Information Obligation

Personal data processing

Pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, we would like to present the most important information on our obligations stemming from GDPR.

Who is my personal data Controller?

Your personal data Controllers are the following companies: Qubus Hotel Management sp. z o.o. in Wrocław (KRS 0000014268 and Alto Hotels sp. z o.o. in Wrocław (KRS 0000077601), both with the registered address at: ul. Skierniewicka 18, 53-117 Wrocław.

On what grounds and for what purpose are my personal data used?

Your personal data may be processed for the purpose of performing the agreement on provision of hotel services, including management of reservations and stays in our hotels and ADO’s legal obligations (e.g. settlement of all dues resulting from the agreement) pursuant to Article 6(1)(b) of GDPR.

In certain cases, personal data may also be processed on the basis of:

– Legitimate interests of the Data Controller, including direct marketing of their products and services, fraud prevention, maintenance of a relationship with clients and striving to improve the comfort of hotel stay pursuant to Article 6(1)(f) of GDPR.

– Consent, including to participate in certain Qubus Hotel programs, e.g.: promotion and marketing of products and services offered by the hotels, satisfaction surveys pursuant to Article 6(1)(a) of GDPR.

How long will my personal data be stored?

– The data will be processed during the period of using the services and until statute of limitation on claims for agreement execution expires.
– However, your personal data processed for the purposes of promotion and marketing of products and services offered by Qubus Hotel, including sending commercial information via electronic means to the indicated email address (in the case of consent to these purposes) will be processed until withdrawal of the consent.
– Data processing for legitimate purposes will take place no longer than 5 years after the most recent contact.

Who may access my personal data?

Additionally, your personal data may be shared with or transferred to the following categories of recipients:

– Transport and taxi companies in case of ordering transport or courier service for a Guest;
– Companies providing IT services and IT support;
– Companies providing accounting services;
– Companies providing legal services;
– Companies providing marketing services for the hotel;
– Companies providing other services requested by Guests;
Personal data may also be transferred to third countries (outside the European Economic Area), in which case appropriate security measures will be implemented. If your data are transferred, you can get access to the data and information on the security measures implemented and on the place where the data are shared.

What are my rights relating to my personal data processing?

You have the right to access your data and the right to rectify, delete, limit processing, the right to move data, the right to object, the right to withdraw your consent at any time and the right to lodge a complaint with the competent supervisory authority.

What can I do if I do not want to have my personal data processed any further?

If you have given a consent to the processing of your data, you can withdraw it at any time without incurring any costs or negative consequences by submitting your request directly to the hotel reception or to the Data Protection Officer available by email: iod@qubushotel.com – if you need more information on data processing, including on exercising your rights, please contact the Data Protection Officer.