Effective from: 23 June 2026
Salio Rooms Privacy Policy
This document explains what personal data is processed in connection with Salio Rooms, for what purposes, on what legal bases, how long it is retained and what rights data subjects have.
1. Controller and contact
The controller of personal data processed in connection with the website, accounts, payments, contact, security, own marketing and settlements is MACH Studio Mariusz Chmiest.
Data protection matters may be submitted by email at kontakt@saliorooms.pl, through the contact form in the Website, by phone or in writing to the controller's address.
2. Controller and processor roles
- The Provider acts as controller for registration, email verification, login, payments, invoices, contact, complaints, security, cookies and claims.
- The Customer acts as controller for personal data it enters into the Application about its employees, collaborators, guests, booking participants and account users.
- The Provider acts as processor for Customer Data required to provide Salio Rooms, according to the Data Processing Agreement.
3. Data categories
| Account | name, email, password hash, role, account status, verification and password-reset tokens. |
|---|---|
| Company and billing | company name, tax ID, address, phone, invoice email, plan, subscription status, payment history and payment provider identifiers. |
| Bookings | Customer users, roles, rooms, locations, equipment, bookings, participants, invitations, check-in status and audit entries. |
| Technical | IP address, session identifiers, logs, timestamps, device, browser, security events, technical cookies and local browser settings. |
4. Purposes and legal bases
- Account and Service operation: contract performance or pre-contractual steps and legitimate interest in operating an organizational account.
- Email verification and security: legitimate interest in protecting accounts and preventing abuse.
- Payments and invoices: contract performance, legal accounting and tax obligations and legitimate interest in collecting payments.
- Contact and complaints: legitimate interest in correspondence, support and claims handling.
- Optional analytics and marketing: consent where required or legitimate interest with a right to object.
- Customer Data: processing on documented Customer instructions as controller.
5. Recipients, transfers and retention
Data may be shared with hosting, VPS, email, IT maintenance, security monitoring, payment, accounting, legal, communication and backup providers. If external integrations are enabled, data may be shared with providers such as Stripe, Google or Microsoft to the extent necessary.
Some providers may process data outside the EEA. In such cases the Provider uses mechanisms required by GDPR, such as adequacy decisions, standard contractual clauses or other lawful safeguards.
Data is retained for the period required to operate the account, perform the contract, meet legal obligations, handle claims, maintain security and follow Customer instructions under the Data Processing Agreement.
6. Rights
- Data subjects may request access, rectification, erasure, restriction, portability, objection to legitimate-interest processing and withdrawal of consent.
- Where the Provider processes data as processor for the Customer, the request may be forwarded to the Customer as the relevant controller.
- Data subjects may lodge a complaint with the President of the Polish Personal Data Protection Office.
7. Automated decisions, security and cookies
The Provider does not make decisions producing legal effects solely by automated means within the meaning of GDPR. The Application may automatically enforce plan limits, payment status, email verification, roles and security rules as technical service mechanisms.
The Provider applies organizational and technical measures appropriate to risk, including access control, roles, authentication, session tokens, company data separation, audit logs, login rate limits, backups and encrypted production connections.
Cookies and similar technologies are described in the Cookie Policy.