EN
image image
logo
EN
logo
alt text

GDPR

Personal Data Administrator. Contact. The administrator of personal data is Topacz Investments sp. z o.o., headquartered in Ślęza (55-040), ul. Templariuszy 1, registered in the National Court Register under number: 0000146720, NIP: 8961338394, REGON: 932880809, e-mail: ado@zamektopacz.pl, phone: +48 71 771 99 99, hereinafter referred to as "Administrator". You can also contact the Administrator via the contact form available [here]. Purpose and legal basis for processing personal data by the Administrator. Your personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR). The processing of personal data before concluding a contract is necessary to take action at the request of the person to whom the data relates (Article 6(1)(b) GDPR), in particular for conducting discussions regarding planned reservations. In the case of contract conclusion, processing is necessary for its performance (Article 6(1)(b) GDPR), including fulfilling legal obligations imposed on the Administrator (Article 6(1)(c) GDPR) or pursuing claims (Article 6(1)(f) GDPR). Marketing activities conducted via your e-mail or phone (sending unsolicited commercial information) are carried out only with your consent. While processing in this scope could be justified by the legitimate interest of the Administrator (Article 6(1)(f) GDPR), the legislator requires obtaining separate consents for this purpose. Voluntariness of providing personal data. Providing your personal data is voluntary; however, refusal to provide data may prevent the use of services provided by the Administrator or responding to inquiries about the offered services or products. Please remember that when the only basis for processing your personal data is your consent, we cannot process your data without it. Similarly, if you expect the Administrator to take action to conclude a contract, this would not be possible without providing your personal data. The Administrator collects only the necessary personal data, including those required by applicable laws. Rights towards the Administrator. Each data subject has the following rights: access to personal data, rectification, erasure, restriction of processing, objection to processing, data portability, and withdrawal of previously given consent for data processing. You also have the right to lodge a complaint with the President of the Personal Data Protection Office. The scope and conditions of exercising these rights are determined by the GDPR. Retention period of personal data. Your personal data is stored for the period necessary to carry out actions at your request. After contract conclusion, data is stored until the expiration of claims (either from the Client towards the Administrator or vice versa) and until the legally required retention period for contract-related documentation has elapsed. If the basis for processing is consent (e.g., for marketing purposes), withdrawal of consent (possible at any time) does not affect the lawfulness of processing carried out before withdrawal. Personal data provided in connection with voluntary marketing consents is generally processed until consent is revoked, unless a shorter retention period is specified. Recipients of data. Data will only be shared with the following recipients: persons authorized by the Administrator to process personal data and entities processing data on behalf of the Administrator under agreements, including tax advisors, accounting firms, and providers of accounting, IT, or auditing services. If required by law, personal data may also be shared with state authorities or third parties. No automated data processing. Your personal data will not be processed in an automated manner, including profiling. Transfer of personal data to third countries or international organizations. The Administrator does not intend to transfer personal data to third countries or international organizations. If such a transfer is planned, you will be explicitly informed, and the transfer will be carried out in full compliance with the GDPR, based on appropriate legal safeguards, including standard contractual clauses approved by the European Commission.