Our hotels
en
Gdańsk Focus Hotel *** Focus Premium Apartments Focus Hotel Premium ****
Szczecin Focus Hotel *** Grand Focus Hotel ****
Katowice-Chorzów Focus Hotel ***
Bydgoszcz Focus Hotel Premium "Pod Orłem" **** Focus Hotel Premium ****
Łódź Focus Hotel ***
Sopot Focus Hotel Premium ***
Poznań Focus Hotel ***
Lublin Focus Hotel Premium **** Focus Hotel Premium Conference & SPA****
Elbląg Focus Hotel Premium ****
Warszawa Focus Hotel Premium ****

Privacy policy

Privacy policy

PRIVACY POLICY

 

 

  1. Definitions
  1. Controller – Focus Hotels S.A. with its registered office at ul. Plac Kościeleckich 3, 85-033 Bydgoszcz, NIP: 9671347422, REGON: 341041740
  2. Personal data – information about an identified or identifiable natural person; an identifiable natural person is a person who can be identified, directly or indirectly, by one or more factors specifying a physical, physiological, genetic, mental, economic, cultural or social identity.
  3. GDPR – Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
  4. Policy – this Privacy Policy.
  5. User – any natural person visiting the Website or using one or more of the services described in the Policy, as well as any natural person whose personal data are processed by the Controller, e.g. visiting the Controller’s premises, using its services or sending an inquiry to it in any form.
  6. Website – a website run by the Controller at /.

 

  1. Introduction
  1. The purpose of this Policy is to define the principles, method of processing and use of Users’ Personal Data. The Policy also contains information concerning the rights of natural persons with respect to personal data provided by them. The legal basis for the Policy is Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. This Policy constitutes the implementation by the Controller of the obligations resulting from Articles 12, 13 and 14 of GDPR.
  2. The Policy applies to the Website, application or service referring to it, as well as to data provided through them, by phone, electronically or in person at the Controller’s registered office and in other places where the Controller pursues business activity.
  3. In connection with the business activity pursued by the Controller, as well as the use of the Website by the User, the Controller collects data to the extent necessary to provide individual services offered. The detailed principles and purposes of Personal Data processing are described below.

 

  1. Contact with the Controller and the Data Protection Officer

In all matters related to personal data processing, you can contact the Controller at the above-mentioned address of the registered office or by e-mail: iod@focushotels.pl

 

The Controller appointed a Data Protection Officer, who can be contacted at the following e-mail address: iod@focushotels.pl or by mail to the Controller’s address indicated above with the note “Data Protection Officer”.

 

  1. Purposes and legal basis for Personal Data processing

The Controller processes personal data in accordance with the business profile, for the purposes indicated below. If, due to the provisions of law, the properties of the service or the need to settle it, there is a need to process other personal data of data subjects, the Controller will process them to the necessary extent.

 

  1. Placing orders / making reservations

Placing an online order / making a reservation by the Website User is associated with the processing of their personal data. Providing data marked as mandatory is required for the purpose of accepting and handling an order / make a reservation, and failure to provide those results in the non-execution of the order.

Personal data are processed for the purpose of executing the placed order / making the reservation – the legal basis for the processing is the necessity of processing before the performance of the agreement (Article 6(1)(b) of GDPR), and in the case of providing data concerning health, the legal basis is the consent (Article 9(2)(a) of GDPR);

The data are processed no longer than until the limitation of claims.

 

  1. Implementation of services provided by the Controller

Data processing is necessary for performing the agreement concluded with the customer with regard to providing hotel, catering or other services offered by the Controller.

Personal data are processed:

  1. for the purpose of performing the agreement or taking steps at the request of the data subject before the conclusion of the agreement – (Article 6(1)(b) of GDPR);
  2. for the purpose of complying with legal obligations incumbent on the Controller, arising in connection with the performance of the agreement (in particular, resulting from, e.g. tax legislation, acts of local law) – the legal basis for the processing is a legal obligation (Article 6(1)(c) of GDPR).

The data are processed no longer than until the limitation of claims or the expiry of liabilities (in the case of tax liabilities, it will be 5 years, counting from the end of the calendar year in which the tax payment deadline expired, pursuant to Article 70 of the Act of 29 August 1997 Tax Ordinance).

 

  1. Sending commercial/marketing information, newsletter, satisfaction survey

In the event of expressing the consent to receive marketing/commercial information from the Controller by electronic means and/or telephone (including a newsletter or satisfaction survey), Personal Data are processed for the purpose of providing the above-mentioned information. 

 

The legal basis for Personal Data processing is the Controller’s legitimate interest in connection with the consent expressed – Article 6(1)(f) of GDPR in conjunction with Article 10 of the Act on the provision of electronic services or Article 172 of the Telecommunications Law, consisting in building the image and conducting marketing activities, sending special offers, information about new products or services, invitations to participate in promotions. The data are processed for the duration of marketing activities, until the consent to receive commercial information is withdrawn, the data subject effectively lodges an objection or the Controller’s legitimate interest ceases. At any time, the User has the right to withdraw their consent to receive commercial information. This can be done by clicking the appropriate resignation link contained in the marketing message sent or by contacting the Controller directly.

 

  1. Contact (by e-mail, letter, phone, chat or form)

The Controller provides the possibility of contacting it using electronic contact forms, chat, by e-mail, letter or phone. The use of the form requires providing personal data necessary to contact the User and respond to the inquiry. The User may also provide other data to make contact or handling the inquiry easier. Providing data marked as mandatory is required for the purpose of accepting and handling the inquiry and failure to provide them results in the impossibility to respond. Providing other data is voluntary. In the case of sending inquiries to the Controller by phone, e-mail or traditional correspondence, personal data contained in this correspondence are processed for the purpose of communication and solving the matter to which the contact established relates.

 

The legal basis for personal data processing is the Controller’s legitimate interest – Article 6(1)(f) of GDPR, consisting in ensuring contact with the Controller and providing answers to the questions asked, regardless of the communication channel. The period of data processing depends on the subject of the matter that is the subject of the contact, but not longer than the period of limitation of claims.

 

  1. Video surveillance

Video surveillance is used to ensure the safety of people staying at the Controller’s facilities and to protect property. The use of surveillance as regards personal data processing takes place pursuant to Article 6(1)(c) of GDPR in conjunction with Article 22² § 1 of the Labour Code. In the case of other persons, other than those employed under a contract of employment (i.e. the Controller’s associates and other persons using the Controller’s services or staying at the Controller’s facilities), personal data processing takes place pursuant to Article 6(1)(f) of GDPR, i.e. the Controller’s legitimate interest (such legitimate interests are the purposes of processing, consisting in ensuring the safety of persons and property).

Images from surveillance can be made available to authorised state authorities. Personal data processed by the video surveillance system will be stored for a period not longer than 3 months, unless due to special circumstances, the recordings will constitute evidence in proceedings conducted pursuant to the legislation or the Controller receives information that they may constitute evidence in proceedings, then the storage period of the recording will be extended pending the valid conclusion of such proceedings.

 

  1. Collecting data as part of business contacts

In connection with the business activity pursued, the Controller collects personal data, e.g. during business meetings or through the exchange of business cards for the purposes related to initiating and maintaining business contacts.

 

Such personal data are processed for the purpose of pursuing the Controller’s and its contractor’s legitimate interest (Article 6(1)(f) of GDPR) consisting in creating a network of contacts in connection with the business activity pursued. The data are processed for the duration of business relations, until the data subject effectively lodges an objection or the Controller’s legitimate interest ceases.

 

  1. Processing of personal data of the Controller’s customers or members of contractors’ staff.

In connection with concluding agreements as part of the business activity pursued, the Controller obtains from contractors/customers the data of persons involved in the performance of such agreements (e.g. data of persons authorised to contact, performing orders, etc.). The scope of the data transferred is in any case limited to the extent necessary for the performance of the agreement and usually does not include information other than the name, surname and business contact details.

 

Such personal data are processed for the purpose of pursuing the Controller’s and its contractor’s legitimate interest (Article 6(1)(f) of GDPR) consisting in enabling the proper and effective performance of the agreement. The data are processed for the duration of cooperation, and then until the limitation of claims.

 

  1. Career

Personal data may be processed for the purposes of the current recruitment process, as well as for the purpose of taking part in future recruitments. Candidates’ personal data are processed only for the purpose of conducting the recruitment process, assessing candidates’ qualifications, conducting interviews and selecting a right candidate for a given position. The legal basis for personal data processing to the extent necessary to take steps aimed at concluding a contract is Article 6(1)(b) of GDPR. The data may be processed pursuant to Article 6(1)(c) of GDPR in conjunction with Article 22(1) § 1 of the Labour Code and pursuant to Article 6(1)(a) of GDPR, i.e. the consent of the data subject (in the case of sending an image or other information not required by the Controller or expressing consent to data processing for the purposes of future recruitment). Personal data will be processed until the limitation of claims.

 

  1. Fulfilment of legal obligations imposed on the Controller

The Controller processes the Users’ Personal Data in connection with implementing legal obligations imposed on it, concerning, among others, keeping accounts and accounting documentation, as well as exercising the rights of data subjects.

 

Such personal data are processed pursuant to Article 6(1)(c) of GDPR – processing is necessary to comply with a legal obligation incumbent on the Controller until the expiry of those obligations, in accordance with applicable law.

 

  1. Establishment, exercise, and defence of claims

In order to establish, exercise, and defend claims, the Users’ personal data that have been provided by them to the Controller will be processed.

 

The legal basis for personal data processing is Article 6(1)(f) of GDPR, which allows to process personal data for the purpose of establishing, exercising or defending claims, which is the implementation of the Controller’s legitimate interest. Personal data will be processed up until the moment of limitation of claims.

 

  1. Use of the Website (including having an account on the Website)

Personal data of all persons using the Website (including IP address or other identifiers and information collected through cookies or other similar technologies) are processed by the Controller:

  1. for the purpose of providing services by electronic means in the scope of making the content collected on the Website available to Users or to execute orders – then, the legal basis for processing is the necessity of processing for the performance of the agreement (Article 6(1)(b) of GDPR);
  2. for analytical and statistical purposes – then, the legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) of GDPR), consisting in analysing the Users’ activity, as well as their preferences so as to improve the functionalities used and the services provided;
  3. for the purpose of establishing and exercising or defending claims – the legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) of GDPR), consisting in the protection of its rights.

 

The User’s activity on the Website, including their personal data, is processed mainly for purposes related to the provision of services. The Controller also processes them for technical and administrative purposes, for the purpose of ensuring the security of the IT system and managing this system, as well as for analytical and statistical purposes – in this regard, the legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) of GDPR). The data are processed until the data subject effectively lodges an objection or the Controller’s legitimate interest ceases.

 

  1. Social media

Facebook, Instagram

As part of the Controller’s Facebook or Instagram account, the data processed are the data of persons who:

  1. subscribed to the fanpage by clicking the “Like” or “Follow” icon;
  2. published their comment on the fanpage or under any of the posts posted on the fanpage.

The Controller processes the following types of personal data:

  1. identifier (usually including the name and surname or nickname);
  2. profile picture;
  3. other photos (which may also show the personal image);
  4. content of comments;
  5. statistical data regarding persons visiting accounts.

The Controller processes the above-mentioned personal data based on a legitimate interest (Article 6(1)(f) of GDPR) consisting in: running a fanpage called Focus Hotels in the Facebook social media and focushotels.pl in the Instagram social media, so as to use them to inform about the Controller’s activity, promote events and the brand, products and services, build and maintain a community with the Controller and communicate through the available functionalities of the websites (comments, messages), keep statistics (through the analysis of data on the fanpage users’ activity), establish, exercise or defend claims.

In addition, the Controller indicates that together with Meta Platforms Ireland Limited (hereinafter referred to as “Meta Ireland”), they act as co-controllers with regard to data processing for statistical purposes. You can find more information about data processing for the purposes of website statistics under the link: https://www.facebook.com/legal/terms/information_about_page_insights_data

 

YouTube

As part of the Controller’s YouTube account, the data processed are the data of persons who:

  1. subscribed to the channel by clicking the “Subscribe” icon;
  2. published their comment under any of the videos posted on the channel.

The Controller processes the following types of personal data:

  1. user identifier (usually including the name and surname or nickname);
  2. profile picture;
  3. content of comments;
  4. statistical data regarding persons viewing videos.

The Controller processes the above-mentioned personal data based on a legitimate interest (Article 6(1)(f) of GDPR) consisting in: running a fanpage called HoteleFocus in the portal and using it to inform about the Controller’s activity, promote events and the brand, products and services, build and maintain a community with the Controller and communicate through the available functionalities of the YouTube website (publication of videos), keep statistics (through the analysis of data on the viewers’ activity), establish, exercise or defend claims.

In addition, the Controller indicates that together with Google LLC (hereinafter referred to as “Google”), they act as co-controllers with regard to data processing for statistical purposes. You can find more information about data processing for the purposes of website statistics in the Google privacy policy:

https://policies.google.com/privacy?hl=pl#intro

 

LinkedIn

As part of the Controller’s LinkedIn account, the data processed are the data of persons who:

  1. subscribed to the fanpage by clicking the “Follow” icon;
  2. published their comment under any of the posts posted on the fanpage.

The Controller processes the following types of personal data:

  1. identifier (usually including the name and surname or nickname);
  2. information in the header of the User’s profile;
  3. profile picture;
  4. content of comments;
  5. statistical data regarding persons visiting accounts.

The Controller processes the above-mentioned personal data based on a legitimate interest (Article 6(1)(f) of GDPR) consisting in: running a page/profile called Focus Hotels S.A. in the LinkedIn portal, so as to publish job offers, use the page/profile to inform about the Controller’s activity, promote events and the brand, products and services, build and maintain a community with the Controller and communicate through the available functionalities of the websites (comments, messages), keep statistics (through the analysis of data on the fanpage users’ activity), establish, exercise or defend claims.

In addition, the Controller indicates that together with LinkedIn Ireland Unlimited Company (hereinafter referred to as “LinkedIn Ireland”), they act as co-controllers with regard to data processing for statistical purposes. You can find more information about data processing for the purposes of website statistics under the link: https://pl.linkedin.com/legal/privacy-policy?

 

 

  1. Cookies

We collect cookies on our website. Cookies are small text files stored on the user’s device that are used to collect information about their activity on a website. Cookies are sent by the web server to the User’s browser and stored on their computer. Different types of cookies, such as essential, functional, analytical and advertising, have different purposes and affect the way of using the website. They allow websites to remember the User preferences, such as language, currency or page layout, which improves the user experience. Cookies are also used to analyse user behaviour or adjust the presented contents, which helps catch errors in the website interface or adjust advertising contents. In no way do cookies enable access to data other than cookies stored in the computer’s memory.

 

What cookies do we use?

 

“Essential” cookies

We use the so-called essential cookies to enable the use of basic services available on the website. Our use of essential cookies is needed for the proper functioning of the Website, without these cookies the website may not function properly. Their use is required for the provision of telecommunications services (data transmission to display contents) – the User cannot opt out of these cookies if they want to use our website, nor is the User’s consent required to install the essential cookies on their device. Examples of essential cookies include: cookies maintaining a user’s session, or cookies related to privacy settings, which remember the user’s decisions on accepting or rejecting optional cookies and result in the disappearance of the cookie banner when the user selects one of the options.

 

“Analytical” cookies

We use the so-called analytical cookies so as to improve the quality of services on the Website. Therefore, we and other entities providing analytical and statistical services for our benefit use cookies to store information or gain access to information already stored on the User’s telecommunications end device (computer, phone, tablet, etc.). Cookies used for this purpose include Google Analytics cookies used to analyse the way the website is used by the User, create statistics and reports on the functioning of the website.

Google Analytics cookies are files used by Google to create statistics and reports on the functioning of the Website, so as to analyse the way the Website is used by the User. Detailed information on the scope and principles of data collection in connection with this service may be found at the following link: https://www.google.com/intl/pl/policies/privacy/partners.

 

“Marketing” cookies

They are used to publish ads adjusted to the User preferences and allow for the display of more relevant ads. A cookie remembers what the user saw on the website and prevents the reappearance of the same ads. They are able to measure the effectiveness of advertising campaigns and monitor the number of clicks. Such information may be made available to other interested parties, such as advertisers.

 

How to manage the cookie settings?

While visiting our website when you are shown a message about our cookies. You can choose 1 of 3 options regarding cookies, i.e.:

  1. you can click Accept All. This means that we will use essential/analytical/marketing cookies.
  2. you can click Reject All. This means that we will only use essential cookies that are necessary for the proper functioning of the website.
  3. you can click on Cookie settings. This means that you can choose which cookies, in addition to essential ones, we will use.

 

Cookie settings in your browser

 

Withdrawal of consent to the use of cookies is also possible through the browser settings. Detailed information on this issue may be found at the following links:

 

 

  1. Recipients of Personal Data

In connection with pursuing activity requiring personal data processing, personal data may be disclosed to external entities.

 

Recipients of personal data entrusted to the Controller by data subjects may be the following entities, to which personal data are transferred to the minimum extent necessary to achieve the purpose(s) for which the data were acquired:

  • authorised personnel of the Controller, subcontractors and entities providing services to the Controller (among others, law firms, IT and technical support services), which must have access to the data so as to perform their duties;
  • entities processing personal data on behalf of the Controller (e.g. accounting office, technical service providers, hosting service providers);
  • competent authorities authorised in accordance with applicable law;
  • in the case of data made available on Facebook or Instagram – other users of the portals and their owners (due to the fact that information about account followers, likes, as well as the content of comments, posts and other information provided by users are public) on the terms available at https://help.instagram.com/519522125107875 or https://www.facebook.com/about/privacy
  • in the case of data made available on YouTube – other Users of the portal (due to the fact that the content of comments and other information provided by Users are public) and the owner of the portal (Google LLC) on the terms available at https://policies.google.com/privacy?hl=pl#intro.

 

The Controller declares that it does not sell, make available or transfer personal data collected for processing to other persons or institutions, unless it takes place with the express consent or upon request of data subjects, or upon request of state authorities authorised under the Act, for the purposes of their proceedings or activities related to security or defence, for tasks specified by law which are carried out for the public good, when it is necessary to fulfil legal obligations incumbent on the Controller.

 

  1. Transfer of personal data outside the European Economic Area (EEA)

The level of protection of personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers personal data outside the EEA only when it is necessary and with an appropriate level of protection, mainly by:

  1. cooperation with entities processing personal data in countries in relation to which an applicable decision of the European Commission has been issued as regards the determination of ensuring an appropriate level of protection of Personal Data;
  2. use of standard contractual clauses issued by the European Commission;
  3. application of binding corporate rules, approved by the competent supervisory authority.

 

  1. Period of Personal Data processing

The Controller processes acquired personal data for the period necessary to achieve the purpose(s) for which they were provided. The period of data processing is related to the purposes and grounds for their processing, therefore:

  • data processed pursuant to statutory requirements (e.g. tax requirements) will be processed for the time in which the legislation requires the storage of data;
  • when the basis for processing is the performance of the agreement, then data are processed by the Controller for as long as it is necessary for the performance of the agreement;
  • data processed based on the Controller’s legitimate interest will be processed until the data subject lodges an effective objection or this interest ceases. The data processed for the purpose of exercising or defending claims will be processed for a period equal to the period of limitation of these claims;
  • Data processed based on the consent will be processed until the consent expressed by the data subject is withdrawn.

The period of data processing may be extended if their processing is necessary to establish or exercise claims or defend claims, and after this period – only in the case and to the extent required by the legislation. After the expiry of the period of processing, the data are irreversibly deleted or anonymised.

 

  1. Rights of data subjects

The Controller exercises the rights of data subjects related to processing of their personal data. In particular, each data subject has the right to:

  • access their personal data,
  • rectify personal data,
  • erase data (“the right to be forgotten”),
  • restrict personal data processing,
  • object to personal data processing.

 

If the basis for personal data processing is the Controller’s legitimate interest, the data subject has the right to object to personal data processing at any time, without the need to justify their decision, particularly in the case where the legitimate interest consists in pursuing activities related to direct marketing.

 

The consent expressed by data subjects may be withdrawn at any time, without affecting the lawfulness of any data processing carried out prior to its withdrawal.

 

The Controller informs that there is no obligation to erase data (i.e. to exercise the “right to be forgotten”) if data processing is necessary for:

  • exercise of rights and freedom of expression and information,
  • compliance with a legal obligation to process under the European Union or Polish law,
  • archiving purposes in the public interest, scientific or historical research purposes or statistical purposes,
  • establishment, exercise or defence of claims.

 

The above-mentioned rights, as well as the intention to withdraw the consent, may be exercised by sending an appropriate request by e-mail to the e-mail address indicated in point III of the Policy or by post to the address of the Controller’s registered office provided in point I and III of the Policy.

 

In each case of finding that the rights of a natural person resulting from the legislation and the Policy are violated, Users have the right to lodge a complaint with the Personal Data Protection Office with its registered office in Warsaw at ul. Stawki 2.

 

  1. Automated decision-making and profiling

Your data may be processed by the Controller in an automated manner, including in the form of profiling. However, decisions concerning an individual related to this processing will not be automated.

 

  1. Final provisions

To the extent not governed by this Policy, the EU and national legislation on the protection of personal data shall apply.

Date of the last Policy update: 19/06/2024

Get up to 10% DISCOUNT

Sign up to the newsletter and have all the promos in your inbox the moment they are published.

Information clause

In order to provide services at the highest level, the Service uses cookies stored in the browser's memory. Detailed information about the purpose of their use, including processing of user activity data and advertising personalization, as well as the possibility to change cookie settings, can be found in the Privacy Policy.
By clicking ACCEPT ALL, you consent to the use of technologies such as cookies and to the processing by FOCUS HOTELS S.A, Pl. Kościeleckich 3, 85-033, Bydgoszcz, of your personal data collected on the Internet, such as IP addresses and cookie identifiers, for analytical and marketing purposes (including automated ad targeting, measuring their effectiveness, and processing user data for analytical purposes). You can change cookie settings and detailed consent preferences in the settings.

Manage privacy settings
Essential cookies

Cookies necessary for the operation of services available on the website, enabling browsing offers or making reservations, supporting security mechanisms, including user authentication and abuse detection. These files are required for the proper functioning of the website. They do not require your consent.

Analytical cookies

Cookies allowing the collection of information about the user's use of the website in order to optimize its functioning and adapt it to user expectations. By consenting to these cookies, you agree to the processing of data regarding your activity on the site for analytical purposes.

Marketing cookies

Cookies enabling the display of marketing content tailored to the user's preferences and directing marketing offers to them corresponding to their interests, including information about user activity, products, and services of the site administrator and third parties. Consent to these cookies means that your data may be used for advertising personalization and analysis of the effectiveness of our advertising campaigns.

Your preferences have not yet been saved