Reservation

POLITYKA PRYWATNOŚCI
SKYLINE VILLAS

PRIVACY POLICY

 

for the skylinevillas.pl website and reservations at Skyline Villas

§1. General Information

  1. This Privacy Policy sets out the principles governing the processing of personal data of persons using the website skylinevillas.pl (hereinafter: the “Website”) and persons making reservations for and staying at Skyline Villas (hereinafter collectively referred to as “Users” or “Guests”).
  2. The controller of personal data is:
    SKYLINE ESTATES sp. z o.o.
    Registered office: Al. Jana Pawła II 52/54, 00-152 Warsaw, Poland
    NIP: 5253054891
    REGON: 542300231
    (hereinafter referred to as the “Controller” or “we”).
  3. You may contact the Controller:
    1. by post - at the registered office address,
    2. by email - at: booking@skylinevillas.pl,
    3. by phone - at: +48 606 670 014.
  4. In matters relating to personal data protection, you may contact us in particular by email with the subject line “Personal data / GDPR.”

§2. Scope and Sources of Personal Data

  1. We process personal data that:
    1. you provide directly when making a reservation (by phone, email, via the Website form, or through a booking service),
    2. we receive from external booking platforms used by you (e.g. Booking.com, Airbnb, or similar platforms),
    3. you provide during your stay (e.g. during check-in or when using additional services),
    4. is collected automatically when you use the Website (server logs, cookies, similar technologies).
  2. The processed data may include, in particular:
    • Identification data - first name, last name, identity document number (including data processed in connection with standards for the protection of minors),
    • Contact details - email address, telephone number, mailing address (if provided),
    • Booking and stay details - dates of stay, number of guests (including children and their ages), preferences, payment information, special requests, information about pets,
    • Billing data - payment details, bank account number (if provided, e.g. for deposit refunds), invoice details,
    • Data relating to the safety of minors - information necessary to verify the identity of children and their relationship with accompanying adults, in accordance with applicable regulations,
    • Technical data - IP address, browser type, operating system, approximate location, server log data, and information on Website activity collected via cookies or similar technologies.
  3. Providing personal data is voluntary; however, in certain cases it is:
    • necessary for the conclusion and performance of a contract (failure to provide such data may prevent us from accepting a reservation),
    • required by law, including accounting, registration, or obligations related to the protection of minors.

§3. Purposes and Legal Bases for Processing

We process personal data for the following purposes and on the following legal bases:

  1. Conclusion and performance of accommodation service contracts
    • Including reservation handling, communication regarding bookings, stay execution, deposit handling, and settlements.
    • Legal basis: Article 6(1)(b) GDPR.
  2. Compliance with legal obligations
    • Including accounting and tax obligations, document retention, obligations related to the protection of minors, and cooperation with public authorities.
    • Legal basis: Article 6(1)(c) GDPR.
  3. Ensuring safety, asserting and defending claims
    • Including property protection, complaint handling, dispute resolution, and prevention of abuse.
    • Legal basis: Article 6(1)(f) GDPR (legitimate interest).
  4. Ongoing communication and inquiry handling
    • Responding to messages sent via contact forms, email, telephone, or other communication channels.
    • Legal basis:
      • Article 6(1)(b) GDPR - where communication relates to a contract or pre-contractual actions,
      • Article 6(1)(f) GDPR - in other cases.
  5. Direct marketing of own services (traditional forms)
    • Informing current or former Guests about offers in a reasonable and proportionate manner.
    • Legal basis: Article 6(1)(f) GDPR.
  6. Electronic marketing (newsletter, email/SMS communication)
    • Only if you have given separate, explicit consent.
    • Legal basis: Article 6(1)(a) GDPR.
  7. Website analytics, statistics, and IT security
    • Improving Website functionality, traffic analysis, abuse prevention, and system security.
    • Legal basis: Article 6(1)(f) GDPR.
  8. Social media profile management (if applicable)
    • Including communication, promotional activities, and responding to comments and messages.
    • Legal basis: Article 6(1)(f) GDPR.

§4. Recipients of Personal Data

  1. Personal data may be disclosed to:
    1. accounting, legal, tax, IT, and hosting service providers,
    2. reservation, payment, and property management system providers,
    3. external booking platforms used by the User,
    4. website maintenance and IT infrastructure providers,
    5. marketing service providers - where consent has been granted,
    6. banks and payment operators - for payment processing and refunds,
    7. public authorities, courts, and law enforcement bodies - where required by law.
  2. Data is disclosed strictly in accordance with the principle of data minimization.

§5. Transfer of Data Outside the EEA

  1. As a rule, personal data is not transferred outside the European Economic Area (EEA).
  2. If services of providers located outside the EEA are used (e.g. certain Google or Meta tools), data transfers are carried out on the basis of legally approved safeguards, such as standard contractual clauses or adequacy decisions.
  3. Further information can be obtained using the contact details provided in §1.

§6. Data Retention Period

  1. Contract-related data: for the duration of the contract and thereafter for the statutory limitation period (generally up to 6 years).
  2. Accounting and tax data: for the period required by law (typically 5 years from the end of the relevant tax year).
  3. Data processed on the basis of legitimate interest: until the interest ceases or an objection is raised.
  4. Data processed on the basis of consent: until consent is withdrawn.
  5. Cookies and technical data: according to cookie settings or until deleted, with anonymized statistical data possibly stored longer.

§7. Rights of Data Subjects

You have the right to:

  1. access your personal data,
  2. rectify inaccurate or incomplete data,
  3. request erasure of data,
  4. restrict processing,
  5. data portability,
  6. object to processing based on legitimate interest,
  7. withdraw consent at any time,
  8. lodge a complaint with the President of the Personal Data Protection Office (PUODO).

Requests may be submitted using the contact details in §1.

§8. Obligation to Provide Data

Providing data is voluntary; however, failure to provide required data may prevent reservation and accommodation services from being provided or may result in statutory non-compliance.

§9. Automated Decision-Making

We do not make decisions based solely on automated processing, including profiling, that produce legal effects for Users.

§10. Cookies and Similar Technologies

  1. The Website uses cookies and similar technologies to ensure proper operation, remember preferences, generate statistics, and conduct marketing activities (where consent is granted).
  2. Cookie settings may be managed via browser settings. Restricting cookies may affect Website functionality. Detailed information is available in a separate Cookie Policy.

§11. Data Security

We apply appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure. Access is limited to authorized persons only.

§12. Changes to the Privacy Policy

  1. We reserve the right to make changes to this Privacy Policy, in particular in the event of:
    1. changes in applicable law,
    2. changes in the manner of providing services or the functioning of the Website,
    3. changes in the technologies or tools used.
  2. The current version of the Privacy Policy is always available at skylinevillas.pl.
  3. The changes are effective from the date of their publication on the Website, but the Privacy Policy in force at the time of conclusion of the contract applies to reservations and contracts concluded before the change.