Information clauses/KSeF

Information Notice on the Processing of Hotel Guests’ Personal Data.

 

The controller of your personal data is Koncept 2000 + Sp. z o.o. Spółka komandytowa, with its registered office in Warsaw (02-148), at ul. Komitetu Obrony Robotników 24, NIP (Tax Identification Number): 5223091597.

You may contact the data controller by email at: ado@airporthotel.pl

 

Provision of Personal Data

The provision of your personal data is voluntary; however, it is necessary for the conclusion and performance of a contract for hotel services. Failure to provide the required data will make it impossible to enter into the contract or to provide the services.

 

Purpose and Legal Basis for Processing

Your personal data will be processed for the following purposes: the performance of a contract for hotel services at Airport Hotel Okęcie, or in order to take steps at your request prior to entering into such a contract (Article 6(1)(b) of the GDPR); ensuring compliance with legal obligations, including those relating to tax and accounting requirements (Article 6(1)(c) of the GDPR);

the pursuit of the Controller’s legitimate interests, such as establishing, exercising or defending legal claims (Article 6(1)(f) of the GDPR).

 

Categories of Personal Data

The following categories of personal data may be processed: given name and surname; date of birth; address; contact details (telephone number and email address); identification document number (passport number in the case of non-UK nationals); bank account number and/or credit card details; tax identification number (where a VAT invoice is requested).

 

Data Retention Period

Personal data will be processed for the period necessary to perform the contract for the provision of hotel services. Thereafter, personal data processed for the purpose of complying with legal obligations will be retained for the period required by applicable law, namely for up to 5 years from the end of the calendar year in which the service was provided. Personal data processed for the purposes of the Controller’s legitimate interests, namely the establishment, exercise or defence of legal claims, may be retained until the expiry of the applicable limitation period. Notwithstanding the above, personal data stored in the electronic reservation system will be retained for a period of 1 year, after which it will be limited to the guest’s first name and surname.

 

Sources of Personal Data

Where a reservation is made directly with the Hotel or via its website, the data is obtained directly from the individual making the reservation. Where a reservation arises as a result of a delayed or cancelled flight, the data is obtained from the airline or a relevant intermediary. Where a reservation is made via an intermediary or booking platform, the data is obtained from that intermediary.

 

Recipients of Personal Data

Your personal data may be shared with entities processing data on behalf of the Controller for the purpose of providing services necessary for the performance of the contract, including: IT service providers (e.g. hosting and system maintenance); accounting service providers; legal advisers; postal or courier service providers. Such entities process personal data on our behalf, on the basis of a contract concluded with us, and solely in accordance with our instructions

Where the reservation is related to a delayed or cancelled flight, your name may also be shared with an agent responsible for handling the settlement of the reservation.

 

Rights of Data Subjects

You have the following rights in relation to your personal data:

1. the right to access your data and obtain a copy of it;

2. the right to withdraw your consent at any time, where processing is based on consent;

3. the right to request the rectification of data;

4. the right to request the restriction of processing where there are concerns regarding the accuracy or lawfulness of the processing;

5. the right to request the erasure of data processed without a valid legal basis;

6. the right to lodge a complaint with the Personal Data Protection Office (UODO).

 

Automated Decision-Making

The Controller does not carry out automated decision-making, including profiling.

 

Transfers of Data Outside the EU

There are no plans to transfer your personal data to third countries. 

 

Information on Structured Invoices in KSeF

In connection with the introduction of the obligation to issue structured invoices via the National e-Invoicing System (KSeF), please note the following, in accordance with the amendment to the VAT Act of 11 March 2004 (Poland) (Journal of Laws 2025, item 1811): From 1 April 2026, Koncept 2000 + Spółka z ograniczoną odpowiedzialnością Spółka komandytowa, with its registered office in Warsaw (02-148), at 24 Komitetu Obrony Robotników Street, NIP (Tax Identification Number): 522-30-91-597, KRS No. 0000677015, will be required to issue structured invoices via the KSeF system for all domestic and foreign entities, with the exception of natural persons not conducting business activities.

The KSeF system does not send automatic notifications of issued invoices. Each buyer obliged to use KSeF is responsible for independently downloading invoices from the system.

As a rule, the company will not notify Polish contractors of invoices made available in KSeF.

Invoices issued to foreign entities will additionally be sent by email on the next working day, in addition to being made available via the KSeF system.