Information according to § 5 TMG:
CONTACT:
IBB Hotel Grand Hotel Lublin
ul. Krakowskie Przedmieście 56
20-002 Lublin
T: +48 814 466 100 | F: +48 814 466 200
E: info.lublin@ibbhotels.com
1.This Privacy Policy provides why and on what basis we process your personal data, including making you aware of your rights related to the processing of personal data and how to exercise them. It is one of the elements of our implementation of the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/CE (General Data Protection Regulation, GDPR).
2.The Controller of personal data is Lublin Grand Hotel Management Ltd., a company registered in Poland in the register of entrepreneurs under the KRS number: 0000145390 (hereinafter: the “Controller”). Contact: Krakowskie Przedmieście 56, Lublin 20-002, info.lublin@ibbhotels.com. The Controller determines the purposes and means of the processing of your personal data, therefore he is responsible for their processing in accordance with the law, including the GDPR, which protects the fundamental rights and freedoms of natural persons, in particular the right to protection of personal data.
3.We have received your personal data, in connection with your accommodation in hotel or other services provided by the Controller, in place where he conducts business activity, including websites, as well as other cases of contact with the Controller, e.g. participation in promotions, expressing opinions or participating in loyalty programs.
4.The Controller ensures that every person whose personal data is processed has full information about the scope, purpose and manner of processing his personal data and information about his rights. The Controller uses only the data necessary to achieve each of the purposes for which personal data is processed.
5.The purpose of data processing is to conclude and perform the contract to which you are a party or to take action before concluding the contract, such as: making a reservation, providing hotel services, providing services by electronic means, e.g. newsletter, implementation of loyalty programs, expression of opinions, assessments or comments, handling of various applications (e.g. via the internet contact form), as well as on-going contact with you. In such cases, the basis for processing your data is the need to perform the contract or take the necessary steps prior to entering into a contract (Article 6 (1) (b) GDPR). Therefore, in accordance with the applicable regulations, the basis for the processing your data will also be the need to fulfil the legal obligation imposed on Controller(Article 6 (1) (c) of the GDPR), in particular, issue and store invoices and accounting documents, processing complaints, providing data to state authorities within the limits and under the law, e.g. for tax and accounting purposes. We also process your data for the purposes set out below, based on Controller legitimate interest (Article 6 (1) (f) GDPR):
•Provide direct marketing of Controller’s products and services
•Improve the quality of goods or services sold by Controller by consulting or surveying satisfaction
•Provide support for payment, credit, or insurance services for the purchased service
•Manage the activity on Controller websites, by monitoring it, to improve the functionality of the service, analyse needs, adjust ads according to the previously viewed content
•Handle communications, opinions, or requests when they are not related to the performance of the contract
•Detect and prevent abuse, investigate or defend against claims, and conduct proceedings before public authorities or courts
•Protect property, health, and life by recording images (monitoring) of the hotel premises and its surroundings
•Create and archive analyses, summaries, and statistics, including ensure accountability (i.e. demonstrate Controller compliance with legal obligations). The Controller has assessed the impact of actions taken for the above purposes on your rights and freedoms. This assessment has led to the conclusion that the processing of personal data within the legitimate interest does not interfere with your privacy. In addition, this way of processing your personal data is to lead to an improvement in the quality of services provided by the Controller, which is to bring better understanding of your needs. Therefore, your interests will not be infringed. NI IBB HOTEL – – IBB GRAND Fill-EL LUBLINIANKA Privacy Policy and the use of cookies
Therefore, in accordance with the applicable regulations, the basis for the processing your data will also be the
need to fulfil the legal obligation imposed on Controller(Article 6 (1) (c) of the GDPR), in particular, issue and store
invoices and accounting documents, processing complaints, providing data to state authorities within the limits
and under the law, e.g. for tax and accounting purposes.
We also process your data for the purposes set out below, based on Controller legitimate interest (Article 6 (1) (f)
GDPR):
•Provide direct marketing of Controller’s products and services
•Improve the quality of goods or services sold by Controller by consulting or surveying satisfaction
•Provide support for payment, credit, or insurance services for the purchased service
•Manage the activity on Controller websites, by monitoring it, to improve the functionality of the service, analyse
needs, adjust ads according to the previously viewed content
•Handle communications, opinions, or requests when they are not related to the performance of the contract
•Detect and prevent abuse, investigate or defend against claims, and conduct proceedings before public
authorities or courts
•Protect property, health, and life by recording images (monitoring) of the hotel premises and its surroundings
•Create and archive analyses, summaries, and statistics, including ensure accountability (i.e. demonstrate
Controller compliance with legal obligations).
The Controller has assessed the impact of actions taken for the above purposes on your rights and freedoms.
This assessment has led to the conclusion that the processing of personal data within the legitimate interest does
not interfere with your privacy. In addition, this way of processing your personal data is to lead to an improvement
in the quality of services provided by the Controller, which is to bring better understanding of your needs.
Therefore, your interests will not be infringed.
In the event of consent to the processing of personal data, this consent will be the basis for data processing (art. 6
(1) (a)GDPR), and the content of this consent will each time determine the purpose of data processing. Consent
to the processing of personal data can be withdrawn at any time.
6.Providing us with your personal data is a condition for the conclusion of the contract. Where required by law, we
may require you to provide the data required by law. A refusal to provide data to the extent necessary to conclude
or perform the contract and to the extent required by law will make it impossible to conclude the contract. In the
case of collecting personal data on the basis of consent, the provision of your data is voluntary.
7.Recipients of personal data, for the purposes and on the grounds described above, may be institutions and
entitles authorized under law, as well as entities providing services to the Controller(e.g. legal, IT, marketing,
accounting, audit and advisory services) and other entities participating in the implementation of the ordered
service, business partners and the service providers cooperating with the hotel (e.g. in the case of organizing the
transfer, booking a table in a restaurant), as well as entities associated with the Controller within the group of IBB
Hotel Collection –https://www.ibbhotels.com/.
8.In the case of booking accommodation at the hotel through a travel agency or booking portal, the Guest’s
personal data provided to the hotel by these entities may include, in particular name and surname, date of stay, email
address, and telephone number of the Guest. The exact source from which the hotel obtained the Guest’s
personal data can be obtained at the reception of the hotel.
9.All persons, whose personal data are processed by Controller, have the following rights under GDPR:
•Right of access to personal data (information about the data processed by Controller, including the right to obtain
a copy of such data)
•Right to request the rectification (correction) of personal data when the data are incorrect or incomplete
• Right to request the erasure of personal data (“right to be forgotten”) when the data are no longer necessary for
the purposes for which they were collected or otherwise processed, the data subject has objected to the
processing of the data, the data subject has withdrawn the consent on which the processing is based and there is
no other legal basis for the processing, the data are processed unlawfully, the data must be deleted to comply
with an obligation under the law;
•Right to request a restriction of the processing of personal data when the data subject contests the accuracy of
the personal data, the processing is unlawful, and the data subject opposes the erasure of the data, requesting a
restriction of the data instead, the controller no longer needs the data for its purposes, but the data subject needs
the data to establish, defend, or assert claim, the data subject has objected to the processing of the data –until it
has been established whether the legitimate grounds on the part of the controller take precedence over the
grounds for objection;
•Right to transfer data to another controller or to you (under the terms of Article 20 of the GDPR).•If you have
given your consent to the processing of your data, you have the right to withdraw your consent at any time
(withdrawal of consent does not affect the lawfulness of the processing that was performed on the basis of your
consent before its withdrawal).
Right to object
You may object at any time, on grounds relating to your specific situation, to the processing of your data based on
Controller legitimate interest or the public interest (Article 6 (1) (e) and (f) GDPR), including to profiling on the
basis of these provisions. Controller will no longer process these personal data unless we demonstrate that there
are compelling legitimate grounds for processing over your interests, rights, and freedoms, or unless we
demonstrate that there is a basis for establishing, asserting, or defending claims.
If we process personal data for the purposes of direct marketing, you have the right at any time to object to the
processing of your data for the purposes of such marketing, including profiling, to the extent that the processing is
related to such direct marketing. Once you object, we will no longer process your data for such purposes.
You may exercise the above rights by applying to the address indicated in section 2 of this information. If you
apply, we may ask you to provide additional information to verify your identity.
Complaint to the supervisory authority
You have the right to lodge a complaint with the supervisory authority –The President of the Personal Data
Protection Office -regarding processing of your personal data by the Controller.
10. We currently do not plan to transfer your data outside the European Economic Area (comprising the European
Union, Norway, Liechtenstein, and Iceland), (“EEA”). If we decide to transfer data outside the EEA, it will only be
done for the purpose and to the extent permitted by law. The current information about it can be found on
www.ibbhotellublin.com in the privacy policy and at the hotel’s reception desk.
11.For the purposes described in section 5, with the exception of processing for the purpose of complying with a
legal obligation, we will profile your data, i.e. automatically analyse it to obtain information about your preferences
or interests (e.g., to examine which offer may best suit you). This processing will not produce legal effects or have
a similar significant impact on you.
12.We process your data for the period necessary to fulfil the purposes indicated in section 5 above, i.e. for the
period of implementation of the contract concluded with you, and after that time for the period and to the extent
required by the law and the period after which the claims arising from the contract become time-barred.
If we process personal data on the basis of legitimate interest, in particular, for the purpose of direct marketing,
we retain data until you object to such processing. After that time, the data will no longer be processed for this
purpose, i.e. direct marketing, but further storage may be necessary due to the implementation of a contract or a
legal provision.
Personal data processed by visual monitoring will be stored for a period of 30 days, unless due to special
circumstances (e.g. accident) it will be necessary to store the monitoring recording for a longer period.
Cookie files (cookies) and system information (system logs)
13.As you navigate through the website(s) of Controller, information may be passively collected from you (i.e.,
without you actively providing such information). This information is provided using various technologies such as
cookies or system logs, is safe for your devices, does not cause any configuration changes, or does not transfer
viruses or unwanted or malicious software.
System information (system logs):
Your web browser automatically transfers data to us in the form of system logs (IT records). It includes
information such as the address (URL) of the website you visited previously, the IP address, the version of the
browser currently used by your computer, as well as the access time, and amount of data transferred.
Controller can analyse the system logs described above. The information obtained in this way is used for
administrative purposes (recognising and removing problems with the operation of servers, including breaches of
their security) and for statistical analyses. This information is not linked to your data.
14.Cookie files (cookies):
In the course of using Controller websites, text files, i.e. cookies, may be stored on your devices. These files
contain IT data which are read when you visit our website again and help to adapt it to your preferences and
serve statistical purposes.
The purpose of saving cookies is to ensure that you can effectively use our websites, for example
• Maintain the session, thanks to which the contents of the website or information about logging in are
remembered –thanks to that you do not have to enter your login and password again on each subpage of the
website and the contents of the shopping cart from the previous visit are available on each visit to the website
• Recognise the user device –to display pages according to your preferences, e.g. font settings, preferred store
selection
• Customise websites –providing content tailored to your interests, improving the way website work and their
content
• Analyse the effectiveness of our advertising.
15.You can set your web browser to warn you when a cookie is sent or block the transfer of such files at all, but in
such case some functions of the website may not work. Using our websites without disabling cookies in your
browser means that they will be stored in your device memory.
16.Information on how to manage cookies is usually found in the “Help” section of each browser; below we
describe how to disable cookies in the most popular web browsers:
Mozilla Firefox
In the “Tools” menu, select “Options”, and then the “Privacy” tab.
Your browser allows you to choose between deleting the cookies of individual or all sites.
Microsoft Internet Explorer
In the “Tools” menu, select “Internet Options”, and then the “Privacy” tab.
A special slider can be used to adjust the general level of privacy or the “Websites” button to manage the settings
of individual websites.
Google Chrome
In the menu hidden under the three horizontal bars in the top right-hand corner of your browser, select “Settings”,
then “Advanced”. In the “Privacy and Security” section, click the “Content settings” button. You can change your
cookie settings in the “Cookies” section.
Opera
In the “Tools” menu, select “Preferences” and then the “Advanced” tab.
Cookies are determined by whether or not your select “Cookies” item.
Safari
In the “Safari” menu, select “Preferences” and click the “Security” icon.
Under “Accept cookies”, you can change your cookie settings.
In mobile phones, tablets, and other mobile devices
Each device model can handle cookies in a different way. Therefore, we encourage you to read about the privacy options in the documentation on the website of your mobile device manufacturer
Protection of Minors Law
Effective August 15, 2024, in compliance with the newly updated legislation for the Protection of Minors, all legal guardians of minors (under 18) must present the child’s ID card or another document confirming their legal authority to care for the child at check-in.
Examples of documents that can serve as identification are: identity card, school ID, MOcitizen application, Internet Patient Account, court decision.