Book a lodge

Privacy policy

I. GENERAL PROVISIONS

  1. The administrator of the personal data obtained within the framework of the activities of Space Club (hereinafter referred to as the Club), including via the Internet service located at http://www.spaceclubczchow.pl (hereinafter referred to as the Internet Service) is AKROPOL PIOTR NAKIELNY ul. Władysława Łokietka 240C/1, 31-334 Kraków , tel. no. (+48) 662-230-826 e-mail address: kontakt@spaceclubczchow.pl NIP: 8691056986, REGON: 852129895 hereinafter referred to as the “Administrator”.
  2. Personal data is processed by the Administrator in accordance with the currently effective Personal Data Protection Act of August 29, 1997, the Act on Providing Electronic Services of July 18, 2002, as well as in accordance with the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation) i.e. the so-called “RODO”.
  3. The controller shall exercise special care to protect the interests of the personal data subjects, and in particular shall ensure that the personal data it collects are:
    1. processed lawfully, fairly and transparently to the data subject;
    2. collected for specific, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes;
    3. adequate, relevant and limited to what is necessary for the purposes for which they are processed;
    4. correct and updated as necessary;
    5. kept in a form that allows identification of the data subject for no longer than necessary for the purposes for which the data are processed;
    6. processed in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical and organizational measures.

II. PURPOSE AND SCOPE OF DATA COLLECTION

  1. Personal data obtained by the Administrator via the Website (online booking, contact form), via e-mail and in the course of phone and in-person bookings at the Club are used by the Administrator to provide the service to Customers including:
    1. Reservation of seats in the Club for customers for the selected event/event
    2. allow customers to enter the Music Club
    3. Provide customers with tickets to the selected event/event
    4. to respond to customer inquiries about the Club’s offerings sent via the contact form or by e-mail;
    5. Processing of complaints filed;
    6. Settlement of services provided to customers.
  2. The administrator processes the following personal data for the above-mentioned purpose:
    1. Name and surname;
    2. Company;
    3. Tax Identification Number;
    4. Address (street and house/apartment number, postal code, city);
    5. Phone number;
    6. Email address;
  3. The Administrator also processes personal data in the form of an e-mail address for the purpose of sending interested parties a Newsletter containing information on the Club’s activities and its current offer (i.e. in particular information on upcoming events/parties at the Club).
  4. During events and parties held at the Club, photographs are taken to document the course of these events/parties. The photographs taken are used for the purposes of promoting and marketing the Club on the Website, as well as in other promotional materials of the Club. Photos of guests of the Club are not used for any other purposes than to promote the Club and the events held there.
  5. For security purposes, the Club has a monitoring system installed that records the course of the event/party and the entrance to the Club. Personal data (especially images of people) recorded on the monitoring system are used solely to ensure the safety of guests and are made available only at the legally justified request of state authorities, in particular the police, prosecutor’s office or courts.
  6. The Administrator has the right to entrust personal data to entities through which the Administrator implements the purposes of personal data processing specified in this policy, in particular employees, contractors, and other entities with which the Administrator cooperates, including in particular the website hosting provider, marketing agency and the entity implementing electronic payments. The Administrator ensures the protection of personal data entrusted to these entities on the principles specified in this policy and in the provisions of applicable law.

III. BASIS FOR DATA PROCESSING

  1. The Administrator processes personal data obtained by the Administrator via the Website (online booking, contact form), via e-mail and during telephone and personal bookings at the Club based on the consent of the data subject, expressed freely and voluntarily. Providing data is completely voluntary, but it is necessary for the implementation of services provided by the Administrator, including in particular the reservation of places at the Club. In the event of refusal to grant consent to the processing of personal data, it will not be possible to implement these services.
  2. The processing of the e-mail address for the purpose of sending the Newsletter is carried out on the basis of the consent of the data subject and is completely voluntary. In the absence of consent to the processing of personal data for the purpose of sending the Newsletter, it will not be sent, however, this does not affect the possibility of reserving places in the Club via the website or the possibility of using other services provided by the Club.
  3. The Administrator processes personal data in the form of photos of guests taken during an event/event at the Club based on the consent of the person in the photo given during the event/event. This consent is completely voluntary and does not affect the possibility of participating in the event/event. The consent is given to the photographer before the photos are taken.
  4. The Administrator also has the right to process personal data, regardless of the consent granted, in situations where:
    1. processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract;
    2. processing is necessary to comply with a legal obligation incumbent on the controller;
    3. processing is necessary to protect the vital interests of the data subject or another natural person;
    4. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in it and processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child;
  5. W zakresie prawnie uzasadnionych interesów Administratora, o których mowa wyżej, Administrator może w szczególności przetwarzać dane osobowe w postaci zdjęć osób uczestniczących w wydarzeniach/imprezach w Klubie, jeżeli stanowią one szczegół większej całości, zgodnie z zapisami przepisów ustawy o prawie autorskim i prawach pokrewnych. W celu realizacji uzasadnionych interesów Administratora może on również przetwarzać dane osobowe na potrzeby dochodzenia roszczeń od osób, których dane dotyczą, w szczególności roszczeń o zapłatę wynagrodzenia.
  6. The Administrator stores personal data for the period necessary to perform the contract concluded between him and the data subject, as well as in the period after the contract has ended, until the completion of all claims due to the parties under the contract or until their limitation period has expired. Data in
  7. in the form of an e-mail address for the newsletter, as well as personal data in the form of photos are used for the duration of the consent granted, which may be withdrawn at any time, but for no longer than 10 years.
  8. The data subject has the right to withdraw the consent granted to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal. Withdrawal of consent may be made in writing to the Administrator’s address, or in electronic form to the e-mail address biuro@shineclub.com.pl
  9. In the event of withdrawal of consent, it may happen that the Administrator will be entitled to continue to process personal data based on the provisions of generally applicable law. In such a situation, the Administrator will process personal data only for the purposes and to the extent permitted by law despite the lack of consent of the data subject.

IV. RIGHTS OF THE PERSON WHOM THE DATA SUBJECTS

A. ACCESS TO DATA

  1. The data subject is entitled to obtain from the Controller confirmation as to whether personal data concerning him/her are being processed and, if so, is entitled to access such data and the following information:
    1. the purposes of processing personal data;
    2. categories of personal data processed;
    3. information on the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, as well as the safeguards applied in connection with the transfer of data to recipients in third countries or international organisations;
    4. if possible, the planned period for which the personal data will be stored or, if this is not possible, the criteria for determining that period;
    5. information about the right to request that the controller rectify, delete or limit the processing of personal data relating to the data subject and to object to such processing;
    6. information on the right to lodge a complaint with the supervisory authority;
    7. if the personal data were not collected from the data subject, all available information about their source;
    8. if the personal data were not collected from the data subject, all available information about their source;
  2. The Controller shall, upon request, provide the data subject with a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Controller may charge a reasonable fee based on administrative costs. If the data subject requests a copy electronically and unless the data subject states otherwise, the information will be provided electronically, if possible.

B. CORRECTION

  1. The data subject has the right to request the Controller to immediately rectify any incorrect personal data concerning them. Taking into account the purposes of processing, the data subject has the right to request that incomplete personal data be supplemented, including by submitting an additional statement.

C. DELETION OF DATA

  1. The data subject has the right to demand that the controller delete his or her personal data without delay, and the Controller is obliged to delete personal data without undue delay if one of the following circumstances occurs:
    1. personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    2. the data subject has withdrawn the consent on which the processing is based and there is no other legal basis for the processing;
    3. the data subject objects to the processing and there are no overriding legitimate grounds for the processing
    4. the data subject objects to the processing for direct marketing purposes;
    5. personal data were processed illegally;
    6. personal data must be deleted in order to comply with a legal obligation under Union or Member State law to which the Administrator is subject;
    7. personal data was collected in connection with offering information society services.

D. RESTRICTION OF DATA PROCESSING

  1. The data subject has the right to request the controller to restrict processing in the following cases:
    1. the data subject questions the accuracy of the personal data – for a period that allows the Administrator to verify the accuracy of the data;
    2. processing is unlawful and the data subject objects to the erasure of the personal data, requesting instead a restriction on its use;
    3. the controller no longer needs the personal data for the purposes of processing, but they are needed by the data subject to establish, assert or defend claims;
    4. the data subject has objected to the processing – until it is determined whether the legitimate grounds on the part of the Controller override the grounds of the data subject’s objection.
  2. Restricting the processing of personal data means storing personal data in order to limit further processing.
  3. If processing has been restricted pursuant to the aforementioned request, such personal data may be processed, with the exception of storage, only with the consent of the data subject, or to establish, assert or defend claims, or to protect the rights of another natural or legal person, or for compelling reasons of public interest of the Union or a Member State. Before lifting a restriction on processing, the controller shall inform the data subject who requested the restriction.

E. DATA TRANSFER

  1. The data subject shall have the right to receive in a structured, commonly used machine-readable format the personal data concerning him or her that he or she has provided to the controller, and shall have the right to send such personal data to another controller without hindrance from the controller to whom the personal data was provided, if the processing is based on consent or on a contract in and if the processing is carried out by automated means.
  2. In exercising the right to data portability set forth above, the data subject has the right to request that the personal data be sent by the Controller directly to another controller, insofar as this is technically possible.
  3. The data subject has the right not to be subject to a decision that is based solely on automated processing, including profiling, and that produces legal effects on the person or similarly significantly affects the person.

F. SELECT

  1. The data subject has the right at any time to object – for reasons related to his or her particular situation – to the processing of personal data concerning him or her based on the provision of Article 6(1)(e), (f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, including profiling under these provisions.
  2. Once an objection has been lodged, the Controller shall no longer be permitted to process such personal data, unless the Controller demonstrates that there are valid legitimate grounds for the processing overriding the interests, rights and freedoms of the data subject, or grounds for establishing, asserting or defending claims.
  3. If personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for such marketing, including profiling, to the extent that the processing is related to such direct marketing. If the data subject raises an objection to processing for direct marketing purposes, the personal data may no longer be processed for such purposes.

G. REALIZATION OF RIGHTS

  1. The exercise of the rights set forth above shall take place upon request submitted to the Administrator in writing or electronically to the e-mail address biuro@shineclub.com.pl. The same e-mail address may be used to address any inquiries regarding the rights to which the data subject is entitled. The Administrator shall make every effort to explain the rights to which the data subject is entitled in a clear and accessible manner and to enable the data subject to exercise them.

COMPLAINTS

  1. A data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, his or her place of work or the place where the alleged violation was committed, if he or she believes that the processing of personal data concerning him or her violates this Regulation. As of May 24, 2018, the complaint can be submitted to the Inspector General for Personal Data Protection at the address of the Office of the Inspector General for Personal Data Protection 2 Stawki Street, 00-193 Warsaw.

V. “COOKIES”

  1. The Administrator also processes data characterizing the User’s use of the Website (exploitation data), including:
    1. Designations identifying the telecommunications network termination or data communications system used by the User (e.g. IP address, type and language of the Internet browser, operating system);
    2. Information about the beginning, end and scope of each time the User uses the Website;
    3. Information about data stored to users’ terminal devices (cookies).
  2. “Cookies” used on the Website come from the Administrator, as well as from other entities – in particular, the entity that processes electronic payments, as well as the entity that provides analytical services for website usage (Analytics).
  3. Failure on the part of the user to change their browser settings is tantamount to consent to their use.
  4. Installation of “cookies” is necessary for the proper provision of certain services on the Website, especially those requiring authorization (booking, electronic payments).
  5. The Website uses three types of “cookies”: session, permanent and analytical:
    1. “Session” ‘cookies’ are temporary files that are stored on the final device of the Service Recipient until logging off (leaving the Website).
    2. „Stałe” pliki „cookies” przechowywane są w urządzeniu końcowym Usługobiorcy przez czas określony w parametrach plików „cookies” lub do czasu ich usunięcia przez Użytkownika.
    3. “Analytical” ‘cookies’ allow to better understand how the Service Recipient interacts with the content of the Website, in particular to better organize its layout. “Analytical” ‘cookies’ collect information about how the Website is used by Service Recipients, the type of page from which the Service Recipient was redirected, and the number of visits and the time of the Service Recipient’s visit to the Website.
  6. The exploitation data collected by the Administrator, as defined above, do not record specific personal data of the Service Recipient, but are used by the Administrator to develop statistics on the use of the Site.
  7. Cookies stored on the user’s device may be used by entities other than the Administrator to profile the user, in particular to display personalized advertising or other content on other websites.
  8. You have the right to decide on the access of “cookies” to your computer by selecting them in advance in your browser window. Detailed information about the possibility and methods of handling “cookies” is available in the settings of your software (web browser). If the User does not want to save files on his/her device, he/she should disable such possibility in the browser window.

VI. FINAL PROVISIONS

  1. The administrator does not make decisions solely by automated means, nor does he use personal data for profiling.
  2. The Administrator does not establish a Data Protection Officer.
  3. The rights of the data subject, as detailed in this Privacy Policy, arise under generally applicable law, and the provisions of this Privacy Policy do not limit these rights in any way.
  4. The extent to which it will be possible to exercise the data subject’s rights may be limited by law, in particular for reasons of the rights and freedoms of others or for reasons of public interest.