The below referenced scope of advice originates with, and is being passed on to you in pursuance of the Regulation of the European Parliament and of the Council (EU) 2016/679, of April 27, 2016, on the protection of natural persons with regard to the processing of personal data, and on the free movement of such data, and on repealing Directive 95/46/EC (General Data Protection Regulation - GDPR).

Video monitoring (CCTV) is used at the Hilton Garden Inn Krakow Airport. The monitoring includes entrances and exits of the building, lobby, reception, lobby, restaurants, corridors and other routes, as well as the nearest area around the building.

I. Personal Data Administrator

The administrator of personal data is Kraków Airport Hotel, a limited liability company with its registered office in Balice at the following address: ul. Kpt. Mieczysława Medweckiego 3, 32-083 Balice, evidenced in the National Court Register of Entrepreneurs as entry No KRS 0000335628, NIP (tax identification number): 5130189547, REGON: 120944716, tel.: + 48 12 340 00 00 (hereinafter referred to as ‘the Administrator’ or ‘the Company’).

II. Contact to the Data Protection Officer:

Contact with the Data Protection Inspector is possible at the following e-mail address: or at the correspondence address indicated in point I.

III. Purposes and legal basis of personal data provision

Your personal data will be processed in order to ensure the security of people staying at the Hotel and to secure property. The basis for data processing is the legitimate interest pursued by the Administrator (Article 6 paragraph 1 point f of the GDPR), which consists in ensuring security in the indicated range.

IV. The scope of data processed

The image registered by CCTV cameras is subject to data processing. Cameras do not record sound.

V. Period of data processing

Cameras record the image continuously. The recordings are stored for a period of 30 days, after which they are automatically overwritten, unless an authorized entity requests their protection during this time. In this case, the data are processed until the end of the proceedings for which they were secured.

VI. Recipients of personal data

Data may be transferred only to entities authorized to obtain it on the basis of applicable law and may be secured at the request of authorized bodies (Police, Court).

VII. Your statutory rights related to the processing of personal data

You have the right: to withdraw consent to your personal data processing, to access your personal data, to request correction/amendment of your personal data, to request a removal of your personal data, to demand that the processing of your personal data be restricted to object to the processing of your personal data due to your particular situation, in the cases when we process your personal data in line with our legitimate business interests, to have your personal data transferred, i.e. the right to receive your personal data from us in a structured, commonly used, machine-readable IT format. You may then forward this set of personal data to another personal data administrator, or request that we forward it to another personal data administrator on your behalf. Please note that we shall do so, only if this is technically feasible. You have the right to have your personal data transferred only with regard to the scope of such data being the actual subject to contractual processing by ourselves. You have also the right to receive a copy of the safeguards referred to in point XIII. In order to exercise your rights, please contact the addresses indicated in points I. or II.

VIII. The right to lodge a complaint with the supervisory body

You also have the right to lodge a complaint with the supervisory body, which is the President of the Office for Personal Data Protection (00-193 Warszawa, ul. Stawki 2, e-mail:

IX. Automated decision making

Decisions are not made in an automated manner, and your personal data is not subject to profiling by Personal Data Administrator.

X. Transfer of data to third countries or international organizations

Data shall not be transferred outside the EEA.