Venetian House Aparthotel - Apartment hotel located on Krakow's main market square. A spacious and convenient alternative to Krakow Hotels at competitive prices Venetian House Aparthotel - Apartment hotel located on Krakow's main market square. A spacious and convenient alternative to Krakow Hotels at competitive prices

Privacy and cookie policy

  • Home
  • Privacy and cookie policy
Venetian House Aparthotel

Privacy and cookie policy

Privacy Policy and the use of cookies

This Privacy Policy defines the rules for processing and protecting personal data provided by users in connection with their use of services offered by the websites venetian-house.com and venetian-house.pl (hereinafter: the Service).

    • 1. Personal Data Controller Details
      • 1.1 The controller of personal data processed for the purpose of using hotel and accompanying services is the following company:
        Hamilton Group Robert Watkins, Kraków 31-117, ul. Napoleona Cybulskiego 2, entered in the register of entrepreneurs under the tax identification number NIP: 676-229-05-25 (hereinafter: the Administrator).
      • 1.2 For matters related to the processing of your personal data by the Administrator, please contact the person responsible for personal data protection at the e-mail address: [email protected].
    • 2. Purposes and legal grounds for processing personal data
    • To provide services in accordance with the scope of its business activities, the Administrator processes your personal data for various purposes, always in accordance with the law. Below you will find the specific purposes of personal data processing along with the legal grounds. Your personal data is processed in connection with your use of our services provided by the Administrator, and the purpose of this processing is primarily to ensure the proper performance of the contract and to provide you with offers presenting our services.

Purpose of processing / Legal basis

      • 2.1 In order to properly perform the contract for providing accommodation services, the Administrator processes the data provided by you in the registration card, i.e.:
        • name and surname,
        • residential address,
        • nationality,
        • identification document number,
        • phone number,
        • e-mail address.
        Art. 6(1)(b) GDPR (understood as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC), i.e., processing is necessary for the performance of a contract to which you are a party.
      • 2.2 In order to provide services through the booking system available on venetian-house.com and venetian-house.pl, including sending you e-mail notifications about booking system messages, we process personal data such as:
        • name and surname,
        • e-mail address.
        Art. 6(1)(b) GDPR, i.e., processing is necessary for the conclusion and performance of a contract to which you are a party.
      • 2.3 In order to handle complaints, we process personal data such as:
        • name and surname,
        • e-mail address,
        • booking number,
        • residential address (if a refund occurs),
        • bank account number (if a refund occurs).
        Art. 6(1)(b) GDPR, i.e., processing is necessary for the conclusion and performance of a contract to which you are a party.
      • 2.4 Ensuring the appropriate quality of services provided to you is a priority for the Administrator; therefore, during the service period, the Administrator may respond to user inquiries sent via the contact form, confirm bookings using the online booking system, and send you offers covering the services provided. The Administrator may also contact customers if personal items are left behind after the stay. In this case, we process personal data such as:
        • e-mail address,
        • name and surname,
        • phone number.
        Art. 6(1)(f) GDPR, as the so-called legitimate interest of the Administrator, which is the development and improvement of the quality of services provided. After granting consent resulting from the provisions on providing services by electronic means and telecommunications law.
      • 2.5 In order to ensure the security and protection of the facility managed by the Administrator, we use video monitoring. In connection with this, the Administrator processes data such as:
        • image of natural persons.
        Art. 6(1)(f) GDPR, which allows for the processing of personal data if the Administrator thereby pursues their legitimate interest, in this case, the purpose is to ensure the security of another legally protected asset (e.g., company resources, personal safety on the premises or in its vicinity).
      • 2.5 For archival and evidentiary purposes, we process personal data such as:
        • name and surname,
        • e-mail address,
        • booking number.
        Art. 6(1)(f) GDPR, which allows for the processing of personal data if the Administrator thereby pursues their legitimate interest (in this case, the Service’s interest is to possess personal data that will allow for the proof of certain facts related to the performance of services, e.g., when a public authority requests it).
      • 2.6 In order to establish, exercise, or defend against claims, we process personal data such as:
        • name and surname,
        • residential address (if provided),
        • PESEL or NIP number (if provided),
        • e-mail address,
        • booking number,
        • identification document number.
        Art. 6(1)(f) GDPR as the so-called legitimate interest of the Administrator, which is the pursuit of our claims and the defense of our rights.
      • 2.8 In order to create registers and records related to GDPR, including, for example, a register of guests who have objected to processing or are exercising the right to restrict processing in accordance with GDPR, we process personal data such as:
        • name and surname,
        • e-mail address.

        This data is processed primarily because GDPR imposes numerous documentation obligations on the Administrator to demonstrate the compliance of processing with the law and the ability to prove this compliance (in order to implement one of the fundamental principles of GDPR, namely accountability). Furthermore, if you, for example, object to the processing of personal data for marketing purposes, the Administrator must know whom to exclude from direct marketing because they do not wish to receive it.

        Art. 6(1)(c) GDPR, which allows for the processing of personal data if such processing is necessary to fulfill the Administrator’s legal obligations;
        Art. 6(1)(f) GDPR, which allows for the processing of personal data if the Administrator thereby pursues their legitimate interest (in this case, the Administrator’s interest is to possess knowledge of individuals exercising their rights under GDPR);
      • 2.9 In order to issue an invoice and fulfill other obligations resulting from tax law provisions, such as storing accounting documentation for 10 years, we process personal data such as:
        • name and surname,
        • residential address or registered office address,
        • NIP number (if provided),
        • booking number.

        In order to use cookies on the website, we process such textual information (cookies will be described in a separate point).

        Art. 6(1)(c) GDPR in connection with the regulations contained in the Accounting Act of 29 September 1994.
        Art. 6(1)(a) GDPR, which allows for the processing of personal data based on voluntarily granted consent (upon the first visit to the website, a request for consent to use cookies appears);
      • 2.10 For website administration purposes, we process personal data such as:
        • IP address,
        • server date and time,
        • web browser information,
        • operating system information – these data are automatically saved in the so-called server logs each time the website belonging to the Administrator is used. Website administration without the use of a server and without this automatic recording would not be possible.
        Art. 6(1)(f) GDPR, which allows for the processing of personal data if the Administrator thereby pursues their legitimate interest (in this case, the Administrator’s interest is the administration of the website).
      • 2.11 For analytical purposes, i.e., researching and analyzing activity on the websites venetian-house.com and venetian-house.pl, we process personal data such as:
        • date and time of the website visit,
        • type of operating system,
        • approximate location,
        • type of web browser used to view the website,
        • time spent on the website,
        • visited subpages.
        Art. 6(1)(f) GDPR, which allows for the processing of personal data if the Administrator thereby pursues their legitimate interest (in this case, the Administrator’s interest is to understand customer activity on the website).
    • 3. Cookies
    • The Administrator performs the function of obtaining information about users and their behaviors in the following way:
      • through voluntary entry of information in forms,
      • through the collection of “cookies”.

3.1 Upon the first visit to the Venetian House Aparthotel website, the user is informed about the use of cookies. By staying on the website, the user accepts the use of cookies on the website. The absence of changes to the browser settings by the user is equivalent to consent for the use of “cookies”. However, if you do not wish for cookies to be used while browsing the website, you can change your browser settings – completely block automatic cookie handling or request a notification each time cookies are placed on the device. Settings can be changed at any time.

3.2 Installation of “cookies” is necessary for the proper provision of services in the Service. Cookies contain information necessary for the proper functioning of the website, in particular those requiring authorization. They may be read by the system managed by the Service, but also by systems belonging to other entities whose services the Administrator uses (e.g., Facebook, Google). The user can at any time change their browser settings regarding the handling and saving of cookies.

3.3 Within the Service, the following types of “cookies” are used:

      • session cookies – they remain in the browser until it is turned off or logged out of the website where they were placed,
      • persistent cookies – they remain in the browser of the device until they are deleted by the user or until a predetermined time specified in the cookie parameters.

3.4 In terms of the functionality of each cookie, they can be divided into:

      • conversion files, which allow analyzing the performance of various sales channels,
      • tracking files, which in combination with conversions help analyze the performance of various sales channels,
      • marketing files, used to personalize advertising content and its proper targeting,
      • analytical tools that help improve the comfort of using the site by understanding how users use it.

3.5 Some “cookies” may be placed by the website and online booking system provider solely for the purpose of:

      • improving and supporting the booking process,
      • analyzing and collecting statistical data regarding the use of the website and online booking system for their improvement.
    • 4. Right to withdraw consent
    • If the processing of personal data is based on consent, you may withdraw this consent at any time – at your discretion. If you wish to withdraw consent for the processing of personal data, it is enough to:
    • 5. Requirement to provide personal data
    • 5.1 Providing any personal data is voluntary and depends on your decision. However, in some cases, providing specific personal data is necessary to meet your expectations regarding the use of services available on our website, in particular regarding the use of the booking system.
  • 5.2 To use the booking system, it is necessary to provide the following data: name, surname, and e-mail address – without this, the Service is unable to perform the contract.
  • 5.3 In order for you to receive an invoice for services, it is necessary to provide all data required by tax law, i.e., name and surname or company, residential address or registered office address, NIP number – without this, the Service is unable to properly issue accounting documents.
  • 5.4 To be able to contact you by phone in matters related to the performance of the service, it is necessary to provide a phone number.
  • 6. Other data processing methods
  • Automated decision-making and profiling. We kindly inform you that we do not engage in automated decision-making, including profiling.
  • 7. Recipients of personal data
  • 7.1 Bearing in mind how sensitive your personal data is, we take care at every step that its processing takes place in accordance with the law, and in the case of transferring this data outside the Service’s structure, we ensure that the entities to whom the data is entrusted provide an appropriate standard of protection and maintain its confidentiality.
  • 7.2 We draw your attention to the fact that we use the services of third parties, which may involve the need to transfer your personal data. Therefore, if necessary, we transfer your data to:
    1. entities providing payment services,
    2. IT service providers,
    3. legal and accounting service providers,
    4. authorities, institutions, and entities authorized under the law,
    5. insurance companies,
    6. entities providing transport and excursion services (only in the case of using such services).
  • 7.3 The Service may contain links to other websites that operate independently of the Service and are not supervised by the Service in any way. These sites may have their own privacy policies and regulations, which we recommend you read carefully.
  • 8. Period of personal data processing
  • 8.1 In accordance with applicable law, your personal data is processed only for a specific period. After this period, your personal data will be irreversibly deleted or destroyed.
  • 8.2 Regarding specific periods of personal data processing, the Service indicates:
    • statute of limitations for claims – in relation to personal data processed for the purpose of establishing, exercising, or defending claims,
    • until it becomes outdated or loses its utility, but no longer than for 5 years – in relation to personal data processed mainly for analytical purposes, the use of cookies, and website administration.
  • 8.3 We draw your attention to the fact that periods in years are calculated from the end of the year in which the Service began processing personal data. Such actions are primarily intended to streamline the process of deleting or destroying personal data.
  • 9. Rights of data subjects
  • 9.1 The Service informs you that you have the right to:
    • access your personal data;
    • rectify personal data;
    • delete personal data;
    • restrict personal data processing;
    • object to personal data processing.
  • 9.2 You can exercise your rights via e-mail as provided in point 1.2.
  • 10. Right to lodge a complaint
  • If you believe that your personal data is being processed inconsistently with applicable law, you may lodge a complaint with the President of the Personal Data Protection Office.
  • 11. Final provisions
  • The Administrator reserves the right to change the service’s privacy policy, which may be caused by the development of internet technology, potential changes in law regarding personal data protection, and the development of the Service. We will inform users of any changes in a visible and understandable manner.