Privacy Policy

Privacy policy


§ 1 General provisions


  1. The Privacy Policy ("Privacy Policy") is a part of the terms and conditions for using the website ("Terms and Conditions," "Website").

  2. The Privacy Policy establishes the rules for privacy and processing of personal data of the users of the Website based on the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119, p. 1) ("GDPR") and the applicable provisions of national law concerning personal data.

  3. The Website is operated by Anna Czyszczoń company, with its registered office in Nowy Korczyn, Stopnicka 16, 28-136 Nowy Korczyn, Tax Identification Number (NIP) 655-159-49-55, National Official Register of Business Entities (REGON) number 260106754 ("Administrator"). Anna Czyszczoń company is the administrator of personal data collected, processed, and used in connection with the users' use of the Website ("Users"), including the booking of accommodation by the Users through the Website or outside the Website by telephone or email ("Reservation"), the payment by users for the Reservation, and the provision of accommodation to Users ("Services"). Contact with the Administrator of personal data is possible via traditional mail to the above-mentioned address or by email at:


§ 2 Personal data, purposes, and legal bases of processing

  1. The use of the Service by Users may involve the collection and processing of user data by the Administrator, as well as by individuals using the Services based on Reservations.

  2. Some of the data collected and processed by the Administrator constitutes personal data. The Administrator may also process aggregate information about Service Users or individuals using the Services based on Reservations.

  3. The Administrator collects data provided by the User during the process of making a Reservation, user registration on the Service, user actions related to making Service Reservations, or making Reservations outside of the service (via phone or email).

  4. Users' personal data will be processed for the following purposes:

  1. To utilize the functionalities of the Service and make Service Reservations, including accepting payments on behalf of the Administrator, and thereby entering into a contract between the User and the Administrator, or to take actions at the request of the data subject prior to entering into a contract, including exporting data to the Administrator's CRM systems (legal basis under Art. 6(1)(b) of the GDPR).

  2. To fulfill legal obligations arising from applicable laws, particularly for accounting and taxation purposes (legal basis under Art. 6(1)(c) of the GDPR).

  3. For analytical purposes, including market research, user behavior and preference analysis, adapting the Service offer to user expectations, and improving the quality of provided services, which is a legitimate interest of the Administrator (legal basis under Art. 6(1)(f) of the GDPR).

  4. For archival (evidence) purposes to secure information in the event of a legal need to prove facts, including fulfilling the accountability obligation under the GDPR, which is our legitimate interest (legal basis under Art. 6(1)(f) of the GDPR).

  5. For the potential establishment, investigation, or defense against claims, which is our legitimate interest (legal basis under Art. 6(1)(f) of the GDPR).

  6. For measuring user satisfaction and determining the quality of our service, which is our legitimate interest (legal basis under Art. 6(1)(f) of the GDPR).

  7. For offering services directly to users by the Administrator (direct marketing and remarketing), including profiling them to match user needs, which, however, will not significantly affect the user's situation or have legal effects on the User (as described below), and is our legitimate interest (legal basis under Art. 6(1)(f) of the GDPR).

  8. For providing the Administrator's business partners, particularly Facebook and Google, with analytical information related to ad personalization (as described below), which is our legitimate interest (legal basis under Art. 6(1)(f) of the GDPR).

  9. For managing accounts and resolving technical issues (legal basis under Art. 6(1)(b) of the GDPR).

  10. For ensuring the safety of traffic and services, as well as preventing misuse and fraud (legal basis under Art. 6(1)(f) of the GDPR).

  11. For organizing promotional activities, loyalty programs, and campaigns in which Users may participate (legal basis under Art. 6(1)(b) of the GDPR).

    Providing personal data is voluntary but necessary to use the Service and make Reservations, including accepting payments from users by the Administrator, as well as to handle complaints in accordance with the Terms and Conditions.

  1. In order to ensure the protection of property and the safety of individuals staying in our apartments, a monitoring system is used in the building lobby. The legal basis for processing data collected through the monitoring system is Art. 6(1)(f) of the GDPR.

§ 3 User rights


  1. The User has the right to:

  1. Access their data and obtain a copy of it.

  2. Rectify (correct) their data.

  3. Delete data if, in the User's opinion, there are no grounds for us to process their data.

  4. Restrict the processing of data if, in the User's opinion, we have inaccurate data about them or are processing it unlawfully, or the User does not want us to delete it because they need it to establish, assert, or defend claims, or during the period of the User's objection to data processing.

  5. Object to the processing of data for the purposes of direct marketing, including profiling, as well as the right to object to the processing of data based on a legitimate interest for purposes other than direct marketing, due to the User's particular situation.

  6. Data portability - the User has the right to receive their personal data, provided to the Administrator based on a contract or consent, in a structured, commonly used, machine-readable format, and can also instruct the Administrator to transmit this data directly to another entity.

  7. Lodge a complaint with the supervisory authority - if the User believes that we are processing their data unlawfully, they can file a complaint with the President of the Personal Data Protection Office or another competent supervisory authority.

  8. Right to withdraw consent to the processing of personal data - the User has the right to withdraw consent to the processing of personal data at any time; withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

  1. In connection with the collection by the Administrator of data mentioned in point 1 above, we inform that we process personal data in the following categories: basic identification data, electronic identification data, financial data, complaints, data related to travel and movement, data related to residence (Art. 14(1)(d) of the GDPR).

  2. The User can exercise the right to access and rectify their data by independently verifying it in the booking form. Additionally, the User can exercise their right to access personal data, rectify it, and withdraw given consents by sending an email to

§ 4 Recipients of data

  1. The following categories of entities may have access to user's personal data:

  1. Authorized employees and collaborators of the Administrator.

  2. Service providers supplying the Administrator with technical and organizational solutions enabling the provision of Service functionality and the management of the Administrator's organization (including IT service providers, marketing services, legal and advisory service providers, and their authorized employees).

  3. Entities performing data analytics for personalized advertising and acting as separate data controllers - Google, Facebook.

  4. Public authorities in the fight against fraud and abuse.

§ 5 Transfer of data to third countries or international organizations

  1. Data will also be transferred to recipients in third countries, such as Google LLC located in Mountain View, California, and Facebook Inc. located in Menlo Park, California (United States), certified under the Privacy Shield, which you can verify at any time at:

  2. Any transfer of personal data outside the European Economic Area by the Administrator may only take place based on appropriate legal safeguards, including standard contractual clauses approved by the European Union.

    § 6 Children

  1. The Service is not designed for or directed at children under the age of sixteen.


§ 7 Data retention

  1. Personal data provided by the user will be processed to the extent and for the period necessary to fulfill the purposes for which they were collected. This period cannot be definitively determined and depends on decisions regarding the use of Service functionality for which the data was obtained. Regarding expired or terminated agreements, the processing of personal data by the Administrator is determined by the limitation periods for claims under the Civil Code, as well as the Administrator's obligations in the field of tax law and accounting. Therefore, we will not process data for longer than 10 years from the termination of the agreement. Personal data processed for purposes covered by the consent statement will be processed for these purposes until the consent is withdrawn.

§ 8 Security measures

  1. The Administrator treats the privacy and security of user data as a top priority and has implemented appropriate technical and organizational measures in accordance with legal requirements to ensure the protection of processed personal data.

  2. In particular, through encryption, the Administrator ensures the security, integrity, and confidentiality of personal data transmitted over the internet.

§ 9 Cookie Policy and Google Services

  1. User data may also be collected through cookies.

  2. As a result of using the Service, text files (known as cookies) may be stored in users' devices, aiming to facilitate user access to the Service, analyze user preferences and behaviors, deliver personalized content on the Service, and improve its functionality. Data is also collected through cookies for statistical purposes.

  3. If users have not disabled cookies, it is assumed that they have consented to the placement and storage of cookies in their devices. Users can disable the placement and storage of cookies through their internet browser settings. The method of disabling cookies depends on the internet browser used by the user. Disabling cookies may cause the Service, and consequently the ability to make reservations on the Service, to not function correctly.

Additional explanations regarding cookies:

  1. What are cookies?

Cookies refer to computer data, specifically text files, stored in users' devices for the purpose of accessing websites. These files allow the recognition of the user's device and the display of web pages tailored to their individual preferences. Cookies typically contain the website's name of origin, the duration of their storage on the device, and a unique number.

  1. What types of cookies do we use?

As a general rule, two types of cookies are used: "session cookies" and "persistent cookies." Session cookies are temporary files that remain on the user's device until they log out of the website or close their internet browser. Persistent cookies remain on the user's device for a specified time or until manually deleted by the user. Cookies used by the website operator's partners, including users of the website, are subject to their own privacy policies. Cookies can be further categorized based on:

  1. Necessity for service provision:




Essential for the proper functioning of the website or the desired functionality the user wishes to use.


Important for the operation of the service:

- enrich the website's functionality; without them, the website will function correctly but will not be tailored to the user's preferences.

- ensure a high level of website functionality; without cookie settings, the level of website functionality may decrease, but it should not prevent complete use of the website.

- serve very important website functionalities; blocking them will cause selected features not to work properly.


Enable the implementation of a business model based on the website; blocking them will not make the entire website functionality unavailable but may reduce the level of service provided due to the lack of revenue generation supporting the website's operation. This category includes, for example, advertising cookies.

  1. Duration of cookie placement on the user's device:



Temporary cookies (session cookies)

Placed for the duration of browser use (session) and deleted after closing it.

Persistent cookies

Not deleted after closing the browser and remain on the user's device for a specified time or without an expiration period, depending on the website owner's settings.

  1. Origin (administrator) of the website managing the cookies:



First-party cookie

Directly placed by the visited website's owner.

Third-party cookie

Placed by external entities whose components are invoked by the website's owner.

Note: Cookies can be invoked by the administrator using scripts, components located on partner servers in different locations (countries), or even under a completely different legal system. When the administrator invokes website components from outside their system, different standard cookie policy rules may apply than the privacy/cookie policy of the website administrator.

  1. Purpose served by cookies:



Site configuration

Enable settings of functions and services on the website.

Site security and reliability

Verify authenticity and optimize website performance.


Inform when a user is logged in, allowing the website to display relevant information and features.

Session state

Store information about how users interact with the website. This may include frequently visited pages or error messages displayed on certain pages. Cookies used to store session state help improve services and enhance browsing comfort.


Enable the smooth operation of the website and its available features.


Enable the display of more relevant ads for users, valuable for publishers and advertisers, personalize advertisements, and can also be used to display ads beyond the website's pages (domain).


Customize displayed information based on the user's location.

Analysis, research, and audience auditing

Help website owners better understand user preferences and improve and develop products and services. Typically, the website owner or a research company collects anonymous information and processes data on trends without identifying individual users' personal data.

  1. Privacy impact on users:




Includes cookies:
- necessary for the correct operation of the website.

- required to enable website functionality, but their operation is unrelated to tracking the user.


Used for user tracking but do not include information allowing the identification of specific users' data.

c) Do cookies contain personal data?

Personal data collected through cookies can only be collected for specific user-related functions. Such data is encrypted in a way that prevents unauthorized access.

d) Deleting cookies

By default, web browsing software allows cookies to be placed on the end device. These settings can be changed to block automatic handling of cookies in the internet browser settings or to receive notifications about each cookie being sent to the user's device. Detailed information about the possibilities and methods of handling cookies is available in the software settings (internet browser). Limiting the use of cookies may affect some functionalities available on the website.

  1. As part of operating the Service, the Administrator uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses cookies. Data collected through cookies by Google Analytics, including your IP address, is transmitted to Google and stored by them on servers in the United States. If the Service anonymizes IP addresses, a user's IP address will be truncated by Google within a member state of the European Union or another European Economic Area country before being transmitted to the United States. Only in exceptional cases will the full IP address be transmitted to Google servers in the United States and truncated there. Google will use this information to evaluate the user's use of the Service, compile reports on website traffic for website operators, and provide other services related to website activity and internet usage. Google will not associate a user's IP address with any other data held by Google.

  2. By using the Service, the user consents to the processing of their data by Google in the manner and for the purposes set forth in paragraph 4 above. The user can prevent Google from collecting data from cookies and processing it (including their IP address) by downloading and installing the appropriate applications on their devices.

  3. As part of operating the Service, the Administrator uses Google services where Google acts as a separate data controller of users' personal data. We promote our services using Google AdWords. The data we collect about users helps us better target our ads and promotions, as well as develop remarketing campaigns. Further information about the purpose and scope of processing personal data by Google, as well as the possibility of preventing data collection from cookies and their processing (including IP address), can be found on Google's website in the appropriate section (Privacy Policy:


§ 10 Receipt of Commercial Information

  1. In connection with the user's registration on the Service's website, the Service will process the user's personal data for the purpose of direct marketing based on the legitimate interests pursued by the administrator. This includes sending the user commercial information related to the functionalities of the Service, including information about promotions and updates within the Service.

  2. Regardless of the above, by placing an order to receive promotional offers presented on the Service, the user gives consent to receive commercial information about promotions and updates available on the Service, as well as other messages sent by the Administrator on its behalf or at its request to the email address/phone number provided by the user when making a Reservation, including after the user's use of the Service has ended. The consent mentioned above can be withdrawn at any time.

  3. Obtaining the user's consent for receiving commercial information about promotions and updates available on the Service is related to the functionality of the Service, which involves presenting such information. Additionally, the Service ensures that receiving such commercial information by the user aligns with their expectations of receiving promotional offers from the Service.

  4. Due to the legitimate interest pursued by the administrator in direct marketing and the consent mentioned in point 2 above, commercial information will be sent to the user in the form of newsletters from the Administrator. Furthermore, newsletters/SMS messages containing information generated based on the user's activity on the Service will be sent to the user.

  5. The user may opt out of receiving further commercial information at any time by contacting the Administrator via email at

The Administrator reserves the right to make changes to the Privacy Policy; therefore, we encourage you to periodically review its contents, especially before making any reservations for the Services.