, applications and claims.

art. 6 section 1 letters b, c and f of GDPR
For the duration of the contract or until the warranty expires or the complaint is settled.
The need to contact customers’ employees/associates in connection with the consideration of complaints, requests and complaints.

Establishing, investigating and defending against claims

art. 6 section 1 letter f RODO
For the period until the expiry of the limitation periods for claims arising from the contract – in accordance with applicable law.
Processing data of clients or contractors and their employees/collaborators in connection with the determination, pursuit and defense of claims.

Conducting settlements, accounting and financial reporting

art. 6 section 1 letter c GDPR
For the period until the expiry of the data storage obligations arising from legal provisions, in particular the storage of accounting documents (in principle, for 5 years after the year in which the legal event that obliged to issue an accounting document occurred)

Keeping statistics

art. 6 section 1 letter f RODO
For the duration of another processing operation indicated in this table. We do not store personal data solely for statistical purposes.
Improving business operations thanks to conclusions drawn based on statistical activities

Data processing as part of a profile on the Facebook social networking site

art. 6 section 1 letter f RODO
The data is co-administered by Administrator and Meta Platforms
The data will be processed until you object to data processing.
Conducting ongoing correspondence using tools provided by Facebook, including Messenger, and conducting other marketing activities.

Cookies processing

art. 6 section 1 letter f RODO
The administrator uses necessary cookies to enable basic functions of the website. Moreover, in the case of conducting statistical research, marketing or saving user preferences using cookies, the administrator will obtain consent to save cookies on the user’s device.
In such a case, the data will be processed for the periods indicated in the Cookie Policy or until an objection to data processing is raised.
Enable basic website functions. Adapting the content of websites to the needs of users, including for marketing and statistical purposes, optimizing the use of websites

Human resources management – ​​employees and co-workers

art. 6 section 1 letter a, b, c and f GDPR;
art. 9 section 2 letter b GDPR
In accordance with applicable regulations requiring the archiving of documents in the field of labor law, i.e. We keep personal files for 50 or 10 years.
If the retention period for selected documents is shorter, the administrator will respect this shorter period.
Civil law contracts will be stored until the limitation periods for claims arising from them expire.
Dissemination of the image of an employee/collaborator based on copyright consent

Conducting recruitment

art. 6 section 1 letter a and c GDPR
(concerning candidates for employees);
art. 6 section 1 letter a and b GDPR
(concerning candidates for collaborators)
Up to 6 months from the end of the recruitment process, and in the case of consent to further recruitment processes, no longer than one year

Marketing of own services, sending offers electronically, saving and organizing competitions and promotional campaigns

Art. 6 section 1 letter a and f GDPR
(data processed until consent is withdrawn or objection is raised)

Video surveillance

Art. 6 section 1 letter f GDPR
(data processed in connection with ensuring the safety of persons and property)
Up to 90 days from registration

Data recipients

We will disclose your personal data to the following entities providing services to us:

• hosting and IT,
• legal and insurance,
• courier and postal services,
• maintaining a booking module on our website,
• conducting marketing
• state authorities and services pursuant to applicable provisions to obtain personal data, provided that they have appropriate legal grounds to request personal data,
• carrying out tasks in connection with cooperation with our Hotel
• owners of websites whose plug-ins may be located on the website and social media profiles.

Rights regarding processed data and voluntariness of providing them

Each person whose data is processed has the right to:

• access to your data and receiving a copy thereof,
• rectification (correction) of your data,
• deleting your data,
• limiting the processing of your data,
• transfer your data – if the legal basis for their processing is consent (Article 6(1)(a) or Article 9(2)(a) of the GDPR) or contract (Article 6(1)(b) of the GDPR),
• object to the processing of her personal data – if the legal basis for their processing is legitimate interest (Article 6(1)(f) of the GDPR).
• withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

More information about the rights of data subjects can be found in the provisions of Art. 12–23 GDPR.
In addition, the person whose data is processed has the right to lodge a complaint with the supervisory authority, i.e. President of the Personal Data Protection Office.
More information at: https://uodo.gov.pl/pl/p/skargi.

Obligation/voluntary provision of your personal data?

Providing data is necessary to conclude contracts and settle business activities as well as to comply with legal requirements. This means that if you want to use the services we offer (including booking accommodation, a training room, renting a bike, skis or other services), becoming our contractor (supplier) or employee/collaborator, you must provide your personal data.
If your employer or other entity has indicated you as a contact person in connection with the conclusion/performance of the contract, your data will be processed to the extent disclosed by this entity (standard name, surname, position, e-mail address and telephone number).
In the remaining scope, providing data is voluntary.

Transfer of data to third countries

Personal data will generally not be transferred outside the European Economic Area (hereinafter: “EEA”).
If, over time, we conclude an agreement for the provision of ICT services with entities operating outside the EEA, it will always be done with verified entities that ensure personal data protection.
In accordance with the decision of the European Commission, recipient countries from outside the EEA ensure an adequate level of personal data protection in accordance with EEA standards. The decision issued by the Commission towards the US covers companies participating in the Data Privacy Framework. We only cooperate with companies participating in this program. More information on this subject can be found at: https://www.dataprivacyframework.gov/s/
The method used to secure your data is consistent with the principles set out in Chapter V of the GDPR. You can request further information about the safeguards used in this regard, obtain a copy of these safeguards and find out where they are made available.

Processing of personal data in an automated manner

Your personal data will not be used for the purpose of automated decision-making (including in the form of profiling) in such a way that as a result of such automated processing, any decisions could be made that would produce legal effects or would similarly affect any effects on customers, contractors, their employees or associates, as well as the administrator’s employees or associates or job candidates.