Privacy Policy & GDPR

This Privacy Policy sets out the rules for the processing and protection of personal data provided by users in connection with their use of the services offered by the BALIASPA website (hereinafter: the Website).

The controller of personal data contained on the Website is “FASADA-INVESTMENT” LIMITED LIABILITY COMPANY ul. Piłsudskiego 32, 35-001 Rzeszów, Poland, entered in the register of entrepreneurs under KRS: 0000199519 (NIP: 8130334761, REGON: 008032382) (hereinafter: the Controller).

In order to ensure the security of the entrusted personal data, the Controller operates on the basis of internal procedures and guidelines compliant with the relevant legal acts on personal data protection, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

The Controller takes special care to protect the interests of data subjects and, in particular, ensures that personal data are:

processed lawfully,
collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes,
factually correct and adequate in relation to the purposes for which they are processed,
stored in a form that permits identification of the data subjects for no longer than is necessary to achieve the purpose of the processing.

The Controller obtains information about users and their behaviour through the voluntary provision of information in forms, in order to:

respond to users’ enquiries submitted via the contact form, based on Article 6(1)(f) GDPR,
accept reservations via the online booking system, based on Article 6(1)(b) GDPR,
provide services performed by the Controller, based on Article 6(1)(b) GDPR,
carry out marketing activities, including sending commercial information to an email address, if the Customer has given consent by selecting the appropriate option during the booking process, based on Article 6(1)(a) GDPR. Consent to the processing of data for marketing purposes and to receiving commercial information may be withdrawn by clicking the appropriate link in the received message or by sending such a request to the Controller’s email address,
pursue the Controller’s legitimate interests in specific cases, based on Article 6(1)(f) GDPR, e.g. debt collection.

Cookies

During the first visit to the baliaspa website, the user is informed about the use of cookies. By remaining on the website, the user accepts the use of cookies on the website. If the user does not change the browser settings, this is tantamount to giving consent to the use of “cookies”.

Changes to cookie settings will take effect after restarting or refreshing the session on the Controller’s website.

The installation of “cookies necessary for the basic functionality of the Website” is required for proper operation, in particular for authorisation purposes.

Cookies necessary for the operation of the website may be changed by adjusting browser settings; however, please note that changing the settings may cause the website to function improperly.

More information about cookies is available in the “Help” section in the user’s web browser menu.

Users who, after reading the information available on the Website, do not want cookies to remain stored in the web browser of their device should delete them from their browser after finishing their visit to the Website. The Website uses the following types of cookies:

session cookies - remain in the browser until it is closed or until the user logs out of the Website,
persistent cookies - remain in the device’s web browser until they are deleted by the user or until the pre-set time specified in the cookie parameters has elapsed.

In terms of functionality, cookies can be divided into:

analytics cookies, which help improve user experience by understanding how users use the website and convert on it,
marketing cookies, used to personalise advertising content, properly target it and analyse the performance of marketing channels and sales channels,
necessary cookies, which are fundamental for the basic functionality of the Website.

The cookies we use allow us to develop our website.

Some cookies may be placed by the provider of the Online Booking System solely for the purpose of:

improving and supporting the booking process,
analysing and collecting statistical data regarding the use of the website and the online booking system, in order to improve them,
the provider of the Online Booking System informs about installed cookies in the user interface of that system.

The Controller may use automated decision-making, including profiling, for marketing purposes (including automated matching of advertisements to your interests and measuring their effectiveness), and to tailor offers, based on Article 6(1)(a) GDPR.

Recipients of personal data may include authorities, institutions and entities authorised under applicable laws, as well as entities providing services to the Controller (e.g. legal, IT, marketing, accounting services and other entities involved in the performance of the ordered service).

We use the following analytics tools: Google Analytics

We use the following marketing tools: Facebook Pixel

The user of the Website who provided the data has the right to access the data processed by the Controller. The user also has the right to modify such data, request their deletion, and restrict or object to the processing of their personal data at any time. At any time, the user may also request deletion of their personal data from the website. The right to data portability does not apply, as no standard for exchanging such data between hotel facilities has been established.

In order to exercise the rights indicated above, the user of the Website should contact the Controller using the same email address or phone number provided to the Website, by contacting: rodo@bristol-rzeszow.pl

The user of the Website has the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal, by contacting the Controller directly or, in the case of technology, by changing cookie settings.

Any user of the Website may lodge a complaint with the Personal Data Protection Office.

The Website may contain links to other websites that operate independently of the Website and are not supervised by the Website in any way. Such websites may have their own privacy policies and terms and conditions, which we recommend you read carefully.

The Controller reserves the right to make changes to the website’s privacy policy, which may be caused by the development of internet technology, possible changes in personal data protection law, and the development of the Website. We will inform users of any changes in a visible and understandable manner.

GDPR

Controller of Hotel Guests’ Personal Data

The controller of personal data is “FASADA-INVESTMENT” LIMITED LIABILITY COMPANY ul. Piłsudskiego 32, 35-001 Rzeszów, Poland, entered in the register of entrepreneurs under KRS: 0000199519 (NIP: 8130334761, REGON: 008032382) (hereinafter: the Controller).

Legal basis for the processing of personal data

In accordance with the GDPR, the legal basis for the processing of the Guest’s personal data obtained by Balia Spa is:

Article 6 GDPR(1)(b): “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”;
Article 6 GDPR(1)(f): “processing is necessary for the purposes of the legitimate interests pursued by the controller …”
Article 6 GDPR(1)(c): “processing is necessary for compliance with a legal obligation to which the controller is subject”;
Article 6 GDPR(1)(a) and (f): “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”;
Article 6 GDPR(1)(f): “processing is necessary for the purposes of the legitimate interests pursued by the controller …” and “processing is necessary for the purposes of the legitimate interests pursued by the controller …”
Article 6 GDPR(1)(f): “processing is necessary for the purposes of the legitimate interests pursued by the controller …”

Entities to which personal data may be disclosed

The facility discloses personal data to the following categories of entities:

companies providing IT support services and delivering IT software;
accounting firms providing accounting services;
legal firms (law offices) providing legal advice and legal representation.
companies providing marketing services for the facility.

Retention period for personal data

Personal data:

obtained on the basis of consent for marketing purposes will be processed for the period of validity of consent for marketing purposes; data obtained in connection with monitoring will be processed for 14 days from the date of recording and then permanently deleted.

The Guest’s rights in connection with the processing of personal data

The Guest has the right to access the content of the data, rectify it, the right to data portability, and the right to obtain a copy of personal data processed by the facility. In addition, the right to withdraw consent at any time, request restriction of processing, erasure, and the right to be forgotten in the case of processing personal data for marketing purposes.

Right to lodge a complaint in connection with the processing of personal data

Each Guest has the right to lodge a complaint in connection with the processing of their personal data with the supervisory authority, which is the President of the Personal Data Protection Office, with its registered office at ul. Stawki 2, 00-193 Warsaw.

Automated decisions based on personal data, including profiling

The facility does not make automated decisions based on personal data, including profiling.

Contacting the Personal Data Controller

Contact with the Data Controller, or a person designated by them, is possible via the hotel reception or by email: rodo@bristol-rzeszow.pl