Privacy Policy
1. This Privacy Policy sets out the rules for the processing and protection of personal data provided by users in connection with their use of the services offered through the Forest Park Resort & Spa website – www.forest-park.pl (hereinafter: the “Website”), and also describes the principles of personal data processing by Forest Park Operator spółka z ograniczoną odpowiedzialnością, with its registered office in Warsaw.
2. The controller of personal data processed through the Website is Forest Park Operator spółka z ograniczoną odpowiedzialnością, Warsaw 00-023, ul. Widok 8, entered into the register of entrepreneurs under KRS number: 0000994943, NIP: 5252926024 (hereinafter: the “Controller”).
3. In the interest of the security of entrusted personal data, the Controller acts on the basis of internal procedures and recommendations compliant with relevant legal acts concerning personal data protection, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (GDPR).
4. The Controller exercises particular care to protect the interests of data subjects and, in particular, ensures that personal data are:
a. processed lawfully,
b. collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes,
c. factually accurate and adequate in relation to the purposes for which they are processed,
d. stored in a form permitting identification of data subjects for no longer than necessary to achieve the purpose of processing.
5. The Controller obtains information about users and their behaviour through voluntary submission of information in forms, for the purpose of:
a. responding to user enquiries submitted via the contact form on the basis of Article 6(1)(f) GDPR,
b. accepting reservations via the online booking system on the basis of Article 6(1)(b) GDPR,
c. performing services provided by the Controller on the basis of Article 6(1)(b) GDPR,
d. direct marketing of Forest Park Resort & Spa products and services, including sending commercial information and marketing offers to an e-mail address and via SMS messages to the provided phone number, whereby:
1) the legal basis for processing personal data (in particular the e-mail address and phone number) for direct marketing purposes is the legitimate interest of the Controller consisting in promoting its own services (Article 6(1)(f) GDPR), with the right to object at any time to processing for direct marketing purposes;
2) the use by the Controller of the user’s e-mail address or phone number for sending commercial information and marketing offers via electronic communication means (including SMS messages) requires the user’s prior separate consent for the use of the given communication channel, granted in accordance with Article 398 of the Act of 12 July 2024 – Electronic Communications Law; such consent is voluntary and may be withdrawn at any time without affecting the lawfulness of actions carried out before its withdrawal, in particular by clicking the relevant unsubscribe link in the received e-mail message or by contacting the Controller using the contact details indicated in this Policy;
e. pursuing the Controller’s legitimate interest in specific cases on the basis of Article 6(1)(f) GDPR, e.g. debt collection or defence against claims.
6. For the purpose of sending marketing offers and commercial information via SMS messages, the Controller processes in particular the mobile phone number provided by the user, as well as user identification data necessary for correctly addressing the offer (e.g. first name, surname). Providing a phone number for SMS marketing purposes is voluntary but necessary in order to receive marketing content via SMS.
7. During the first visit to the Forest Park Resort & Spa website, the user is informed about the use of cookies. By remaining on the website, the user accepts the use of cookies on the website. Failure by the user to change browser settings is equivalent to consent to the use of cookies.
8. Changes to cookie settings take effect after restarting the browser or refreshing the session on the Controller’s website.
9. Installation of cookies necessary for the basic functionality of the Website is required for its proper operation, in particular those required for authorization.
10. Cookies necessary for the functioning of the website may be changed by modifying browser settings; however, such changes may result in improper functioning of the website.
11. More information about cookies is available in the “Help” section of the user’s internet browser menu.
12. Users who, after reviewing the information available on the Website, do not want cookies to remain stored in their browser should delete them from the browser after finishing their visit to the Website. The following types of cookies are used within the Website: a. session cookies – remain in the browser until it is closed or until logging out of the Website, b. persistent cookies – remain in the browser until deleted by the user or until the expiry date specified in the cookie parameters.
13. Depending on their function, cookies may be divided into: a. analytical cookies, which help improve user experience by understanding how users use and convert on the website, b. marketing cookies, used to personalize advertising content, properly target advertisements, and analyze the performance of marketing and sales channels, c. necessary cookies, fundamental for the basic functionality of the Website.
14. The cookies we use allow us to develop and improve our website.
15. Some cookies may be placed by the provider of the Online Booking System solely for the purpose of: a. improving and supporting the booking process, b. analyzing and collecting statistical data concerning the use of the website and online booking system in order to improve them, c. the provider of the Online Booking System informs users about installed cookies in that system’s user interface.
16. The Controller may use automated decision-making, including profiling, for marketing purposes (including automated matching of advertisements to your interests and measuring their effectiveness), and for adapting offers on the basis of Article 6(1)(a) GDPR.
17. Recipients of personal data may include authorities, institutions and entities authorized under applicable law, as well as entities providing services to the Controller (e.g. legal, IT, marketing, accounting services, entities carrying out mass e-mail and SMS dispatch on behalf of the Controller or providing tools for such dispatch, and other entities involved in the performance of the ordered service).
18. We use the following analytical tools: Google Analytics
19. The user who provided personal data has the right to access the data processed by the Controller. The user also has the right to modify such data, request its deletion, and restrict or cease the processing of personal data at any time. At any time, the user may also request deletion of their personal data from the Website. With regard to data processed for sending marketing offers and commercial information via SMS, the user has in particular the right to withdraw consent to receiving such messages and request deletion of the phone number from the Controller’s marketing database.
20. Personal data processed for sending commercial information and marketing offers via SMS will be processed until consent is withdrawn by the user or an objection is raised against processing for marketing purposes, but no longer than for the limitation period of any potential claims related to the Controller’s marketing activities.
21. In order to exercise the above rights, the Website user should contact the Data Protection Officer appointed by the Controller at: rodo@forest-park.pl
22. The Website user has the right to withdraw any consent granted (including consent to use the e-mail address and phone number for sending commercial information and marketing offers via SMS) at any time, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal. Withdrawal of consent may take place in particular by: a. clicking the relevant unsubscribe link in the received e-mail message, b. contacting the Controller or the appointed Data Protection Officer by post or via e-mail at rodo@forest-park.pl
23. In the case of technologies using cookies, the user may withdraw consent by changing browser settings.
24. Every Website user has the right to lodge a complaint with the Personal Data Protection Office.
25. The Website may contain links to other websites that operate independently of the Website and are not supervised in any way by the Website. These websites may have their own privacy policies and regulations, which we recommend reading carefully.
26. The Controller reserves the right to amend this Privacy Policy, which may be caused by the development of internet technology, possible changes in personal data protection law, and the development of the Website. Users will be informed of any changes in a visible and understandable manner.
