Hotel Piast | Hotel Piast Nysa

Privacy Policy

1. What is a privacy policy?

A privacy policy is a set of rules aimed at informing our Clients about all aspects of the process concerning the collection, processing, and protection of their personal data. We also explain the principles and purposes of data collection. These processes are carried out based on applicable laws, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, as well as the Act of 10 May 2018 on the protection of personal data.

2. Definitions

Administrator – According to the General Data Protection Regulation, the personal data administrator is a natural or legal person, public authority, unit, or other entity that alone or jointly with others determines the purposes and means of processing personal data.

Personal data – All information about an identified or identifiable natural person through one or more specific factors defining physical, physiological, genetic, mental, economic, cultural, or social identity, including device IP, location data, online identifier, and information collected via cookies and other similar technologies.

Policy – This Privacy Policy.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Act – The Act of 10 May 2018 on the protection of personal data.

User – Any natural person visiting the website www.agra-h.com and using one or more services or functionalities described in the Policy.

3. Personal Data Administrator

The administrator of your personal data is Zespół Hotelarsko Gastronomiczny "Piast" Danuta Mazgaj in Nysa, postal code 48-300, ul. Bolesława Krzywoustego 14, registered in the CEIDG, NIP: 7530011446, REGON: 531111636, phone: +48 77 433 40 84 86, +48 530 228 328, email address: hotelpiastnysa@poczta.onet.pl.

4. Purposes and Legal Bases for Processing Personal Data

We collect and process data necessary for:

Concluding and performing a sales contract and providing the service selected by the User, ensuring the quality of services provided, and enabling payment for products and services purchased from us (Article 6(1)(b) GDPR).
Fulfilling legal obligations, including for tax and accounting purposes (issuing invoices and accounting documents and their storage). Storing contracts, correspondence, and information related to the execution of product sales and service provision contracts, as well as handling complaints (Article 6(1)(c) GDPR).
Pursuing the legitimate interests of Zespół Hotelarsko Gastronomiczny "Piast" Danuta Mazgaj, including establishing, pursuing, and enforcing claims, verifying payment credibility, responding to inquiries, questions, and complaints within the time limits set by regulations, marketing our services, providing information about current offers, conducting statistical analyses and marketing research for our own needs, and contacting the User for purposes related to service provision and product sales (Article 6(1)(f) GDPR).

5. What personal data we collect and process

During registration or when ordering a service through our website, we require the following data:

Company name
First and last name
Address of residence or registered office
Correspondence address or delivery address (if different from residence)
Tax Identification Number (for companies)
Phone number
Email address

Providing all the above data is not obligatory to conclude a contract. We only process data necessary to carry out the selected contract. Providing personal data marked as required and giving consent to process them is voluntary, but it is also a condition to conclude and perform the contract. Failure to provide the necessary data or consent will result in the inability to provide services. Additionally, we may request optional data that do not affect contract conclusion.

6. How long we process data

We do not process personal data longer than necessary. Primarily, this is during the contract duration and afterwards for tax settlement or until claims expire, unless the law requires earlier deletion. The maximum retention period for data used for accounting purposes is 5 years from the end of the calendar year in which the tax payment was due.

7. Data sharing

Data is shared only within legally allowed limits. We may share personal data with entities that support us in electronic service provision (e.g., data hosting) or financial services (e.g., accounting). Also, with consultants, legal, postal, courier services, or debt buyers if invoices are unpaid. Shared data is transferred based on a need-to-know basis to fulfill the contract. The data transfer does not relieve the sender of responsibility. We may also be obliged to provide data to public authorities (e.g., Police, Prosecutor’s Office, Courts, President of the Personal Data Protection Office, Competition and Consumer Protection Office, Office of Electronic Communications). Such data may be disclosed without the User’s knowledge or consent, based on applicable law, provided the legality of the request is verified.

8. When do we collect data?

We may collect your personal data when you:

Order our services
Register as a user
Share content on our community platforms
Submit job applications
Register to receive information about our services
Contact us with a problem, inquiry, or complaint

We also automatically collect certain information about users visiting our site, as described in the “Cookies” section.

9. How do we process personal data?

We process personal data in accordance with applicable laws, particularly the Personal Data Protection Act and the General Data Protection Regulation (GDPR). We follow these principles when processing data:

Principle of adequacy: We process only the data necessary to achieve the purpose.
Principle of accuracy: We strive to keep data current and accurate.
Principle of integrity and confidentiality: We use necessary security measures to protect the confidentiality and integrity of data.
Principle of accountability: We document all actions related to personal data so that we can provide full and honest information upon request.

10. What do we do with your personal data?

When you provide us with your personal data, we use it to:

Enable access to any services we may offer through our website.
Allow you to register as a user on our website.
Communicate properly with you.
Provide you with information about our products and services, including offers and updates, in line with your communication preferences.
Track website activity for internal marketing research to improve usability and content. This is done using aggregated and anonymized data.
Prevent the posting or distribution of aggressive, inappropriate, or offensive content on our website.
Administer the website (including responding to comments or sending feedback).

11. International transfer of personal data

Currently, we do not and do not plan to transfer Users’ data outside the European Economic Area (EEA).

12. Cookies

Cookies are text files sent by a website and stored on the user's device, such as a computer or smartphone, through which the user connects to the internet. Cookies do not harm the device or its files. They help websites recognize the user's device and display content appropriately.

Do we use cookies?

Yes. Our services use cookies to recognize users during return visits and remember preferences. With user consent, our websites and affiliated advertising networks place cookies on users' devices to better understand preferences and improve our services. Cookies do not identify the user by name but track anonymous usage behavior.

Types of cookies we use:

Essential cookies – for proper service functionality (e.g., authentication).
Performance cookies – to collect information on how users interact with the site.
Functional cookies – to remember user-selected settings and customize interfaces.
Advertising cookies – to show more relevant ads and limit their frequency.
Statistical cookies – to count site statistics.

How long are cookies stored?

Our site uses session cookies (temporary, stored until the browser is closed) and persistent cookies (stored for a set period or until manually deleted).

Third-party cookies

Yes. Cookies may come from partners such as Facebook or Google. More details are on their websites.

Managing cookies

Cookies improve user experience. Disabling essential cookies (for authentication, security, preferences) may hinder or block site functionality. Browser settings allow cookie management, deletion, or blocking.

Summary

Cookies do not collect personal data unless the user gives separate consent. They are safe and cannot access your saved files. You can set your browser to warn or block cookies, but some features may not work.

For instructions, see your browser’s help section.

13. IP addresses

An IP address is a number assigned to your computer by your Internet service provider to provide access to the Internet. We may use your IP address to collect aggregated usage data; however, we are not able to identify you individually without additional information, which we do not seek.

14. User rights related to personal data

Right to information – You can request information about how your data is being processed, including the purposes, legal basis, scope, and recipients.

Right to receive a copy of data – You can request a copy of your processed personal data.

Right to rectify data – You can request correction or update of inaccurate or outdated data.

Right to erasure – You can request deletion of data that is no longer necessary for the purposes it was collected.

Right to restriction of processing – You can request that your data is no longer actively processed except for storage or other legally permitted purposes.

Right to data portability – You can receive your data in a structured, commonly used, machine-readable format or request that it be sent to another controller, if technically feasible.

Right to object to processing for marketing purposes – You can object at any time to your data being used for marketing without providing justification.

Right to object to processing for other purposes – You can object to data processing based on the controller’s legitimate interest. The objection must be justified and will be assessed.

Right to withdraw consent – You can withdraw your consent at any time by sending a request to: hotelpiastnysa@poczta.onet.pl

Right to lodge a complaint – If you believe your data is being processed unlawfully, you can file a complaint with the President of the Personal Data Protection Office.

15. Data security

Zespół Hotelarsko Gastronomiczny "Piast" Danuta Mazgaj ensures data security by using SSL encryption where personal data is entered and submitted via online forms. This protects data from interception by third parties.

We use appropriate technical and organizational measures to secure data against unauthorized access, collection, processing, loss, damage, or destruction. In particular:

Data is protected from access by unauthorized persons.

User accounts are accessible only after authentication with individual login and password.

Data is protected from modification or unauthorized acquisition.

16. Contact

You can contact Zespół Hotelarsko Gastronomiczny "Piast" Danuta Mazgaj at any time to inquire about how your data is or will be used, or to report any data security concerns. Email: hotelpiastnysa@poczta.onet.pl

17. Changes to the Privacy Policy

Zespół Hotelarsko Gastronomiczny "Piast" Danuta Mazgaj reserves the right to amend this Privacy Policy. However, we ensure that user rights will not be restricted without consent. All changes will be published at: www.hotel-piast.com.pl

18. Contact with supervisory authority

For issues related to the application and enforcement of this Privacy Policy or data processing, the user has the right to lodge a complaint with the President of the Personal Data Protection Office.

19. Document date