Privacy and Cookie Policy

Privacy and Cookie Policy
Pensjonat Mikołajki (pensjonatmikolajki.pl)

§1. General Provisions
This Privacy Policy sets out the rules for the processing and protection of personal data provided by Users in connection with the use of the website pensjonatmikolajki.pl.

The Controller of the personal data contained in the service is: SPDC Consulting Szymon Dziak-Czekan ul. Osiedlowa 72, 05-082 Stare Babice NIP (Tax ID): 7422131219 (hereinafter referred to as the “Controller”).

The Controller can be contacted in writing via traditional mail at the address indicated above or electronically at the e-mail address: rezerwacje.pensjonatmikolajki@spdc.pl.

Personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).

§2. Purposes and Legal Basis for Data Processing
The Controller processes personal data for the following purposes:

Online booking service (Hotres System):

Purpose: Execution of the accommodation service, booking process, payments, and contact related to the stay.

Legal basis: Art. 6(1)(b) GDPR (necessity for the performance of a contract).

Contact with the User (Contact Form):

Purpose: Responding to inquiries sent via the contact form (based on Formidable Forms plugin) or e-mail.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest of the Controller – handling correspondence).

Tax and accounting obligations:

Purpose: Issuing invoices and maintaining accounting records.

Legal basis: Art. 6(1)(c) GDPR (legal obligation).

§3. Data Recipients
Users’ personal data may be transferred to entities that provide technical and organizational support for the website, solely on the basis of a data processing entrustment agreement:

Booking system operator: LEMONPIXEL.pl Sp. z o.o. (provider of the Hotres system), for the purpose of handling the booking process and online payments.

Hosting and server provider: The entity on whose servers the website and e-mail accounts are stored.

Accounting office: In the case of issuing an invoice for the stay.

§4. Hotres Booking System
The website uses the integrated Hotres booking system.

All data entered in the booking panel (visible as a calendar or booking bar) is processed directly by the Hotres system for the purpose of making an accommodation reservation.

Detailed information on data processing by the service provider can be found in the booking regulations available during the ordering process.

§5. Cookies
The website uses cookies, which are saved on the User’s end device.

No advertising tracking: The Controller declares that the website does not use tracking, marketing, or analytical tools from third parties (such as Google Analytics, Facebook Pixel, or Google Ads). We do not profile Users for advertising purposes.

Only necessary and functional cookies are used, which serve to:

Ensure the proper functioning of the Hotres booking system (e.g., remembering selected dates and booking parameters).

Ensure the proper functioning of contact forms.

Ensure the security and performance of the session on the website.

The User has the option to limit or disable access to cookies on their device in the web browser settings, however, this may affect the functionality of the booking system.

§6. User Rights
Every User whose data is processed has the following rights:

The right to access the content of their data.

The right to rectification (correction).

The right to erasure (“right to be forgotten”), provided that it is not contrary to legal obligations (e.g., tax laws).

The right to restriction of processing.

The right to object.

The right to lodge a complaint with the President of the Personal Data Protection Office (UODO) if the User considers that the processing violates the provisions of the GDPR.

§7. Data Retention Period
Data related to the performance of the contract (booking) and accounting documentation will be stored for the period required by tax laws (currently 5 years calculated from the end of the calendar year).

Data from the contact form will be stored for the period necessary to provide clarifications and conclude correspondence.

§8. Changes to the Privacy Policy
The Controller reserves the right to introduce changes to the Privacy Policy in order to ensure its currency and compliance with applicable laws.