GDPR agreement



Ladies and Gentlemen, in refference to the change in the law regarding the processing of personal data, please read the Hotel's privacy policy.

Owner of the Tristan Hotel & SPA pays great attention to the privacy of its Guests and other people whose personal data is processed by the Hotel. The hotel fully complies with the privacy laws.

In refference with the application on 25 May 2018 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing the Directive 95/46 / EC (general regulation on data protection), please be advised that from 25 May 2018 you will have specific rights related to the processing of personal data.

Who is the administrator of personal data?

The administrator of personal data of guests of Tristan Hotel & SPA **** is a company of PPŁŚ A. Szumko Spółka Jawna with its registered office at ul. Niska 2 / C-26 in Elbląg.

The administrator makes special care to protect the interests of data subjects, and in particular ensures that personal data are:

  • processed in accordance with the law;
  • collected for specified, legitimate purposes and not subject to further processing incompatible with those purposes;
  • factually correct and adequate in relation to the purposes for which they are processed;
  • stored in a form that allows identification of the persons to whom they relate, no longer than necessary to achieve the purpose of processing.


What are the purposes of processing guest personal data?

Guests' personal data are processed on the basis of a contract concluded between the Guest and the Hotel for the provision of hotel services or reservations. The purpose of personal data processing is the provision of hotel services and / or other similar services which are provided by the hotel at the Guest's request (including spa services and / or catering services).

In addition, the purpose of processing personal data by the Hotel is:

  • Claiming possible complaint by Tristan Hotel & SPA **** in refference with the damage suffered by the Hotel caused by the Guest and / or unpaid payments, or protection against the guest's claims against Tristan Hotel & SPA **** (art. 6 ust. 1 f RODO)
  • Compliance with legal obligations to issue and store invoices (art.6 par.1c GDPR)
  • Conducting Guest satisfaction surveys in relation to the services provided by the Hotel (art.6 par.1 lit.f RODO).

In the event that the Guest has consented to the processing of personal data for marketing purposes, the Hotel processes personal data for this purpose, i.e. in order to send marketing information and offers about its products and services to the guest (Article 6 (1) of the GDPR).

The hotel has video monitoring. The purpose of processing data from hotel monitoring is:

  • increasing the safety of all persons staying in the hotel and its surroundings,
  • explaining conflict situations,
  • limiting access to the hotel and its area by unauthorized and unwanted persons,
  • providing safe conditions for guests' rest.


How long will the Guests' personal data be processed?

The Guest's personal data will be stored for the entire period of providing the hotel service to the Guest, as well as for the period of limitation of any claims, including tax and civil claims.

For marketing purposes, the data will be processed for the duration of the consent.

The monitoring data will be stored for a period of 14 days and then be permanently deleted, unless due to special circumstances (e.g. accident, criminal offense) it will be necessary to store the recording from the monitoring for a period longer than 14 days.


What personal data is processed?

Personal data of hotel guests - people who stayed or will stay at the hotel.

Providing personal data is voluntary and is a contractual and statutory requirement (art.6 par.1 b GDPR). Failure to provide data makes it impossible to conclude a contract with the Hotel, as well as prevents the provision of hotel services and / or other similar services provided by the Hotel.

The Hotel processes the following personal data of the Guest staying at the Hotel:

  • first name and last name,
  • ID card / passport number
  • registered address,
  • contact details phone number and e-mail address,
  • credit card number (for payment or pre-authorization)
  • date of stay
  • number of people covered by the service
  • number and age of children covered by the service (if applicable)
  • data on service preferences (if applicable)
  • data necessary to issue a VAT invoice
  • no. car registration

Personal data of hotel guests - people who use spa services:

  • first name and last name,
  • health data
  • contact details phone number and email address

The Data Administrator processes special categories of data, the so-called sensitive data (this is health data) when:

  • the data subject has given his consent, e.g. in the case of an interview - to supplement the consultation card before the procedure,
  • it is necessary to determine, pursue or defend claims related to the services provided as part of the business activity of the Administrator.

The processing of sensitive data is necessary to protect the vital interests of the data subject, e.g. to protect health or life. If you do not agree to provide sensitive data (i.e. health data), it will not be possible for the Hotel to provide spa services.

Personal data of hotel guests - people who do not sleep, but use the services of fitness and hotel pools:

  • first name and last name,
  • contact details phone number
  • registered address


Who can personal data be forwarded to?

The hotel informs that personal data may be disclosed to the following recipients and / or categories of recipients:

  • Organ pobierający opłatę miejscową – Urząd Gminy Sztutowo;
  • Government authorities (e.g. Prosecutor's Office, Police, Court, Inspector General for Personal Data);
  • Law firms cooperating with the Hotel;
  • Insurance companies cooperating with the Hotel;
  • IT companies and companies providing support and management of the Hotel's IT infrastructure;
  • Courier, postal or taxi companies when the service is ordered by the Guest

What are the rights of the Guest in relation to the processing of personal data?

In connection with the processing of the Guest's personal data by the Hotel, you are entitled to:

  • The right to rectify data - i.e. correct personal data when they are incorrect or have changed or become outdated (Article 16 GDPR)
  • The right to partial or total deletion of data ("the right to be forgotten" - i.e. deletion of data that is processed without legitimate legal grounds (Article 17 of the GDPR)
  • The right to limit data processing (i.e. limiting data processing to storage only (Article 18 GDPR)
  • The right to access data - i.e. to obtain information about the purpose and method of processing your personal data and a copy of the data (Article 15 GDPR)
  • The right to transfer data - i.e. to obtain your personal data that has been transferred or to indicate another administrator to whom the Hotel should transfer it, if it is technically possible. (Article 20 GDPR)
  • Right to object - you can object to the processing of data at any time (Article 21 GDPR)
  • The right to withdraw consent - you can withdraw any consent that you have previously given at any time.

You can exercise your rights by submitting the appropriate application via any communication channel:

  • send an e-mail;
  • By sending to the correspondence address: Tristan Hotel&SPA ul. Rybacka 17, 82–110 Kąty Rybackie

In cases where it is considered that the Hotel's processing of your personal data violates the provisions of the Regulation, you have the right to lodge a complaint to the supervisory body (i.e. until 25 May 2018 to the General Inspector for Personal Data Protection, and after that date to the successor body ).

Are automated decisions based on personal data, including profiling, made?

No. The hotel does not make automated decisions based on personal data, including profiling. For profiling, historical personal data is used, which the hotel obtained in connection with the provision of hotel services to the guest.

Cookie Policy

  • In connection with the use of this website, cookies are collected, including text content that may contain personal data (i.e. the computer's IP address). These files are not stored on the Administrator's servers, and the data from them are read only during a visit to the website.
  • The legal basis for collecting data read from cookies is art. 6 paragraph. 1 f GDPR.
  • The hotel uses cookies to adjust the content of the website to the individual preferences of the user, prepare statistics that help to know the preferences and behavior of users and assess the popularity of the site, the possibility of marketing activities. Statistics analysis is anonymous.
  • Users may opt out of collecting cookies by selecting the appropriate browser settings they use, but please note that in this case you may not be able to use all of the site's functions.
  • The administrator will not combine data from cookie files with any other data in the possession of which he is or may be found, nor will he create copies on his own servers. These data will not be transferred to other entities and will not be transferred to third countries.
  • You have the right to delete cookies.

Go back to offer Tristan Hotel & Tristan — relax by the sea