Privacy policy

Privacy policy

PRIVACY POLICY

1. General information

Protecting the privacy of our users is very important to us. This Privacy Policy explains how personal data is processed and how cookies are used in connection with the use of the website operated at krakowbooking.com.

The controller of personal data is ETG Poland s.c. Marcin Gil, Dariusz Żelazny, with its registered office at ul. Berka Joselewicza 26, 31-031 Kraków, Poland, VAT ID: 6751524244, e-mail: [email protected] (hereinafter referred to as the “Controller”).

Personal data is processed in accordance with applicable laws, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).

2. Scope of personal data processed

Depending on how the website is used, the Controller may process the following personal data:

  • full name
  • e-mail address
  • phone number
  • invoicing details (company name, address, VAT number)
  • data necessary to complete and manage a booking
  • technical data, including IP address and cookie data

Providing personal data is voluntary, but in some cases necessary to conclude a contract or provide services.

3. How personal data is collected

Personal data is collected:

  • when booking tours through the reservation system available on the website
  • during e-mail communication with the Controller
  • in connection with payment processing
  • automatically through cookies and similar technologies

The website does not use a contact form – enquiries are handled exclusively by e-mail.

4. Purposes and legal bases for processing

Personal data is processed for the following purposes:

  • processing bookings and performing contracts for tourism services
  • handling payments and settlements
  • communicating with users regarding booked services
  • fulfilling accounting and tax obligations
  • analysing website traffic and improving website performance
  • conducting marketing and remarketing activities, where consent has been given

Legal bases for processing include:

  • Article 6(1)(b) GDPR – performance of a contract
  • Article 6(1)(c) GDPR – legal obligations
  • Article 6(1)(a) GDPR – user consent
  • Article 6(1)(f) GDPR – legitimate interests of the Controller

5. Payments

Bookings and payments are processed directly on the website.

Available payment methods include:

  • payment cards (Visa, Mastercard)
  • PayU
  • bank transfer arranged individually via e-mail (invoice-based)

The Controller does not store payment card data. Payment data is processed directly by payment service providers in accordance with their own privacy policies.

6. Data recipients

Personal data may be shared only to the extent necessary with trusted partners, including:

  • payment service providers (PayU)
  • providers of analytical and marketing tools
  • accounting or IT service providers

Personal data is not sold or shared with third parties for purposes unrelated to the operation of the website or the provision of services.

7. Analytical and marketing tools

The website uses:

  • Google Analytics (GA4)
  • Google Ads (remarketing)
  • Meta / Facebook Pixel

These tools may use cookies or similar technologies. Data processing in this scope is based on the user’s consent expressed via the cookie banner.

8. Cookies

Cookies are used to:

  • ensure proper functioning of the website
  • analyse website traffic
  • conduct marketing and remarketing activities

Users can manage cookies via browser settings or through the cookie banner displayed on the website. Limiting the use of cookies may affect certain website functionalities.

9. Children’s data

The website is not directed specifically at children. Bookings and payments should be made by adults.

Personal data of minors may be processed only where necessary to provide tourism services and only based on information provided by a parent or legal guardian.

10. Data retention period

Personal data is stored:

  • for the duration of the contract and thereafter for periods required by applicable law
  • where processing is based on consent – until the consent is withdrawn

After these periods, data is deleted or anonymised.

11. User rights

Users have the right to:

  • access their personal data
  • rectify inaccurate data
  • request erasure
  • restrict processing
  • data portability
  • object to processing
  • withdraw consent at any time

To exercise these rights, users may contact the Controller at: [email protected].

Users also have the right to lodge a complaint with the relevant data protection authority.

12. Data security

The Controller applies appropriate technical and organisational measures to protect personal data against unauthorised access, loss or misuse.

13. Changes to this Privacy Policy

This Privacy Policy may be updated if required by changes in law or the operation of the website. The current version is always available on the website.

14. Contact details

For matters related to personal data protection, users may contact the Controller:

  • e-mail: [email protected]
  • postal address: ul. Berka Joselewicza 26, 31-031 Kraków, Poland