The administrator of personal data is Krakow Airport Hotel Limited Liability Company with its registered office in Balice at: 32-083 Balice, ul. Capt. Medweckiego 3, entered into the Register of Entrepreneurs of the National Court Register under the number KRS 0000335628 by the District Court for Kraków - Śródmieście in Kraków, XII Commercial Department of the National Court Register, share capital: PLN 34,935,000, NIP: 5130189547, REGON: 120944716, phone: + 48 12 340 00 00 (hereinafter: "the Administrator" or "Kraków Airport Hotel").
The Administrator shall use technical measures, in accordance with the law, to secure processed personal data against unauthorized access or use.
II. Website Users' Personal Data
In order to operate the website, the Administrator may process information such as: information about the User's device in order to ensure the correct operation of the service, e.g. device IP address, information contained in cookies, session data, web browser data, data on website activity . This information does not contain data on Users' identities, however, in combination with other information they may constitute personal data, therefore the Administrator provides protection for this information appropriate for the protection of personal data and informs Users about their processing.
The basis for data processing is the Administrator's legitimate interest in facilitating the use of services and improving the quality and functioning of the services provided.
The processing of data collected through the website does not violate rights and freedoms of Users.
III. Contact form
Kraków Airport Hotel provides a contact form on the website for contact by users.
The data provided via the contact form will be processed in order to allow users to contact the Administrator and answer the question or fulfill other expectations of the Users, depending on the query. The following categories of data may be processed: name and surname, e-mail address, telephone number (optional) and the content of the User's request. The basis for processing data entered via the contact form is the Administrator's legitimate interest, which consists in ensuring the possibility of contact with Users and conducting their own marketing activities (Article 6 paragraph 1 point f of the GDPR).
Marketing information will not be sent using the data entered in the contact form, unless the content of a question submitted by the User indicates that the user expects to receive such information. The basis for data processing is then the User's consent expressed by explicit confirmatory actions, consisting in submitting a query with a specific content (Article 6 paragraph 1 point a of the GDPR).
IV. Social media users’ data
Kraków Airport Hotel uses and contains on its website links to the following social networking sites: Facebook, Instagram, Tweeter.
The Administrator does not post user data on social networks, however, such data may be posted by the Users themselves or automatically in the case of using the Administrator’s Fanpage or other services.
Data entered by Users of social networking sites may be processed by:
Facebook, Inc. based in 1601 Willow Road Menlo Park, California 94025 which may process data outside the EEA. An adequate level of data security has been provided by the company by joining the Privacy Shield program:
Twitter, Inc. 1355 Market Street # 900 San Francisco, California 94103, which may process data outside the EEA. An adequate level of data security has been provided by the company by joining the Privacy Shield program:
In order to provide the use of social networking sites, the Administrator may process the following Users’ data: name and surname or other name of the User, information about fanpage likes, activity on the fanpage, comments and posts posted by Users, photos posted by Users.
In order to enable Users to contact the Administrator, the Administrator processes the data of Users contacting the Administrator via Facebook Messanger. The following data is processed: name and surname or username, content of correspondence (messages, threads). This data is stored by the Administrator only as part of the Facebook account, the Administrator does not save this data on its own servers.
The Administrator may place on the fanpage or other accounts in social networks some marketing information regarding services, events or competitions and promotional campaigns that the Administrator organizes or participates in.
Due to the specifics of social networks, information about people watching the fanpage, likes, comments, posts, photos and other information posted by Users may be public to other users and third parties, which the Administrator has no control over.
The basis for data processing via social networking sites is the Administrator's legitimate interest, which consists in ensuring the possibility of contact with Users and conducting the Administrator's marketing activities (Article 6 paragraph 1 point f of the GDPR).
The data is processed for the period of communication with Users and then deleted.
V. External links
VI. Reservation system
Kraków Airport Hotel does not use its own reservation system on the website, but contains a link to the Hilton reservation system.
Krakow Airport Hotel ltd in Balice operates as a franchisee Hotel under the brand Hilton Garden Inn Krakow Airport, which is part of the Hilton Worldwide. Entities of the Hilton Worldwide Holdings Inc. group are independent from Kraków Airport Hotel sp.z o.o. personal data administrators. Hilton Reservations Worldwide, L.L.C. is the administrator in the field of data provided when making reservations at the Hilton. Hilton Honors Worldwide, L.L.C. is the administrator in the field of personal data processing in connection with the operation of the Hilton Honors program. Hilton Domestic Operating Company Inc. is the administrator in the field of personal data processing in connection with Hilton marketing activities.
Hilton Reservations Worldwide, L.L.C., Hilton Honors Worldwide, L.L.C. and Hilton Domestic Operating Company Inc. can be contacted as follows:
Hilton Privacy Department7930 Jones Branch DriveMcLean, VA 22102, e-mail: firstname.lastname@example.org
OR: Hilton Office of the Data Protection Officer 7930 Jones Branch DriveMcLean, VA 22102, USA, e-mail: DataProtectionOffice@hilton.com
Personal data requests: https://www.hilton.com/en/hilton-honors/personal-data-requests
Hilton Worldwide Holdings Inc. Global Privacy Statement is available at:
The Administrator uses the so-called cookies. Cookies are small files (usually text) that can be saved on the User's device while using the website. Cookies contain information necessary for the proper use of the website and the name of the website from which they originate, storage time and a unique number.
Cookies are not harmful to the device and do not change its settings or settings of the software installed on it. Reading the contents of files is possible only by the server that created them.
Cookies are used in particular for the following purposes:
optimizing the use of the website, e.g. they allow to recognize the User's device and adapt the content of the website to the User's individual preferences;
creating statistics to improve the structure and content of websites;
maintaining the User's session after closing the page;
support for third-party components, e.g. Adobe Flash or Facebook Connect, etc.
The Administrator uses two types of cookies:
Session cookies: they are stored on your device until you leave the website or the browser session ends. After closing the page or browser, they are permanently deleted from the device's memory;
Permanent cookies: they are stored on the device for the time specified in the parameters of the cookie or until deleted by the User. Closing the website or ending the browser session as well as turning off the device does not delete them.
More information about cookies is available on the website maintained by the Association of Employers of the Internet Industry IAB Polska: wszystkoociasteczkach.pl
VIII. Marketing activities
The Administrator may place some marketing information on his products or services on the website. The Administrator displays marketing content in accordance with its legitimate legal interest, which consists in publishing content related to the services provided and promotional activities in which the Administrator is involved. The Administrator does not use Users' data for direct marketing of his services without the User's explicit consent.
IX. Contact with the Data Protection Officer
Contact with the Data Protection Officer is possible at the following e-mail address: email@example.com or at the correspondence address indicated in point I.
X. Information on the mandatory / voluntary submission of data
Providing personal data is voluntary, but it may be necessary to use certain functionalities of the website or contact form, social networks, etc.
XI. Data recipients
The data may be made available to processors on behalf of the Administrator in order to provide services necessary for the performance of the contract by the Administrator, such as IT services (e.g. hosting, provision or maintenance of IT systems), accounting services, legal services, postal services, etc. Such entities process data on the basis of a contract with us and only in accordance with our instructions.
XII. Rights of data subjects
You have the right to access the data and the right to request their rectification (if they are inconsistent with the facts), deletion, processing restrictions (in cases provided for by applicable law). To the extent that the basis for the processing of your personal data is the legitimate interest of the Administrator, you have the right to object to the processing of personal data. To the extent that the basis for the processing of your personal data is consent, you have the right to withdraw the consent. Withdrawal of consent does not affect the lawfulness of processing until the consent is withdrawn. You also have the right to transfer personal data, i.e. to receive from the Administrator, in a structured, commonly used machine-readable format. The right to transfer data does not apply to data that is a business secret, cannot adversely affect the rights and freedoms of others, including trade secrets or intellectual property, and will be implemented to the extent technically possible. The first copy of the data is free. In addition, you have the right to receive a copy of the security referred to in point XII.
In order to exercise the abovementioned rights, please contact the Administrator at the correspondence address indicated in point I. or the Data Protection Officer at the e-mail address indicated in point II.
XIII. The right to lodge a complaint to the supervisory authority
You also have the right to lodge a complaint with the supervisory body, which is the President of the Office for Personal Data Protection (00-193 Warszawa, ul. Stawki 2, e-mail: firstname.lastname@example.org).
XIV. Automated decision making
The data you provide shall not be used in automated decision-making processes (including profiling).
Information on the processing of personal data hotel Guests
Information on the processing of personal data hotel Contractors
Information on the processing of personal data hotel E-mail correspondence
Information on the processing of personal data video monitoring system
Information on the processing of personal data recruitment