PRIVACY POLICY

I. Personal Data Controller

Jerzy Donimirski, conducting business under the name Donimirski Pałac Pugetów Business Center (“DPPBC”), with its registered office in Kraków, ul. Starowiślna 13, entered in the Central Registration and Information on Business (CEIDG), Tax ID (NIP) No. 6760050538, is the Controller of your personal data.

II. Purposes and Legal Basis for Data Processing

To conclude a purchase/sale contract based on your interest in DPPBC’s offer (legal basis: Art. 6.1.a GDPR).
To perform a contract concluded between you and DPPBC (legal basis: Art. 6.1.b GDPR).
To pursue the legitimate interests of DPPBC, including:

  • Protection of rights, enforcement of contracts, and collection of payments.
  • Pursuit and defense of claims related to hotel services.
  • Preparation and archiving of documentation for tax and service quality purposes.
  • Providing top-quality service to hotel guests.

If you consent to the processing of your personal data for marketing purposes, DPPBC will use it to provide you with marketing information and offers, and to establish and strengthen business relationships (legal basis: Art. 6.1.f GDPR).
If you consent to receive newsletters, your email address will be used for this purpose, with mailings sent at intervals chosen by the marketing department to keep you informed about DPPBC’s offers and activities (legal basis: Art. 6.1.a GDPR).
If you submit an inquiry (via contact form, email, phone, or social media), you consent to being contacted in relation to your request (legal basis: Art. 6.1.a GDPR).
Guests’ personal data are also collected via CCTV for safety and security purposes and to protect the legitimate interests of DPPBC (legal basis: Art. 6.1.f GDPR).
If we provide a service or execute a contract on your behalf, we will also process your data as required by law (legal basis: Art. 6.1.c GDPR).

III. Categories of Data Processed

DPPBC may process the following categories of your personal data:
  • Basic identification data
  • Electronic identification data
  • Financial identification data
  • Data concerning your place of residence

IV. Data Recipients

DPPBC may disclose your personal data to:
Contractors and service providers, such as accounting firms, law firms, IT service providers, transportation companies, and courier services (when ordered by the guest).

V. Data Transfers Outside the EU

DPPBC does not transfer your data outside the EU, Norway, Liechtenstein, or Iceland.

VI. Data Retention Period

Data collected for contract purposes are retained during negotiations and until the limitation period for claims expires.
Contact details used for direct marketing are retained until you object, withdraw consent, or until DPPBC determines they are outdated.
CCTV data are retained for 30 days and then permanently deleted.

VII. Your Rights

You have the right to:
  • Access and obtain copies of your data.
  • Rectify or amend your data.
  • Request erasure if data are no longer necessary (the “right to be forgotten”).
  • Restrict processing in specific cases (e.g., during a dispute or objection).
  • Object to processing:
  • For direct marketing — we will cease processing for this purpose immediately.
  • Based on legitimate interests — unless we demonstrate overriding grounds.
  • Data portability — to receive your data in a machine-readable format or have it sent to another controller.
  • Lodge a complaint with a supervisory authority (e.g., the President of the Personal Data Protection Office in Poland).
  • Withdraw consent at any time (without affecting the lawfulness of prior processing).

To exercise your rights, please contact us at:
daneosobowe@donimirski.com
+48 12 261 38 38
We may need to verify your identity before processing your request.

VIII. Information on Data Provision

Providing your data is necessary to conclude a contract. Failure to provide the required data will result in our inability to enter into a contract.
Providing data for purchasing, sales, or marketing is voluntary but necessary for us to contact you.
For online forms, providing mandatory fields is required; otherwise, the form cannot be submitted.

IX. Data Sources

We may obtain your data from public registers (KRS, CEIDG, GUS) or from third parties (e.g., your employer or business partners).
This Privacy Policy serves as an information document under the GDPR and fulfills our obligation to inform you about your rights and our data practices.