1. Data controller
The controller of your personal data is Jadwiga Nessler, trading under the TravelNess brand, with its address at Owocowa 26, 30-434 Kraków, Tax ID (NIP): 6791681582.
Contact for privacy matters:
- e-mail: kontakt@travelness.net
- phone: +48 696 381 793
-
correspondence address: Owocowa 26, 30-434 Kraków
No separate data protection officer has been appointed. For any privacy-related matter, you may contact the controller directly using the details above.
2. When this policy applies
This policy applies to personal data processed in connection with:
- the use of travelness.net,
- enquiries sent by contact form, e-mail, phone, WhatsApp, or other contact channels,
- direct bookings made through the TravelNess website and the Beds24 booking engine,
- payments processed via Stripe, including card payments, Apple Pay, and Google Pay where available,
- stay servicing, including self check-in, arrival instructions, and data needed to assign or operate an access code,
- communication after booking,
- cancellation, complaint, invoice, and stay-related support,
- legal obligations related to accounting and tax compliance.
3. What data we may process
Depending on the situation, we may process:
- full name,
- e-mail address,
- phone number,
- data provided in your message or form,
- arrival date, departure date, guest count, and stay preferences,
- invoice data, including company name, address, and Tax ID if you request an invoice,
- booking data and payment status,
- technical access-related data necessary for self check-in, including information about assigning an access code or entry instructions to a specific booking,
- contact history and support history,
- technical website usage data such as IP address, cookie identifiers, device type, system logs, and on-site activity.
4. Where the data comes from
We receive data:
- directly from you when you contact us or make a booking,
- from Beds24 when you place a direct booking,
- from Stripe to the extent necessary to confirm and process payment,
- from OTA platforms, in particular Booking.com, when the booking was made through that platform,
- from systems supporting stay operations and property access when self check-in automation or smart locks are used,
- automatically when you use the website and its technical or analytics tools.
5. Purposes and legal bases
5.1. Responding to enquiries
We process data to answer your questions, prepare an offer, or provide information about a stay.
Legal basis:
- Article 6(1)(b) GDPR where the request is aimed at entering into a contract,
- Article 6(1)(f) GDPR, our legitimate interest in handling enquiries and organising sales.
5.2. Entering into and performing the booking contract
We process data to accept the booking, confirm its terms, service the stay, communicate about operational matters, and deliver the accommodation service.
Legal basis:
5.3. Payment handling
We process data to receive or confirm payment, verify transaction status, settle the booking, and handle refunds if applicable.
Legal basis:
- Article 6(1)(b) GDPR,
- Article 6(1)(c) GDPR where accounting or tax obligations apply.
5.4. Self check-in and access handling
We process data to prepare arrival instructions, match the booking to a specific stay, assign or send the access code, and maintain entry security.
Legal basis:
- Article 6(1)(b) GDPR,
- Article 6(1)(f) GDPR, our legitimate interest in protecting the property, guests, and the check-in process.
5.5. Invoices and tax records
We process data to issue accounting documents and comply with legal obligations.
Legal basis:
5.6. Complaints, cancellations, claims, and legal defence
We process data to handle complaints, service cancellations, pursue claims, or defend against claims.
Legal basis:
- Article 6(1)(b) GDPR,
- Article 6(1)(f) GDPR.
5.7. Marketing and special offers
If you give separate marketing consent, we may send information about promotions, special offers, and TravelNess news.
Legal basis:
5.8. Website analytics and security
We may process technical and statistical data to protect the website, analyse performance, measure content effectiveness, and improve the user experience.
Legal basis:
- Article 6(1)(f) GDPR,
- and, where cookies or similar technologies require it, your consent given through cookie settings.
6. Who we may share data with
Your data may be shared with entities supporting the service or the website, in particular:
- hosting, IT, and maintenance providers,
- e-mail and communication tool providers,
- Beds24 as booking engine provider,
- Stripe as payment processor,
- accounting, invoicing, and settlement support providers,
- analytics or marketing tool providers where active and covered by the correct consent,
- access-technology, smart-lock, or self check-in automation providers where used for a stay,
-
legal, debt-collection, or advisory providers where necessary.
We only share data to the extent necessary for the relevant purpose.
8. Transfers outside the EEA
Some technology providers may process data outside the European Economic Area, especially where they operate global infrastructure.
Where this happens, data is transferred only with the safeguards required by law, including:
- adequacy decisions,
- standard contractual clauses,
- or other mechanisms permitted under the GDPR.
9. Retention periods
- pre-booking enquiry data: for as long as needed to handle the matter and then for the period necessary to defend against claims,
- booking and stay data: for the duration of contract performance and the period needed for settlements, complaints, and defence against claims,
- accounting and invoice data: for the period required by tax and accounting law,
- marketing data: until consent is withdrawn or an effective objection is made,
- technical data and cookies: according to the purpose and tool configuration, as described in the cookies policy and system settings.
10. Your rights
You have the right to:
- access your data,
- rectify your data,
- erase your data where permitted by law,
- restrict processing,
- data portability,
- object to processing based on our legitimate interest,
- withdraw consent where processing is based on consent,
-
lodge a complaint with the competent supervisory authority.
To exercise your rights, contact us at kontakt@travelness.net.
11. Whether providing data is mandatory
Providing data is voluntary, but in many cases necessary in order to:
12. Profiling and automated decision-making
We do not make automated decisions producing legal effects or similarly significant effects on you.
We may use limited analytics or marketing segmentation where the relevant tools are active and you have given consent, but not for legally significant automated decision-making.
13. Cookies and similar technologies
For detailed information about cookies, tracking technologies, consent categories, and how to change your settings, please see the TravelNess Cookies Policy.
The website includes a cookie consent management system that allows you to:
- accept all categories,
- reject optional categories,
- choose categories individually,
- change your decision at any time through the Cookie Settings link.
14. Data security
We use appropriate technical and organisational measures to protect data against loss, destruction, unauthorised access, or unauthorised disclosure. These include, among others:
- encrypted connections,
- restricted access to data,
- permission controls,
- protection of booking and communication systems,
- incident-handling procedures,
- security measures related to arrival instructions and access details.
15. Changes to this policy
This policy may be updated if the website, booking flow, service providers, legal obligations, or stay operations change.
The current version is always published on travelness.net.
