Herbarium Hotel

Privacy Policy 

Privacy Policy

 

This Privacy Policy is introduced in HERBARIUM HOTEL&SPA following the change of the applicable regulations in the area of personal data protection on 25 May 2018, i.e. on entry into force of the Regulation No. 2016/679 of the European Parliament and of the Council (EC) of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter also referred to as “GDPR”.

 

  1. Data Controller

We kindly inform you that the Controller of your personal data is JM Solutions Sp. z o.o., address: ul. Włocławska 33, 88-230 Piotrków Kujawski, entered into the National Court Register under no. 0000430562, NIP: 8891512561, REGON: 341316696, hereinafter referred to as the “Hotel.”

 

  1. Obtaining information on the processing of personal data

Contacting the Hotel with regard to personal data protection is possible via e-mail at: dane.osobowe@herbariumhotel.pl or regular mail sent to: JM Solutions Sp. z o.o., ul. Włocławska 33, 88-230 Piotrków Kujawski, with ref. “GDPR”.

 

  1. Personal Data Inspector

The Hotel appointed a Personal Data Inspector who can be consulted on all matters related to personal data protection.  In particular, the Personal Data Inspector will gladly assist and answer all queries concerning the processing of your personal data. You can contact the Inspector via e-mail at: dane.osobowe@herbariumhotel.pl  

 

  1. Data acquisition and the purpose of their processing

 

To provide you the services we offer, it is necessary the Hotel processes your personal data for various purposes.

 

Data submitted to the Hotel will be processed always in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also referred to as “GDPR”.

 

The Hotel acquires your data in the course of the process aiming at the conclusion of the contract, or from our partners from booking websites if you have already given such a consent, as well as in the course of providing services offered by the Hotel. Your data are processed for the following purposes and in accordance with legal bases indicated below:

 

  1. providing quotes for services, booking services, provision of services,

 

      Personal data processed:

 

  • Name and surname;
  • Address (street name, street/apartment number, postal code, and city);
  • Phone number;
  • E-mail address;
  • ID card/PESEL number;
  • Nationality;
  • The payment card number and other card information, as well as authentication details and other data concerning billing related to mobile payments;
  • Primary bank account details for confirming bank transfers;
  • Registration number of the Customer’s vehicle;
  • Booking reference;
  • Company information together with a tax identification (NIP) number (in case a VAT invoice for the company is issued).

 

 

Legal basis: Art. 6 sec. 1 letter b) of GDPR (personal data processing if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract)

 

Personal data of children, such as name and surname, nationality and date of birth are collected exclusively from their parents or legal guardians for the purpose of establishing children’s age and applicable discounts, as well as for statistical purposes required by law (for Statistics Poland, local tax).

  1. customization of services according to Customer’s personal preferences, managing Customer relations before, during and after their stay,

      

Personal data processed:

  • Customer’s personal preferences with regard to the scope and manner of providing services;
  • Monitoring the use of the services;
  • Managing room access;
  • E-mail address;
  • Name and surname;
  • Booking reference.

 

Legal basis: Art. 6 sec. 1 letter b) of GDPR (personal data processing if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract) and Art. 6 sec. 1 letter a) of GDPR (personal data processing if the data subject has given consent to the processing of his or her personal data for one or more specific purposes)

 

  1. issuing a bill, an invoice, fulfilling other obligations resulting from tax law provisions, e.g. storing accounting documentation for the period required by legal provisions,

 

       Personal data processed:

 

  • Name and surname;
  • Company name;
  • Address of residence or company seat;
  • NIP number;
  • Booking reference.

 

Legal basis: Art. 6 sec. 1 letter c) of GDPR (personal data processing if it is necessary for compliance with a legal obligation to which the Controller is subject)

  1. investigation of complaints,

 

        Personal data processed:

 

  • Name and surname;
  • Address (street name, street/apartment number, postal code, and city);
  • Phone number;
  • E-mail address;
  • Booking reference;
  • Information submitted by the Customer as justification of the complaint, if they are considered personal data within the meaning of GDPR

 

  • If necessary, a bank account number – in case a refund is made.

 

Legal basis: Art. 6 sec. 1 letter b) of GDPR (personal data processing if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract)

  1. customer satisfaction surveys, audits, improvement and modification of services

 

       Personal data processed:

  • E-mail address;
  • Booking reference;
  • Name and surname;
  • Guests’ comments or suggestions.

 

Legal basis: Art. 6 sec. 1 letter a) of GDPR (personal data processing if the data subject has given consent to the processing of his or her personal data for one or more specific purposes) and Art. 6 sec. 1 letter f) of GDPR (personal data processing if it is necessary for the purposes of the legitimate interests pursued by the Controller of personal data – in this case the legitimate interest of the Hotel is learning Customers’ opinions on provided services in order to adjust them to their needs and expectations.)

  1. creating registers and records related to GDPR and resulting obligations,

 

Personal data processed:

  • Name and surname;
  • E-mail address.

 

Legal basis: Art. 6 sec. 1 letter c) of GDPR (personal data processing if it is necessary for compliance with a legal obligation to which the Controller is subject) and Art. 6 sec. 1 letter f) of GDPR (personal data processing if it is necessary for the purposes of the legitimate interests pursued by the Controller of personal data – in this case the legitimate interest of the Hotel is having information about persons who exercise their rights resulting from GDPR.)

  1.  establishing, pursuing, or defending against claims

 

       Personal data processed:

  • Name and surname (if the surname was submitted), or company name;
  • Address of residence (if submitted)
  • PESEL or NIP number (if submitted)
  • E-mail address;
  • Information that constitute personal data within the meaning of GDPR which can be used to establish, pursue, or defend oneself against claims; 
  • IP address;
  • Booking reference.

 

Legal basis: Art. 6 sec. 1 letter f) of GDPR (personal data processing if it is necessary for the purposes of the legitimate interests pursued by the Controller of personal data – in this case the legitimate interest of the Hotel is having personal data that allow to establish, pursue or defend itself against claims, including from Customers and third parties.)

  1. ensuring safety of employees and guests of the Hotel, preventing crimes,

 

       Personal data processed:

  • Data from the key card system;
  • Facial image acquired from video surveillance;
  • Name and surname;
  • E-mail address;
  • Phone number;
  • IP address.

 

Legal basis: Art. 6 sec. 1 letter f) of GDPR (personal data processing if it is necessary for the purposes of the legitimate interests pursued by the Controller of personal data – in this case the legitimate interest of the Hotel is ensuring safety of all persons staying on Hotel’s premises and preventing crimes from being committed on Hotel’s premises)

 

The Hotel informs that data from the surveillance system are removed after 60 days from their recording at the latest.

  1. analytical purposes (studying and analysing the activity on the Hotel website),

 

       Personal data processed:

  • Date and time of the website visit;
  • Type of operating system;
  • Approximate user location;
  • Type of Internet browser used to view the website;
  • Time spent on the website;
  • Viewed subsites;
  • Subsite where the contact form was completed.

 

Legal basis: Art. 6 sec. 1 letter f) of GDPR (personal data processing if it is necessary for the purposes of the legitimate interests pursued by the Controller of personal data – in this case the legitimate interest of the Hotel is learning Customer behaviour and activity on the Hotel website.)

  1. website administration (automatic saving of data listed below in sever logs each time the Hotel website is used, without which the administration of the website via the server would not be possible):

 

      Personal data processed:

  • IP address;
  • Server date and time;
  • Information about the Internet browser;
  • Information about the operating system.

 

Legal basis: Art. 6 sec. 1 letter f) of GDPR (personal data processing if it is necessary for the purposes of the legitimate interests pursued by the Controller of personal data – in this case the legitimate interest of the Hotel is having the capacity to administer the website.)

  1. use of cookies

 

Detailed information about the processing of personal data related to the use of cookie files is included in section 14 of this Privacy Policy.

Legal basis: Art. 6 sec. 1 letter a) of GDPR (personal data processing if the data subject has given consent to the processing of his or her personal data for one or more specific purposes)

  1. Recipients of personal data

In its operations, like most entities providing similar services, the Hotel uses the services of other entities, which can involve the necessity to transfer personal data. Similarly, the obligation to transfer your personal data to certain bodies, institutions or entities may result from the content of relevant legal provisions or decisions of a competent body. Therefore, your personal data may be shared with, in particular:

  • entities that provide postal or courier services,
  • banks, in case of the necessity to settle payments,
  • state authorities or other entities authorised by law, in order to perform our obligations (Tax Office, National Labour Inspectorate (PIP), Social Security Office (ZUS), courts),
  • entities that enable executing remote payment operations,
  • entities that support Hotel’s activities, contracted by the Hotel, in particular suppliers of external systems that support our activities, that provide services necessary for the proper operations of the Hotel 

 

  1. Duration of personal data processing

1.The Hotel processes your personal data only for the period necessary to fulfil the intended purpose. After this period, your personal data will be irretrievably removed or destroyed.

2.In the event where it is not necessary to perform on your personal data operations other than their storing (e.g. storing data for the purpose of defence against claims), until the moment data is permanently removed or destroyed, your data are additionally secured – through pseudonymisation which involves the encryption of personal data, or a collection of personal data, in such a way that without and additional decryption key it is impossible to read them, which makes them completely useless for an unauthorised person.

3.Personal data are stored for the period of:

  • the duration of the contract – with regard to personal data processed for the purpose of entering and performing the contract;
  • 3 or 10 years, and an additional 1 year – with regard to personal data processed for the purpose of establishing, pursuing, or defending against claims (the length of the period depends on the period of limitation of claims stipulated in the civil code);
  • 6 months – with regard to personal data collected in the course of providing a quote for services, but the contract was not immediately concluded;
  • 5 full years and an additional period remaining until the end of the calendar year – with regard to personal data related to the obligations resulting from tax law;
  • until the consent is withdrawn, or the purpose of processing is fulfilled, but no longer than 5 years – with regard to personal data processing based on the consent;
  • until data subject effectively objects, or the purpose of processing is fulfilled, but no longer than 5 years – with regard to personal data processing based on the legitimate interests pursued by the Controller of personal data, or for marketing purposes;
  • until data becomes outdated or irrelevant, but no longer than 3 years – with regard to personal data processed primarily for analytical purposes, the use of cookies and website administration.

 

4. Abovementioned periods are calculated from the end of the year in which data processing began, to facilitate the process of personal data removal or destruction. In case you decide to exercise your right to erasure, such cases are considered individually.

5. The reason for the additional year related to the processing of personal data collected for the purpose of the performance of the contract is that, hypothetically, you may submit a claim a moment before the period of limitation ends, the delivery of the request may be considerably delayed, or you can mistakenly determine the period of limitation on your claim.

6. The additional period of processing personal data related to the fulfilment of tax law obligations results from the provisions of tax law concerning the period of limitation of tax obligations.

 

  1. Right to withdraw consent

 

1. If personal data are processed based on the given consent, such a consent can be withdrawn at any time.

2. To exercise the right to withdraw your consent to the processing of personal data, follow section 9 subsection 5. If your personal data were processed based on your consent, withdrawing the consent does not mean that their processing until that point had been unlawful.

 

  1. Requirement to submit personal data

 

1. Submitting any personal data is voluntary and depends entirely on your decision. However, in some cases, it is necessary to submit certain personal data in order to conclude the contract and settle payments for services. In the remaining scope, the provision of data is voluntary.

2. To commission a service from the Hotel, it is necessary to provide data indicated in section 3 of this Privacy Policy.

3. In order to receive an invoice for services, it is necessary you provide all data required by tax law.

4. In order to be able to contact you with regard to matters related to the provision of services, it is necessary you provide your phone number and e-mail address – without them the Hotel is unable to reach you, or send a booking confirmation.

 

  1. Rights of data subjects

 

1. The Hotel informs that you have the right to:

  • access the content of your personal data;
  • rectification your personal data;
  • removal of your personal data
  • restriction of personal data processing;
  • data portability;
  • objection to personal data processing;
  • withdrawal of the consent to data processing at any moment, without it affecting the lawfulness of processing based on consent before its withdrawal (if the processing is based on consent);
  • erasure in the event other legal provisions allow it;
  • receiving a copy of data.

2.  In certain situations, the Hotel has the legal right to refuse the execution of the rights indicated above. The refusal to consider the request is made after a thorough analysis and only in a situation where such a refusal to consider the request is necessary.

3. At any time, you have the right to object to the processing of your personal data based on the legitimate interests pursued by the Controller of personal data, in connection to your particular situation. According to GDPR, the Hotel may refuse to consider the objection if it is proven that:

  • there are legitimate grounds for the processing which override your interests, rights, and liberties, or
  • there are grounds to establish, pursue or defend claims.

4. Moreover, at any moment you can object to the processing of your personal data for marketing purposes. In such an event, after the objection is received, the Hotel will cease to process data for this purpose.

5. The rights can be exercised by:

  • sending an e-mail to the Personal Data Inspector at dane.osobowe@herbariumhotel.pl, or
  • writing to the Personal Data Inspector at: JM Solutions Sp. z o.o., ul. Włocławska 33, 88-230 Piotrków Kujawski, with ref. “GDPR”, or
  • submitting your request to the receptionist during your visit in the Hotel.

 

  1. Right to file a complaint

 

If you believe that your personal data are processed not according to applicable law, you can file a complaint to the President of the Personal Data Protection Office.

 

  1. Personal data processing by automated means

 

The Hotel informs that it does not  perform automated individual decision-making, including profiling. The content of a query sent via the form is not assessed by a computer system.

 

  1. Transferring personal data to third countries

 

1. The Hotel uses numerous popular services and technologies offered by external entities, such as Facebook, Microsoft, and Google. These companies have their seats registered outside the EEA, and therefore in the light of GDPR provisions, they are treated as third countries.

2. Since GDPR introduces the limitation of transferring personal data to third countries, as by principle they do not apply European legal provisions, protection of personal data of European Union citizens can be, unfortunately, insufficient.

3. The Hotel would like to assure you that when using services and technologies, it transfers personal data exclusively to the entities from the USA and only to those that entered the Privacy Shield programme, following the Commission Implementing Decision of 12 July 2016 — (cf. European Commission website available at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_pl) which guarantee that they will adhere to the highest standards of personal data protection applicable in the European Union, therefore using services and technologies they offer in the process of personal data processing is lawful.

 

  1. Cookies

 

  1. The Hotel acquires information about users and their behaviour through collecting cookie files, i.e. short text information saved on the computer, phone, tablet, or other user’s device. They can be read by the Hotel’s system, as well as by systems which belong to other entities whose services the Hotel uses (Facebook, Google, Instagram).
  2. Cookies have numerous, often very useful functions on a website, such as:
  • impact on the processes and efficiency of using the website (they enable efficient running of the website to facilitate the use of its features, e.g. by remembering settings between visits on the website)
  • creating statistics (they are used to analyse user behaviour on the website, including the number of views, duration of visits, interest in the content, etc. which enables improving the website and adapting its features to user preferences)
  • maintaining session state (they enable maintaining the session which means that after moving to a different subsite it is not necessary to re-enter login and password each time, which, in turn, improves the comfort of using the website)
  • ensuring security (they are used for user authentication and to prevent unauthorised use of the customer panel)
  • using social media features (through Facebook pixel they enable liking our Facebook fanpage during the visit on our website)
  • session state (cookies save information about how visitors use the website, e.g. which subsites are the most frequently viewed, which enables the identification of errors displayed on certain subsites as well as the improvement of services and the quality of user experience)

 

  1. During the first visit on the HERBARIUM HOTEL&SPA**** website, the user is informed about the use of cookies. By remaining on the website, the user accepts the use of regular cookies on the website. Lack of changes in the browser settings on the part of the user is equivalent to giving the consent to the use of cookie files.
  2. The installation of cookies is necessary for the proper provision of services on the website. Cookie files contain information necessary for the correct functioning of the website, in particular those that require authorisation. The user can, at any time, change their browser settings to either accept or reject cookies, or to be informed about not storing these files on their computer.
  3. The website uses the following types of cookies:
    1. session cookies – they remain in the browser until it is closed, or the user logs out of the website where they were placed,
    2. persistent cookies – they remain in the browser until they are deleted by the user or until the time specified in advance in the cookie file parameters.
  4. The Hotel respects the autonomy of all website users, but we would like to warn you that disabling or limiting the use of cookies may cause quite serious difficulties when using the website, e.g. the necessity to log in on every subsite, longer loading time, limitations in using certain features, or liking the page on Facebook, etc.
  5. The Website may contain links to other websites which operate independently of the Website and are in no way supervised by the Website. These sites can have their own privacy policies, and terms and conditions which we recommend you read carefully.

 

  1. Final provisions

 

  1. In all matters not regulated by this Privacy Policy, regulations concerning personal data protection will apply.
  2. The Hotel reserves the right to amend this Privacy Policy, subject to the provision that to services rendered before such an amendment, the version of the Privacy Policy which was in force at the time the service was booked, shall apply.
  3. This Privacy Policy enters into force on 25 May 2018.

 

OPINIONS

Peace and quiet

The Hotel is located by the lake, far from any other buildings. This was important for me, as I wanted to take a break from my everyday life. The room where I stayed had an enormous terrace with the view of the lake. The swimming pool is located on the same side – you can see the lake through panoramic windows while making your laps. The hotel staff was smiling, kind and very helpful. Meals were excellent, traditional food with a modern twist – I felt dishes, both those on the menu and in the package, were quite special (...). I can wholeheartedly recommend this place. I will be glad to return.

 

 

A perfect hotel

The hotel is situated in a great location, surrounded by a lot of nature, there are cycling and walking paths, and a lake. The venue itself is beautiful – spacious, bright, functional, and clean. Scrumptious food and lovely staff.

 

Perfection!

The title of the review describes everything you come across during your stay. The staff is very hip, young, open to ideas, helpful, accommodating, and honest; everyone makes sure the guests enjoy themselves. Keep up the good work, congratulations to the owners.

 

A beautiful hotel

We enjoyed it immensely – a beautiful hotel, extremely nice staff and delicious food.

 

Wind down naturally

Wonderful rest and a breather from everyday chores. Location, closeness to nature, greenery, peace and quiet, in short: AMBIENT VIBES. I definitely recommend it to all prospective guests.

 

Comfort by the lake

We stayed in many hotels overlooking lakes, and we can safely say that Herbarium outclasses them all! If you care for comfort, elegance, beautiful surroundings, and access to a clear lake – I heartily recommend this hotel. Modern solutions, aesthetics, cleanliness, and high-quality service. The swimming pool and sauna with an abundance of beautiful towels are highly recommended.

 

New and fascinating place

The comfort of their beds leaves the competition far behind. We slept like babies. The decor of both the rooms and all other hotel spaces was designed in a sensible, practical, and above all, beautiful way. The staff was smiling, reliable and helpful. Every hotel should be like that! But what made us 100% sold on our stay, were specialist SPA treatments and incredible cuisine. Every day we were spoilt with fantastic offerings on the menu. Compliments to the chef. Spectacular food!

 

Big thumbs up

This hotel has only advantages. The location is perfect for those who want to take a break from the big city hustle and bustle. Motorised visitors will have no problem reaching the closest towns: Gąsawa or Żnin. What undoubtedly deserves high praise is the hotel staff and the service they provide, especially in the restaurant, the lobby bar, and the reception. Everyone was so kind and helpful, even with unusual requests.

Contact us 

* required

Book onlineBook

Newsletter

Subscribe to our free newsletter. You will receive information about current special offers, discounts and competitions by e-mail.

Newsletter

Zapisz się do Newslettera, by otrzymywać najnowsze informacje dotyczące ofert i wybierz jedną z korzyści.

This website uses COOKIES.

By browsing it you accept our cookies policy, according to your browser settings. Read more about Privacy Policy.

OK, close