MAINSQUARE Apartments
  • HOME
  • APARTMENTS
  • FACILITIES
  • CONTACT
  • POLSKI
  • Menu Menu


(+48) 511 722 587

PRIVACY POLICY (GDPR) – BOOKING SYSTEM

Version: 2026-01-30

1. Data Controller and contact details

The controller of your personal data is BMI Property Group Sp. z o.o., Rynek Główny 24/2, 31-008 Krakow, Poland, KRS 0001159248, NIP 6762688601.

Contact regarding personal data matters: office@mainsquareapartments.pl, tel. +48 511 722 587.

The Controller has not appointed a Data Protection Officer (if one is appointed, the DPO’s details will be provided here).

2. What data we process

Depending on the stage of the booking process, we may process: your full name, e-mail address, phone number, invoice details (optional), booking details (dates, number of guests, selected offer), payment data within the scope handled by the payment operator (as a rule, the Controller does not store full card details), as well as technical data (e.g., system logs, IP address) to the extent necessary for security and proper operation.

3. Purposes and legal bases for processing

  • Conclusion and performance of the contract / handling the booking – Article 6(1)(b) GDPR.

  • Settlements, accounting, tax obligations – Article 6(1)(c) GDPR.

  • Handling complaints and pursuing/defending claims – Article 6(1)(f) GDPR (legitimate interest).

  • System security and prevention of abuse – Article 6(1)(f) GDPR.

  • Direct marketing (e.g., newsletter, offers) – Article 6(1)(a) GDPR (consent) or Article 6(1)(f) GDPR (legitimate interest—within the limits of the law), while contacting you via e-mail/SMS/phone requires separate consents under the Polish Electronic Communications Law (PKE).

4. Marketing consents – an important distinction

Consent for marketing (newsletter/offers) is voluntary and is not a condition for making a booking.

You can withdraw your consent at any time (e.g., via a link in the message or by e-mailing the Controller). Withdrawal of consent does not affect the lawfulness of processing carried out before it was withdrawn.

5. Data recipients

Personal data may be shared with:

  • IT and hosting service providers, the booking system provider, and e-mail/communication service providers;

  • payment operators (for payment processing);

  • accounting, legal, and debt collection entities—where necessary;

  • public authorities—where required by law;

  • the accommodation provider (the Property)—to the extent necessary to perform the booking and handle the stay.

6. Data processing agreements (processors)

Where the Controller uses processors (e.g., the booking system provider), this is based on data processing agreements compliant with Article 28 GDPR.

7. Data retention periods

  • Booking and settlement data: for the period required by tax and accounting regulations.

  • Data processed for the purpose of claims: until the limitation periods expire.

  • Data processed on the basis of marketing consent: until the consent is withdrawn or an effective objection is raised.

8. Transfers outside the EEA

As a rule, the Controller does not transfer personal data outside the EEA, unless a given IT tools provider applies transfers based on appropriate safeguards (e.g., an adequacy decision, standard contractual clauses). Where applicable, information will be disclosed in the tool’s documentation.

9. Automated decision-making and profiling

The Controller may use profiling for marketing purposes (e.g., tailoring offers), but does not make decisions producing legal effects for the Client solely by automated means, unless explicitly stated otherwise and the conditions of Article 22 GDPR are met.

10. Your rights

You have the right to: access your data, rectify it, erase it, restrict processing, data portability, object (where processing is based on legitimate interest), withdraw consent (where processing is based on consent), and lodge a complaint with the Polish Data Protection Authority (President of the Personal Data Protection Office – UODO).

11. Security

We apply technical and organisational measures appropriate to the risk (including System security, access limitations, and event logging).

12. Cookies and technical data (summary)

The System may use cookies necessary for operation and (optionally) analytical/marketing cookies—depending on the website configuration and the user’s choices in the cookie consent banner. Detailed information should be consistent with the consent banner on your website.

Navigation

  • HOME
  • APARTMENTS
  • FACILITIES
  • CONTACT
  • POLSKI

Apartments

  • Epic View Royal Suite 1A 1st floor
  • Epic View Royal Suite 1B 1st floor
  • EPIC VIEW APARTMENT 4B – 3rd floor Main Square View
  • ROYAL SUITE 2B – 1st floor Courtyard View
  • ROYAL SUITE 2A – 1st floor Courtyard View
  • SUPERIOR ONE-BEDROOM APARTMENT – 3rd floor Courtyard View
  • STUDIO APARTMENT – 1st floor Courtyard View
  • ONE-BEDROOM APARTMENT – 1st floor Courtyard View
  • STUDIO APARTMENT – 2nd floor Courtyard View
  • ONE-BEDROOM APARTMENT – 2nd floor Courtyard View

Contact

MAINSQUARE Apartments
Rynek Główny 24
31-008 Kraków

Mobile: +48 511 722 587
E-mail:office@mainsquareapartments.pl

© Copyright - MAINSQUARE Apartments 2026
  • Telegram
  • Rss
Scroll to top