Data controller

  1. The Data Controller of the personal data of the Guest/Client is:
    Sawyers.eu Tomasz Sosinka, NIP 6452377255
  2. The Data controller can be contacted at:
    – address for correspondence: ul. Hercena 7/17, 50-453 Wrocław
    – email address: contact1@sawyers.eu

The purposes, legal basis and period of data processing

  1. For the purpose of fulfilling the Rental Agreement of Accommodation, the Service Provider processes:
    – information concerning the User’s device, in order to ensure the correct functioning of the services: IP address of the computer, information contained in cookies or other similar technologies, session data, web browser data, device data, data concerning activity on the website, including individual subpages;
    – information concerning the geolocation, if the Guest/User allowed the Service Provider to access such data. This data is used to provide better tailored offers of Goods and services.
    – users’ personal data: name, surname, registered office address, correspondence address, e-mail address, telephone number, Tax Identification Number (NIP), bank account number or other personal data required by the Administrator in the reservation process.
  2. The above mentioned data does not contain identity data of the Guests/Users, however, in combination with other information this data may constitute personal information. Therefore, the Data Controller extends full GDPR protection to them
  3. The above mentioned data is processed in accordance with Art. 6(1)(b) GDPR, with the purpose of providing a service, i.e. an agreement for the provision of services by electronic means in accordance with the Regulation, in accordance with Art. 6(1)(a) GDPR, in accordance with consenting to the use of certain cookies or other similar technologies, as expressed by the appropriate settings of the Internet browser, in accordance with the Telecommunications Law or in accordance with consenting to obtaining the geolocation. The data are processed until the end of the User’s use of the Service.
  4. The Administrator undertakes to take all measures required under Article 32 of the RODO, i.e., taking into account the state of the art, the cost of implementation and the nature, scope and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and seriousness, the Administrator implements appropriate technical and organizational measures to ensure a level of security appropriate to that risk.

Recipients of User’s data

The Data Controller discloses the personal data of the Users exclusively to entities processing said data based on concluded agreements of entrustment of personal data processing with the purpose of providing services to the Data Controller such as hosting and maintenance of the website, IT services, marketing and PR services.

Transfer of personal data to third countries

Personal data will not be processed in third countries.

Rights of data subject

Every Data Subject has the right to:
1. access (Art. (15) GDPR) – to obtain confirmation whether their data is processed from the Data Controller. If their data is processed, the subject is entitled to gain access to said data and to the following information: the purpose of processing, the categories of the personal data, recipients or categories of recipients who received the data, the time period of storing data or the criteria of establishing the time period, the right to rectify, delete or limit data processing that every data subject is entitled to and to object to processing personal data;
2. obtain a copy of the data (Art. (15)(3) GDPR) – to obtain a copy of the data subject to processing, whereby the first copy is free of charge and the Data Controller may charge a reasonable fee based on the administration costs for the next copies;
3. rectification (Art. (16) GDPR) – to request the rectification of inaccurate or to supplement incomplete data concerning him or her;
4. erase the data (Art. (17) GDPR) – to request erasure of their personal data, if the Data Controller no longer has any legal basis for the processing or the data is no longer necessary for the processing;
5. restrict the processing (Art. (18) GDPR) – to request restriction of processing personal data, when:
a. the data subject questions the correctness of the personal data – for a period enabling the controller to verify the accuracy of the personal data,
b. the processing of the data is unlawful and the data subject opposes the erasure of said data and requests the restriction of their use instead;
c. the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
d. the data subject has objected to processing the data – until it has been concluded whether the legal basis of the Data Controller override the objection of the data subject;
6. transfer the data (Art. (20) GDPR) – to receive personal data concerning the data subject which the data subject provided to the Data Controller in a structured, commonly used format and machine-readable format and to have the right to request a data transfer to another Data Controller without hindrance from the data controller to which the personal data have been provided, where data are processed on the basis of the data subject’s consent or based on a contract with them and where data are processed by automated means;
7. objection (Art. (21) GDPR) – to object the processing of the the data for legitimate purposes of the Data Controller on grounds related to the specific situation of the data subject, including profiling. Whereby, the Data Controller shall assess the existence of important legal basis for processing, superior to the interests, rights and freedoms of the data subjects or basis for establishing, pursuing or defending claims. If according to the assessment the interest of the data subject is more important the the interest of the Data Controller, the Data Controller will be obliged to stop processing the data for those purposes;
8. to withdraw consent in any moment without providing the reason, however, the processing of personal data that happened before the withdrawal will remain lawful. The withdrawal of consent will stop processing the data by the Data Controller concerning the purpose for which the consent was given.

 

President of the Personal Data Protection Office

The data subject has a right to file a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office (based at 2 Stawki Street in Warsaw), who can be contacted in the following ways:

  1. in writing, the addresst: ul. Stawki 2, 00-193 Warszawa;
  2. by email which can be found under the following link: https://www.uodo.gov.pl/pl/p/kontakt ;
  3. helpline: 606-950-0000.

Data Protection Officer

In every instance, the data subject may also directly contact the Data Protection Officer by email or in writing at the address of the Data Controller provided in the first section point two of this Privacy Policy and Cookies.

Cookies

  1. The Service performs the function of obtaining information about Guests/Users and their behaviour in the following ways:
  2. through information provided in forms voluntarily, for purposes resulting from the functions of a given form;
  3. through storing cookie files in terminal devices (so-called „cookies”);
  4. through collecting web server logs by the Online Shop’s hosting operator (necessary for proper operation of the Online Shop).
  5. The legal basis for the processing of personal data from cookies is the legitimate interests pursued by the Website’s Operator, consisting of providing high quality services, ensuring the safety of services.
  6. The cookies are used for the following purposes:
    – creating statistics that help understand how Guests/Users of the Service use the websites, which then allows to improve their structure and content;
    – maintaining the Guest/User session (after logging in), thanks to which the Guests/User does not have to re-enter the login and password on each subpage of the Service;
    – defining the Guest’s/Customer’s profile in purpose to display product recommendations and matching materials in advertising networks, in particular the Google network.
  7. The websites of the Service use plugins which can transfer the information of the Guest/User to the following Data Controllers:
    -Facebook
    -Google
  8. In order to correctly perform the Distance Selling Agreement, the Data Controller may make the Guest/User data available to Internet payment systems.

Newsletter

  1. The Guest/User may give their consent to receive commercial information electronically by picking the appropriate option in the registration form or at a later date in the appropriate tab. In the case of such consent, the Guest/User shall receive information (Newsletter) of the Service as well as other commercial information sent by the Service Provider to the Guest’s/User’s email address.
  2. The Guest/User may unsubscribe from the Newsletter at any time by unchecking the appropriate box on their Account, by going to the form, clicking the appropriate link that is in the content of each Newsletter or through the Customer Service Office.