1. Data controller and definitions

    1. The Data Controller of the personal data of the Guest/Client is: B&B Emarik Erik Winnelinckx, +48 725 201 901, 6751737945,

    2. The Data controller can be contacted at:

      1. address for correspondence: Podobin, 354, 34-735, Niedźwiedź

      2. email address: This email address is being protected from spambots. You need JavaScript enabled to view it.

    3. The User - a natural person entering the website/websites that present the Offer and enable concluding a rental agreement of accommodation or use the services and functionalities described below in the Policy Privacy and Cookies;

    4. The Service Provider - Erik Winnelinckx, B&B Emarik Erik Winnelinckx, 6751737945, Podobin, 354, 34-735, Niedźwiedź;

    5. The Offer - the place of accommodation offered by the Service Provider in order to conclude the agreement of the accommodation through the website.

    6. The Guest - an adult person with full legal capacity, legal person or organizational unit which is mentioned in par. 33 of the civil code, that concludes a rental agreement of accommodation with the Service Provider.

    7. The Service - presentation of the offer of the Service Provider on the internet, allowing for the rental agreement of accomodation to be concluded on-line.

    8. The Newsletter - information including commercial information ,in accordance with the meaning of this term from the Act of 18 July 2002 on providing electronic services (Dz. U. z 2020 r. poz. 344), sent from the Service Provider to the Guest/User in form of email; receiving this newsletter is voluntary and requires the Guest/User permission.

    9. The Account - sets of data stored in the Service and in the ICT System of the Service Provider. The data sets concern a given Guest/User, the reservations they have made and the concluded agreements.

    10. GDPR -Regulation of the European Parliament and Council (UE) 2016/679 from 27 April 2016 on protection of natural persons with regard to the processing of personal data, the free movement of such data and repeal of Directive 95/46/WE (General Data Protection Regulation).

  2. The purposes, legal basis and period of data processing
    1. For the purpose of fulfilling the Rental Agreement of Accommodation, the Service Provider processes:

      1. information concerning the User's device, in order to ensure the correct functioning of the services: IP address of the computer, information contained in cookies or other similar technologies, session data, web browser data, device data, data concerning activity on the website, including individual subpages;

      2. information concerning the geolocation, if the Guest/User allowed the Service Provider to access such data. This data is used to provide better tailored offers of Goods and services.

      3. users' personal data: name, surname, registered office address, correspondence address, e-mail address, telephone number, Tax Identification Number (NIP), bank account number or other personal data required by the Administrator in the reservation process.

    2. The above mentioned data does not contain identity data of the Guests/Users, however, in combination with other information this data may constitute personal information. Therefore, the Data Controller extends full GDPR protection to them

    3. The above mentioned data is processed in accordance with Art. 6(1)(b) GDPR, with the purpose of providing a service, i.e. an agreement for the provision of services by electronic means in accordance with the Regulation, in accordance with Art. 6(1)(a) GDPR, in accordance with consenting to the use of certain cookies or other similar technologies, as expressed by the appropriate settings of the Internet browser, in accordance with the Telecommunications Law or in accordance with consenting to obtaining the geolocation. The data are processed until the end of the User's use of the Service.

    4. The Administrator undertakes to take all measures required under Article 32 of the RODO, i.e., taking into account the state of the art, the cost of implementation and the nature, scope and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and seriousness, the Administrator implements appropriate technical and organizational measures to ensure a level of security appropriate to that risk.

  3. Marketing activities of the Data controller

    The Data Controller may place marketing information about their Goods or services on the Online Shop’s website. Such content shall be displayed by the data controller in accordance with Art. (6)(1)(f) GDPR, ie. with the legally justified interest pursued by the Data Controller in publishing the content related to the services provided and the promotional content of the actions in which the Data Controller is involved. Simultaneously, the action does not infringe the rights and freedoms of the Guests/Users. The Guests/Users expect to receive similar content, await it or it is the direct purpose of their visit to the website(s) of the Service.

  4. Recipients of User’s data

    The Data Controller discloses the personal data of the Users exclusively to entities processing said data based on concluded agreements of entrustment of personal data processing with the purpose of providing services to the Data Controller such as hosting and maintenance of the website, IT services, marketing and PR services.

  5. Transfer of personal data to third countries

    Personal data will not be processed in third countries.

  6. Rights of data subject

    1. Every Data Subject has the right to:

      1. access (Art. (15) GDPR) – to obtain confirmation whether their data is processed from the Data Controller. If their data is processed, the subject is entitled to gain access to said data and to the following information: the purpose of processing, the categories of the personal data, recipients or categories of recipients who received the data, the time period of storing data or the criteria of establishing the time period, the right to rectify, delete or limit data processing that every data subject is entitled to and to object to processing personal data;

      2. obtain a copy of the data (Art. (15)(3) GDPR) – to obtain a copy of the data subject to processing, whereby the first copy is free of charge and the Data Controller may charge a reasonable fee based on the administration costs for the next copies;

      3. rectification (Art. (16) GDPR) – to request the rectification of inaccurate or to supplement incomplete data concerning him or her;

      4. erase the data (Art. (17) GDPR) – to request erasure of their personal data, if the Data Controller no longer has any legal basis for the processing or the data is no longer necessary for the processing;

      5. restrict the processing (Art. (18) GDPR) – to request restriction of processing personal data, when:

        1. the data subject questions the correctness of the personal data - for a period enabling the controller to verify the accuracy of the personal data,

        2. the processing of the data is unlawful and the data subject opposes the erasure of said data and requests the restriction of their use instead;

        3. the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

        4. the data subject has objected to processing the data - until it has been concluded whether the legal basis of the Data Controller override the objection of the data subject;

      6. transfer the data (Art. (20) GDPR) – to receive personal data concerning the data subject which the data subject provided to the Data Controller in a structured, commonly used format and machine-readable format and to have the right to request a data transfer to another Data Controller without hindrance from the data controller to which the personal data have been provided, where data are processed on the basis of the data subject's consent or based on a contract with them and where data are processed by automated means;

      7. objection (Art. (21) GDPR) – to object the processing of the the data for legitimate purposes of the Data Controller on grounds related to the specific situation of the data subject, including profiling. Whereby, the Data Controller shall assess the existence of important legal basis for processing, superior to the interests, rights and freedoms of the data subjects or basis for establishing, pursuing or defending claims. If according to the assessment the interest of the data subject is more important the the interest of the Data Controller, the Data Controller will be obliged to stop processing the data for those purposes;

      8. to withdraw consent in any moment without providing the reason, however, the processing of personal data that happened before the withdrawal will remain lawful. The withdrawal of consent will stop processing the data by the Data Controller concerning the purpose for which the consent was given.

  7. President of the Personal Data Protection Office

    The data subject has a right to file a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office (based at 2 Stawki Street in Warsaw), who can be contacted in the following ways:

    1. in writing, the addresst: ul. Stawki 2, 00-193 Warszawa;

    2. by email which can be found under the following link: https://www.uodo.gov.pl/pl/p/kontakt ;

    3. helpline: 606-950-0000.

  8. Data Protection Officer

    In every instance, the data subject may also directly contact the Data Protection Officer by email or in writing at the address of the Data Controller provided in the first section point two of this Privacy Policy and Cookies.

  9. Changes to the Privacy Policy and Cookies

    The Privacy Policy and Cookies may be supplemented or updated accordingly with the current needs of the Data Controller with the purpose of providing current and reliable information to Guests/Users.

  10. Cookies

    1. The Service performs the function of obtaining information about Guests/Users and their behaviour in the following ways:

      1. through information provided in forms voluntarily, for purposes resulting from the functions of a given form;

      2. through storing cookie files in terminal devices (so-called „cookies”);

      3. through collecting web server logs by the Online Shop’s hosting operator (necessary for proper operation of the Online Shop).

    2. The cookies constitute IT data, in particular the text files which are stored in the terminal device of the Guest/User of the Service and are designed to use the Online Shop’ s website. Cookies usually contain the name of the website from which they come from, the time of their storage on the final device and a unique number.

    3. The Service uses cookies only after the Guest/User has given their prior consent in this regard. Consent to the use of cookies by the Service is given by clicking the button: ‘I agree, I want to go to the website’ when the announcement about the use of cookies by the Service is displayed or by closing that announcement.Service uses cookies only after the Guest/User has given their prior consent in this regard.

    4. The above mentioned consent may cover only selected cookies. In such case, Guest/User should use the option: ‘Cookies settings’ available in announcement about the use of cookies by the Service. Simultaneously, the Data Controller reserves that disabling of cookies that are necessary for the authentication process, security, maintenance of the Guest’s/ User’s preferences may hinder, and in extreme cases may prevent the use of the Online Shop.

    5. If the Guest/User does not agree to the use of cookies by the Service, they may use the option: "I do not agree", which is also available in the announcement about the use of cookies by the Service or make changes to the settings of the Internet browser, which is currently using by Guest/User (however, this may result in incorrect operation of the Online Shop).

    6. To manage the cookie settings, Guest/User should select a web browser from the list below and follow the instructions:

      1. Internet Explorer

      2. Chrome

      3. Safari

      4. Firefox

      5. Opera

      6. Android

      7. Safari (iOS)

      8. Windows Phone

    7. The legal basis for the processing of personal data from cookies is the legitimate interests pursued by the Website’s Operator, consisting of providing high quality services, ensuring the safety of services.

    8. The Service uses two basic types of cookies: ‘session’ (session cookies) and ‘permanent’ (permanent cookies). The session cookies are temporary files which are stored in the terminal device of the Guest/User until they have logged out, left the Service or closed the software (web browser). The permanent files are stored in the terminal device of the Guest/User for a period of time specified in the parameters of the cookie files or until the cookies have been removed by the Guest/User.

    9. The cookies are used for the following purposes:

      1. creating statistics that help understand how Guests/Users of the Service use the websites, which then allows to improve their structure and content;

      2. maintaining the Guest/User session (after logging in), thanks to which the Guests/User does not have to re-enter the login and password on each subpage of the Service;

      3. defining the Guest’s/Customer's profile in purpose to display product recommendations and matching materials in advertising networks, in particular the Google network.

    10. The software for web browsing (web browser) usually allows for storing cookies in the Guest’s/User's terminal device by default. Guests/Users may change their settings regarding this aspect. The web browser enables removing cookies. It is also possible to automatically block cookie files.

    11. Restrictions of the use of cookies may affect some of the functionalities available on the Service's websites.

    12. Cookie files placed in the Guest’s/User's terminal device and may also be used by Service’s advertisers and partners, cooperating with Service.

    13. Cookies may be used by advertising networks, in particular the Google network, to display ads tailored to the way in which the Guest/User uses the Service. For this purpose, the networks may retain information about the Guest’s/User’s navigation path or the time of staying on a given website.

    14. We recommend that the Guest/User should read these companies' privacy policies in purpose to understand the cookies’ usage in the statistics: Privacy Policy - Google Analytics.

    15. In terms of information on the Guest’s/ User's preferences collected by the Google advertising network, the Guest/User can view and edit the information resulting from cookies using the tool: https://www.google.com/ads/preferences/.

    16. The websites of the Service use plugins which can transfer the information of the Guest/User to the following Data Controllers:

      1. Facebook

      2. Google

    17. In order to correctly perform the Distance Selling Agreement, the Data Controller may make the Guest/User data available to Internet payment systems. The currently available methods of payment in the form of prepayment in the Service are https://www.idobooking.com/pl/integracja-z-innymi-systemami/systemy-platnosci-zintegrowane-z-idobooking/.

  11. Newsletter

    1. The Guest/User may give their consent to receive commercial information electronically by picking the appropriate option in the registration form or at a later date in the appropriate tab. In the case of such consent, the Guest/User shall receive information (Newsletter) of the Service as well as other commercial information sent by the Service Provider to the Guest’s/User’s email address.

    2. The Guest/User may unsubscribe from the Newsletter at any time by unchecking the appropriate box on their Account, by going to the form, clicking the appropriate link that is in the content of each Newsletter or through the Customer Service Office.

  12. Account

    1. The Guest/User may not place content, including opinions and other data of an illegal nature on the Service or the Seller with said content.

    2. The Guest/User gets access to the Account after registration.

    3. When registering, the Guest/User provides the account type, gender, name, surname, company name, VAT ID, data required for issuing a sales document, e-mail address and a password. The Guest/User assures that the data provided by them in the registration form are correct. Registration requires the Guest/User to read the Conditions carefully and mark on the registration form that they have read the Conditions and fully accept all provisions.

    4. With the moment the Guest/User is granted access to the Account, an agreement for the provision of services by electronic means is concluded between the Service Provider and the Guest/User for an indefinite period of time. The Consumer may withdraw from this agreement on the terms specified in the Regulations.

    5. Registration of an Account on one of the websites of the Service simultaneously means registration allowing access to other websites where the Service is available.

    6. The Guest/User may terminate the agreement for the provision of services by electronic means at any time with immediate effect, informing the Service Provider about it by e-mail or in writing at the address of the Data Controller given in section 1 point 2 of this Policy.

    7. The Service Provider has the right to terminate the agreement for the provision of services concerning the Account in the event of: cessation or transfer of the Service to a third party, violation of the law or provisions of the Regulations by the Guest/User, as well as in the event of inactivity of the Guest/User for a period of 6 months. The agreement is terminated with a seven days’ notice. The Service Provider may stipulate that re-registration of the Account shall require the Service Provider’s permission.

ⓒ 2020-2024 B&B Emarik