12-14 Stradomska street, Krakow, 31-058 Poland | +48 12 201 57 00
Book Now

Privacy and Data Policy

PRIVACY AND DATA POLICY

PRIVACY POLICY OF ANGEL STRADOM HOTEL SP. Z O.O.

CONCERNING PROCESSING OF PERSONAL DATA

Dear Sir or Madam,

This document (hereinafter also referred to as: “Privacy Policy”) describes the principles of
processing of personal data by the company under the name Angel Stradom Hotel Sp. z o.o. with its
registered office in Krakow, ul. Sukiennicza 8/U7, 31-069 Kraków, entered into the Register of
Entrepreneurs kept by the District Court for Kraków Śródmieście in Kraków, XI Economic Department
of the National Court Register, under KRS number 0000910546, NIP: 6762599978, REGON:
38941717000000 (hereinafter referred to as: “ANGEL STRADOM HOTEL”, ”Hotel” or “Company”),
including in particular the principles of processing personal data via the website:
www.stradomhouse.com (hereinafter referred to as: “Website”).
We encourage you to familiarise yourself with the content of the Privacy Policy and in case of any
questions, we remain at your disposal.

1. Who is the controller of your personal data and how can you contact him?

The controller of your personal data (i.e. the entity that decides on the purposes and legal basis forthe processing of personal data) is ANGEL STRADOM HOTEL.
ANGEL STRADOM HOTEL has appointed a Data Protection Officer (attorney – at – law Dominik Putz) who will provide you with all information on matters concerning the Hotel's processing of your personal data. For this information, the Company can be contacted via e-mail address: iod@stradomhouse.com or by letter - directing correspondence to the Company's address.
Please note that Marriott Group entities - including Marriott International Inc., located at 10400 Fernwood Road Bethesda, MD 20817 USA and Luxury Reservations Limited, 10 Earlsfort Terrace, Dublin D02 T380, Ireland - may be a separate controller of your personal data (as defined in this Policy, including in particular to the extent that you book your stay at the Hotel). The above results from the fact that booking a stay at the Hotel made via the Website involves redirection to the Marriott Group website. It is through this website that the reservation is made and, on the terms described on this website, your personal data may be processed by the entities indicated above. Jednocześnie zaznaczamy, że dane osobowe podane w toku rezerwacji trafiają również do systemu rezerwacji prowadzonego przez nasz Hotel, w związku z czym stajemy się ich niezależnym administratorem.

2. What personal data do we collect?

Personal data, as defined by law, is any information relating to an identified or identifiable natural person. The catalogue of personal data is open, but we can include, e.g. name, surname, address, e- mail address, identification numbers, biometric data, physical, physiological, economic, cultural or social characteristics.
In the course of our activities, we process your personal data. However, we always endeavour to obtain only the personal data that we need, striving to collect as little data as we actually need. For this reason, we make a distinction between the extent of the data we collect if you are our Employee, Client, Hotel Guest, a representative of a client who is a legal entity, or if you only use the
Website.

The most common personal data we process includes the Hotel Guest's personal data and is the usual category of personal data including: name and surname, gender, residential address, telephone number, e-mail address, financial information (e.g. regarding the payment method), language preferences, date and place of birth, citizenship, important dates (birthdays, anniversaries), loyalty programme data, data on the employer or other party making the booking (for business bookings), data on activities during the Hotel stay, data on previous visits to the Hotel and services used, and in limited cases also data on travelling companions, children, family members.

At the same time, we would like to point out that although you do not have to provide us with any personal data in order to browse the Website, we obtain your personal data when you enter into an agreement, during the recruitment process, in response to enquiries made to the Company, when you make a reservation for a stay at the Hotel, etc. The processing of personal data may also occur in connection with the use of cookies, it is so-called cookies.

3. What are the legal bases for processing your personal data?

Your personal data shall be processed by ANGEL STRADOM HOTEL in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (so-called RODO) and the Personal Data
Protection Act of 10 May 2018, as well as other generally applicable legal provisions on the protection of personal data.
At the time of collecting your personal data, you are informed each time which is the legal basis for its processing. Notwithstanding the above, we point out that ANGEL STRADOM HOTEL processes
your personal data primarily in the following situations:

PROCESING PURPOSES AND LEGAL BASIS OF PROCESSING


Hotel reservation and guest registration

The booking of a stay at the Hotel means entering into an agreement with the Company, and therefore the legal basis for processing personal data in this regard remains the conclusion and execution of the agreement concluded with the individual booking of the stay at the Hotel.
Legitimate interests also provide a legal basis for processing personal data - for example, respecting the preferences of those booking a stay at the Hotel and also those accompanying the main guest (e.g. spouse, children, friends).
To a limited extent, legal obligations related to financial transactions, such as the obligation to keep books and records, also provide a legal basis for processing personal data.

Reception service on site

The personal data is processed for the purpose of entering into and executing an agreement covering the services provided by the Hotel, including payment processing.
Legitimate interests also provide a legal basis for the processing of personal data, such as respecting the guest's preferences (e.g. a room near the lift or on the top floor).
The legal basis for the processing of personal data may also consist of consent to the processing of personal data including, for example, consent to the collection of information regarding the food preferences
specified by the guest.
To a limited extent, the legal basis for the processing of personal data is also provided by legal obligations, including the collection of national identification numbers where required by law.

Conferences and events


executing an agreement covering the services provided by the Hotel, including the collection of information relating to the scheduled Event.
Legitimate interests, such as responding to customer complaints or concerns about the Event.
To a limited extent, legal obligations related to financial transactions, such as the obligation to keep books and records, also provide a legal basis for processing personal data.

General and operational activities of the Hotel

The personal data is processed for the purpose of entering into and executing an agreement covering the services provided by the Hotel, including ensuring the operation of online services so that individuals can make reservations or manage loyalty accounts.
The legal basis for processing personal data is also based on legitimate interests, such as responding to customer complaints and concerns, which may include, where permitted by applicable law, recording customer service calls.
The legal basis for the processing of personal data may also be consent to the processing of personal data including, for example, consent to marketing activities.
To a limited extent, legal obligations related to financial transactions, such as the obligation to keep books and records, also provide a legal basis for processing personal data.

Responding to emergencies and incidents


executing an agreement covering the services provided by the Hotel, such as ensuring the safety of visitors and staff through interactions with security personnel on-site.
The legal basis for the processing of personal data is also based on legitimate interests, such as monitoring the property by means of CCTV to ensure the safety of guests and staff.
To a limited extent, the legal basis for the processing of personal data is also provided by legal obligations, such as documenting accidents on site.
Vital interests of guests, such as contacting medical or emergency services in the event of a sick guest, may also provide a legal basis for the processing of personal data.

Legal information and compliance

The legal basis for the processing of personal data is legal obligations, such as compliance with legal processes. The vital interests of guests, including contacting emergency or law enforcement services in the event of disturbances and incidents involving guests, may also provide a legal basis for processing personal data.

Spa, beauty, fitness services

Personal data is processed for the purpose of entering into and performing an agreement covering the services provided by the Hotel,
including payment processing. The legal basis for the processing of personal data may also include consent to the processing of personal data including, for example, consent to the collection of information about back problems during the provision of massage services. Legitimate interests, including the provision of personalised services. To a limited extent, legal obligations related to financial transactions, such as the obligation to keep books and records, also provide a legal basis for processing personal data.
The vital interests of visitors (e.g. injury when using fitness equipment) may also provide a legal basis for the processing of personal data.

Food and beverage services

Personal data is processed for the purpose of entering into and performing a contract covering the services provided by the Hotel,
including payment processing.
The legal basis for the processing of personal data may also include consent to the processing of personal data including, for example,
consent to the collection of information on dietary or health restrictions or personal needs of the guest when ordering meals.
The legal basis for processing personal data is also based on legitimate interests, including the provision of personalised services.
To a limited extent, legal obligations related to financial transactions, such as the obligation to keep books and records, also provide a legal basis for processing personal data.
The legal basis for the processing of personal data may also be the vital interests of individuals (e.g. when a person falls ill in a restaurant).

Children's services (for parents and legal guardians)

The performance of the agreement, e.g. the stay of a child of a certain age in a room with the parents, may involve additional charges or discounts.
Consent of parent or legal guardian, e.g. meeting children's needs.
The legal basis for the processing of personal data is also based on legitimate interests, e.g. the provision of a cot or children's bathrobes and other facilities for children.
To a limited extent, the legal basis for the processing of personal data are also legal obligations related to financial transactions, such as the obligation to keep books and records.
The legal basis for the processing of personal data may also be the vital interests of guests, e.g. when a child falls ill during a stay in a children's club.

Loyalty programmes, accounts and relationship management

Personal data is processed for the purpose of entering into and executing an agreement covering the services provided by the Hotel,
including the calculation of points and the distribution of benefits.
Legitimate interests, including managing programme participants' choices about how they want to earn, track and use points.
To a limited extent, the legal basis for the processing of personal data are also legal obligations related to financial transactions, such as the obligation to keep books and records.

Marketing, promotions, competitions and third party products

Personal data is processed for the purpose of entering into and executing an agreement covering the services provided by the Hotel.
The legal basis for the processing of personal data may also be consent.
The legal basis for the processing of personal data is also based on legitimate interests, such as providing advertisements for similar
products and services. To a limited extent, the legal basis for the processing of personal data is also based on legal obligations, including the management ofminformation in accordance with competition rules.

Personal preferences (anniversaries, relationships, dietary preferences, other preferences related to staying at the Hotel, types of activities while staying at the Hotel)

The legal basis for processing personal data is the legitimate interests expressed in the Hotel's desire to provide Hotel Guests with exceptional service. The legal basis for the processing of personal data may also be consent.

4. Where do the periods of personal data processing used by the Company come from?

Your personal data will be processed by ANGEL STRADOM HOTEL for the period resulting from the
law and, in the absence of relevant guidelines resulting from the provisions of the law, for the period
determined in each case according to the nature of the personal data provided. When determining
the period of processing of personal data, the Company shall take into account issues such as:
obligations towards tax authorities, the need to make relevant financial settlements, but also
limitation periods for the parties' claims. After the expiry of the established processing periods - the
personal data will be deleted or anonymised.
At the same time we would like to point out that the basic period for processing by the Company of
personal data obtained for the purpose of concluded contracts is a period of 6 years extended by 12
months counted from 1 January of the following year, however this period may be changed
according to circumstances. For more detailed information in this regard, please contact the
Company.

5. Do we transfer personal data outside the european economic Area (EEA)

Due to the fact that the Hotel belongs to Autograph Collection Hotels by Mariott - your personal datamay be transferred and processed in the territory of the United States (USA) and other countries outside the European Economic Area. At the same time, however, we point out that, as a Company, we do not use the services of other third parties, which services would be related to the processing of your personal data outside the European Economic Area.

6. Do we process personal data by automated means, including profiling?

The hotel may in future make automated decisions on the basis of personal data, including profiling.
This will not be done unless you have given your consent, which is required by law, in particular in view of the requirements of the RODO. Historical personal data collected by the Hotel in connection with the provision of hospitality services to the guest is used for profiling.

7. Where does the Administrator get the personal data from and is providing personal data mandatory?

As a general rule, the Company is not entitled to require you to provide personal data, and thus providing personal data is voluntary.
However, in certain situations, it may be necessary to provide personal data - e.g. to provide you with services provided by the Company, or to conclude a contract. In such cases, failure to provide personal data may prevent the Company from taking appropriate action. For example, failure to provide the Company with contact details necessary to contact you in the event of sending a question to the Company will make it impossible to answer them, and failure to provide personal data necessary to book a stay at the Hotel will make it impossible to take such action.
Please note that if you have not provided the Hotel with the personal data yourself, the data may have been provided to the Company by the Marriott Group, a member of your family, an employee of the company where you work or another organiser of your stay at the Hotel. Personal data may also have been provided as a result of a booking via an external online booking portal - such as
Booking.com

8. What rights do you have in relation to our processing of your personal data by us?

In connection with the processing of your personal data, you have the following rights:

1) The right to access your data - you have the right to request information about what
personal data we process about you at any time,
2) The right to request the correction of your data - you can always request that your personal
data be corrected if it is incorrect, and that incomplete data be completed.
3) The right request erasure of your data - you can always request that we erase the personal
data we process. Unfortunately, this will not always be possible to implement, because
sometimes the obligation to process data will be related to, for example, legal provisions. In
such a situation, we will inform you about this fact.
4) The right to request restriction of processing - you can request that we restrict the
processing of your personal data.
5) The right to object - you can also object to the processing of your personal data based on our
legitimate interests, which applies in particular to the direct marketing we carry out.
6) The right to withdraw consent - where we process your personal data on the basis of
consent, you have the right to withdraw such consent at any time. The withdrawal of such
consent will not affect the lawfulness of the processing that was carried out before the
withdrawal.

9. What can you do if we process your data in an inappropriate manner?

If you believe that we process your personal data in a manner that is not in compliance with the law,
we will be pleased to hear from you and we will endeavour to rectify the identified irregularities.
Please also note that in such a situation you have the right to complain to the President of the Office
for Personal Data Protection.

10. Who has access to your data?

In accordance with our policy - we do not share your personal data, sell it or exchange it with
external parties for marketing purposes. We will only disclose your personal data if we are expressly
obliged or authorised to do so by law (e.g. the provision of data requested by the police), or if you
have given your consent to this disclosure.
At the same time, we would like to point out that it is possible for us to entrust the processing of
your data to our cooperating entities, but that this will only be done in each case with carefully
selected entities that guarantee the processing of your data in a lawful manner and with respect for
your privacy, including on the basis of an entrustment agreement for the processing of personal data.

11. Links to third-party websites.

Insofar as our website links to the websites of third parties, including via a link, we are not
responsible for the correctness or completeness of the content presented there or for the security of
your data. As we have no influence over the compliance of third parties with data protection
regulations, we recommend that you always check the data protection declarations presented there.
We also encourage you to read the privacy policies posted on these pages. At this point we draw
your attention in particular to the Marriott Group's processing of your personal data.

12. Cookies.

In order for the Company to provide its services at the highest level, cookies are used. The Company
uses cookies according to the principles described in a separate document.

13. Update of our Privacy Policy and final provisions.

We cannot exclude the possibility that we may need to update our Privacy Policy in the future. The
latest version will always be available on the Website.

The policy was adopted on 14 April 2023.

Scroll to top

We use first-party and third-party cookies for analytical purposes and to show you advertising related to your preferences, based on your browsing habits and profile. You can configure or block cookies by clicking on “Cookies settings”. You can also accept all cookies by clicking on “Accept all cookies”. For more information, please consult our Cookie Policy.

Cookies Settings:

Cookies and other similar technologies are an essential part of how our Platform works. The main goal of cookies is to make your browsing experience easier and more efficient and to improve our services and the Platform itself. Likewise, we use cookies to show you targeted advertising when you visit third-party websites and apps. Here, you will find all the information on the cookies we use. Furthermore, you will be able to activate and/or deactivate them according to your preferences, except for any cookies that are strictly necessary for the functioning of the Platform. Keep in mind that blocking certain cookies may affect your experience on the Platform, as well as its functioning. By clicking “Confirm preferences”, the cookies selection you have made will be saved. If you have not selected any options, clicking this button will be the same as blocking all cookies. For more information, please consult our Cookie Policy.

These cookies are necessary for the correct functioning of the Platform, and they cannot be deactivated on our systems. Generally speaking, they are configured to respond to actions made by you when requesting services, such as adjusting your privacy preferences, logging in to your account or filling out forms. You can configure your browser to block these cookies or alert you when they are present; however, some parts of the platform will not work without them.

Cookies List:

Name Provider Purpose Expiry
PHPSESSID Guestcentric Used to manage user sessions Session

These cookies allow us to count the number of visits and sources of traffic in order to measure and improve the performance of our Platform. They help us to know which pages are the most and least popular, and how many people visit the website. If you do not allow these cookies, we will not know when you visited our Platform.

Cookies List:

Name Provider Purpose Expiry
_ga Google Used to distinguish users 2 years
_gid Google Used to distinguish users 24 hours
_gat_gcTracker Google Throttle Request Rate 1 minute

These cookies enhance the functionality and personalisation of the Platform. They can be put in place by us or by third parties whose services we have incorporated into our pages. If you do not allow these cookies, some of our services will not function properly.

Cookies List:

Name Provider Purpose Expiry
GCShoppingActivations_<GCID>_BEST_RATE_GUARANTEED Guestcentric Popup display control. Stores a true/false flag that indicates if the popup was already displayed. 10 minutes
GCShoppingActivations_<GCID>_LAST_RESERVATION Guestcentric Popup display control. Stores a true/false flag that indicates if the popup was already displayed. 10 minutes
GCShoppingActivations_<GCID>_LAST_RESERVATIONS Guestcentric Popup display control. Stores a true/false flag that indicates if the popup was already displayed. 10 minutes
GCShoppingActivations_<GCID>_LAST_WEEK_STAYS Guestcentric Popup display control. Stores a true/false flag that indicates if the popup was already displayed. 10 minutes
GCShoppingActivations_<GCID>TODAY_BEST_OFFER Guestcentric Popup display control. Stores a true/false flag that indicates if the popup was already displayed. 10 minutes
GCShoppingVisits_<GCID> Guestcentric Count visits to control popup display 1 Month
GCShoppingRecovery_<GCID>_EXIT Guestcentric Display shopping recovery 1 Month
Cookies Settings
Accept all Cookies