1. The administrator of personal data is AKWAMARYN Spa, Włodzimierz Matuszak, 72-350 Niechorze, ul. Żeglarska 28, which can be contacted by e-mail:
  2. Providing data is voluntary, but necessary to provide the Service.
  3. The data subject has the right to:
    1. access to your data, correct it or withdraw it at any time (withdrawal of consent does not affect the lawfulness of the processing carried out on its basis before its withdrawal)
    2. request deletion of data (right to be forgotten)
    3. restrictions on data processing
    4. data transfer (if technically possible)
    5. expressing objections to the use of automated decision-making (including profiling)
    6. submit a complaint to the President of the Personal Data Protection Office.
  4. The personal data provided by the Customer will be processed for the purposes of:
    1. implementation of services provided by the Administrator pursuant to Art. 6 section 1 letter b) GDPR;
    2. marketing, including sending commercial information to an e-mail address, if the Customer has consented to this by checking the appropriate box in the booking process. Consent to the processing of data for marketing purposes and sending commercial information may be withdrawn by clicking the appropriate link in the received message or sending such a notification to the Administrator's e-mail address -
    3. data obtained from monitoring will be processed in order to ensure the safety of the workplace, protect property, ensure the safety of persons staying on the Administrator's premises and keep secret information whose disclosure could expose the Administrator to harm.
  5. The legal basis for the processing of personal data are the contracts concluded between the Customer and the Facility and the relevant provisions of national and EU law under which personal data is processed. Consent to sending commercial information is consent for the purpose of carrying out all sales and marketing activities, analyzing customer satisfaction surveys and interest in the brand, products and services, as well as keeping statistics related to after-sales activities.
  6. Customer's personal data Personal data resulting from the conclusion of the contract will be processed for the period in which claims related to this contract may be disclosed, i.e. for 2 years from the end of the year in which the contract expired and for 6 years (billing information). Personal data will be recorded in electronic form in the form of a video monitoring image and stored for a period of 3 months from the date of recording, and if the recording is or may be evidence in proceedings conducted under applicable law - for the period necessary resulting from legal provisions.
  7. The Customer's personal data will not be processed outside the EEA.
  8. The administrator may use automated decision-making, including profiling, for marketing purposes and to adapt the offer.
  9. The Administrator entrusts the processing of personal data to the Service Provider. The recipients of personal data may also be bodies, institutions and entities authorized under the law, as well as entities providing services to the Data Administrator (e.g. legal, IT, marketing, accounting services, companies and other entities participating in the provision of the Service).
  10. The Service Provider and the Administrator declare that they apply organizational and technical measures to ensure the security of processed personal data.
  11. The Service Provider and the Administrator are not responsible for the consequences of providing false or incorrect data by the Customer if, despite exercising due diligence, it is not possible to establish contact with the Customer.