PRIVACY POLICY/GDPR AND COOKIES

The Privacy Policy (hereinafter: "the Policy") and the Cookie Policy  specify in details the basic principles of personal data processing and data protection standards ensuring compliance with national and EU data protection regulations, in particular with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC) of the General Data Protection Regulation (hereinafter: the GDPR).

The Policy also specifies the basic principles of collecting, processing and using data provided by users with regard to their use of the services offered by the website  www.SquareApartmentsGdynia.pl (hereinafter: “the Website”) as well as the Cookie Policy.

The owner of the Website is Premium Management S.A., with its registered office in Gdynia (81-472),  Legionów 126-128 street, registered in the National Court Register in the District Court Gdańsk-Północ in Gdańsk, VIII Economic Department of the National Court Register under the number KRS (National Court Register) 0000677966, NIP (Tax Identification Number) 586-227-30-23, REGON (National Business Registry Number): 221516706. 

Processing of Personal Data

Administrator of the Personal Data

The Administrator of your personal data is Premium Management S.A. with its registered office in Gdynia (81-472), at Legionów 126-128 street, registered in the National Court Register in the District Court Gdańsk-Północ in Gdańsk, VIII Economic Department of the National Court Register under the number KRS (National Court Register) 0000677966, NIP (Tax Identification Number) 586-227-30-23, REGON (National Business Registry Number): 221516706.

In matters related to your personal data, please contact the Data Protection Officer - Ms. Marzena Nowak:

• by regular postal service: Premium Management S.A., Legionów 126-128 street, 81-472 Gdynia;
• by e-mail iod@squareapartmentsgdynia.pl.

Your personal data are obtained when you contact us by phone, e-mail or in person, or through a contact form, as well as by making an online reservation on our Website.  Pieces of data might also be obtained through third-party booking portals. They might be shared with the Administrator by a travel agency or other tour operator that makes reservations at the Facility on your behalf, as well as from a contractor with whom the Facility has a cooperation agreement and of whom you are an employee or associate.

Purposes and Legal Basis for Processing Personal Data

1. Taking action at your request prior to entering into a contract (i.e. making a reservation in person, by phone, e-mail or online reservation system), as well as entering into and executing a contract for the provision of hotel services, purchasing a Voucher - the legal basis for such data processing is Article 6(1)(b) of the GDPR, which allows processing personal data if they are necessary for the performance of the contract or taking actions aimed at entering into the contract.
2. Issuing an invoice and fulfilling other obligations under the law, including in particular tax, accounting and statistical obligations - the legal basis for such data processing is Article 6(1)(c) of the GDPR, which allows processing personal data if such processing is necessary for the Data Administrator to fulfill its obligations under the law.
3. If you have booked a stay through a third-party booking portal, your stay data may be processed for the purpose of fulfilling the contract between the Data Administrator and the operator of such portal (e.g., for billing purposes, informing about a reported complaint). With regard to the reservation through a third-party booking portal the following personal data might be acquired: name and surname, e-mail address, phone number, payment card details. The scope and amount of data depends on the specifications of the portal and the type of reservation made - the legal basis for such data processing is Article 6(1)(f) of the GDPR, which is a legitimate interest pursued by the Personal Data Administrator.
4. Handling and processing of complaints and inquiries - the legal basis for such data processing is Article 6(1)(f) of the GDPR, which is the legitimate interest of the Personal Data Administrator understood as the ability to address the issues raised within the reported complaint.
5. Investigating, establishing or defending against claims, and asserting possible claims by the Personal Data Administrator in connection with the damage suffered, for archival and evidential purposes, as well as conducting debt collection - the legal basis for such data processing is Article 6(1)(f) of the GDPR, which is a legitimate interest pursued by the Personal Data Administrator (in this case, the interest is the possibility of asserting or defending against claims in connection with the performance of services).
6. Ensuring security and preventing fraud or destruction of property - the legal basis for such data processing is Article 6(1)(f) of the GDPR, which is a legitimate interest pursued by the Personal Data Administrator (in this case, the interest is to ensure the security of Guests and other people staying on the premises or within the premises by means of a video surveillance system recording people staying in the monitored area). Detailed information about the processing of personal data can be found on Klauzuli informacyjnej - monitoring wizyjny.
7. Direct marketing - the legal basis for such data processing is Article 6(1)(f) GDPR (legitimate legal interest of the Administrator).
   
8. The use of cookies on the website (the Cookie Policy will be described in a separate section) - the legal basis for such processing is Article 6(1)(a) of the GDPR, which allows us to process personal data on the basis of voluntarily given consent (the first time you access the website, you are asked to consent to the Cookie Policy).
9. Maintenance of www.SquareApartmentsGdynia.pl - the legal basis for such data processing is Article 6(1)(f) of the GDPR, which allows the processing of personal data if by doing so the Personal Data Administrator pursues its legitimate interest (in this case the interest of the Personal Data Administrator is to ensure the correct operation of the website.

• Date and time;
• Browser information;
• Information about the operating system - these data are saved automatically in the so-called server logs every time you use a site belonging to the Facility. Administering a website without the use of a server and without the automatic recording would not be possible.

Recipients of Personal Data

Personal data will be processed by the Administrator and may be processed by authorized public authorities, correspondence providers, and legal advisory service providers, technical and technological service providers including IT, security, payment, banking, and marketing. Such entities process data on the basis of an authorization or agreement with the Administrator and only in accordance with the Administrator's instructions. Personal data may be disclosed to the Administrator's insurer if necessary for the settlement of the claim. If the Guest participates in a group stay, personal data may be disclosed to the organizer of the group stay, and if the Guest has booked a stay through a third-party booking portal, data about the stay, including complaints made, may be disclosed to the operator of that portal.

Storage of Personal Data

Your personal data will be processed:

• for the duration of the contract, and after its termination (expiration) further data will be stored for a period of time: 3 years or 6 years for personal data processed to establish, assert or defend claims counting from the end of the calendar year. It depends on whether or not both parties are entrepreneurs;
• 6 months with respect to personal data that was collected when pricing a service or taking other steps to conclude a contract, in spite of the fact that no contract was concluded;
• 5 years with respect to the fulfillment of obligations under the tax law (invoices, corrections and duplicates of accounting documents) counting from the end of the calendar year in which the deadline for tax payment expired;
• until the withdrawal of your consent until the purpose of the processing is achieved;
• video data for a period not exceeding 3 months starting at the day of recording except when the recording may constitute evidence in proceedings and it has been secured - the period might be extended until the completion of the investigation, evidence or court proceedings;
• until such time as an objection is successfully raised, or to the extent that the rights of data subjects are exercised or the purpose of the processing is achieved, but for no longer than 6 years counting from the end of the calendar year in which the purpose of the processing has ceased with respect to personal data processed on the basis of the Administrator's legitimate interests or for marketing of the Administrator's own services and goods;
• until it becomes obsolete or void, but for no longer than 3 years for personal data processed primarily for analytics, cookie use and website administration.

We count the above periods from the end of the calendar year in which we began processing personal data to streamline the process of deleting or destroying personal data.

Rights of data subjects

Under the terms of the data protection legislation, you have the following rights: to access your data and receive a copy of them, to rectify your data, to request erasure of your data, to request restriction of data processing, to object to data processing, to transfer your data. In addition, you have the right to lodge a complaint with the supervisory authority - the President of the Data Protection Authority - if you consider that the processing of your personal data violates data protection regulations.

To the extent that the basis for processing your personal data is consent, you have the right to withdraw it. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

Obligation to Provide Information Concerning Personal Data Protection

Providing personal data is mandatory, in a situation where the premise for the processing of personal data is a provision of law or a contract concluded between the parties. Providing personal data when making a reservation or purchasing a Voucher is voluntary, but necessary in order to finalize a reservation and be able to use the Facility's services. If you wish to receive a VAT invoice, the obligation and scope of providing data for a VAT invoice is based on the provisions of the Law on Tax on Goods and Services. Failure to provide data will prevent from receiving a VAT invoice. Where processing is based on consent, the provision of personal data to the Administrator is voluntary.

Profiling

The Administrator will not process your data in a manner that leads to automated decision-making within the meaning of Article 22 (1) and (4) of the GDPR.

Transfer of Data to Other Countries

Data will not be transferred outside the European Economic Area or to an international organization.

Cookies

Our Website does not automatically collect any data about users, except for information collected through HTTP Cookie technology (hereinafter: „cookies”).

What are cookies and what are they used for?

Cookies are small text files that are sent by the Website to the web browser installed on a user's device, and are sent by that user's web browser each time the user accesses the Website.

Cookies make the use of the Website easier and more comfortable for the user.

Types of cookies used on the Website: 

• conversion files that allow us to analyze the performance of various sales channels;
• tracking files that, combined with conversion files, help analyze the performance of various sales channels;
• remarketing files, which we use to personalize the content of ads and target them appropriately;
• analytics files that help us improve the user experience of our site by understanding how users use it;
• essential files that are important for the basic functionality of the Website.

The Website uses cookies for the following purposes: 

• to obtain statistical data about users' traffic and their use of individual pages of the Website;
• to enable identification and memorization of users’ preferences in order to learn about their behavior and interests;
• the proper functioning of our site, so that the booking process is carried out with as little difficulty as possible.  

How can the user manage cookies?

By accepting the Cookie Policy in their browser, the user consents to the storage and functionality of cookies while using the Website. Accepting cookies is a prerequisite for proper and full use of our Website. You may refuse to use cookies in your browser at any time; however, disabling cookies may make it difficult or even impossible to use the Website. Detailed information on how to configure your browser’s cookies is available in its settings.

Server log files

The fact that each element of the Website is displayed properly is stored in the so-called server log files. The data stored in this way contain the following information: the date and time of the download, the name of the page opened, the IP address, the source port, the URL of the reference page (the address of the page from which the user was redirected), the amount of data downloaded, as well as information about the product version of the web browser used.

This information is used to optimize and monitor the status of the server, to increase its security, including protection against cyberattacks, and to provide information to law enforcement agencies in case of catfishing or extortion.

How do we notify you of a change in our Cookie Policy?

Information on the changes to the Cookie Policy will be promptly published on the Website and shall take effect on the date of their publication on the Website.

Copyrights

All content and information contained on our Website, including in particular trademarks, data, texts, photos, graphics, videos, or other materials are the property of Premium Management S.A. with its registered office in Gdynia (81-472), at Legionów 126-128 street, are subject to protection in accordance with the Law of February 4, 1994 on Copyright and Related Rights for use, display, copying, transmission, distribution, alteration or deletion. Accordingly, any action in the indicated scope taken without prior written consent is illegal and will constitute an infringement of the intellectual property belonging to Premium Management S.A. with its registered office in Gdynia (81-472), at Legionów 126-128 street.

Hyperlinks

Hyperlinks have been included in the Website only for the sake of convenience. We do not take responsibility of their functionality as they operate independently of our site.  The Administrator is not responsible for the information provided by the owners of other sites, as well as the privacy/data protection policies of other entities.

Social Media

On the Website, we have a so-called Facebook and Instagram pixels, which allow you to go directly to a particular social media page and log in to your profile, and then continue browsing the Facebook or Instagram page of the Facility and/or liking it, inserting a post, a comment or a photo. However, in order to do so, we must use cookies provided by Facebook and its products including Instagram, Messenger and other products and features offered by Facebook and Google. Information on the processing of personal data by the Administrator can be found on Polityce prywatności użytkowników fanpage w serwisie Facebook oraz profilu Instagram Square Apartments Gdynia

TripAdvisor

In order to promote our facilities and for you to express your opinion on the services, we have also posted a so-called pixel to Tripadvisor's platform, which processes your personal data in connection with the posted comment. More information can be found on https://tripadvisor.mediaroom.com/pl-privacy-policy https://pl.tripadvisor.com/pages/serviceEN.html

It also gives us the opportunity to process your data (photo, nickname, first name, surname, age, locality), as well as have the opportunity to communicate with you by approving (clicking) the word - thank you, when we are satisfied with a good opinion about us. TripAdvisor also allows its members (facility managers) to contact you without providing an email address, but through a private message system, which is only to: give thanks, ask for comments, clarify irregularities, problems, and discuss the reservation with the user. Within the framework of other online forums (e.g. Google forum, booking platform forum, e.g. Booking.com) through which you voluntarily share, in a public way, your impressions of your stay by providing your data, i.e. name and/or surname or so-called nickname of the person commenting and posting their photos.