Privacy

PRIVACY POLICY

I. DEFINITIONS

Capitalized terms should be understood in accordance with the following definitions:

a. "Administrator" - LP PARTNERS SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Warsaw, at ul. Wybrzeże Kościuszkowskie 43, entered into the Register of Entrepreneurs of the National Court Register under KRS number 0000393665, NIP:7010310177. Correspondence address: ul. Wybrzeże Kościuszkowskie 43, 00-347 Warsaw.

b. "Privacy Policy" - this document.

c. "Registration" - the procedure of creating an account consisting in completing and approving the Registration form in accordance with the instructions provided by the Operator.

d. "GDPR" - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation).

e. "Website" - a website operated by the Administrator.

f. "Service" - a service provided electronically within the meaning of the Act of July 18, 2002, on the provision of electronic services.

g. "User" - a natural person who uses the Website.

II. GENERAL PROVISIONS

a. In the interests of maintaining the right to privacy of the Users of our services and meeting the requirements of the law, LP PARTNERS sp. z o.o. with its registered office in Warsaw (hereinafter also referred to as the "Administrator"), publishes this Privacy Policy, in which it explains and informs about the manner in which personal data obtained from Website Users are processed and secured when they use the Website or other Services provided by the Administrator.

b. The Privacy Policy applies to all Users of the Services provided by the Administrator, as well as all persons visiting websites and using mobile applications, who may or may not be subscribers to the Services.

c. The conditions for the provision of individual services may regulate the rules of personal data processing in a separate manner. In such cases, such specific terms and conditions may override or supplement the provisions of this Privacy Policy.

d. Before starting to use the Website or registering, the User should read the content of this Privacy Policy.

e. This document applies only to the Website, the administrator of which is LP PARTNERS sp. z o.o.

f. The Administrator is not responsible for links placed on the Website, enabling Users to go directly to websites whose administrator is not LP PARTNERS sp. z o.o.

g. If the User uses a link to websites or services of other entities, the User should familiarize himself with the privacy protection rules introduced by these entities.

III. PERSONAL DATA ADMINISTRATOR

1. The administrator of the User's personal data is LP PARTNERS SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Warsaw, at ul. Wybrzeże Kościuszkowskie 43, entered into the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register under KRS number 0000393665, NIP: 7010310177, REGON: 144418133 with share capital in the amount of PLN 100,000.00.

2. The administrator processes personal data in accordance with applicable law, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (commonly referred to as: "GDPR").

3. Questions, requests and comments regarding the Privacy Policy and the processing of the User's personal data by the Administrator should be sent by e-mail to the following e-mail address: ozelazny@savahotel.pl or in writing to the following address: ul. Wybrzeże Kościuszkowskie 43, 00-347 Warsaw.

IV. DATA COLLECTED BY THE ADMINISTRATOR

1. The Administrator enables the use of the Website without the need to register or log in and provide personal data by the User.

2. When using the Website, the Administrator does not collect any personal data, except for information sent by the browser, which is necessary to ensure technical access to the Website. Such information includes:

• IP address,

• date and time of the inquiry,

• content of the query (Website domain),

• the domain of the website from which the query comes,

• browser type, language, and version,

• type and version of the operating system,

• technical data of the terminal device (e.g., computer, telephone).

The above data, contained in the so-called system logs, are used by the Administrator to improve the Website, adapt it to the needs of Users and more effectively remove detected irregularities in the Website's operation. This information also allows you to manage server properties to meet volume requirements. This information is not used to identify the User.

3. The Administrator may process Users' personal data when they use the Website or interact with the Website (e.g., because of sending information via an interactive form).

4. The Administrator collects the User's personal data during registration - setting up a customer account on the Website in connection with the provision of Services. To provide the Services offered through the Website, it is advisable to register by completing the registration form. Providing data by the User is voluntary, however, failure to provide some data may prevent the implementation or use of some Services.

5. When using mobile applications provided by the Administrator, data may be collected such as: information about the device used to access a given application, including mobile device ID, User ID, type and version of the operating program, and other data (depending on the consents expressed by the User).

6. The Administrator may also process other data provided by the User, if it is necessary to perform the concluded contracts and provide services, contact, and answer the User's questions.

V. OBJECTIVES AND LEGAL BASIS FOR DATA PROCESSING

The Administrator may process Users' personal data based on the following legal grounds provided for by the GDPR:

a. Agreed In cases where the User is asked to consent to the processing of personal data, or when the User independently and voluntarily provides the Administrator with his personal data (e.g., filling in an optional form field), the legal basis for the processing of personal data is art. 6 sec. 1 lit. a) GDPR. Consent is always voluntary. The user may withdraw his consent at any time. Withdrawal of consent, however, does not affect the lawfulness of the processing of personal data that took place before the consent was withdrawn. The User's consent is collected for the Administrator to provide electronic data collected automatically via cookies and to process this data by the Administrator for the purpose of profiling and displaying personalized advertisements on and off the Website.

b. Performance of the contract The Administrator may process the User's personal data also due to the ongoing process of concluding contracts and then implementing contracts concluded with the User, including contracts regarding the use of Services, i.e., pursuant to art. 6 sec. 1 lit. b) GDPR. In the event of setting up an account on the Website or using other Services via the Website or mobile application, the User concludes an agreement for the provision of electronic services. When setting up an account or placing an order (including via the form), the Administrator informs the User about which personal data is necessary to perform the Services and indicates which are additional data.

c. Legal Obligation The Administrator may process Users' personal data pursuant to art. 6 sec. 1 lit. c) GDPR, due to the need to fulfill legal obligations. This includes situations where data must be processed (including stored), e.g., resulting from issued invoices for billing and tax reasons.

d. Legitimate interest The administrator may process personal data also based on art. 6 sec. 1 lit. f) GDPR, when it will be necessary for the purposes of legally justified interests pursued by the Administrator. Based on a legitimate interest, the Administrator may process Users' personal data in order to conduct direct marketing of its products and services. In such a situation, it is justified to adjust the marketing content to the interests of the Users. On the same basis, the Administrator may process personal data to conduct analysis regarding the sale of products and the use of services provided by the Administrator. The legitimate interest is to improve the Administrator's services. The administrator may also process personal data for the purposes of asserting rights and defending against claims and administrative/criminal liability, for evidence and archival purposes. Based on a legitimate interest, the User's data may also be processed in order to ensure the security of the services and IT systems provided, security of sessions and detection of abuse on the Website. As part of the legitimate interest, the Administrator also provides on its website’s functions offered by social networking sites (e.g. "Like" buttons) and transfers selected User data to the operators of these websites. The legitimate interest in this case is to increase the attractiveness of the Website.

VI. DATA SHARING

1. The Administrator may disclose Users' personal data only if it has a legal basis for doing so, including at the request of entities authorized under the law or when it is necessary to perform the services offered by the Administrator (e.g. entities providing services to the Administrator).

2. The User's personal data may be made available at the request of public authorities or other entities authorized to have such access under the law, when it is necessary to ensure the security of the Administrator's systems or the rights of other Users.

3. Access to the User's personal data may be obtained by entities that provide services to the Administrator (including for the purpose of providing services to Users), such as: IT service providers, service subcontractors, entities providing analytical services and opinion polls on the Internet, entities performing campaigns mailing companies, advertising agencies, law firms, debt collection agencies, entities providing payment services, banks.

4. The Administrator does not transfer Users' data outside the territory of the European Economic Area or to international organizations, unless such an obligation results from the provisions of law.

VII. USER PERMISSIONS

The User has the following rights in relation to his personal data processed by the Administrator:

1. The right to access personal data. At the request of the User, the Administrator will inform what personal data the User processes and provide him with a copy of this data.

2. The right to rectify personal data. If the User's personal data is incorrect or incomplete, the User may request the Administrator to correct or supplement it.

3. The right to delete personal data. In certain situations, the User may request the Administrator to delete personal data processed by the Administrator (e.g., when the data is no longer needed to provide services by the Administrator).

4. The right to limit the processing of personal data. The User may request the Administrator to temporarily suspend the processing of his data (e.g., not to send marketing information to the e-mail address provided) in certain situations. The user may, for example, request the restriction of the processing of his personal data when he objects to the processing or when he questions the correctness of the data. Despite limiting the processing, the Administrator will still be entitled to store personal data.

5. The right to request the transfer of personal data. In certain situations (e.g., in relation to data processed because of consent), the User has the right to receive personal data processed by the Administrator in a structured, commonly used machine-readable format in order to transfer this data to another administrator.

6. The right to withdraw consent to the processing of personal data. If the basis for the processing of personal data is the User's consent, the User may withdraw the consent at any time. Withdrawal of consent, however, does not affect the lawfulness of processing the User's data by the Administrator, which was made based on consent before its withdrawal.

7. The right to object to the processing of personal data. The User may request that the Administrator stop processing personal data due to his situation when:

a. The Administrator processes the User's personal data based on its own legitimate interest or that of a third party, except for situations where these interests prove to be superior to the interests, rights and freedoms of the User.

b. the User's personal data is processed for direct marketing purposes.

c. the processing of personal data includes automated decision-making towards the User, including profiling.

8. The right to lodge a complaint to the President of the Office for Personal Data Protection The User has the right to lodge a complaint with the President of the Personal Data Protection Office in connection with the processing of personal data by the Administrator.

VIII. DATA STORAGE PERIOD

a. The Administrator stores Users' personal data only for the time necessary to achieve the purposes for which the data was collected and for the time required by law (e.g., 5 years from the end of the tax year in connection with tax regulations). After this time, the data will be deleted or may be anonymized in such a way that it is not possible to determine the User's identity.

b. Personal data may be stored for longer if such an obligation results from legal provisions or it is necessary for the Administrator to defend or pursue claims against Users.

c. If the basis for data processing is the need to perform the contract, the data will be processed for the duration of its performance and until the expiry of the limitation period for claims under this contract.

d. If personal data is processed in connection with the need to perform the contract, the data will be processed for the duration of its performance and until the claims under this contract expire.

e. Personal data processed only based on consent are processed until such consent is withdrawn, but no longer than it is necessary to achieve a specific goal.

f. If the basis for the processing of personal data is the Administrator's legitimate interest, the data is processed until the User submits an effective objection, but no longer than it is necessary to achieve a specific goal.

IX. HOW CAN YOU PROTECT YOUR DATA?

a. The Administrator draws attention to the need to protect data by the User, including not sharing registration data by Users with third parties and using the "log out" option after using the services offered by the Website.

b. In connection with the use of services provided electronically, the User remains exposed to threats, e.g., as:

a. activities of spyware,

b. impersonating to phishing information,

c. computer viruses,

d. spam.

c. Threats apply not only to desktop computers and laptops, but also to other portable devices, e.g., smartphones, tablets.

d. Spyware is software that can be installed on the User's device in a hidden manner, e.g., by entering a prepared website or launching a file sent by e-mail. It can monitor/send to the attacker both the data placed on the device and the User's actions: mouse movements, text entered from the keyboard, start preview/eavesdropping from the camera and microphone.

e. Phishing is the placement of fake sites on the Internet that mimic genuine sites. and persuading Users to log in to them, e.g., by sending a crafted e-mail message that pretends to be a message from an authentic institution or person. The goal is to intercept access data to the service (login, password).

f. A computer virus is malware that is transmitted by saving an infected file on a data carrier, e.g., a hard drive, pen drive. The purpose of the virus is to steal or delete data, disrupt the operation of the device, or take control over it. Most often, a computer virus infection occurs after downloading files from an untrusted Internet source or opening an attachment in an e-mail.

g. Spam is unsolicited or unnecessary electronic messages sent simultaneously to many recipients. They often carry computer viruses, spyware, links to malicious sites.

h. To ensure safe use of the Internet, each User should:

a. ensures the safety of the device used. In particular, the device should have an anti-virus program with an up-to-date virus definition database, an up-to-date and safe version of a web browser, and an enabled firewall.

b. Periodically check whether the operating system and programs installed on the device have the latest updates, because the attacks use errors detected in previously installed versions of the software.

c. Secure access data to services offered on the Internet - e.g., logins, passwords, PIN, electronic certificates, etc. such data should not be disclosed or stored on the device in a form that allows easy access and reading.

d. Be careful when opening attachments or clicking links in messages that we did not expect, e.g., from unknown senders. In case of any doubts, it is worth contacting the sender.

e. Use anti-phishing filters or other tools to verify whether the displayed page is not phishing.

f. Download and install files only from trusted sources.

g. Establish a secure and hard-to-break network (Wi-Fi) password. It is also recommended to use trusted encryption standards for Wi-Fi wireless networks, e.g., WPA2.

h. Control physical access to devices.

X. PROCESSING OF CHILDREN'S DATA

a. The services offered as part of the Website are addressed to persons over 18 years of age. Therefore, the Administrator does not knowingly process children's personal data.

b. In the event of becoming aware that the Administrator processes personal data of persons under the age of 18 without the consent of legal guardians, appropriate steps will be taken to delete this data as soon as possible.

XI. CHANGES TO THE PRIVACY POLICY

a. The Administrator places a link to the current content of the Privacy Policy in the footer of the Website.

b. The content of the Privacy Policy may change. After each change, a new version will be published at https://savaboutique.pl