This privacy policy and the use of cookies (hereinafter referred to as “Privacy Policy”) constitutes a set of rules for the processing of personal data and the collection of cookies on the websites of Lemon Resort SPA (hereinafter referred to as “Website”). This Privacy Policy is addressed to all persons who visit www.lemonresort.pl, contact the Administrator of personal data (by phone, e-mail, via the contact form), are employees, associates or representatives of the contractors of the Personal Data Controller (hereinafter referred to as “Users”). Before using the Website, the User should read the Privacy Policy. The Privacy Policy defines the principles of processing and protection of personal data of persons using the Website. The purpose of the Privacy Policy is, inter alia, to fulfil the information obligation referred to in Article 13 (1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter: GDPR”.

PRIVACY POLICY

Personal data administrator

The administrator of Users' personal data is GND spółka z ograniczoną odpowiedzialnością spółka jawna with its registered office in Krakow (KRS: 0000485688), Plac na Groblach 21, 31-101 Kraków (hereinafter referred to as “Administrator”). Users can contact the Administrator as follows:

1) by letter to the address: Plac na Groblach 21, 31-101 Kraków

2) via e-mail: recepcja@lemonresort.pl

3) by phone: +48 (18) 440 58 00

Data Protection Officer

We have appointed a Data Protection Officer (hereinafter referred to as “the Inspector”). This is the person with whom the User can contact in all matters concerning the processing of personal data and the exercise of rights related to the processing of data. The Inspector can be contacted as follows:

1) by letter to the address: Gródek nad Dunajcem 83

2) via e-mail: iod@lemonresort.pl

3) by phone: +48 (18) 440 58 00

Purposes of personal data processing and legal basis for processing

Users' personal data will be processed for the following purposes and based on the following legal bases:

1) Answering queries addressed by Users and contacting Users in matters with which they have approached the Administrator using, among others, the request “send contact by e-mail”, sending a message to the Administrator's e-mail address. The legal basis for data processing is the legitimate interest of the Controller (Article 6 (1) (f) of the GDPR), consisting in the need to respond to Users.

2) Contacting Users in current matters, including in particular the performance of contracts between the Administrator and the User, the User's employer or the entity that the User represents, presenting offers, receiving orders and orders, answering questions. The legal basis for data processing is the legitimate interest of the Controller (Article 6 (1) (f) of the GDPR), consisting in the need of ongoing contact with the Controller's contractors.

3) Execution of contracts concluded between the Administrator and the User, the User's employer or the entity that the User represents, including accepting and executing orders, placing orders, concluding contracts, performing accounting activities, accounting services, debt collection. The legal basis is the necessity to perform the contract or take actions prior to the conclusion of the contract with the User (Article 6 (1) (b) of the GDPR), as well as the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR), consisting in the need for proper execution of contracts with contractors.

4) Subscribing and sending the newsletter - Newsletter - containing, among others, information related to the Lemon Resort Spa Hotel, Manaw Spa and Lemon Restaurant as well as services available from the Administrator. The legal basis is the consent to the processing of personal data expressed by the User (legal basis - Art. 6 para. 1 lit. a GDPR).

5) Fulfillment of legal obligations incumbent on the Administrator, including in particular those resulting from the provisions of tax law (legal basis - Article 6 (1) (c) of the GDPR).

6) Determining, securing and pursuing possible claims both on the part of the Administrator and the User. The legal basis is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR), consisting in the possibility of establishing, pursuing or defending claims.

Recipients of data (categories of recipients)

Users' personal data may be made available to external entities providing to the Controller, such as legal, auditing and accounting services, as well as IT service providers, including e-mail. The Administrator may share personal data only with entities with whom he has a contract for entrusting the processing of personal data. Users' personal data will not be transferred to a third country or international organization.

Period of storage of personal data

We will store your data for the period necessary to achieve the purposes set out above. If:

1) the User's personal data are processed in connection with the performance of the contract concluded with the User, his/her employer or the entity whose User represents we will store them for the period of performance of the contract and to the extent necessary - for 5 years counting from the end of the calendar year in which the deadline for payment of tax due in connection with the conclusion and execution of the contract expired or longer, if required by law;

2) The User has contacted the Administrator — his/her data will be processed for the period necessary for the purposes of contacting the User and for a period of 1 year from the end of the contact;

3) The User subscribed to the Newsletter — his/her data will be processed for the period of subscribing to the Newsletter — until the withdrawal of consent to its subscription. If the User's personal data are no longer necessary for the purposes for which they were processed, the Administrator will store them in order to determine, investigate or defend against possible claims both on the part of the Administrator and the User only for the periods of limitation of claims specified in the law.

Consequences of not providing personal data

In addition to cases where providing personal data is a legal requirement, providing personal data is entirely voluntary, but failure to provide it will hinder or prevent us from achieving the purposes set out above.

Information on automated decision-making

Users' data will not be processed in an automated manner, including it will not be processed in the form of profiling.

Rights related to the processing of personal data

The User has the following rights related to the processing of personal data:

1. The right to access personal data, the right to request rectification, erasure or restriction of the processing of personal data, provided that these rights are not excluded or limited by law.

2. The right to object to the processing of personal data due to the particular situation of the User — in cases where the User's personal data are processed on the basis of our legitimate interest.

3. With regard to data processed on the basis of consent, the right to withdraw consent to the processing of personal data at any time, while the withdrawal of consent does not affect the lawfulness of the processing, which was carried out on the basis of consent before its withdrawal.

4. The right to portability of personal data, i.e. the right to receive personal data in a structured, commonly used machine-readable IT format. You may transfer this data to another data controller or request that we transfer the data to another controller. However, we will only do so if such a message is technically possible.

5. The right to lodge a complaint with the body - the President of the Office for Personal Data Protection.

6. Other rights resulting from generally applicable law.

To exercise the above rights, please contact us or the Inspector.

COOKIES

What are cookies?

Cookies are Internet data, in particular text files, which are stored in the User's terminal device (computer, mobile phone, tablet). First of all, they contain the name of the website of their origin, their unique number, the duration of storage on the terminal device. By means of cookies, statistical information about Users' traffic, Users' activity and how the Website is used are provided to the Administrator. They allow you to customize content and services to your preferences.

The term “cookie” refers to cookies and other similar tools described in Directive 2009/136/EC of the European Parliament concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) and Article 173 of the Telecommunications Law.

What are cookies used for?

In connection with our use of cookies, we provide the most important information about their use.

1) The mechanism of cookies is not used to obtain any information about the Users, except for information about their behavior on the Website.

2) The Administrator stores cookies on Users' computers in order to:

a. proper adjustment of the Website to the needs of Users and optimization of the use of websites;

b. remembering the User's preferences and individual settings, recognizing the User's device and appropriate display of the website tailored to his/her needs (full version, mobile version of the website);

c. creating viewership statistics of the Website, which help to understand how Users use websites, which allows improving their structure and content;

d. maintaining the User's session (after logging in), thanks to which the User does not have to re-enter the login and password on each subpage of the Website;

e. saving the data of the basket in the online store so that after visiting the Website again, you do not lose them.

What types of cookies do we have?

Two main types of cookies are used within the Website:

- “session cookies” and

- “persistent” (“persistent cookies”).

“Session” cookies are temporary files that are stored on the User's end device until logging out, leaving the website or turning off the software (web browser). “Persistent” cookies are stored on the User's terminal device for the period specified in the parameters of cookies or until they are deleted by the User. The following types of cookies are used as part of the Website:

- “necessary” cookies, enabling the use of services available on the Website, e.g. authentication cookies used for services requiring authentication within the Website;

- cookies used to ensure security, e.g. used to detect fraud in the field of authentication within the Website;

- “performance” cookies, enabling the collection of information about the method of using the Website's websites;

- “functional” cookies, enabling “remembering” the settings selected by the User and personalizing the User interface, e.g. in terms of the selected language or region from which the User comes, font size, appearance of the website, etc.

How to block cookies?

In many cases, web browsers allow cookies to be stored in the User's terminal device by default. Users of the Website may change the settings regarding cookies at any time, e.g. in this way to block the automatic handling of cookies or to inform about each time they are placed on the Website User's device. Detailed information about the possibilities and methods of handling cookies is available in the browser settings or on the following websites:

- in Internet Explorer

[link https://support.microsoft.com/pl-pl/products/windows?os=windows-10]

- in Mozilla Firefox

[link - https://support.mozilla.org/pl/kb/ciasteczka]

- in Chrome

[link - https://support.google.com/chrome/answer/95647?hl=pl]

- in Safari

[link - https://support.apple.com/pl-pl/HT201265]

- in the Opera browser

[link - http://help.opera.com/Linux/9.22/pl/cookies.html]

The Administrator informs, however, that limiting the use of cookies may affect some of the functionalities available on the Website's websites.