Privacy policy


1. This Privacy Policy describes the rules by which CD SA with its registered seat in Warsaw processes the personal data of guests of the Recreation and Rehabilitation Resort “BRYZA” run by CD SA, located in Dźwirzyno, 78-131, at ul. Piastowska 6 (respectively: 'Clients' and 'Facility').

2. The data controller of the Client's personal data is CD SA with its registered office in Warsaw, ul. Krucza 16/22, 00-526, KRS 0000052129, NIP 547-10-11-402, Regon 070476366 ('Data Controller').

3. The Data Protection Officer has been appointed in the Data Controller's organization: Alicja Kutryba , e-mail address:

4. Personal data is processed by the Data Controller in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC ('GDPR').

5. The Client's personal data will be processed for the purposes of performing a contract with the Data Controller or taking steps to conclude and perform the contract, including making a booking. The legal basis for the processing of personal data is Art. 6 sec. 1 (b) of GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract), as well as Article 6 sec. 1 (c) of GDPR (processing is necessary for compliance with a legal obligation to which the controller is subject). The Data Controller may also process the personal data of the Clients based on art. 6 sec. 1 (f) of GDPR, i.e. for the purposes resulting from the legitimate interests pursued by the Data Controller, which may include, in particular, contacting the Client, answering the Client’s questions and requests, pursuing claims or defending against claims, as well as marketing the Data Controller's own services.

6. The Data Controller processes all or some of the following personal data of the Client: name and surname, address of residence and correspondence, number of ID card or another identity document, PESEL (personal identification) number, tax identification number, telephone number and e-mail address, etc.

7. The recipients of personal data may be entities that provide the Data Controller with services related to running the Facility, in particular in the field of preparing the content of contracts, issuing invoices, handling the booking and settlement process, etc. The recipient of the data may also be the operator of the Facebook social network, in accordance with the rules described in section 11 below.

8. Personal data will be stored for the duration of the contract concluded with the Client, and after it - for the period resulting from legal regulations, including accounting and tax (in particular - data indicated in accounting documents will be stored for a period of 5 years from the end of the year in which the document has been drawn up unless applicable regulations provide for a longer period). In the event that the Client provides the Data Controller with his/her data, but the contract is not concluded, the Client’s personal data will be deleted by the Data Controller no later than 3 months from the date of obtaining them.

9. To the extent and on the terms resulting from applicable regulations, in particular the GDPR, the Client has the right to request from the Data Controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing, the right to data portability, as well as the right to lodge a complaint with the supervisory authority.

10. Providing personal data is voluntary, but it is a necessary condition to make a booking and conclude a contract with the Data Controller.

11. As a rule, the Data Controller does not transfer personal data to third countries or international organizations, although communicating with the Data Controller via Facebook or liking Fanpage is considered a transfer of data to a third country due to the fact that the social networking site itself is run by Facebook Inc. seated in the USA. The owner of Facebook, who is also the recipient of personal data, processes the data as a separate data controller on its own terms specified in its own privacy policy available at: The legal basis for the processing of personal data due to liking the Fanpage or communicating with the Data Controller via Facebook is the legitimate interest pursued by the Data Controller. In this way, the data controller implements its goals, such as: promoting the brand by posting information about current events or promotions, as well as informing users on an ongoing basis about its activity, which allows for building and maintaining a community related to the Data Controller. The criterion of the period of data storage may be determined by: deletion by the author of the posted content, objection to processing, and the time needed to answer the question asked via the portal. Facebook, as a separate controller, sets its criteria for data storage. The catalogue of rights indicated by the Data Controller in the information clause is the same as the catalogue of ownership of the person communicating with the Data Controller via Facebook. The data controller does not perform the profiling process or automatic decision-making. Providing data in case of liking the Fanpage or communicating with the Data Controller via Facebook is voluntary. At the same time, failure to provide data will result in the inability to leave comments or messages on the Fanpage.

12.   Information about cookies: the Data Controller’s website uses cookies for statistical purposes and to ensure high-quality use of the Data Controller's website. Cookies are saved by the server on the Customer's end device and then read each time the web browser connects. By using our website, the Client is asked to consent to the use of cookies. By clicking the appropriate icon or continuing to use the website without changing the browser settings, you consent to the Data Controller's storage and use of cookies. The Client may at any time change the browser settings so that it does not accept cookies or informs about their transmission. Failure to accept cookies may cause difficulties in using the website.


Niezbędne pliki cookie

Te pliki cookie są niezbędne do działania strony i nie można ich wyłączyć. Służą na przykład do utrzymania zawartości koszyka użytkownika. Możesz ustawić przeglądarkę tak, aby blokowała te pliki cookie, ale wtedy strona nie będzie działała poprawnie. Te pliki cookie pozwalają na identyfikację np. osób zalogowanych.


Analityczne pliki cookie

Te pliki cookie pozwalają liczyć wizyty i źródła ruchu. Dzięki tym plikom wiadomo, które strony są bardziej popularne i w jaki sposób poruszają się odwiedzający stronę. Wszystkie informacje gromadzone przez te pliki cookie są anonimowe.

Reklamowe pliki cookie

Reklamowe pliki cookie mogą być wykorzystywane za pośrednictwem naszej strony przez naszych partnerów reklamowych. Służą do budowania profilu Twoich zainteresowań na podstawie informacji o stronach, które przeglądasz, co obejmuje unikalną identyfikację Twojej przeglądarki i urządzenia końcowego. Jeśli nie zezwolisz na te pliki cookie, nadal będziesz widzieć w przeglądarce podstawowe reklamy, które nie są oparte na Twoich zainteresowaniach.