Privacy Policy

I.Definitions
Administrator – Focus Hotels S.A. based at ul. Plac Bożeckich 3, 85-033 Bydgoszcz, NIP: 9671347422, REGON: 341041740 Personal data - information about an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, by reference to one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. Policy – ​​this Privacy Policy. User - any natural person visiting the Website or using one or more services described in the Policy, as well as any natural person whose personal data is processed by the Administrator, e.g. visiting the Administrator's premises, using its services or submitting an inquiry to it in any form. Website – website run by the Administrator at https://focushotels.pl/
Introduction The purpose of this Policy is to define the principles, method of processing and use of Users' Personal Data. The policy also contains information regarding the rights of natural persons in relation to the personal data they have provided. The legal basis for the Policy is Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. This Policy constitutes the Administrator's implementation of the obligations arising from Art. 12, 13 and 14 GDPR. The Policy applies to the Website, application or service referring to it, as well as to data transferred via them, by telephone, electronically or in person at the Administrator's office and in other places where the Administrator conducts business activities. In connection with the business activity conducted by the Administrator, as well as the User's use of the Website, the Administrator collects data to the extent necessary to provide the individual services offered. Detailed rules and purposes of Personal Data processing are described below.
Contact with the Administrator and Data Protection Inspector In all matters related to the processing of personal data, you can contact the Administrator at the above-mentioned address. registered office address or via e-mail: iod@focushotels.pl
The Administrator has appointed a Data Protection Inspector, who can be contacted at the e-mail address: iod@focushotels.pl or by correspondence to the Administrator's address indicated above with the note "Data Protection Inspector".
Purposes and legal basis for the processing of Personal Data. The Administrator processes personal data in accordance with the business profile, for the purposes indicated below. If, due to legal provisions, the characteristics of the service or the need to settle it, there is a need to process other personal data of data subjects, the Administrator will process them to the necessary extent.
Placing orders / making reservations Placing an online order / making a reservation by the Website User involves the processing of his or her personal data. Providing data marked as mandatory is required in order to accept and process the order / make a reservation, and failure to provide it will result in the order not being processed.
Personal data are processed in order to complete the placed order / make a reservation - the legal basis for processing is the necessity of processing before the performance of the contract (Article 6(1)(b) of the GDPR), and in the case of providing data regarding health, the legal basis is consent (Article 9(2)(a) of the GDPR);
The data is processed no longer than until the claims expire.
Implementation of services provided by the Administrator Data processing is necessary to perform the contract concluded with the client regarding the provision of hotel, catering or other services offered by the Administrator.
Personal data is processed:
i. in order to perform the contract or to take action at the request of the data subject before concluding the contract - (Article 6(1)(b) of the GDPR);
ii. in order to fulfill the legal obligations of the Administrator arising in connection with the implementation of the contract (in particular resulting from e.g. tax regulations, local law acts) - the legal basis for processing is the legal obligation (Article 6(1)(c) of the GDPR)
The data is processed no longer than until the limitation period for claims or until the limitation period for liabilities expires (in the case of tax liabilities, it will be 5 years, counting from the end of the calendar year in which the tax payment deadline expired, pursuant to Article 70 of the Act of August 29, 1997, Tax Ordinance).
Sending commercial/marketing information, newsletter, satisfaction survey If you consent to receiving marketing/commercial information from the Administrator by electronic means and/or telephone (including a newsletter or satisfaction survey), personal data is processed in order to provide the above-mentioned. information.
The legal basis for the processing of Personal Data is the legitimate interest of the Administrator in connection with the consent given - Art. 6 section 1 letter f GDPR in connection with Art. 10 of the Act on the provision of electronic services or Art. 172 of the Telecommunications Law, consisting in building the image and conducting marketing activities, sending special offers, information about new products or services, invitations to participate in promotions. The data is processed for the duration of marketing activities, until the consent to receiving commercial information is withdrawn, the data subject raises an effective objection or the Administrator's legitimate interest ceases. The user has the right to withdraw consent to receiving commercial information at any time. You can do this by clicking on the appropriate unsubscribe link in the marketing message sent or by contacting the Administrator directly.
Contact (e-mail, letter, telephone, chat or form) The Administrator provides the possibility of contacting him using electronic contact forms, chat, e-mail, letter or telephone. Using the form requires providing personal data necessary to contact the User and answer the inquiry. The user may also provide other data to facilitate contact or handling of the inquiry. Providing data marked as mandatory is required to accept and handle the inquiry, and failure to provide it results in the inability to provide an answer. Providing other data is voluntary. If inquiries are sent to the Administrator by telephone, e-mail or traditional correspondence, the personal data contained in this correspondence are processed for the purpose of communication and solving the matter to which the contact relates.
The legal basis for the processing of personal data is the legitimate interest of the Administrator - Art. 6 section 1 letter f GDPR, consisting in ensuring contact with the Administrator and answering questions asked, regardless of the communication channel. The data processing period depends on the subject of the case that is the subject of contact, but no longer than the limitation period for claims.
Video monitoring Video monitoring is used to ensure the safety of people staying on the Administrator's premises and to protect property. The use of monitoring in the processing of employees' personal data is based on Art. 6 section 1 letter c GDPR in connection with joke. 22² § 1 of the Labor Code. In the case of other persons, other than those employed under an employment contract (i.e. the Administrator's associates and other persons using the Administrator's services or staying at the Administrator's facilities), personal data processing is carried out pursuant to Art. 6 section 1 letter f GDPR, i.e. the legitimate interest of the administrator (such legally justified interests are the purposes of processing, consisting in ensuring the safety of persons and property).
Images from monitoring may be made available to authorized state authorities. Personal data processed by the video monitoring system will be stored for a period no longer than 3 months, unless, due to special circumstances, the recordings will constitute evidence in proceedings conducted pursuant to legal provisions or the Administrator receives information that they may constitute evidence in the proceedings, then the recording storage period will be extended until the final conclusion of such proceedings.
Collection of data as part of business contacts In connection with its business activities, the Administrator collects personal data, e.g. during business meetings or by exchanging business cards - for purposes related to initiating and maintaining business contacts.
Such personal data are processed in order to pursue the legitimate interest of the Administrator and its contractor (Article 6(1)(f) of the GDPR) consisting in creating a network of contacts in connection with their business activities. The data is processed for the duration of the business relationship, until the data subject raises an effective objection or the Administrator's legitimate interest ceases.
Processing personal data of the Administrator's clients or contractors' staff members. In connection with concluding contracts as part of its business activities, the Administrator obtains from contractors/customers data of persons involved in the implementation of such contracts (e.g. data of persons authorized to contact, executing orders, etc.). The scope of data transferred is in each case limited to the extent necessary for the performance of the contract and usually does not include information other than name and surname and business contact details.
Such personal data are processed in order to pursue the legitimate interest of the Administrator and its contractor (Article 6(1)(f) of the GDPR), which is to enable the correct and effective performance of the contract. The data is processed for the duration of cooperation and then until the claims expire.
Career Personal data may be processed for the purposes of the current recruitment process, as well as in order to participate in future recruitment processes. Candidates' personal data are processed solely for the purpose of conducting the recruitment process, assessing candidates' qualifications, conducting job interviews and selecting the right candidate for a given position. The legal basis for the processing of personal data to the extent necessary to take actions aimed at concluding a contract is Art. 6 section 1 letter b GDPR. Data may be processed pursuant to Art. 6 section 1 letter c GDPR in connection with joke. 22(1) § 1 of the Labor Code and pursuant to Art. 6 section 1 letter a GDPR, i.e. the consent of the data subject (in the case of sending an image or other information not required by the Administrator or consenting to the processing of data for future recruitment purposes). Personal data will be processed until the claims expire.
Fulfillment of legal obligations imposed on the Administrator The Administrator processes Users' Personal Data in connection with the implementation of legal obligations imposed on him, including: maintaining accounting and accounting documentation, as well as exercising the rights of data subjects.
Such personal data are processed pursuant to Art. 6 section 1 letter c) GDPR - processing is necessary to fulfill the legal obligation imposed on the Administrator until such obligations expire, in accordance with applicable law.
Determining, pursuing and defending against claims In order to determine, pursue and defend against claims, Users' personal data that they have provided to the Administrator will be processed.
The legal basis for the processing of personal data is Art. 6 section 1 letter f) GDPR, which allows the processing of personal data in order to establish, pursue or defend against claims that are the implementation of the legitimate interest of the Administrator. Personal data may be processed up to the time the claims expire.
Using the Website (including having an account on the Website) Personal data of all persons using the Website (including IP address or other identifiers and information collected via cookies or other similar technologies) are processed by the Administrator:
in order to provide services electronically in the scope of providing Users with content collected on the Website or fulfilling orders - then the legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR); for analytical and statistical purposes - then the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in conducting analyzes of Users' activities as well as their preferences in order to improve the functionalities used and the services provided; in order to establish and pursue claims or defend against claims - the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in the protection of his rights.
The User's activity on the Website, including his or her personal data, is processed primarily for purposes related to the provision of services. The Administrator also processes them for technical and administrative purposes, to ensure the security of the IT system and to manage this system, as well as for analytical and statistical purposes - in this respect, the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR). The data is processed until an effective objection is raised by the data subject or until the legitimate interest of the Administrator ceases.
Social networking sites Facebook, Instagram
W ramach prowadzenia przez Administratora konta na portalu Facebook lub Instagram przetwarzane są dane osób, które:
have subscribed to the fanpage by clicking the "Like" or "Follow" icon; published their comment on the fanpage or under any of the posts on the fanpage. The administrator processes the following types of personal data:
identifier (usually containing name and surname or nickname); profile photo; other photos (which may also represent an image); content of comments. statistical data about people visiting accounts. The Administrator processes the above-mentioned personal data on the basis of a legitimate interest (Article 6(1)(f) of the GDPR), consisting in: running a fanpage under the name Focus Hotels on the Facebook social networking site and focushotels.pl on the Instagram social networking site, in order to provide information about the Administrator's activity, promote events and the brand, products and services, build and maintain a community with the Administrator and for the purpose of communicating via the available functionalities of the websites (comments, messages), keeping statistics (by analyzing data on activity fanpage users), determining, investigating or defending against claims.
Additionally, the Administrator indicates that together with Meta Platforms Ireland Limited (hereinafter "Meta Ireland"), they act as joint controllers in the field of data processing for the purposes of statistics. More information about data processing for the purposes of page statistics can be found at the following link: https://www.facebook.com/legal/terms/information_about_page_insights_data
YouTube
As part of the Administrator's operation of an account on YouTube, the data of persons who:
have subscribed to the channel by clicking the "Subscribe" icon; posted their comment under any of the videos posted on the channel. The administrator processes the following types of personal data:
user ID (usually containing name and surname or nickname); profile photo; content of comments. statistical data about people viewing films. The Administrator processes the above-mentioned personal data on the basis of a legitimate interest (Article 6(1)(f) of the GDPR), consisting in: running a fanpage under the name HoteleFocus on the website and using it to provide information about the Administrator's activity, promoting events and the brand, products and services, building and maintaining a community with the Administrator and for the purpose of communication via the available functionalities of YouTube (publishing videos), keeping statistics (by analyzing data on viewers' activity), determining, investigating or defending against claims.
Additionally, the Administrator indicates that together with Google LLC (hereinafter "Google") they act as joint controllers in the field of data processing for the purposes of statistics. You can find more information about data processing for website statistics in Google's privacy policy:
https://policies.google.com/privacy?hl=pl#intro
LinkedIn
As part of maintaining an account on LinkedIn by the Administrator, the data of persons who:
have subscribed to the fanpage by clicking the "Follow" icon; published their comment under any of the posts on the fanpage. The administrator processes the following types of personal data:
identifier (usually containing name and surname or nickname); information contained in the header of the User's profile profile photo; content of comments; statistical data about people visiting accounts. The administrator processes the above-mentioned personal data on the basis of a legitimate interest (Article 6(1)(f) of the GDPR), consisting in: running a website/profile under the name Focus Hotels S.A. on LinkedIn, in order to publish job offers, provide information about the Administrator's activity, promote events and the brand, products and services, build and maintain a community with the Administrator and to communicate via the available functionalities of the websites (comments, messages), keep statistics (by analyzing data on the activity of fanpage users), determine, pursue or defend against claims.
Additionally, the Administrator indicates that together with LinkedIn Ireland Unlimited Company (hereinafter "LinkedIn Ireland") they act as joint controllers in the field of data processing for the purposes of statistics. More information about data processing for website statistics can be found at the following link: https://pl.linkedin.com/legal/privacy-policy?
Cookies We collect cookies on our website. Cookies are small text files stored on the user's device that are used to collect information about the user's activity on the website. Cookies are sent by the web server to the User's browser and stored on his computer. Different types of cookies, such as necessary, functional, analytical and advertising, have different purposes and affect how you use the website. They allow websites to remember user preferences such as language, selected currency or page layout, which increases the comfort of using the website. Cookies are also used to analyze user behavior or adjust the presented content, which helps detect website interface errors or adapt advertising content. Cookies do not in any way provide access to data other than cookies stored in the computer's memory.
What cookies do we use?
"Necessary" cookies
We use the so-called cookies necessary to enable the use of basic services available on the website. Our use of essential cookies is necessary for the proper functioning of the Website, without these cookies the website may not function properly. Their use is necessary to provide a telecommunications service (data transmission to display content) - the User is not able to opt out of these cookies if he wants to use our website, and the User's consent is not required to install the necessary cookies on his device. Examples of essential cookies include: cookies that maintain the user's session, and cookies related to privacy settings, which remember the user's decisions to accept or reject optional cookies and cause the cookie banner to disappear after the user selects one of the options.
"Analytical" cookies
We use the so-called analytical cookies to improve the quality of services on the Website. Therefore, we and other entities providing analytical and statistical services to us use cookies to store information or gain access to information already stored in the User's telecommunications end device (computer, telephone, tablet, etc.). Cookies used for this purpose include Google Analytics cookies used to analyze how the User uses the website, to create statistics and reports on the functioning of the website.
Google Analytics cookies are files used by Google to create statistics and reports on the functioning of the Website in order to analyze how the User uses the Website. Detailed information on the scope and principles of data collection in connection with this service can be found at the following link: https://www.google.com/intl/pl/policies/privacy/partners.
"Marketing" cookies
They are used to publish advertisements tailored to the User's preferences and enable the display of more relevant advertisements. The cookie remembers what the user saw on the website and prevents the same ads from appearing again. They are able to measure the effectiveness of advertising campaigns and monitor the number of clicks. Such information may be shared with other interested parties, for example advertisers.
How to manage cookie settings?
When you visit our website, you see a message regarding our cookies. You can choose 1 of 3 cookie options:
you can click Accept all. This means that we will use necessary/analytical/marketing cookies. you can click Reject all. This means that we will only use essential files that are necessary for the proper functioning of the website. you can click Cookie settings. This means that you can choose which cookies, other than essential ones, we use.
Cookie settings in your browser
Withdrawing consent to the use of cookies is also possible via browser settings. Detailed information on this topic can be found at the following links:
Internet Explorer: due to the fact that the Internet Explorer browser has lost official manufacturer support and is no longer supported by some operating systems, for security reasons, we recommend using another, up-to-date web browser. Microsoft Edge: https://support.microsoft.com/pl-pl/microsoft-edge/usuwanie-plik%C3%B3w-cookie-w-przegl%C4%85darce-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09 Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647 Opera: http://help.opera.com/Windows/12.10/pl/cookies.html Safari: https://support.apple.com/kb/PH5042?locale=en-GB
Recipients of Personal Data In connection with running a business requiring the processing of personal data, personal data may be disclosed to external entities.
The recipients of personal data entrusted to the Administrator by data subjects may be the following entities, to which personal data is transferred to the minimum extent necessary to achieve the purpose(s) for which the data was obtained:
authorized staff of the Administrator, subcontractors and entities providing services to the Administrator (including law firms, IT and technical support services) who must have access to data to perform their duties; entities processing personal data on behalf of the Administrator (e.g. accounting office, technical service providers, hosting service providers); competent authorities authorized in accordance with applicable law; in the case of data shared on Facebook or Instagram - other users of the portals and their owners (due to the fact that information about people following accounts, about likes, as well as the content of comments, posts and other information provided by users are public) on the terms available at https://help.instagram.com/519522125107875 or https://www.facebook.com/about/privacy in the case of data shared on YouTube - other Users of the portal (due to the fact that the content of comments and other information provided by Users are public) and the owner of the portal (Google LLC) under the terms available at https://policies.google.com/privacy?hl=pl#intro.
The Administrator declares that he does not sell, share or transfer personal data collected for processing to other persons or institutions, unless it is done with the express consent or at the request of the data subjects, or at the request of state authorities authorized under the law for the purposes of proceedings or activities related to security or defense conducted by them, for legally defined tasks carried out for the public good, when it is necessary to fulfill the legal obligations of the Administrator.
Transfer of personal data outside the European Economic Area (EEA) The level of protection of personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when necessary and ensuring an adequate level of protection, primarily by:
i.cooperation with entities processing personal data in countries for which an appropriate decision of the European Commission has been issued regarding the assurance of an adequate level of protection of Personal Data;
ii.application of standard contractual clauses issued by the European Commission;
iii.application of binding corporate rules approved by the relevant supervisory authority.
Personal data processing period The Administrator processes the acquired personal data for the period necessary to achieve the purpose(s) for which they were transferred. The data processing period is related to the purposes and basis for their processing, therefore:
data processed on the basis of statutory requirements (e.g. tax) will be processed for the period in which legal provisions require data storage; when the basis for processing is the performance of a contract, then the data is processed by the Administrator for as long as it is necessary to perform the contract; data processed on the basis of the legitimate interest of the Administrator will be processed until an effective objection is submitted by the data subject or until this interest ceases. Data processed for the purpose of pursuing or defending against claims will be processed for a period equal to the limitation period for these claims; data processed on the basis of consent will be processed until the consent expressed by the data subject is withdrawn. The data processing period may be extended if the processing is necessary to establish or pursue claims or defend against claims, and after this period - only if and to the extent required by law. After the processing period, the data is irreversibly deleted or anonymized.
Rights of data subjects The Administrator exercises the rights of data subjects related to the processing of their personal data. In particular, each data subject has the right to:
access to your personal data, rectification of personal data, deletion of data ("right to be forgotten"), restriction of personal data processing, objection to the processing of personal data.
If the basis for the processing of personal data is the legitimate interest of the Administrator, the data subject has the right to object to the processing of personal data at any time, without having to justify his decision, especially if the legitimate interest consists in conducting activities related to direct marketing.
The consent expressed by data subjects may be withdrawn at any time, which will not affect the lawfulness of data processing carried out before its withdrawal.
The Administrator informs that he is not obliged to delete data (i.e. exercise the "right to be forgotten") if data processing is necessary for:
exercising the rights and freedoms of expression and information, fulfilling the legal obligation to process under European Union or Polish law, archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, for the establishment, exercise or defense of claims.
The above rights, as well as the intention to withdraw consent, may be exercised by sending an appropriate request electronically to the postal address indicated in point III of the Policy or by post to the address of the Administrator's registered office provided in point I and III of the Policy.
In each case it is recognized that the rights of a natural person under the law and the Policy are violated, Users have the right to lodge a complaint with the Office for Personal Data Protection.
Automated decision-making and profiling Your data may be processed by the Administrator in an automated manner, including in the form of profiling. However, decisions relating to an individual person related to this processing will not be automated.
Final provisions To the extent not regulated by this Policy, EU and national provisions on the protection of personal data shall apply.
Date of the last update of the Policy: 19/06/2024

List of data processors

Manage cookie settings
Manage privacy settings
Essential cookies

Cookies necessary for the operation of services available on the website, enabling browsing offers or making reservations, supporting security mechanisms, including user authentication and abuse detection. These files are required for the proper functioning of the website. They do not require your consent.

Analytical cookies

Cookies allowing the collection of information about the user's use of the website in order to optimize its functioning and adapt it to user expectations. By consenting to these cookies, you agree to the processing of data regarding your activity on the site for analytical purposes.

Marketing cookies

Cookies enabling the display of marketing content tailored to the user's preferences and directing marketing offers to them corresponding to their interests, including information about user activity, products, and services of the site administrator and third parties. Consent to these cookies means that your data may be used for advertising personalization and analysis of the effectiveness of our advertising campaigns.

Your preferences have not yet been saved