PRIVACY POLICY

📘 PRIVACY POLICY / PERSONAL DATA PROTECTION POLICY (GDPR)

Go Emc2 Sp. z o.o. – TriApart
(Full version including the check-in GDPR clause)

1. Data Controller

The Controller of your personal data ("Controller") is:

Go Emc2 Sp. z o.o.
Słowackiego 69/38
80-257 Gdańsk, Poland
E-mail: info@triapart.pl


Phone: +48 795 462 934

The Controller operates short-term rental services under the brand TriApart.

2. Categories of Personal Data We Process

We process the following categories of personal data, depending on the purpose:

2.1. Identification and contact data

  • first and last name,

  • telephone number,

  • e-mail address,

  • residence address (for invoicing),

  • details of accompanying guests.

2.2. Booking and check-in data

  • booking number and dates of stay,

  • number of guests,

  • identity document data (only when required by law or building policy).

2.3. Financial and settlement data

  • payment identifiers,

  • booking reference numbers,

  • invoicing data.
    (We do not store full credit card numbers.)

2.4. Data collected via online check-in

  • name and contact details,

  • time and date of submission,

  • IP address,

  • consent preferences.

2.5. CCTV data (in common areas of buildings)

Recordings may include:

  • entrances, corridors, parking areas, lifts.

CCTV is operated by the building administrator or community association, not by TriApart.

2.6. Correspondence and complaint data

  • messages, attachments, internal notes.

2.7. Marketing data (when consent is given)

  • e-mail, telephone number, user preferences and analytics.

3. Purposes and Legal Bases for Processing Personal Data

3.1. Booking, stay and service provision

Legal basis: Article 6(1)(b) GDPR – performance of a contract.

We process data to:

  • accept and manage bookings,

  • prepare the apartment for your arrival,

  • perform check-in and check-out procedures,

  • send access codes and instructions,

  • handle payments and invoices,

  • communicate with you before and during your stay,

  • manage issues, defects or technical requests.

Providing this data is necessary to provide accommodation services.

3.2. Compliance with legal obligations

Legal basis: Article 6(1)(c) GDPR.

This includes:

  • accounting and tax obligations,

  • issuing invoices,

  • maintaining required hotel/guest records (where applicable),

  • archiving documentation.

3.3. Legitimate interests pursued by the Controller

Legal basis: Article 6(1)(f) GDPR.

This includes:

  • ensuring the safety of guests and property,

  • preventing fraud and misuse,

  • documenting communication and service provision,

  • investigating complaints and pursuing legal claims,

  • obtaining CCTV footage when necessary,

  • analysing business performance and service quality.

3.4. Voluntary consents

Legal basis: Article 6(1)(a) GDPR.

This applies to:

  • newsletters,

  • promotional messages,

  • post-stay communication.

Consent may be withdrawn at any time, without affecting prior lawful processing.

4. Sources of Personal Data

We obtain data from:

  • the guest directly (booking, check-in form),

  • booking platforms (Booking.com, Airbnb, etc.),

  • persons booking on behalf of a guest,

  • building administrators (CCTV footage when legally justified).

5. Recipients of Personal Data

Your data may be shared with:

  • cleaning and technical maintenance companies,

  • IT service providers and reservation system operators,

  • online payment operators,

  • accounting services,

  • legal advisors and debt-collection partners,

  • building administrators and security services,

  • marketing service providers (only with consent),

  • public authorities, where required by applicable law.

We do not sell personal data.

6. Transfer of Data Outside the European Economic Area

As a rule, we do not transfer personal data outside the EEA.

Should such a transfer occur (e.g., email marketing systems), it will only take place using:

  • Standard Contractual Clauses (SCC),

  • appropriate technical and organisational safeguards,

  • providers compliant with GDPR.

7. Data Retention Periods

Category of data Retention period
Booking, financial and invoicing data 6 years (legal obligations)
Guest registration data Minimum 1 year or as required by law
Correspondence and complaint records 3 years
Marketing data (based on consent) Until consent is withdrawn
CCTV data 7–30 days (building administrator)
Legal claims documentation Up to 6 years

8. Data Subjects’ Rights

You have the right to:

  • access your data,

  • rectify incorrect data,

  • erase data (“right to be forgotten”),

  • restrict processing,

  • transfer your data,

  • object to processing based on legitimate interest,

  • withdraw consent at any time (marketing),

  • file a complaint with the Polish Data Protection Authority (UODO).

Contact for GDPR matters: info@triapart.pl

9. Data Security Measures

We apply:

  • SSL encrypted connections,

  • strict access control to systems and data,

  • secure access systems for apartments (codes, key safes),

  • internal procedures protecting guest data,

  • backup and data-loss protection systems,

  • trained staff with confidentiality obligations.

10. Cookies and Website Analytics

Our website uses cookies to:

  • ensure technical functionality,

  • analyse traffic and usage statistics,

  • remember user preferences,

  • conduct marketing activities (where consent is granted).

Users may adjust cookie settings directly in their browser.

11. GDPR Information Clause for Check-in / Registration Forms

This clause is fully integrated into the overall policy, as requested.

Data provided in the check-in form are processed for:

  • performance of accommodation services,

  • fulfilment of legal obligations (e.g., tax, accounting, guest registry),

  • ensuring the security of guests and property,

  • communication related to the booking and stay,

  • marketing — only with your explicit consent.

Providing check-in data is necessary to prepare and grant access to the apartment.
Without this data, we cannot complete the accommodation service.

12. Automated Decision-Making and Profiling

We do not make automated decisions that produce legal or significant effects for guests.
We do not use profiling for such purposes.

13. Updates to This Policy

This Privacy Policy may be updated due to:

  • changes in the services we provide,

  • updates in applicable law (including GDPR),

  • implementation of new technologies,

  • operational improvements in reservation or check-in processes.

The current version will always be available on www.triapart.pl