1. The Company OCX Sp. z o.o. S.K.A., ul. Zimna 1, 65-001 Zielona Góra, KRS 0000451975, NIP 9291854437, REGON 081114605 is the Controller of personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as “the Regulation” and the relevant national data protection laws.
3. The legal ground for the processing of your personal data is provided in Article 6 (1) (a), (b) and (c).
4. Pursuant to Article 6 (1) (a), personal data shall be processed on the basis of the consent of the data subject concerned or their legal guardian, the processing of which does not follow directly from the provisions of law.
5. Pursuant to Article 6 (1) (b), processing is necessary for the provision of services offered by our Hotel to which the data subject is party.
6. Pursuant to Article 6 (1) (c), personal data shall be processed for the performance of the tasks specified by the provisions regarding accommodation facilities and tourism.
7. Pursuant to Article 6 (1) (a), (b) and (c), we process the following personal data:
◦ First name and surname;
◦ Telephone number;
◦ Email address;
◦ Company information, including NIP (Tax ID) number (in case of issuing a VAT invoice to the Company);
◦ Customer’s vehicle number plate (in case of using the hotel car park);
◦ Basic information on the bank account for showing your proof of payment;
◦ Identity document number / PESEL (Personal ID Number);
◦ Information on nationality;
◦ Your payment card number and other information on your card, as well as your credentials and other information regarding settlement of accounts connected with mobile settlements;
◦ Data used in our hotel’s loyalty programmes;
◦ Reservation confirmation number;
◦ Facial image recorded by surveillance cameras;
◦ IP address of the computer using the hotel Internet access.
8. The Controller shall not transfer any data to third parties.
9. The processed personal data shall not be subject to profiling, i.e. making a decision solely by automated means without any human involvement.
10. We inform you that you have the right to:
◦ access your personal data;
◦ correct your personal data;
◦ delete your personal data;
◦ restrict processing of your personal data;
◦ object to processing of your personal data;
◦ be forgotten to the extent permitted by law;
◦ obtain a copy of your data;
◦ transfer your personal data.
11. You have also the right to lodge a complaint to the President of the Personal Data Protection Office related to the processing of your personal data by the Controller. In order to exercise the above-mentioned rights, you may specify your requests by written communication sent to the Controller’s address.