Privacy policy

Phone WM Hotel System Kraków +48 12 614 48 00


The administrator of your personal data is WM Hotel System sp. z o.o. with the registered office in Kraków at al. 29 Listopada 189, 31-241 Kraków, tel. 12 614 48 00, e-mail:

Your personal data will be processed in order to: execute the lease agreement and catering services, pursuant to art. 6, paragraph, 1 point b) of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (the “RODO”) ; in order to carry out direct marketing on the basis of your consent (art. 6, paragraph 1, point a) of the RODO), or on the basis of the Administrator’s legitimate interest (art. 6, paragraph 1, point f) of the RODO); in order to fulfil the obligations under the law, including in particular tax and accounting obligations, pursuant to art. 6 paragraph 1, point c) of the RODO, or to pursue claims in accordance with art. 6 paragraph 1, point f) of the RODO.

The administrator shall not transmit the personal data outside the EEA. Your personal data will be stored for no longer than it is necessary, i.e. for a period designated by applicable laws.

You have the right to access your data and the right to rectification, erasure (to the extent that is possible under the existing regulations), restriction of processing, the right to data portability, the right to object to the processing. If you agree, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of the processing, which was based on the consent before its withdrawal. Also, you have the right to raise an objection against the processing of your personal data for direct marketing purposes. Requests in this regard should be directed to the Administrator.

Your personal data may be transferred to the following categories of recipients:
a) The Administrator’s service providers supplying technical and organizational solutions and managing its organization (in particular to ICT and telecommunication service providers);
b) the providers of legal services, accounting services, control and counselling services and to those assisting the Company in the recovery of claims (in particular, to law firms, financial institutions);
c) other public bodies, institutions or entities authorized by law.

The administrator does not use automated decision-making, including profiling.
The Administrator shall immediately inform the person entrusting the data of any unauthorized access to his/her personal data.
The administrator is responsible for the actions of its employees and other persons with whose help it processes personal data, as for its own acts and omissions.

The administrator declares that, in accordance with the Regulation of April 29, 2004, by the Minister of Internal Affairs and Administration as regards personal data processing documentation and technical and organisational conditions which should be fulfilled by devices and computer systems used for personal data processing (Journal of Laws No. 100, item 1024):

1) It keep the documentation describing how the data are processed,
2) The devices and computer systems used for the processing of personal data being in its possession ensure a high a level of safety, as defined,
3) It takes technical and organisational security measures to ensure the protection of the processed personal data, and in particular the protection of personal data against its unauthorized access, takeover by an unauthorized person, processing with the violation of the Act, any change, loss, damage or destruction, to the extent of its responsibility.