Privacy policy

§1. GENERAL PROVISIONS
1. BedBooking is a system used to manage guest accommodation reservations in hotels, hostels, or private accommodation. The BedBooking Privacy Policy applies to the use of the BedBooking system through all available channels, including the website, as well as the mobile application.
2. The Controller of personal data collected through BedBooking is BedBooking Sp. z o.o. with its registered office located in Świdnica at ul. Esperantystów 17, 58-100 Świdnica, entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court for Wrocław-Fabrycznej in Wrocław, 9th Commercial Division of the National Court Register (KRS), under KRS number 0000499738, Tax Identification Number (NIP) 8842785023, Statistical Identification Number (REGON) 368536161, email: office[at]bed-booking.com.
3. The Personal Data Administrator has appointed the Data Protection Officer: Jakub Szajdziński (iod[at]bed-booking.com).
4. Out of respect for your rights and in observance of the provisions pertaining to personal data protection including inter alia the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive, hereinafter referred to as GDPR) and the Act of 10 May 2018 on personal data protection (Journal of Laws 2018 item 1000, hereinafter referred to as Act), we oblige ourselves to maintain the integrity and confidentiality of the personal data obtained. All employees of the Personal Data Controller have been appropriately trained in the scope of processing personal data.
5. All inquiries, requests, complaints regarding the processing of personal data by the Personal Data Administrator, hereinafter referred to as Notifications, should be sent to the following e-mail address: iod[at]bed-booking.com or in writing to the following address of the Administrator: ul. Esperantystów 17, 58-100 Świdnica. The content of the Application should indicate:
a) data of the person or persons to whom the Application relates,
b) the event that is the reason for the Report,
c) present your requests and the legal basis for these requests,
d) indicate the expected way of settling the matter.

§2. PERSONAL DATA
1. In BedBooking, we may ask you for the following personal information:
• e-mail address – you will be asked to enter your e-mail address. Your e-mail address may be used for registration, registration authorization, contact with you and for other purposes in connection with the use of BedBooking in accordance with the provisions of the Privacy Policy,
• social account identifier (e.g. Facebook) – You will be asked to log in to your social account. From your social account, via the OAuth 2.0 protocol, we will read your e-mail address, which will be used for registration, registration authorization, contact with you and for other purposes in connection with the use of BedBooking, in accordance with the provisions of the Privacy Policy,
• third-party service account identifier (e.g. Google, Microsoft, Apple) – you will be asked to log into your account with the provider. From your supplier’s account, via the OAuth 2.0 protocol, we will read your e-mail address, which will be used for registration, registration authorization, contact with you and for other purposes in connection with the use of BedBooking, in accordance with the provisions of the Privacy Policy,
• name and surname – if your e-mail address consists of your name and surname, you must be aware that we will process this personal data,
• telephone number – which can be used, among other things, for the purpose of local identification of a hotel guest’s reservation, during incoming calls and for the provision of technical support services,
• data necessary to perform the settlement – in the case of certain Users, please complete the data that we need in order to conduct settlements, including NIP, REGON, VAT number,
• address – within BedBooking we can process the address of the accommodation facility but also the business address or your personal address, if it corresponds to the address of the accommodation facility or company address,
• IP address – information resulting from the general rules of connections made on the Internet, such as the IP address (and other information contained in the system logs) is used by BedBooking for technical purposes. IP addresses can also be used for statistical purposes – to collect general demographic information (e.g. about the region from which the connection takes place).
2. BedBooking uses cookies for the purposes of adjusting its functioning to your personal needs. Details on how cookies operate can be found in our Cookies Policy.
3. All Users can choose if and to what extent they want to use our services and share information about themselves. If for some reason you do not wish to leave your personal data, you have the right to remove it or not to use our Website.

§3. PURPOSE AND PERIOD OF PROCESSING OF PERSONAL DATA
1. Providing the information indicated in the preceding point is essential in the cases indicated in this point which particularly include:
a) for the purposes of using services offered on BedBooking,
b) for the purposes of responding to your questions and enabling contact by e-mail, the contact form available on BedBooking, traditional post or telephone,
c) for marketing purposes – if you have given your consent, with the proviso that direct marketing of own services is carried out as part of a legitimate interest.
2. We process personal data for the period of time required to achieve the objectives outlined in the point above. Personal data may be processed for a period of time longer than that mentioned in the preceding statement in the event that legal provisions grants the Controller such rights or impose an obligation on him/her in this scope, and in the event that longer processing times arise from generally applicable legal regulations or when services that we provide are continuous in nature.
3. The source of the personal information processed by the Controller are the individuals the data concerns. BedBooking Sp. z o.o. processes the personal data of the clients of its Users as processor.
4. The legal basis for processing your personal data is primarily:
a) Art. 6(1)(b) GDPR, i.e. the necessity of performing a contract to which you are a party or taking steps at the request of the data subject prior to entering into a contract,
b) art. 6 (1)(f) GDPR, i.e. the Controller’s legitimate interest in establishing, investigating or defending claims until their expiry or until the completion of the relevant proceedings, if they were initiated during this period, as well as the interest in direct marketing of own services.
c) Art. 6(1)(a) GDPR, i.e. your consent to the processing of your personal data for one or more specific purposes, in which other legal grounds for processing personal data are not applicable.
5. Personal data may be outsourced to processors for the purposes of processing such data on behalf of our company as the Personal Data Controller. In such cases, as the Personal Data Controller, we conclude an Agreement on Personal Data Outsourcing with the processor.
• We use Google Analytics analytical tools that collect information about your website visits, such as the subpages you have displayed, the time you spent on the website or the transitions between individual subpages. For this purpose, Google LLC cookies are used for the Google Analytics service. As part of the mechanism for managing cookie settings, you have the option to decide whether we will also be able to use marketing functions as part of the Google Analytics service or not;
• We use marketing tools such as Facebook Pixel and LinkedIn Insight Tag to target ads to you. This is related to the use of Facebook and Linkedin cookies. As part of the cookie settings, you can decide whether you consent to our use or not.
6. The controller may outsource personal data to processors located in third countries including, in particular, the United States. Each of these processors shall fulfill the requirements mentioned in Chapter 5 of GDPR.
7. No personal data shall be transferred to third parties without the clear consent of the person concerned. Personal data may be transferred exclusively to public law bodies authorized by generally applicable provisions of law.
8. Personal data are not subject to profiling by the Personal Data Controller.

§4. RIGHTS OF THE DATA SUBJECTS
1. Pursuant to GDPR provisions, every person whose personal data we process as Personal Data Controller has the right to:
• be informed of their personal data being processed,
• access to their personal data,
• the correction, supplementation, updating, or rectification of their personal data,
• erasure (the right to be forgotten),
• restrict processing,
• data portability
• object to their personal data being processed,
• not be subject to profiling,
• lodge a complaint with a supervisory authority (i.e. President of the Personal Data Protection Office).
2. If you would like to exercise your rights mentioned in the preceding point, please use the appropriate tab on BedBooking, which will allow you to delete your account and collected data, or send us a message by e-mail or in written form to our correspondence address indicated in §1 section 4 above.

§5. FINAL PROVISIONS
1. Every detected case of a security breach shall be documented, and in the event that one of the situations specified in the GDPR provisions or Act occurs, the person whose data is concerned and, if applicable, the President of the Personal Data Protection Office (PUODO) shall be informed of the breach of the personal data protection provisions.
2. All capitalized words shall bear the meaning given to them in the BedBooking Terms and Conditions unless otherwise stated in this Privacy Policy.
3. All matters not regulated by this Privacy Policy shall be governed by general applicable provisions of law. In the event of discrepancies between the provisions of this Privacy Policy and the aforementioned provisions, these provisions shall take precedence.
4. The Privacy Policy shall come into effect on June 30, 2022.


Privacy policy 30.09.2019-29.06.2022