Privacy Policy - Bogoria House

Bogoria House
Senacka St. 6,
31-002 Kraków 1.

General information
This Privacy Policy sets out the principles for processing the personal data of Guests and persons contacting the Bogoria House accommodation facility.

The data controller is:
Kamienica B s z o.o.
Jakuba Majora St. 9,
30-348 Kraków
Tax ID (NIP): 9452272351

The controller processes personal data in accordance with applicable law, in particular:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR),
the Personal Data Protection Act.

2. Scope of processed data The Controller may process the following personal data:

• first and last name,
• email address,
• phone number,
• data necessary to fulfil the reservation and stay (dates of stay, number of Guests),
• data for billing and accounting purposes,
• data voluntarily provided in correspondence,
• image recorded by video surveillance (CCTV).

3. Purposes of data processing

Personal data are processed for the following purposes:

• performance of reservations and the accommodation agreement,
• contact with the Guest before, during and after the stay,
• fulfilment of accounting and tax obligations,
• ensuring the safety of Guests and protection of property (monitoring),
• handling complaints and pursuing claims,
• fulfilment of obligations arising from legal provisions.

4. Legal basis for processing
Personal data are processed on the basis of:

• Art. 6(1)(b) GDPR – performance of a contract or taking steps prior to entering into a contract,
• Art. 6(1)(c) GDPR – legal obligation of the controller, Art. 6(1)(f) GDPR – legitimate interest of the controller (security, protection of property, pursuit of claims).

5. Video surveillance (CCTV)

On the premises of Bogoria House there is video surveillance covering only the common areas, in particular entrances and corridors. Monitoring does not cover rooms or sanitary facilities.
The purpose of the monitoring is to ensure the safety of persons on the premises and the protection of property. Recordings are stored for no longer than 30 days, unless they constitute evidence in proceedings.

6. Recipients of data
Personal data may be disclosed to:

• entities providing accounting, IT and maintenance services,
• operators of reservation systems (e.g. booking platforms),
• entities entitled to receive them under applicable law.
• Data are not transferred to third countries or international organizations.

7. Data retention period
Personal data are retained:

• for the duration of the contract and after its termination for the period required by law,
• accounting data – in accordance with applicable tax regulations,
• monitoring data – a maximum of 30 days.

8. Rights of data subjects
A data subject has the right to: access their data, rectify them, erase data, restrict processing, object to processing, data portability, and to lodge a complaint with the President of the Personal Data Protection Office.

9. Voluntariness of providing data
Providing personal data is voluntary but necessary to make a reservation and stay at the facility.

10. Final provisions
The controller reserves the right to introduce changes to the Privacy Policy.
The current version of the Privacy Policy is available from the facility operator and in reservation materials.
The Privacy Policy is effective from the date of publication.