Dear Sir or Madam,
In connection with the Personal Data Protection Regulation entering into force on 25 May 2018, NAP Grzegorz Kukiz, fulfilling the information obligation, declares that pursuant to art. 13 paragraphs 1-2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ EU L No. 281) – hereinafter referred to as: GDPR – the controller of your personal data is NAP Grzegorz Kukiz with its registered office in Gorzków 383, 32-020 Wieliczka, Poland, hereinafter referred to as the Controller.

Ensuring the security of your personal data is our priority – that's why below you'll find a package of essential information that will clearly explain the changes. You'll learn how we process your personal data and what your rights are in relation to it. We have a dedicated team of people who will answer your questions and concerns in this regard. Contact details can be found in the aforementioned package.

Who is the personal data controller?

The controller of your personal data is NAP Grzegorz Kukiz with its registered office in Gorzków 383, 32-020 Wieliczka, NIP 7921045840, REGON 650888396.

How to contact us to obtain more information about the processing of your personal data? 

In matters related to the processing of your personal data, you can contact our support team at the following e-mail address: rezerwacje@hostelkc.pl

What is the purpose of personal data processing and the legal basis for this processing? 

• performance of the sales contract concluded with you (legal basis: Article 6, paragraph 1, letter b of the Regulation and Article 535 of the Civil Code)
• contacting you to provide information or respond to your inquiry (legal basis: Article 6 paragraph 1 letter b of the Regulation or Article 6 paragraph 1 letter f of the Regulation as the legitimate interest of the controller, which is to ensure appropriate customer service)

Where do we get your data from? 

We received them from you when making a reservation and using the contact form.

Who is personal data transferred to?

In order to ensure proper organization, service and performance of contracts, your personal data may be transferred to the following categories of recipients:
1. service providers supplying the Controller with technical or organizational solutions enabling sales or services on your behalf, or managing the organization (in particular ICT service providers, courier or postal companies, payment intermediaries),
2. providers of legal and advisory services and those supporting the Controller in pursuing due claims (in particular law firms, debt collection companies),
3. accounting service providers in order to fulfill accounting obligations.

Is or will personal data be transferred outside the European Union? 

Because the controller uses the services of other providers, such as hosting or IT systems, your personal data may be transferred outside the European Union. In such cases, appropriate measures will be taken to secure your personal data.

For how long will personal data be processed? 

Your personal data is processed by the Controller for the time necessary to perform the contract, and in the case of data processing for the purpose of pursuing claims (e.g., debt collection proceedings), for the limitation period for claims under civil law. We process data for accounting and tax purposes for 5 years from the end of the calendar year in which the tax liability arose. After the aforementioned periods, your data is deleted or anonymized.

What rights do people whose personal data is processed have? 

You have the right to request access to, rectification, erasure, or restriction of processing of your data from the Controller. You may exercise the right to object to the processing of your data and the right to transfer your data to another controller. You also have the right to lodge a complaint with the body supervising compliance with personal data protection regulations.

Is the provision of personal data a statutory or contractual requirement or a condition for entering into a contract? 

Using the Administrator's services, including entering into a contract with the Administrator regarding its activities, is entirely voluntary. However, as an entrepreneur, the Administrator is obligated to perform the contract or maintain documentation in a manner specified by law, including using your personal data. Providing your personal data may be a contractual obligation or a condition of entering into a contract. For accounting and tax purposes, the Administrator also has a legal obligation to process your data, meaning that in this case, providing your data is a statutory requirement.

Is the data subject obliged to provide the data and what are the possible consequences of not providing the data? 

Failure to provide data may result in refusal to perform the contract due to the impossibility of its execution. For accounting or tax reasons, failure to provide data may result in, for example, the inability to issue an invoice or accounting document to you.

Is automated decision-making, including profiling, used?

The Administrator does not use automated decision-making, including profiling.

Will personal data be processed for a purpose other than the purpose for which the personal data was collected? 

Personal data will not be processed for any purpose other than that for which they were collected.

Legal basis for providing information 

Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, hereinafter referred to as the "Regulation").