Privacy policy


This Privacy Policy sets out the rules for the processing and protection of personal data provided by users in connection with their use of the services offered by the Hotel Magnolia website (hereinafter: the Website)

§ 1 [Definitions]

  1. Administrator HOTEL “MAGNOLIA” Bugajski Janusz, Szewce ul. Dewońska 15, 26-052 Sitkówka-Nowiny, NIP: 6571027308, REGON: 290280256, being the owner of the “MAGNOLIA” Hotel and Restaurant located in Zgórsko 90A, 26-052 Sitkówka- Nowiny. (hereinafter: Administrator).
  2. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC.
  3. Personal data – information about an identified or identifiable natural person (“data subject”), where an identifiable natural person is a person who can be directly or indirectly identified, in particular on the basis of an identifier such as name and surname, identification number, data o location, internet identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.
  4. Service – Administrator’s website at:
  5. Customer – a natural person visiting the Website or using one or more of the Administrator’s services or functionalities on the Website, described in the Policy.

§ 2 [Contact]

In matters regarding the processing of personal data by the Administrator, please contact the Administrator via e-mail at the address by phone at 41 366 79 12, or directly at the Administrator’s office.

§ 3 [Personal data protection]

  1. In the interests of the security of the entrusted personal data, the Administrator operates on the basis of internal procedures and recommendations, in accordance with the relevant legal acts in the field of personal data protection, in particular with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 in on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 EC.
  2. The administrator takes special care to protect the interests of data subjects, and in particular ensures that personal data are:
    – processed lawfully;
    – collected for specified, lawful purposes and not subjected to further processing inconsistent with these purposes;
    – factually correct and adequate in relation to the purposes for which they are processed;
    – stored in a form that allows the identification of persons to whom they relate, no longer than it is necessary to achieve the purpose of processing.
  3. The administrator obtains information about users and their behavior in the following way:
    • by voluntarily entering information in forms,
    • by collecting “cookies”.
  4. The administrator informs that he uses the following technologies to track the actions taken by the customer on the Website:
    • Google Analytics – to analyze website statistics and for AdWords advertising.
    • Facebook pixel – to analyze website statistics, as well as to optimize and create groups of recipients of advertising campaigns.

§ 4 [Legal grounds and purposes of data processing on the website and the rights of data subjects]

  1. Your data may be processed for the purpose
    • analysis of network traffic, ensuring security on the Website and adapting the content to the needs of users based on the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR);
    • answering questions, conducting correspondence in order to settle the matter, on the basis of the legitimate interest of the administrator, which is the fulfillment of users’ requests (Article 6 (1) (f) of the GDPR)
    • the provision of services provided by the Administrator pursuant to Art. 6 sec. 1 lit. b) GDPR,
    • implementation of the legitimate interest of the Administrator of personal data in special cases pursuant to Art. 6 sec. 1 lit. f) GDPR, e.g. debt collection or video traffic monitoring on the premises of the Facility.
    • Rights resulting from the GDPR in the field of data processed
  1. You have the right to:
    • request the Administrator to inspect your data, as well as receive a copy of them (Article 15 of the GDPR);
    • request the Administrator to rectify or correct the data (Article 16 of the GDPR) – in relation to the request for rectification of data, when you notice that the data is incorrect or incomplete;
    • request the Administrator to delete data (Article 17 of the GDPR);
    • request the Administrator to limit processing (18 GDPR) – e.g. when you notice that the data is incorrect – you may request that the processing of your data be restricted for a period that allows us to check the correctness of this data);
    • lodge a complaint in relation to the processing of your personal data by the Administrator to the President of the Office for Personal Data Protection.

§ 5 [Transmission and sharing of personal data]

  1. Customer data may be made available to entities authorized to receive them under applicable law, including competent judicial authorities and, inter alia, companies that provide courier services, postal operators,
  2. The data may be entrusted to entities processing it at the request of the Administrator, including
    • in order to store personal data on the server,
    • in order to provide hosting services, provide online store software, store personal data, backup personal data, integrate with payment systems;
    • in order to register domains
    • in order to provide accounting, legal, marketing and debt collection services

§ 6 [Verification of room availability]

  1. Through the hotel’s website, the customer can calculate the rental price of a given room for a specified period. For this purpose, fill in the form, which is sent by e-mail to the appropriate hotel department. The data sent is verified by an employee of the Hotel who, by e-mail or telephone contact, confirms the possibility of booking or proposes a different date.
  2. To make the calculation, the customer provides data such as name, surname, telephone number, date of booking and e-mail address.
  3. The Customer’s activity on the Website, including his personal data, is saved in the system logs, and the log data is processed in connection with the provision of services. The administrator also processes them for technical purposes and to ensure the security and proper functioning of IT systems, e.g. in connection with the performance of backups, tests, irregularities or protection against hackers.
  4. Booking a room by the customer is tantamount to processing his personal data. The customer provides the data necessary to perform the contract with the Administrator. Providing other data is optional.

§ 7 [Contact form]

The administrator provides the possibility of contact via the contact form on the website The customer provides his personal data necessary to contact him and answer the inquiry. The customer may also voluntarily provide other data to facilitate contact or service the inquiry. Providing data marked as mandatory is required in order to accept and handle the inquiry, and failure to do so results in the inability to service. The legal basis for the processing of personal data by the Administrator for this purpose is its legitimate interest (Article 6 (1) (f) of the GDPR) consisting in answering the question asked in order to communicate with customers.

§ 8 [Social media]

The Administrator processes the personal data of Customers visiting the Administrator’s profiles in social media (Facebook, Instagram). The data obtained through social media is processed to inform customers about the Administrator’s activity and promoting products and services, as well as to communicate with customers through the mechanisms and tools available in social media. The legal basis for the processing of personal data by the Administrator for this purpose is its legitimate interest (Article 6 (1) (f) of the GDPR) consisting in promoting the company, building the company’s image on the web and expanding the network of contacts.

§ 9 [Cookies]

  1. Cookies are small files installed on the device of the Customer browsing the Website, collecting information that facilitate the use of the website – e.g. by remembering the Customer’s visits and movements on the Website.
  2. Cookies are used to: improve the functionality of the website, adjust the content of offers to your expectations and preferences determined on the basis of your behavior on the web, collect anonymous statistics
  3. By using the Website, you consent to the use of Cookies in accordance with this Policy. If you do not agree to our use of cookies or other technologies of this type, please change the settings for these files yourself through the settings of your web browser (possible at any time), specifying the conditions for their storage and access to your device via cookies. or exit the Website.
  4. Restricting the use of cookies may affect some of the functionalities available on the Website, and in some situations prevent the proper use of the Website.
  5. On the Website, the Administrator uses 2 types of cookies – session and permanent. Session files remain in the user’s browser only as long as they use the website, and permanent files remain in the browser until their expiry or until they are deleted by the Website
  6. When visiting the Website, the Customer’s browser may save cookies from third parties, such as: Google, Facebook, Instagram. Information on the data stored in these files can be found on the websites of the above entities.

§ 10 [Change of the privacy policy]

The Administrator reserves the right to change the privacy policy of the website, which may be caused by the development of internet technology, possible changes to the law in the field of personal data protection and the development of the Website. We will inform users about any changes in a visible and understandable way.