Book online
Check-in21Paź>
Check-out22Paź>
Check availability

Privacy policy

1. Data of the Personal Data Administrator

We kindly inform you that the Administrator of your personal data is HOTEL MRĄGOWO INC. SP. Z 0.0 having its registered office in MRĄGOWO, i.e. ul. Giżyckiej 6, 11-700 Mrągowo, Poland, entered into the Central Register and Information on Business Activity by the Minister of Development and using the NIP (Tax Identification Number): PL 522-30-28-469, hereinafter referred to as the Hotel. You can contact the Hotel regarding the protection of personal data per e-mail: rodo@mragoworesort.pl .

2. Data Protection Inspector

The Hotel has appointed a Data Protection Inspector who will be glad to assist you in all matters related to personal data protection, and especially glad to answer all the questions about the processing of your personal data. You can contact the Inspector per e-mail: rodo@mragoworesort.pl.

3. Purposes and grounds for the processing of personal data

In order to provide services in accordance with its standard, the Hotel processes your personal data – for various purposes, yet always within the law. Your personal data will be processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), abbreviated as GDPR in English and RODO in Polish. We collect your personal data from you by concluding a contract with you or from our booking portal partners. Below you shall find all the purposes for the data processing and the legal grounds therefor.
A. In order to price a service, then to book and provide the service as well as in case of concluding other contracts within the scope of the Hotel’s activity, we process the following personal data:
• forename and surname;
• address (street, number of the house / flat, postal code and city);
• telephone number;
• e-mail; address
• company data with the Tax Identification Number (if there is an invoice being issued for the company);
• registration number of the vehicle owned by the Client (if they use the hotel car park);
• basic bank account data for the transfer confirmation;
• identity card numer / national identification number;
• nationality information;
• your payment card number and other details, including credentials and other data referring to settling of accounts and bills, connected with mobile settling of accounts;
• booking number.
The legal basis for such data processing is Article 6 paragraph 1 letter b of the GDPR which allows processing personal data if the data is necessary to perform the contract or take steps to conclude this contract.
Personal data of children, such as forename, surname, nationality and birth date are collected only and exclusively from their parents of legal guardians for the purpose of defining the children’s age and the discounts due as well as for the statistical purposes (obligation imposed on the hotel by the Central Statistical Office and the visitor’s tax).
B. For the purpose of considering claims, we process the following personal data:
• forename and surname;
• address (street, house / flat number, postal code and city);
• phone number;
• e-mail address;
• booking number;
• bank account number if need be – in case there is a refund. The legal basis for such processing is Article 6 paragraph 1 letter b of the GDPR which allows the processing of personal data if the data is necessary to perform the contract or take steps to conclude this contract.
C. For the purpose of issuing an invoice and fulfilling other obligations under the tax law, such as keeping accounting records for 5 years, we process the following personal data:
• forename and surname;
• company;
• address of residence or registered office;
• tax identification number;
• booking number.
The legal basis for such data processing is Article 6 paragraph 1 letter c of the GDPR which allows the processing of personal data if such processing is necessary for the Personal Data Administrator to fulfil the legal obligations imposed thereon by the law;
D. For the purpose of evaluating the satisfaction with the services offered as well as for carrying out audits, improving and modifying our services, we process the following personal data:
• e-mail address;
• booking number;
• forename and surname;
• comments or suggestions expressed by the Guests.
The legal basis for such data processing is Article 6 paragraph 1 letter f of the GDPR which allows processing personal data if the Personal Data Administrator fulfils thereby their legitimate interest (in this case, the legitimate interest of the Hotel is to know the opinions of its Clients on the services provided as well as to adapt them to the needs and expectations of the interested Parties);
E. In order to provide both the employees and the Guests of the Hotel with safety, we process the following personal data:
• data from the card – key system;
• facial image from the video surveillance system;
• forename and surname;
• e-mail address;
• telephone number;
• IP address.
The legal basis for such data processing is Article 6 paragraph 1 letter f of the GDPR which allows the processing of personal data if the Personal Data Administrator fulfils thereby their legitimate interest (in this case, the legitimate interest of the Hotel is to provide all the persons staying on the premises of the Hotel with safety). The video surveillance data is removed at the latest 30 days after having been recorded.
F. In order to create registers and records related to the GDPR, including for example register of clients who raised an objection in accordance with the GDPR, we process the following personal data:
• forename and surname;
• e-mail address.
THE GDPR regulations impose certain documentation obligations on us to demonstrate compliance and accountability. Should you, for example, object to the processing of your personal data for the marketing purposes, we must know towards whom we are not to apply the direct marketing. The legal basis for such data processing is Article 6 paragraph 1 letter c of the GDPR which allows processing personal data if such processing is necessary for the Personal Data Administrator to fulfil the legal obligations imposed thereon by the law (GDPR regulations) and Article 6 paragraph 1 letter f of the if the Personal Data Administrator fulfils thereby their legitimate interest (in this case, the legitimate interest of the Hotel is to have knowledge about the persons who execute their GDPR rights in relation to the Hotel);
G. In order to determine, pursue or defend against claims, we process the following personal data:

• Forename and surname (if the surname has been given) or alternatively the company name;
• address of residence (if it has been given);
• personal identity or personal identification number (if it has been provided);
• e-mail address;
• IP address;
• booking number.
The legal basis for such data processing is Article 6 paragraph 1 letter f of the GDPR which allows the processing of personal data if the Personal Data Administrator fulfils thereby their legitimate interest (in this case, the legitimate interest of the Hotel is to have such personal data which will let them establish, pursue or defend against claims, including clients and third parties);
H. For analytical purposes, i.e. to study and analyse the activity on the Hotel’s website, we process the following personal data:
• date and time of your visit to the website;
• type of operating system;
• approximate location;
• type of web browser used for browsing the website;
• time spent on the website;
• subpages visited;
• subpage where the contact form was filled in.
The legal basis for such data processing is Article 6 paragraph 1 letter f of the GDPR which allows the processing of personal data if the Personal Data Administrator fulfils thereby their legitimate interest (in this case, the legitimate interest of the Hotel is to know the activity of its Clients on its website);
I. In order to use cookies on our website, we process such text information (cookies shall be described in a separate section). The legal basis for such processing is Article 6 paragraph 1 letter f of the GDPR which allows the processing of personal data on the basis of a voluntary consent (the first time you visit the website, you are asked for permission to use cookies);
J. For the purpose of administering the website, we process the following personal data:
• IP address;
• date and time from the server;
• information about the web browser;
• information about the operating system – this data shall be saved automatically in the so-called server logs each time when you are using the Hotel’s website. Administering the website without the server and such automatic saving would not be possible. The legal basis for such processing is Article 6 paragraph 1 letter f of the GDPR which allows the processing of personal data if the Personal Data Administrator fulfils thereby their legitimate interest (in this case, the legitimate interest of the Hotel is to administer its website);

4. Cookies

1. Just like other entities, the Hotel uses the so-called cookies on its website, i.e. short text information saved on the computer, mobile phone, tablet or any other device owned by the User. Such data can be read by our system and by systems run by other entities which provide services for us (e.g. Facebook, Google).
2. Cookies performs many functions on the website, mostly useful, which we shall try to describe below (if the information is insufficient, please contact us):
• providing safety — cookies are used to authenticate Users and prevent unauthorized use of the customer panel. Therefore, they are used to defend the personal data against unauthorised access;
• influence on the processes and efficiency of browsing the website — cookies are used to make the website work smoothly and to enable using the functions available thereon, which is possible among other things, by remembering settings between subsequent visits to the website. In this way, one can browse the website and its subpages efficiently;
• session state — cookies often store information about the way in which the Users browse the website, e.g. which subpages they display most often. They also allow us to identify errors displayed on some subpages. Therefore, cookies used to save the so-called “session state” help to improve the services and raise the comfort of browsing;
• maintaining the session state — if the Client logs in to their panel, then cookies allow maintaining the session. As a result, after having displayed another subpage, the User does not need to give their login and password once again, which raises the comfort of browsing;
• creating statistics — cookies are used to analyse how the Users browse the website (how many Users open the website, how long they stay on the website, which contents arouse their interest the most etc.). In this way, we can keep on improving our website and adapt its functioning to the Users’ preferences. In order to follow the activity and create statistics, we use Google tools such as Google Analytics; apart from reporting on the website using statistics, the pixel Google Analytics can be used, along with some cookies described above, to help the Users view the most suitable content in the Google services (e.g. in the Google Search) and all throughout the web;
• using social features — on our website, there is the so-called Facebook pixel which allows Users to like our fanpage in this service when browsing our website. Yet, to make it possible, we must use the cookies provided by Facebook.
3. By default, your browser allows using cookies on the devices owned by the Users, thus, during their first visit to our website, we ask for accepting cookies. Cookie use when browsing the website can be changed in the Internet browser — the User can block the automatic data collection via cookies or each time require notification about storing cookies on their website. The settings can be changed at any time.

4. While respecting the autonomy of the persons using the website, we feel obliged to warn you that disabling or limiting the use of cookies may cause quite serious difficulties in using the website, e.g. in the form of logging in to every subpage, longer loading time of the website, limited functionality of the website, limitations in liking the Facebook profile etc.

5. Right to withdraw the consent

1. If the data processing is based on a consent given, you may withdraw your consent at any time.
2. If you wish to withdraw your consent for the processing of personal data, please follow the point 11 subpoint 5. However, if the data processing was based on a consent given, then withdrawing such a consent shall not affect the lawfulness of the data processing which occurred prior to the withdrawal. In other words, we have the right to process your personal data until you withdraw your consent given us to do so and withdrawing the consent does not affect the data processing which occurred up to the moment of withdrawal.

6. Requirement for providing personal data

1. Proving any personal data is voluntary and depends on your decision. However, in some situations, providing certain personal data is necessary in order to fulfil your expectations in the scope of using the services.
2. In order to commission a service at the Hotel, you must provide the data referred to in point 3 A of this Privacy Policy.
3. To have an invoice issued for the services provided for you, you must give all the data required under the tax law – otherwise, we shall not be able to issue the invoice correctly.
4. You must provide us with your telephone number and e-mail address so that we can contact you in matters related to service execution – otherwise, we shall not be able to contact you in this manner or send a booking confirmation.

7. Automated decision making and profiling

Please be advised that we do not make automated decisions, including those based on profiling. The content of your inquiry sent through the contact form shall not be evaluated by our IT system. The suggested service rate is based on the price list at our hotel.

8. Personal data recipients

1. Like most entrepreneurs, we also cooperate with other subjects, which often involves the need to provide them with personal data. We transfer your data to lawyers cooperating with us and providing us with legal services, companies managing fast payment services, our accounting company, hosting company, the company responsible for sending text messages as well as the insurance company (if a damage needs to be repaired).
2. Moreover, it may happen that, for example, based on the applicable law or a decision of a competent authority, we will have to pass your data over to other authorities or entities.

9. Transfer of personal data to third countries

1. Like most entrepreneurs, we use a variety of services and technologies offered by such entities as: Facebook, Microsoft, Google or Zendesk. These companies have their registered offices outside the European Union, and therefore, under the GDPR regulations, treated as third countries.
2. The GDPR imposes certain restrictions on us in the scope of transferring personal data to third countries, yet since the European legislation is not applied there, alas, the protection of personal data of the European Union citizens may be insufficient. Therefore, every Personal Data Administrator is obliged to define the legal basis for such transfers.
3. Please rest assured that when you are using our services and technologies, we transfer your personal data only to entities from the United States and exclusively those which joined the Privacy Shield Programme, pursuant to the executive decision of the European Commission of 12 July 2016. For more information, please read https://ec.europa.eu/info/law/law­topic/data-protection/data-transfers-outside-eu/eu-us-privacyshield_ pl. The entities which joined the Privacy Shield Programme undertake to apply high standards of the personal data protection in accordance with the European Union regulations, thus, using their services and technologies offered in the scope of personal data processing is legal.
4. If need be, we will provide you at any time with further clarification regarding the transfer of your personal data, especially if the issues causes your concern.

10. Period of processing personal data

1. According to the applicable law regulations, we do not process your personal data “indefinitely”, yet only for such a time period which is necessary achieve the purpose therefor. Afterwards, your personal data shall be irretrievably deleted or destroyed.
2. If we do not need to carry out operations on your personal data other than storing the data (e.g. when we store the order content for the purpose of defending against claims), we shall additionally secure your data by pseudonymisation until it is permanently deleted or destroyed. The pseudonymisation consists in encryption of personal data or collection of personal data in such a way that one cannot read the data without an additional key, and therefore, such data becomes completely useless for an unauthorised person.
3. We kindly inform you that we process your personal data for the following periods of time:
• contract duration — with regard to the personal data processed for concluding and performing the contract;
• 3 years or 10 years + 1 year — with regard to the personal data processing for determining, pursuing or defending claims (the length of the processing period depends thereon if both of the Parties are entrepreneurs or not);
• 6 months — with regard to the personal data collected during the valuation of the service if at the same time the contract was not concluded immediately;
• 5 years — with regard to the personal data connected with fulfilling the tax obligation;
• until the consent to the personal data processing is withdrawn or the purpose of the data processing has been achieved, but not longer than for 5 years – with regard to the personal data processed on the basis of a consent given;
• until an effective objection is raised or the purpose of the data processing is achieved, yet no longer than for 5 years – with regard to the personal data processed on the basis of a legitimate interest of the Personal Data Administrator or for marketing purposes);
• until the data becomes out-of-date or it is no longer useful, yet no longer than for 3 years – with regard to the personal data processed mainly for the analytical purposes, using cookies and administering the website.
4. We count the time periods starting with the end of the year in which we began processing your personal data in order to make the process of deleting or destroying personal data more efficient. Separate counting the period for every contract concluded would cause serious organisational and technical difficulties as well as significant financial outlays, thus, one date set for deleting or destroying personal data allows us to manage this process more efficiently. Of course, if you exercise your right to be forgotten, such situations shall be considered individually.
5. An additional year related to the processing of the personal data collected for the purpose of concluding the contract is dictated by the fact that theoretically, you can raise an objection just before the expiry of the limitation period, your claim can be delivered with a considerable delay or you can define the limitation period of your claim incorrectly.

11. Rights of the data subjects:

1. We hereby inform you that you have the right to:
• access your personal data;
• rectify your personal data;
• delete your personal data;
• restrict the processing of your personal data;
• raise an objection against the processing of your personal data;
• be forgotten if other legal provisions allow it;
• receive a copy of your personal data;
• transfer your personal data.
2. We respect your rights under the data protection law and try to make their implementation as easy as possible.
3. We would like to point out that the abovementioned rights are not absolute and therefore, in some situations, we may legally deny you the right to exercise them. However, if we refuse to grant your request, it is always preceded by a careful analysis and only if the refusal to grant the request is necessary.
4. Regarding the right to raise an objection, please be informed that you have the right at any time to raise an objection against the processing of your personal data based on the legitimate interest of the Personal Data Administrator (listed under point 3) in relation to your particular situation. Yet, you must remember that under the law, we may refuse to accept an objection if we prove that:
• there are legitimate grounds for the processing which take precedence over your interests, rights and freedoms or
• there are grounds for establishing, pursuing or defending claims.
5. Moreover, at any time, you may object to the processing of your personal data for the marketing purposes. In such a case, once we have received your objection, we will stop processing your personal data for this purpose.
6. You may exercise your rights as follows:
• send an e-mail to the Personal Data Protection Inspector: rodo@mragoworesort.pl,
• send your request to the postal address of the Personal Data Protection Inspector: – ul. Giżyckiej 6,11-700 Mrągowo, Poland,
• pass it on in person to our receptionist at one of our hotels.

12.Right to lodge a complaint

If you believe that the processing of your personal data violates the applicable law, you may lodge a complaint with the President of the Personal Data Protection Office.

13. Final provisions

1. To all matters not regulated by this Privacy Policy, the personal data protection rules will apply.
2. The Hotel reserves the right to modify this Privacy Policy, yet to any services provided before the change, the Privacy Policy being in force at the moment of providing the services in question shall be applied.
3. Changing the Privacy Policy may not affect the rights acquired by the Users.
4. Should the Privacy Policy be modified, a proper announcement shall be published on the hotel website www.mragoworesort.pl within 14 days prior to the changes introduced coming into effect.
5. This Privacy Policy comes into force on 25 May 2018.

Ta strona korzysta z ciasteczek aby świadczyć usługi na najwyższym poziomie. Dalsze korzystanie ze strony oznacza, że zgadzasz się na ich użycie.Akceptuję