Privacy and Cookies Policy

Jelenia Struga MEDICAL SPA sp. z o.o.

Effective date: 21.05.2018
Last update: 11.09.2024

1. General Information

1.1. This Privacy Policy outlines the rules for the processing of personal data and the use of cookies by Jelenia Struga MEDICAL SPA sp. z o.o., based in Kowary, registered in the National Court Register under KRS number: 0000284357, NIP: 6112628600, REGON: 300617197.

1.2. The Controller takes all necessary measures to ensure that data processing is carried out in accordance with applicable laws, including the General Data Protection Regulation (EU) 2016/679 (GDPR), the Personal Data Protection Act, the Act on Providing Services by Electronic Means, and the Telecommunications Law.

2. Scope and Purposes of Data Processing

We process personal data only to the extent necessary to achieve specific purposes:

2.1. Reservation and Provision of Hotel and SPA Services

• entering into and executing contracts for hotel or medical spa services, including handling online and offline bookings,

• contact related to the Guest’s stay,

• fulfilling registration and tax obligations,

• issuing and archiving accounting documents.
  Legal basis: Article 6(1)(b) and (c) GDPR

2.2. Marketing Activities

• sending special offers, promotional and event information,

• inviting to participate in loyalty programs and contests,

• running online remarketing campaigns.
  Legal basis: data subject’s consent (Art. 6(1)(a) GDPR) or legitimate interest (Art. 6(1)(f) GDPR)

2.3. Security and Monitoring

• ensuring safety of guests, employees, and hotel property through video surveillance (CCTV) in common areas.
  Legal basis: Controller’s legitimate interest (Art. 6(1)(f) GDPR)

2.4. Maintaining Contact

• handling inquiries via contact forms, e-mail, phone, or online chat,

• conducting pre- and post-sale correspondence.
  Legal basis: Controller’s legitimate interest (Art. 6(1)(f) GDPR – customer relationship management)

3. Categories of Processed Data

Depending on the context, we may collect the following data:

• identification data: name, surname, ID number, PESEL (for medical or rehabilitation services),

• contact details: phone number, e-mail address, mailing address,

• booking details: stay dates, dietary preferences, room type, additional services,

• payment details: account number, card data (processed by payment operators),

• health data: only with explicit consent and in relation to medical-rehabilitation services.

4. Data Recipients

Data may be shared with:

• entities processing data on behalf of the Controller (e.g., accounting offices, law firms, IT service providers, booking and payment systems),

• public authorities (e.g., police, courts, tax offices) – within the bounds of applicable law,

• electronic payment operators and banks,

• courier and postal companies – if necessary for order fulfillment or correspondence delivery.

All data processors are obliged to ensure adequate data protection measures.

5. Data Retention

Your personal data will be stored:

• for the duration of the contract and as necessary after its end (until expiration of claims),

• for the period required by law (e.g., 5 years for accounting documents),

• until consent is withdrawn – for data processed on that basis,

• up to 30 days – for CCTV data (unless needed for incident investigation).

6. Data Subject Rights

You have the right to:

• access your data and receive a copy,

• rectify your data,

• delete your data ("right to be forgotten") if no other legal grounds apply,

• restrict processing,

• transfer your data to another controller,

• object to processing – especially for marketing purposes,

• withdraw consent at any time (where processing is based on it),

• lodge a complaint with the President of the Personal Data Protection Office (uodo.gov.pl).

7. Cookies and Tracking Technologies

7.1. What are cookies?
Cookies are small text files saved on the User’s device that enable proper website functioning and user behavior analysis.

7.2. Types of cookies we use:

• Necessary – enable core website functions (e.g., logging in, booking),

• Analytical – used for statistical purposes (e.g., Google Analytics),

• Marketing and remarketing – personalize ads based on user interests (e.g., Google Ads, Meta Pixel),

• Functional – remember your preferences (e.g., language, location).

7.3. Cookie management
You can manage cookies via your browser settings. Restricting cookies may affect some website functionalities.

Browser management help:

• Chrome: https://support.google.com/chrome/answer/95647

• Firefox: https://support.mozilla.org/pl/kb/ciasteczka

• Safari: https://support.apple.com/pl-pl/HT201265

• Edge: https://support.microsoft.com/pl-pl/help/4468242

8. Security

The Controller applies appropriate technical and organizational measures to protect personal data against loss, destruction, unauthorized access, or disclosure. These include:

• SSL data transmission encryption,

• access authorization systems,

• physical security of data and servers,

• internal data security policies.

9. Data Transfers Outside the EEA

In cases where we use technological providers (e.g., Google, Meta), data may be transferred outside the European Economic Area. Transfers are made under legal mechanisms such as Standard Contractual Clauses approved by the European Commission.

10. Changes to the Privacy Policy

We reserve the right to modify this Privacy Policy. The current version is always available on our website: /.

Contact:

Jelenia Struga MEDICAL SPA sp. z o.o.
ul. Podgórze 55; 58-530 Kowary
E-mail: jeleniastruga@jeleniastruga.pl
Phone: +48 75 752 84 18