Data Controller The controller of your personal data is ROSEVIA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, Włocławek 87-800, Komunalna 8, registered in the Central Register and Information on Business Activity under the NIP number: 8883122532.
Purposes and grounds for the processing of personal data We process your data for the following purposes:
To carry out service valuation, reservations, and the provision of services consistent with the profile of our business, possible handling of complaints, etc.
Legal basis for data processing - Article 6(1)(b) of the GDPR, - the data is necessary for the performance of a contract or for taking steps at the request of the data subject prior to entering into a contract.
To issue invoices and fulfill other obligations arising from legal provisions such as accounting documentation storage and for the purpose of pursuing potential claims and defending against them.
Legal basis for data processing - Article 6(1)(c) and (f) of the GDPR - processing is necessary for compliance with a legal obligation to which the controller is subject and the legitimate interest of the controller.
To ensure the safety of hotel employees and guests in the form of monitoring selected areas of the facility.
Legal basis for processing - Article 6(1)(f) of the GDPR - legitimate interest of the controller (ensuring security for all individuals present on the premises). Data from monitoring is deleted no later than 3 months after recording.
For direct marketing purposes, through which we will inform you about our services and products and/or send newsletters created by us.
Legal basis for processing - Article 6(1)(f) of the GDPR - legitimate interest of the controller or consent given by you (subscription to the newsletter).
When using our SPA services, especially regarding massages and certain cosmetic treatments, we process your health-related data necessary to ensure your safety in these treatments from a health perspective. Before your arrival, we collect information regarding allergens that you may be allergic to
Legal basis for processing - Article 6(1)(f) of the GDPR - legitimate interest of the controller (ensuring the client’s safety regarding the offered products and services, including treatments from a health standpoint, as well as protecting against potential claims from the client and third parties.
Data Recipients Your data may be shared or made available to entities with which we cooperate and associated entities. This always takes place in accordance with the law and solely for the purposes specified in contracts and under defined terms guaranteeing data protection security. These may include payment processing companies, hosting companies, security service providers. Additionally, there may be situations where, based on applicable legal provisions or decisions of relevant authorities, we may need to provide your personal data to other authorities or entities.
Transfer of data to third countries The controller does not transfer personal data to third countries (outside the EEA) or international organizations. In the event that such an intention arises, the controller will make every effort to ensure that it is a country or organization for which the European Commission has determined an adequate level of protection.
Data Processing Period Your data is processed for no longer than necessary to achieve the processing purposes specified above and for the period required by law, particularly the Tax Ordinance and the limitation periods for claims arising from the Civil Code. After the service is completed, the controller will process personal data as long as there are grounds for further processing, for the period required by law, but not longer than 10 years from the year in which the service was provided. In the case of processing data based on consent, data will be processed for a period not longer than necessary to achieve the purpose or until the consent is revoked.
Client Rights You have the right to access the content of your data, the right to rectify them, restrict processing, the right to object, data portability, and the right to lodge a complaint with the supervisory authority, i.e., the President of the Personal Data Protection Office. If personal data is processed based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Providing your personal data is always voluntary, but in the case of achieving purposes 1 and 5 above, it is necessary to perform the service.
Profiling We inform you that we do not carry out automated decision-making, including profiling.
In order to provide services at the highest level, the Website uses cookies saved in the browser's memory. Detailed information about the purpose of their use, including processing of user activity data and advertising personalization, as well as the possibility to change cookie settings, can be found in the Privacy Policy. By clicking ACCEPT ALL, you consent to the use of technologies such as cookies and to the processing by Rosevia Sp. z o.o., Komunalna 8, 87-800, Włocławek, of your personal data collected on the Internet, such as IP addresses and cookie identifiers, for analytical and marketing purposes (including automated ad targeting, measuring their effectiveness, and processing user data for analytical purposes). You can change cookie settings and detailed consent preferences in .