Privacy

Name: ApartHOTEL Gostyń
Address: Ks. Olejniczaka 2, Gostyń, 63-800, PL
Telephone: 48 665 250 025

Notification of a hacker attack!

We warn you against fake messages sent by hackers!

Our hotel does NOT send messages with links to guests!

We do NOT contact guests via instant messengers such as WhatsApp, Messenger, etc.

If you receive a suspicious message with links informing you about problems with your booking or asking for additional information, please do not click on the links under any circumstances, block the sender and report it as spam/fraud.

If you have any suspicions, please contact us by telephone on +48 665250025

On 11 December 2025, employees of our IT service provider informed us that a security breach had most likely occurred on one of the servers hosting a database containing our Clients’ data.At this stage, we cannot confirm that unauthorized persons have gained access to your personal data. However, in order to exercise due diligence and to mitigate any potential consequences of the identified security incident, we hereby inform you of the actions taken and of the possible adverse effects the incident may have for you.Immediately after the incident described above was identified, together with our IT service provider we undertook measures aimed at counteracting the incident and its potential consequences as quickly as possible. In particular, we initiated an internal procedure for responding to potential personal data breaches, disabled the affected IT resources, replaced them with new and additionally secured systems, and carried out a verification of user accounts to ensure that the attackers no longer have access to our databases. The incident was reported to our internal units responsible for personal data protection, as well as to the relevant authorities — the Police, CERT, and the President of the Personal Data Protection Office.

If you suspect that your personal data has been used without authorization, please contact the appropriate public authorities, such as the Police. Please pay close attention to any correspondence addressed to you (using your personal data) by individuals claiming to represent our hotel — we kindly ask you to verify such situations with us on an ongoing basis by contacting us at the address provided at the end of this letter. In particular, please be especially vigilant with regard to any attempts at fraud involving impersonation of our identity and references to reservation details, sent via e-mail or instant messaging services (e.g. WhatsApp), in which you are asked to settle payments for your stay at our hotel or to provide personal data by clicking on links included in the message. Please do not reply to such messages and do not click on any links.We also ask you to pay attention to any correspondence received in paper form and to read its contents carefully, as it may include, for example, confirmations of contracts allegedly concluded (which you never entered into) or fraudulent payment demands related to reservations at our property. Any such incidents should be immediately verified directly with the entities indicated as parties to the contracts, and in doubtful cases reported to the Police.We also remind you that in the case of consumer contracts concluded remotely, you are usually entitled to withdraw from the contract within 14 days without any consequences. If you receive electronic (e-mail) notifications of a similar nature to those described above, please pay particular attention to:

suspicious attachments in e-mails — attachments should not be sent in archive formats such as ZIP or RAR,
suspicious links included in the message content,
requests to provide additional personal data (e.g. to confirm your identity).

Such e-mails may contain malicious software (e.g. viruses, trojans) and may also be used to attempt to obtain further personal data, such as bank account numbers, credit card details, or login credentials (e.g. usernames and passwords). For this reason, we recommend exercising particular caution when opening such messages.We also recommend using antivirus software with an up-to-date virus signature database. Please also pay attention to the passwords you use when accessing Internet resources (e.g. social media accounts, e-mail accounts, online portals, electronic banking). These passwords should not contain easily guessable words or their parts, especially those based on your personal data (e.g. first and last names, date of birth, PESEL number, series and number of an identity document, telephone number).

If you suspect unauthorized use of your data, you may also consider:
a) checking your credit history with the Credit Information Bureau (Biuro Informacji Kredytowej – BIK), an institution that collects and processes data on all loans taken out at banks and credit unions. BIK contains information on loans repaid on time and on payment arrears.

Detailed information is available at: https://www.bik.pl/b) checking your data in the National Debt Register (Krajowy Rejestr Długów – KRD), which enables monitoring of inquiries related to credit applications. Detailed information is available at: https://krd.pl/Due to the detailed nature of this notice, we also ask you not to disclose its contents to unauthorized persons, as this could facilitate actions aimed at the misuse of your personal data.

If you have any additional questions, please do not hesitate to contact us. We are continuously monitoring the situation related to the identified incident and will keep you informed of any further findings.At the same time, should you have any further questions, you may contact us by e-mail at: recepcja@hotelgostyn.pl or by phone: +48 665 250 025.

Download full document

Privacy policy

§1. GENERAL PROVISIONS This Privacy Policy applies to persons using the Website located at the URL: http://aparthotelgostyn.wa.profitroom.com and is effective from 01.08.2024.The administrator of user data is: MiniCentrum Gostyń Sp. z o.o. (hereinafter referred to as "We").Contact details of the Data Protection Officer: MiniCentrum Gostyń Sp. z o.o. , e-mail: recepcja@hotelgostyn.pl§2. PERSONAL DATAIn connection with the implementation of the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/ EC (General Data Protection Regulation - hereinafter referred to as "GDPR"), we hereby inform you that:1. We process data for the following purposes:

performance of a contract or taking steps at the request of the data subject prior to entering into a contract (legal basis: Article 6(1)(b) of the GDPR),
handling enquiries (Article 6(1)(f) of the GDPR),
handling complaints and claims (Article 6(1)(b) of the GDPR),
storing documentation and fulfilling the legal obligations incumbent on the Controller (Article 6(1)(c) of the GDPR),
sending newsletters (Article 6(1)(a) of the GDPR),
monitoring and improving the quality of services provided – requesting the completion of a survey or answering a few questions about the quality of services provided (Article 6(1)(f) of the GDPR),
displaying personalised commercial information on social networks (Article 6(1)(a) of the GDPR)

Providing data is voluntary, but necessary to use the services. Consent is voluntary and is given by clicking the checkbox containing the terms and conditions of consent. If a person has consented to the processing of data (legal basis: Article 6(1)(a) of the GDPR),the data is processed until the consent is withdrawn, but after that period, information about who gave what consent and when has the right to be archived (for the purposes of establishing, pursuing or defending legal claims). In other cases, the data is processed for a period justified by the purpose (e.g. performance of a contract, answering questions, tax regulations, etc.). The processing period depends on the possibility of establishing, pursuing or defending claims, or when data retention is required due to tax regulations. Consent may be withdrawn at any time. Please click on the link or send an email to: recepcja@hotelgostyn.plEvery data subject has the right to access, rectify, erase or restrict the processing of their personal data, the right to object, the right to data portability, and the right to lodge a complaint with a supervisory authority. Transaction data, including personal data, is transferred directly by the user to the payment service provider. Visitors to the Website may fill in a form and subscribe to the newsletter and provide their e-mail address and/or telephone number, which will be used for automatic contact. Visitors to the Website may consent to us conducting advertising campaigns on social networks targeted on the basis of their e-mail address.§3. DATA RECIPIENTS We use the services of software companies and ICT system maintenance companies with which we have concluded appropriate agreements. These agreements cover data processing and confidentiality rules. This data is not shared and none of these companies has the right to process the data in any way other than that specified in the agreement. Your data, to the extent that the company has access to it, may only be processed for the purposes of providing services properly.§4. COOKIES Cookies are transferred to web browsers and then stored in the memory of devices and read by the server each time you connect to the Website. Please note that cookies do not allow us to access your private device or read any data other than that stored in cookies. We use so-called technical cookies, which enable the proper use of message transmission and the memorisation of your settings, as well as the creation of simple Website statistics. We use cookies and data collection technologies to help us analyse traffic on the Website. This allows us to optimise its performance, improve the solutions that are most popular, and display dedicated messages and offers. You can consent, refuse, withdraw your consent or manage your settings by clicking here. We use the following cookies: