Privacy Policy

The administrator of personal data, i.e., the entity that decides what personal data of yours is processed, is CABINEST limited liability company with its registered office in Krakow, registered address: Al. Powstania Warszawskiego 15, 31-539 Kraków, entered in the register of entrepreneurs of the National Court Register under KRS number 0001170258, whose registration documentation is kept by the District Court for Kraków-Śródmieście in Kraków, XI Commercial Division of the National Court Register, having NIP number 6751812931 and REGON 541579142, with share capital of PLN 50,000 and contact details: [email protected] and phone number: 660 560 321 (availability hours: 09:00-17:00 on working days) (hereinafter: "Cabinest").

To facilitate contact in connection with the processing of personal data, Cabinest has appointed a data protection officer, who can be contacted:

To the data protection officer, one can primarily address all requests, questions and applications regarding personal data processed by Cabinest, as well as information about all events affecting the security of information and personal data transmission, including suspicions of security breaches or disclosure of data to unauthorized persons.

Cabinest obtains personal data primarily from individuals who independently provide this data to Cabinest. These are in particular users who have created a user account on the Cabinest Platform and hosts of properties who have expressed their willingness to enable other users to book and use their properties. The source of personal data may also be those persons who are not users of the Cabinest Platform, but have specifically requested that Cabinest provide a specific service on their behalf, e.g., declared their willingness to receive a newsletter to their email address.

Cabinest also obtains personal data from users in such a way that when making a reservation, the user may be required to provide certain data (e.g., name and surname, residential address, contact details, age information) of guests participating in the reserved service. Cabinest has introduced a policy of limiting the scope of processed personal data to the necessary minimum. The scope of processed data is particularly conditioned by the parameters of the service that the user would like to book using the Cabinest Platform.

In situations such as the desire to obtain a personalized invoice or receive confirmation of a reservation or other document by mail, the user is required to provide the necessary contact details, e.g., PESEL number, residential address, correspondence address, so that it is possible to properly fulfill this user's request.

The Cabinest Platform may use integration mechanisms with entrepreneur databases (such as the KRS system or CEIDG) and thus assist in filling out the necessary data forms by the user, if they concern entrepreneurs. Then the data entered by the user may be sent and verified with these databases. Cabinest has the right to periodically verify this data for its relevance, to identify potential situations where this data is inappropriate or outdated.

The source of personal data is also data of persons visiting the Cabinest Platform website who have not created a user account. In the case of such persons, data is collected using cookies and similar solutions that have been implemented within the Cabinest Platform. Information about cookies is available in the widget that describes required, functional and other cookies, and also specifies what cookies of which entities are used on the Cabinest Platform. A person visiting the Cabinest Platform website can also customize the issue of saving cookies by their device within their web browser. Cabinest indicates that enabling or disabling certain cookies or similar technologies, e.g., recording IP numbers from which access to the Cabinest Platform was obtained, may affect the experience of a person using the Cabinest Platform website (including forcing more frequent user login).

Personal data obtained by Cabinest is processed exclusively for Cabinest's needs, and in the event that this is related to making a reservation – in a limited scope (depending on the specificity of the tourist or additional service covered by the Reservation) – is provided to guests and the host of the property that was the subject of the reservation.

Cabinest does not disclose personal data to third parties, unless this is done at the express request or with the consent of the person to whom the personal data relates, is related to the implementation of a specific service or directly results from legal provisions.

Cabinest may make personal data available to possible entities belonging to the same capital group as Cabinest, as well as to its advisors, accountants, lawyers, payment operators, entities providing IT, postal or courier services and other persons who provide services on behalf of Cabinest in connection with the operation of the Cabinest Platform. These entities are obliged to keep personal data confidential and process it only to the extent to which access to this personal data has been entrusted to them.

Personal data may also be transferred to entities authorized on the basis of legal provisions, in particular to public administration bodies or bodies established to control compliance with and enforcement of law.

Statistical and analytical data regarding users' use of the Cabinest Platform, including those related to interest in individual properties or services, may be transferred in an anonymized version to Cabinest's business partners (including Hosts).

Personal data is processed by Cabinest in accordance with the provisions of the Act of May 10, 2018 on the protection of personal data, the Act of July 18, 2002 on the provision of services by electronic means, the Act of July 16, 2004 – Telecommunications Law and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter: "GDPR").

Cabinest processes personal data for the purposes of:

Providing personal data by the user is voluntary, however, failure to provide specific data may make it impossible to create a user account or make a reservation.

Personal data will be processed for the duration of service provision, until withdrawal of given consent or submission of an effective objection to data processing, when the legal basis for their processing is Cabinest's legitimate interest. The processing period may be extended in case of establishing and pursuing claims or defense against claims for the time provided by law.

Cabinest declares that it makes every effort to ensure a high level of security in terms of using the Cabinest Platform and applies technical and organizational measures for this purpose, in particular in the area of personal data processing security, which ensure the ability to continuously ensure confidentiality, integrity, availability and resilience of processing systems and services, the ability to quickly restore the availability of personal data and access to it in the event of a physical or technical incident, as well as regular testing, measurement and evaluation of the effectiveness of technical and organizational measures designed to ensure processing security.

Personal data is processed in the European Economic Area (EEA), in Israel and in the United States, with entities outside the EEA processing personal data having declared compliance with GDPR provisions, including based on the Data Privacy Framework.

Cabinest reserves that in cooperation with processing entities, further entrustment of personal data processing to entities that may transfer data to countries outside the EEA may occur. Such entities may include in particular:

Cabinest operates based on mechanisms ensuring an appropriate level of personal data protection, e.g., by applying standard contractual clauses regarding the transfer of personal data to entities from third countries.

Cabinest does not seek to provide and knowingly does not collect personal data of persons under 16 years of age. The Cabinest Platform is not intended for persons under 16 years of age. Nevertheless, personal data of such a person may be processed if such a person is a participant in a tourist or additional service covered by a reservation (a guest at the property). The introduction of such data by the user to the Cabinest Platform may only take place with the prior consent of the parent or legal guardian of the person under 16 years of age.

Cabinest (with the consent of the natural person, if obtaining such consent is legally required) may use personal data to analyze users' preferences and habits, as well as to predict their needs and improve and personalize the way of using the Cabinest Platform, advertisements and information available within the Cabinest Platform.

Cabinest does not make decisions regarding natural persons whose data it processes in an automated manner and does not use profiling. The exception is the possibility of automated price adjustment (if such functionality exists on the Cabinest Platform) to information about the user that the Cabinest Platform has (e.g., by gratifying with a lower accommodation price a user who wants to visit a given property again).

A person whose personal data is processed has the following rights:

The security of personal data is also influenced by actions taken by the natural person who uses the Cabinest Platform. In particular, such person should not provide access to their user account to third parties, and should ensure proper security of devices with which they connect to the Cabinest Platform. An important aspect of personal data protection is the user's choice of a unique, difficult-to-guess password and the use of password managers. Access credentials to the Cabinest Platform should be confidential.

This Privacy Policy comes into force on June 26, 2025 and may be updated at any time.

The Privacy Policy may be translated into other languages, however, in case of discrepancies or doubts as to the wording or meaning of a given provision, the wording of the Privacy Policy in Polish is binding and decisive.