The purpose of developing this privacy policy is to inform about the principles of privacy protection during the use of information that Hotel Heron Sp. z o.o. Sp. k. receives directly or indirectly from the Guests.

Personal data administrator
“The administrator of personal data is Hotel Heron Sp. z o.o. Sp.k. with its registered office in Sienna 104, (33-318) Gródek nad Dunajcem (hereinafter referred to as Hotel Heron Sp. z o.o. Sp.k.).
The Personal Data Administrator informs that the personal data provided will be processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter GDPR. The collected personal data is necessary to prepare an offer of stay, make a reservation of a stay and provide a comprehensive hotel service. Providing personal data by the Guest and giving consent to their processing is voluntary, albeit necessary in order to book a stay and provide a hotel service. The Administrator processes personal data within the scope of the following activities within: Hotel Heron ul. Sienna 104, 33-318 Gródek nad Dunajcem.
Your personal data is collected during:
• the booking process via the hotel website, • the booking process made in person at the hotel,
• by phone or e-mail,
as well as during the registration of the Guest in the hotel,
• data may also be obtained from the Hotel Partners from booking portals, • organizing a special event or conference,
• using the Live SPA zone.

The person whose personal data are processed by Hotel Heron Sp. z o.o. Sp.k. has the right to:
• access to personal data by Hotel Heron Sp. z o.o. Sp.k. together
with the information indicated in Article 15 (1) of the GDPR, also included in this privacy policy. At the same time, the person has the right to request the transfer of a copy of his personal data, which are subject to processing;
• immediate rectification of incorrect or supplementation of incomplete personal data, if the data contradict their actual shape or incomplete;
• request the deletion of the data (the right to be forgotten) in a situation where:
- these data are no longer necessary for the purposes of their processing; - consent constituting the basis for the processing of personal data has been by the person withdrawn;

- a justified objection referred to later in this policy has been filed;
- personal data were processed by Hotel Heron Sp. z o.o. Sp.k.; unlawfully; - the obligation to delete personal data results from the provisions of Community or national law;

- consent to the processing of personal data was expressed by a minor, younger than 16 years of age.
• request restriction of processed data in a situation where:
- a person disputes the accuracy of the data or to submit an objection referred to in the later part of this privacy policy - for a period allowing Hotel Heron Sp. z
o.o. Sp.k. to check the correctness of the data processed or to recognize the legitimacy of the objection;
- in a situation where, despite the contradiction of data processing with the provisions of law, the data subject, instead of deletion data only wants to limit their scope in the Hotel's collection Heron Sp. z o.o. Sp.k. ;
- the need to process personal data for Hotel Heron Sp. z o.o. Sp.k. has ceased. However, the data subject needs further processing for the purposes of establishing, pursuing or defending his/her claims; the data
subject has the right to object to the processing of his/her personal data, based on Article 6 (1) (e) or (f), including profiling on the basis of these provisions.
In the event of an objection, Hotel Heron Sp. z o.o. Sp.k. will immediately restrict the processing of personal data on the terms set out in the previous chapter. Subsequently, in the event of a legitimate objection, the personal data will be deleted by Hotel Heron Sp. z o.o. Sp.k., unless valid, legally justified grounds prevailing over the interests, rights and freedoms of the data subject or the data are not a basis for establishing, pursuing or defending claims. In the event of an objection to the processing of data for direct marketing purposes, Hotel Heron Sp. z o.o. Sp.k. will cease the processing of such data for the above-mentioned purpose.
The data subject may object by sending an appropriate request to the e-mail address of the Data Protection Officer — e-mail: iod@heron-hotel.com

What are “cookies”?
“Cookies” should be understood as short text-numerical information stored on the device through which a person browses websites, IT data, in particular text files, stored in the end devices of users (including computers, laptops, smartphones, tablets) intended for the use of websites. These files allow you to recognize the user's device and properly display a website tailored to your individual preferences. “Cookies” usually contain the name of the website from which they come from, the time they are stored on the terminal device and a unique number. “Cookies” have no effect on the software in the end user's device. “Cookies” from the operator's website can only be read by the operator.

What do we use “cookies” for?
“Cookies” are used to adapt the content of websites to the preferences and expectations of the user and to optimize the use of websites. They are also used to create anonymous, aggregated statistics that help to understand how the user uses websites, which makes it possible to improve their structure and content, excluding personal identification of the user. Thanks to “cookies” we check the performance, analyze and study how our websites work by creating anonymous statistics, which allows improving their structure and content.
Do “cookies” contain data identifying the User's identity?
Personal data collected using “cookies” may only be collected for the purpose of performing certain functions for the benefit of the user. Such data is encrypted in a way that prevents unauthorized access to it. We never identify the identity of users based on information provided by “cookies”. Operational data collected using Cookies can also be compiled with demographic data (e.g. the size of the locality).

Types and types of “cookies” used on the operator's websites:
Use of two types of cookies — session and permanent. Session cookies remain on the User's device only when using the operator's websites.
Persistent cookies remain on the User's device as long as they have a set life or until they are deleted by the User.
As for the types of Cookies, the operator uses, among others:
Cookies necessary for the proper operation of the website so-called “necessary” — allow the User to freely navigate the Operator's website and use individual elements.
Cookies improving the performance of the so-called “performance” — collect information about the way the User uses the operator's websites, by identifying the areas he visited, the time spent on it and difficulties in the form of error messages.
Cookies improving the functionality of the so-called “functional” — remember the User's settings and choices, personalize the settings of the content of the service.
Advertising cookies — thanks to them, the User has provided advertisements corresponding to his preferences.

Deleting “cookies”
By default, the software used for web browsing allows the placement of “cookies” on the end device. If the User does not want to receive “cookies” files, you should change the settings of the terminal device in such a way as to block the automatic handling of “cookies” in the settings of the web browser or inform about them each time they are sent. Detailed information about the possibilities and methods of handling cookies is available in the software settings of the user of the end device (web browser) or on the website of its manufacturer. At the same time, we would like to inform you that limiting or disabling the use of “cookies” may affect some of the functionalities available on the website, and in extreme cases may prevent the use of the operator's website.
When using the hotel website www.hotel-heron.com, additional information is automatically downloaded: the IP address assigned to the computer from which the hotel was accessed, the external IP address of the Internet provider, domain name, browser type, duration of access, type of operating system, etc.

The
Administrator of Personal Data obtained in connection with the operation of the monitoring system is Hotel Heron Sp. z o.o. Sp. k. with its registered office in Sienna 104, (33-318) Gródek nad Dunajcem
This information refers to the monitoring systems installed in the Heron Hotel (ul. Sienna 104 ,33-318 Gródek nad Dunajcem) — inside and around buildings.
The legal basis for the processing of personal data is the legitimate interest of the Personal Data Controller - Article 6 (1) (f) of the GDPR and ensuring the safety of Hotel Guests, Customers, Employees and other persons staying on the premises of the Hotel.
As a rule, the Administrator keeps records from the monitoring for a period of no more than 3 months from the date of recording recording recording. In the event of a dispute between the parties, the records are kept no less than until the expiration of the limitation period for mutual claims.
Processing will be carried out on the principles specified by the GDPR. As a result of data processing, you have the opportunity at any time to view the personal data processed by us, as well as the right to request their correction and rectification, erasure or restriction of processing on the terms indicated in the GDPR. You also have the right to object to processing, as well as the right to data portability to the extent that the processing is carried out in an automated manner.
The Controller remains authorized to transfer your personal data to third parties only to the extent that it is necessary to fulfil its legal obligation.

The Data Protection Officer and the Supervisory Authority The
person appointed by Hotel Heron Sp. z o.o. Sp.k. to supervise the security of personal data processing and ensure the exercise of all rights provided for data subjects is the Data Protection Inspector.
Contact with the Data Protection Inspector in any matter concerning the processing of personal data is possible at the e-mail address: iod@heron-hotel.com
Data subjects are also entitled to lodge a complaint with the local Supervisory Authority, i.e. the President of the Office for Personal Data Protection at ul. Stawki 2, Warszawa 00-193.

Final provisions
In matters not regulated by this privacy policy, the provisions of generally applicable law, in particular the GDPR, shall apply.
Hotel Heron Sp. z o.o. Sp.k. reserves the right to change this privacy policy. The current text of the privacy policy will be available each time on the website/hotel
This privacy policy entered into force on 25 May 2018.