Privacy Policy
  /  Privacy Policy

The administrator of your personal data, i.e. the entity deciding about the purposes and methods of their processing, is Apartgdynia spółka z ograniczoną odpowiedzialnością, seat: Gdynia, address: ul. Hutnicza 1 A, 81-212 Gdynia, entered into the Register of Entrepreneurs kept by the District Court Gdańsk-Północ in Gdańsk, 8th Commercial Division of the National Court Register, under KRS number: 0000773569, NIP: 9581699092 and REGON: 382645040, with a share capital of PLN 5,000.00 (“Administrator”).

Out of concern for the security of the entrusted personal data, the Administrator operates on the basis of internal procedures and recommendations, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on free movement of such data and the repeal of Directive 95/46 EC (“GDPR”)



If you want to contact us in connection with the processing of personal data, you can do so: by e-mail at: biuro@apartgdynia.pl or in writing – by traditional mail at the address indicated above.


Processing of personal data

Personal data is processed when:

  • you enter our Website,
  • you use our services, in particular you conclude a hotel service agreement with us,
  • it results from the obligation imposed on us by law,

In certain cases, it may be necessary to use your data to resolve legal disputes, in the case of official proceedings, in matters related to compliance with the law,

In the event that you use our website, we may process data such as IP address and data related to the profiling process.

In the event that you use our services, and in the event of possible claims, we may process personal data such as: name and surname, address, other contact details (telephone number, e-mail), in the case of foreigners – passport number, account number bank or credit card, tax identification number (when issuing an invoice).


Do I have to provide data?

Providing data is voluntary, however, some of your data may be necessary to use our services and provide them properly. In addition, some of your data is necessary for us to be able to meet the requirements of the law referred to below.


For what purpose are personal data processed?

We process your personal data in order to take action on your request (e.g. response to an inquiry), for the purpose necessary to conclude and perform the contract and further provide the service.

The processing of some of your personal data is also necessary in order to fulfill our obligations under the law, regarding, for example, the obligation to store certain data for a specific period of time, collect certain information for the purpose of user verification and identification, or transfer data to authorized bodies or entities, e.g. resulting from:

1) the Act of September 29, 1994. about accounting,

2) the Act of March 11, 2004. on tax on goods and services,

3) the Act of November 16, 2000 on counteracting money laundering and terrorist financing,

If we decide to process your data for a purpose other than that we have collected it, we will inform you about it and ask for your consent, if required by law.

Legal basis for the processing of personal data

Personal data is processed in accordance with the GDPR. The legal basis for the processing of personal data is: consent, conclusion and performance of the contract, fulfillment of obligations under applicable law and the implementation of the legitimate interest of the Administrator.


How long is personal data stored?

For individual cases, the data processing time is as follows:

1) if we process your data on the basis of a contract, the processing will continue as long as the contract is in force and the period of limitation of any claims,

2) if you have consented to the processing for a specific purpose, we will process your personal data until you withdraw your consent, after which we will delete it immediately,

3) data that we process based on the legitimate interest of the data controller – the processing period lasts until the termination of the above-mentioned interest (e.g. the limitation period for civil law claims) or until the data subject objects to further processing – in situations where such objection is permitted under the law,

4) data processed in order to fulfill our obligations under applicable law, we will process as long as it results from these provisions.


Data recipients

The recipients of the data are persons authorized by the Administrator to use the data as part of their official duties, to whom the Administrator orders such activities.

In some situations, we have the right to transfer your data if it is necessary to enable us to perform our services, fulfill our obligations and duly comply with applicable law.

When performing some of the tasks (including destroying documents, storing data, accounting and HR and payroll services, legal services, marketing services, IT services) we use the help of external entities. In justified cases, the appropriate authorities will also receive them from us.

In this case, we entrust personal data to subcontractors in the implementation of a specific purpose at our request (under the Data Entrustment Agreement), still being the Administrator of your data and responsible for their security.

We will only provide data to three groups:

1) persons authorized by us, our employees and associates who must have access to data in order to properly perform their duties,

2) processors to whom we commission this task in order to achieve a specific purpose (e.g. an accounting office, a law firm, an IT company),

3) other recipients of data (e.g. law enforcement authorities, banks in the event of their request for information based on an appropriate legal basis in accordance with applicable law).


Data sharing

We do not share your data with third parties or persons, except in situations where:

1.you have given your voluntary consent to such sharing. The consent previously given may be revoked by you at any time, in the same simple way as it was submitted.

  1. disclosure is necessary for the performance of the contract (including booking) or the provision of the service.

3.in special cases, your data may be made available to entities authorized to do so on the basis of generally applicable provisions of law (e.g. law enforcement authorities, a statutory auditor for the purpose of auditing the financial statements).

Each application for disclosure is thoroughly examined by us,

and the transfer of data takes place only if, as a result of this analysis, we find that there is a valid and effective legal basis to request the disclosure of your data to these entities.



In the scope of processing the data of persons using the website, the Administrator uses other cookies. Users are informed about the use of cookies when they first visit the Controller’s website. The acceptance of cookies depends on the User.


Cookies are small text files saved on the user’s computer or other mobile device while using the websites. These files are used, among others using various functions provided on a given website or confirming that a given user has seen certain content from a given website. Among the cookies, we can distinguish those that are necessary for the operation of www.apartgdynia.pl websites.

– cookies with data entered by the User (session ID) for the duration of the session (user input cookies)

– authentication cookies used for services that require authentication for the duration of the session (authentication cookies)

– cookies used to ensure security, e.g. used to detect fraud in the field of authentication (user centric security cookies)

– multimedia player session cookies (e.g. flash player cookies), for the duration of the session (multimedia player session cookies)

– persistent cookies used to personalize the User interface for the duration of the session or slightly longer (user interface customization cookies)

– cookies used to monitor traffic on the website, i.e. data analytics, including Google Analytics cookies (these are files used by the Google company to analyze how the User uses the Website, to generate statistics and reports on the functioning of the Website). Google does not use the collected data to identify the User and does not combine this information to enable identification.


Personal data transferred outside the European Union

Personal data is not transferred outside the European Union or the European Economic Area. However, with regard to the use of cookies, some of our suppliers are based outside the EEA. We made sure that our suppliers guarantee a high level of personal data protection. We minimize the scope of data sent outside the EEA. At the same time, in the case of using SCC, we verify whether there is a risk of personal data protection breach by these entities outside the EEA, e.g. what the data protection process looks like and whether the shared data may potentially be of interest to third countries.


Personal data protection

The Administrator makes every effort to ensure physical, technical and organizational measures to protect personal data against accidental or intentional destruction, accidental loss, alteration, unauthorized disclosure, use or access, in accordance with all applicable regulations.



In connection with the processing of your personal data, you have the following rights:

1) to information on the processing of your personal data, the so-called “Information obligation” (in accordance with Articles 12 and 13 of the GDPR),

2) access to the content of your personal data (in accordance with Article 15 of the GDPR),

3) submit a request to rectify your personal data (in accordance with Article 16 of the GDPR), i.e. correct incorrect data and supplement incomplete data,

4) submit a request to limit the processing of your personal data (in accordance with Article 18 of the GDPR),

5) the right to submit a request to transfer your personal data to another Administrator (in accordance with Article 20 of the GDPR),

6) object to the processing of data for reasons related to your particular situation (in accordance with Article 21 (1) of the GDPR), however, this right is not absolute – i.e. despite the objection, we will still be able to process your personal data, if we prove that there are valid, legitimate grounds for processing, overriding rights and freedoms or grounds for establishing, investigating or defending claims,

7) object to the processing of your personal data for the purposes of direct marketing, to the extent to which the processing is related to such direct marketing. This objection does not require justification or conditions of effectiveness – in this case, we will no longer be able to process your personal data for direct marketing purposes. Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.

8) submitting a request to delete your personal data (in accordance with Article 17 of the GDPR) – the so-called “Right to be forgotten”, you can exercise this right, for example, when:

  1. a) The administrator processes your personal data unlawfully,
  2. b) you object to data processing for marketing purposes,
  3. c) the data must be deleted for the Administrator to fulfill

from an obligation resulting from legal provisions;

You can exercise the above rights by submitting an appropriate statement to the Administrator. Contact details can be found at the beginning of this Privacy Policy.


Any other questions, concerns or complaints

Should you have any questions, concerns or doubts regarding the content of this Privacy Policy or the manner in which we process personal data, as well as complaints regarding these matters (although we hope that there will be no need to file such complaints), please send an email along with details of the complaint to the address indicated above. Any complaints we receive will be investigated and we will respond to them.

Persons whose personal data are processed by the Administrator also have the right to lodge a complaint with the supervisory body, which is the Inspector General for Personal Data Protection (address: Inspector General for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw).


Are changes to this Privacy Policy possible and when?

We undertake to regularly review this Privacy Policy and amend it when it proves necessary or desirable due to: new legal regulations, new guidelines of authorities responsible for supervision over personal data protection processes, best practices applied in the area of ​​personal data protection ( Codes of good practice, if the Administrator is bound by such Codes, about which we will inform you). We also reserve the right to change this Privacy Policy in the event of changes in the technology with which we process personal data (if the change affects the wording of this document), as well as in the event of changes in the methods, purposes or legal grounds for processing personal data by us.