Skip to navigation Skip to main content Skip to footer Website's SVG icons
  1. Home
  2. T & C / Privacy Policy

In accordance with Article 13 and Article 14 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as GDPR), in connection with the receipt of your personal data as a representative of our contractors/partners or their employee, we hereby inform you that:

 

1. The controller of your personal data is PHN PROPERTY MANAGEMENT Sp. z o.o. (formerly: PHN PROPERTY MANAGEMENT PHN K Spółka z ograniczoną odpowiedzialnością S.K.A. with its registered seat in Warsaw, at al. Jana Pawła II 12 lok. V/24,  registered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Department under KRS number 0001053856, REGON: 147393971 NIP: 5252593551, (Hereinafter referred to as the "Controller").

2. The contact person for all matters related to the processing of personal data and the exercise of rights related to the processing of personal data by the Controller is the Data Protection Officer, who can be contacted via the following email address:  iod[@]regent-warsaw.com

3. The processing of your personal data in connection with the conclusion and performance of agreements between the Controller and Contractor is based on and carried out for the following purposes:

  1. a. Article 6(1)(c) of the GDPR, which means that the processing is necessary for compliance with a legal obligation to which the Controller is subject, namely ensuring the Controller's compliance with applicable financial, accounting, and tax regulations, as well as fulfilling rights under the GDPR.
  2. b. Article 6(1)(f) of the GDPR, which means that the processing is necessary for the purposes of the legitimate interests pursued by the Controller, including communicating regarding the performance of agreements concluded with the Contractor, sending offers to the Contractor, as well as establishing, pursuing, and/or defending any potential claims.

4. The Controller processes the following categories of your personal data: first name, last name, telephone number, email address, job position, and workplace.

5. You have the right to:

  1. a. Access your personal data, including the right to request copies of the data.
  2. b. Rectify inaccurate data and request the completion of incomplete data.
  3. c. Erase your data ("right to be forgotten") if one of the following circumstances applies.
    1. i. The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
    2. ii. The data subject (you) objects to the processing pursuant to Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR concerning direct marketing purposes.
    3. iii. The personal data has been unlawfully processed.
    4. iv. The erasure of personal data is necessary for compliance with a legal obligation in Union or Member State law to which the Controller is subject.
  4. d. Restriction of processing in the following cases:
  5.  
    1. i. The data subject questions the accuracy of the personal data - for a period enabling the Controller to verify the accuracy of the data.
    2. ii.The processing is unlawful, but the data subject opposes the erasure of the personal data and requests restriction of their use instead.
    3. iii. The Controller no longer needs the personal data for processing purposes, but they are required by the data subject for the establishment, exercise, or defense of legal claims.
    4. iv. The data subject has objected to processing pursuant to Article 21(1) of the GDPR (relating to processing based on the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller, or for the purposes of legitimate interests pursued by the Controller or a third party) - pending the verification of whether the legitimate grounds of the Controller override those of the data subject's objection.
  6. e. Data portability, if:
    1. i. The processing is based on consent or a contract, and
    2. ii. The processing is carried out by automated means.
  7. f. The right to object:
    1. i. At any time, when your personal data is processed for direct marketing purposes.
    2. ii. In case of a particular situation where your personal data is processed based on the legitimate interests pursued by the Controller, except where the Controller demonstrates compelling legitimate grounds that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

You can exercise your rights by, among other methods, sending a request to the Data Protection Officer at the address provided in point 2 above, as well as through written correspondence or in person at the Controller's headquarters.

6. You have the right to lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych) located at ul. Stawki 2, 00-193 Warsaw if you believe that the processing of your personal data violates the provisions of the GDPR or other applicable data protection laws.

7. Your personal data may be disclosed to the following categories of recipients:

  1. a. Persons authorized by the Controller, employees, and collaborators, as well as members of the Controller's bodies who need access to personal data to perform their duties.
  2. b. Service providers, including those supplying the Controller with technical and organizational solutions enabling the management of the Controller's organization (in particular, providers of IT, postal, freight, legal, accounting, auditing, security, and data storage services) based on appropriate data processing agreements.

8. Your personal data will be stored as follows:

a. For the purpose of fulfilling the agreements mentioned in point 3 above - until the completion of the agreements concluded with the Contractor.

b. For the purpose of sending offers - for a period of 3 years from the termination of agreements concluded with the Contractor.

c. For the purpose of potential establishment, pursuit, and defense of claims - for the period specified in the applicable legal provisions regarding the statute of limitations for each type of claim.

d. For the purpose of fulfilling legal obligations - for the time required by the applicable laws or until the completion of those obligations, but not longer than the time within which the Controller may incur legal consequences for non- compliance with the obligation.

9. Providing your personal data is voluntary, but it is necessary for the execution of the agreement concluded with the Contractor. Failure to provide the required data will prevent us from maintaining contact with the Contractor.

10. Your personal data will not be transferred to third countries (outside the EEA) or international organizations.

11. Furthermore, we inform you that if the Controller does not obtain your personal data directly from you, the personal data has been obtained from the Contractor through public

registers or information available on the Contractor's website.

12. Your personal data is not subject to automated decision- making, including profiling.

Additionally, we kindly inform you that individuals whose data is being processed have the right to object to the processing of their data in cases where the processing is based on the legitimate interests pursued by the Controller - in the event of a particular situation, in accordance with Article 21 of the GDPR.

  1.  
  2.  
  3.  
  4.  
  5.  

Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – “GDPR”), in connection with the collection of your personal data as a hotel guest, we hereby inform you that:

1. Data Controller

The Controller of your personal data is PHN PROPERTY MANAGEMENT Sp. z o.o., with its registered office in Warsaw, Al. Jana Pawła II 12, unit V/24, 00-124 Warsaw, entered into the Register of Entrepreneurs of the National Court Register under number KRS 0001053856, REGON 147393971, NIP 5252593551 (hereinafter: the “Controller”).

2. Data Protection Contact

For all matters relating to the processing of personal data and the exercise of your rights, you may contact us by e-mail: iod@regent-warsaw.com.

3. Purposes and Legal Bases of Processing

Your data are processed for the following purposes:
a) performance of the hotel service agreement to which you are a party (Article 6(1)(b) GDPR), b) on the basis of your consent, including special categories of data, to avoid adverse health effects (e.g. allergies) and to provide services tailored to disability needs (Article 6(1)(a) and Article 9(2)(a) GDPR),
c) compliance with legal obligations of the Controller, in particular accounting, tax, statistical and consumer law obligations (Article 6(1)(c) GDPR),
d) legitimate interests of the Controller, including protection of persons and property, establishment, exercise and defence of legal claims, as well as direct marketing not requiring separate consent (Article 6(1)(f) GDPR),
e) establishment, exercise or defence of claims concerning special categories of data (Article 6(1)(f) and Article 9(2)(f) GDPR),
f) sending of commercial information by electronic means or telephone, based on your explicit consent, in accordance with Articles 398 and 400 of the Polish Electronic Communications Law of 16 July 2024.

4. Categories of Processed Data

The Controller processes the following categories of personal data: name, surname, PESEL or passport number, nationality, correspondence address, phone number, e-mail
address, optionally vehicle registration number, health data (food allergies, disability status), and image.

5. Rights of Data Subjects

You have the right to:
• access and obtain a copy of your data,
• rectify and complete data,
• erase data (“right to be forgotten”),
• restrict processing,
• data portability (where applicable),
• withdraw consent at any time (without affecting the lawfulness of processing before withdrawal),
• object to processing, including direct marketing.
Requests may be submitted by e-mail (to the DPO address indicated above), by post or in person at the Controller’s registered office.

6. Right to Lodge a Complaint

You have the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Moniuszki 1a, 00-014 Warsaw) if you consider that the processing of your personal data infringes the GDPR.

7. Recipients of Data

Data may be transferred to:
a) authorised employees, associates and members of the Controller’s bodies,
b) service providers (e.g. IT, postal, accounting, legal, security, data storage), under data processing agreements,
c) franchisors.

8. Data Retention Periods

a) for contract performance – for the duration of the agreement,
b)for claims – for the statutory limitation period,
c) for legal obligations – for the period required by law, d) for CCTV monitoring – for 30 days from the date of recording, unless the footage documents an incident requiring longer retention,
e) for marketing based on consent – until withdrawal of consent or objection, but no longer than 3 years from data collection.

9. Voluntary Provision of Data

Providing your data is voluntary, but necessary to conclude and perform the hotel service agreement.

10. Transfers Outside the EEA

Your data will not be transferred outside the EEA or to international organisations.

11. Source of Data

If we did not obtain your data directly, they may have been provided by a family member, employer or service intermediary.

12. Automated Decision-Making

Your data will not be subject to automated decision-making, including profiling.