Good morning!

If you’ve landed here, it’s a sure sign that you value your privacy. We understand this perfectly, which is why we are providing you with a document in which in one place you will find the rules for the processing of personal data and the use of cookies and other tracking technologies in connection with the operation of the website https://basenprzesieka.pl

Formal information at the beginning – the administrator of your personal data is ANETA MIELCZAREK running a business under the name SZEPTUN Aneta Mielczarek, ul. Wiejska 44 47-246 Goszyce, NIP 5732471397, REGON 161587865, e-mail: rezerwacja@basenprzesieka.pl.

This privacy policy has been structured in the form of questions and answers. The choice of this form was dictated by the care for transparency and readability of the information presented to you. Below you will find a table of contents of this policy corresponding to the questions we answer in turn.

#1: Who is the controller of your personal data?

#2: Who can you contact regarding the processing of your personal data?

#3: What information do we have about you?

#4: Where do we get your personal data from?

#5: Is your data safe?

#6: For what purposes do we process your personal data?

– Orders – details

– Complaints and withdrawals from the contract – details

– Comments and opinions about products – details

– Correspondence handling – details

– Tax and accounting obligations – details

– Archive – details

– Analysis, statistics, optimization – details

#7: How long will we keep your personal data?

#8: Who are the recipients of your personal data?

#9: Do we transfer your data to third countries or international organizations?

#10: Do we use profiling? Do we make automated decisions based on your personal data?

#11: What rights do you have in relation to the processing of your personal data?

#12: Do we use cookies and what exactly are they?

#13: On what basis do we use cookies?

#14: Can you disable cookies?

#15: For what purposes do we use first-party cookies?

#16: What third-party cookies are used?

– Google Analytics – details

– Google Tag Manager – details

– Social tools – details

#17: Do we track your behavior on our website?

#18: Are we targeting you with targeted ads?

#19: How can you manage your privacy?

#20: What are server logs?

#21: Is there anything else you should know?

If you have any doubts regarding the privacy policy, you can contact us at any time by sending a message to rezerwacja@basenprzesieka.pl

#1: Who is the controller of your personal data?

The administrator of your personal data is ANETA MIELCZAREK running a business under the name SZEPTUN Aneta Mielczarek, ul. Wiejska 44 47-246 Goszyce, NIP 5732471397, REGON 161587865, e-mail: rezerwacja@basenprzesieka.pl.

#2: Who can you contact regarding the processing of your personal data?

As part of the implementation of personal data protection in our organization, we have decided not to appoint a personal data protection officer due to the fact that, in our situation, it is not mandatory. In matters related to protection regarding personal data and broadly understood privacy, you can contact us at the following e-mail address: rezerwacja@basenprzesieka.pl

#3: What information do we have about you?

Depending on the purpose, we may process the following information about you: first name and last name, address,
business address, number nip, e-mail address, Phone number, data contained in correspondence sent to us, Bank account number, Date of stay in our center, Total number of people in the reservation, IP address, information about the operating system and web browser you are using, viewed by outsiders, time spent on the website, transitions between individual subpages, clicks on individual links, the source from which you come to our website, the age range you are in, your gender, Your approximate location limited to the town, and Your interests determined by your online activity.

We have described the scope of processed data precisely in relation to each processing purpose. Information in this regard can be found later in this policy.

§ 4: Where do we get your personal data from?

In most cases, you provide them to us yourself. This happens when:

• you place an order/reservation/reservation
• you send complaints or withdraw from the contract,
• you subscribe to the newsletter,
• you add a comment or opinion about the product,
• you contact us.

In addition, some information about you may be automatically collected by the tools we use:

Google Analytics collects a range of information about how you use our website.

#5: Is your data safe?

We care about the security of your personal data. We have analysed the risks associated with the individual processing of your data and then implemented appropriate security and personal data protection measures. We constantly monitor the condition of our technical infrastructure, train our staff, review the procedures used, and introduce necessary improvements. If you have any questions regarding your personal data, we are at your disposal at rezerwacja@basenprzesieka.pl

#6: For what purposes do we process your personal data?

There is more than one of these goals. Below is a list of them, followed by a more detailed discussion. We have also assigned appropriate legal bases for processing to individual purposes.

• order/reservation service – art. 6 section 1 letter b GDPR,
• handling complaints or withdrawal from the contract – art. 6 section 1 letter f GDPR,
• newsletter sending – art. 6 section 1 letter a GDPR,
• handling comments or opinions about the product – art. 6 section 1 letter a GDPR,
• handling correspondence – art. 6 section 1 letter f GDPR,
• fulfillment of tax and accounting obligations – art. 6 section 1 letter c GDPR,
• creating an archive for the possible need to defend, establish or pursue claims, as well as to identify a returning customer – Art. 6 section 1 letter f GDPR,
  analysis, statistics and optimization – art. 6 section 1 letter f GDPR.

Orders – details

When placing an order/reservation, you must provide the data necessary to complete the order. Depending on the order details, the data catalog may be different. For example, if you order physical products, we need to know the address where the order/reservation will be delivered to you. If you are asking for a VAT invoice to be issued for a company, we need to know the NIP number and the business address. Providing data is voluntary but necessary to place an order.

In addition, our system, which handles the order process, saves the IP number you used when placing the order/reservation.

We save each order/reservation in our database, which means that your personal data assigned to the order/reservation is also accompanied by information regarding the order/reservation, such as the ordered dates, selected payment method, number of people, and payment deadline.

The data collected in connection with the order/reservation is processed in order to perform the contract concluded by placing the order/reservation (Article 6(1)(b) of the GDPR), issuing an invoice (Article 6(1)(c) of the GDPR in connection with the provisions governing the issue of issuing invoices), including the invoice in the accounting documentation and fulfilling other tax and accounting obligations (Article 6(1)(c) of the GDPR in connection with the provisions governing the issues of tax and accounting obligations) and for archival purposes for the purposes of possible the need to defend, establish or pursue claims, as well as to identify a returning customer, which is our legitimate interest (Article 6(1)(f) of the GDPR).

Data about orders/reservations will be processed for the time necessary to complete the order and then until the limitation period for claims under the concluded contract expires. Moreover, after this period, we may still process the data for archival purposes for any need to defend, establish or pursue claims, and identify a returning customer. Please also remember that we are obliged to keep accounting documentation, which may contain your personal data, for the period required by law.

Complaints and withdrawals from the contract – details

If you file a complaint or withdraw from the contract, you provide personal data contained in the content of the complaint or declaration of withdrawal from the contract, which includes name and surname, residential address, telephone number, e-mail address, and bank account number. Providing data is voluntary but necessary to file a complaint or withdraw from the contract.

The data provided to us in connection with submitting a complaint or withdrawing from the contract is used to implement the complaint or withdrawal procedure and then for archival purposes, which is our legitimate interest (Article 6(1)(f) of the GDPR).

The data will be processed for the time necessary to complete the complaint or withdrawal procedure. Complaint documents will be stored until the warranty period expires. Declarations of withdrawal from the contract will be stored together with accounting documentation for the period required by law.

Comments and opinions about products – details

When adding a comment or opinion about a product, you must provide at least the username assigned to the comment or opinion (the name may contain personal data, such as name or surname) and e-mail address. Providing this data is voluntary, but adding a comment or opinion is necessary. You can also add your avatar (it may contain your image, e.g. a photo) and provide the address of your website, but this is not obligatory.

The data provided in connection with adding a comment or opinion will be processed for the purpose of publishing the comment or opinion on the website. The basis for processing is your consent (Article 6(1)(a) resulting from sending a form for publishing a comment or opinion. You can withdraw your consent anytime by requesting that your comment or opinion be deleted.

Your comment or opinion will be publicly available on the website for the duration of its availability on the Internet unless you previously request that it be removed. At any time, you can also modify the content of the comment and the data assigned to it as the person who added the comment or opinion.

Correspondence handling – details

When contacting us, you naturally provide us with your personal data in the correspondence, particularly your e-mail address, name, and surname. Providing data is voluntary but necessary to establish contact.

In this case, your data is processed to contact you, and the basis for processing is Art. 6 section 1 letter f GDPR, i.e., our legitimate interest. The legal basis for processing after the end of contact is also our justified purpose of archiving correspondence to ensure the possibility of demonstrating certain facts in the future (Article 6(1)(f) of the GDPR).

The content of correspondence may be archived, and we are unable to determine when it will be deleted clearly. You have the right to request the history of your correspondence with us (if it was archived) and to request its deletion unless its archiving is justified due to our overriding interests, e.g., defence against potential claims from you.

Tax and accounting obligations – details

If we issue an invoice to you, it is part of the accounting documentation, which will be kept for the period required by law. In such a situation, your personal data are processed in order to fulfil our tax and accounting obligations (Article 6(1)(c) of the GDPR in connection with the provisions regulating tax and accounting obligations).

Archive – details

We have indicated the deadlines for storing personal data as part of describing the individual purposes of personal data processing above. These terms are often related to our archiving of specific data to ensure that we can demonstrate certain facts in the future, recreate the course of cooperation with the client, exchange correspondence, defend, determine, or pursue claims. In this respect, we rely on our legitimate interest referred to in Art. 6 section 1 letter f GDPR.

Analysis, statistics, optimization – details

We collect statistical information about user behaviour during browsing information on our websites, such as clicks on links, transitions between subpages, time spent on individual pages, etc. We analyze this information to optimize our websites regarding user experience, effectiveness and conversions.

We carry out the activities described above based on our legitimate interest, which is, according to Art. 6 section 1 letter f GDPR, to optimize our websites.

#7: How long will we keep your personal data?

Data storage periods are indicated separately for each processing purpose. This information is included in the details for each separate processing purpose.

#8: Who are the recipients of your personal data?

We will venture to say that modern business cannot do without services provided by third parties. We also use such services. Some of these services involve the processing of your personal data. External service providers that are involved in the processing of your personal data are:

• hosting provider who stores data on the server, https://cyberfolks.pl/polityka-prywatnosci/
• provider of the invoicing system in which your data is stored for the purpose of issuing an invoice,
• https://www.saldeosmart.pl/polityka-prywatnosci;
  accounting office that processes your data visible on invoices, Cogito Renata Osuch
• a law firm that obtains access to data if it is necessary to provide legal assistance to us,
• an entity providing technical support services that obtains access to data if the technical work carried out concerns areas where personal data are located,
• other subcontractors who gain access to the data if the scope of their activities requires such access.

Your personal data may also be transferred to tax offices to the extent necessary to fulfil tax, settlement and accounting obligations. This applies in particular to all declarations, reports and other accounting documents containing your personal data.

Moreover, if necessary, your personal data may be made available to entities, bodies, or institutions authorized to access data based on legal provisions, such as police and security services, courts, and prosecutor’s offices.

Moreover, we use tools that collect a range of information about you related to using our website. This concerns, in particular, the following information:

• information about the operating system and web browser you are using,
• viewed by outsiders,
• time spent on the website,
• transitions between individual subpages,
• clicks on individual links,
• the source from which you come to our website,
  the age range you are in,
  your gender
• Your approximate location limited to town.
• Your interests determined by your online activity.
  This information in itself does not, in our opinion, constitute personal data. Because this information is collected by external tools we use, tool providers also process it on the terms arising from their regulations and privacy policies. Generally, this information is used to provide and improve services, manage them, develop new services, measure advertising effectiveness, protect against fraud and abuse, and personalize the content and advertising displayed on particular services, sites and applications. We have tried to describe details in this regard later in this policy as part of the explanations devoted to individual tools.

#9: Do we transfer your data to third countries or international organizations?

Yes, some of the processing of your personal data may involve transferring it to third countries.

We transfer your personal data to third countries in connection with the use of tools that store personal data on servers located in third countries, particularly in the USA. Providers of these tools guarantee an adequate level of personal data protection through appropriate compliance mechanisms provided for by the GDPR, particularly through standard contractual clauses.

Personal data is stored on servers located in third countries using the following tools:

Google services as part of the G-Suite package, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, include all data processed as part of Google services, including data contained in files that need to be synchronized with Google Drive.
We would also like to remind you here that we use external tools that may collect anonymous information about you. We have already mentioned this several times in this policy, including in response to the previous question. Providers of these tools often use servers located around the world, in particular in the United States of America (USA), to store the collected information.

#10: Do we use profiling? Do we make automated decisions based on your personal data?

We do not make decisions regarding you based solely on automated processing, including profiling, that would produce legal effects for you or significantly similarly affect you.

Yes, we use tools that can take specific actions depending on the information collected as part of tracking mechanisms, but we believe that these actions do not significantly impact you because they do not differentiate your situation as a customer and do not affect the terms of the contract you may conclude with us, etc.

We emphasize that our tools do not have access to information that would allow you to be identified. The information we are talking about here is, in particular:

• information about the operating system and web browser you are using,
• viewed by outsiders,
• time spent on the website,
• transitions between individual subpages,
• the source from which you come to our website,
• the age range you are in,
• your gender
• Your approximate location limited to the town,
• Your interests determined by your online activity.

We do not combine the information above with your personal data in our databases. This information is anonymous and does not allow us to identify you. It is stored on the servers of the suppliers of individual tools, which can usually be located all over the world.

#11: What rights do you have in relation to the processing of your personal data?

The GDPR grants you the following potential rights related to the processing of your personal data:

the right to access your data and receive a copy thereof,
the right to rectify (correct) your data,
the right to delete data (if in your opinion there are no grounds for us to process your data, you can request that we delete it),
the right to limit data processing (you can request that we limit data processing only to storing it or performing activities agreed with you if, in your opinion, we have incorrect data or we process it unjustifiably),
the right to object to data processing (you have the right to object to data processing on the basis of legitimate interest; you should indicate a special situation that, in your opinion, justifies our cessation of processing covered by the objection; we will stop processing your data for these purposes unless we demonstrate that the basis for our data processing overrides your rights or that your data is necessary for us to establish, pursue or defend claims),
the right to transfer data (you have the right to receive from us in a structured, commonly used, machine-readable format the personal data that you provided to us on the basis of the contract or your consent; you can instruct us to send this data directly to another entity),
the right to withdraw consent to the processing of personal data, if you have previously expressed such consent,
the right to lodge a complaint with the supervisory authority (if you find that we are processing your data unlawfully, you may submit a complaint to the President of the Office for Personal Data Protection or another competent supervisory authority).
The rules related to the implementation of the above-mentioned rights are described in detail in Art. 16 – 21 GDPR. We encourage you to familiarize yourself with these regulations. For our part, we consider it necessary to explain to you that the rights indicated above are not absolute and you will not be entitled to all processing activities of your personal data.

We emphasize that you always have one of the rights indicated above – if you believe that we have violated the provisions on personal data protection when processing your personal data, you have the option of filing a complaint with the supervisory authority (President of the Personal Data Protection Office).

You can also always ask us to provide you with information about what data we have about you and for what purposes we process it. Just send a message to rekrutacja@basenprzesieka.pl. However, we have made every effort to ensure that the information you are interested in is comprehensively presented in this privacy policy. You can also use the e-mail address provided above in case of any questions related to the processing of your personal data.

#12: Do we use cookies and what exactly are they?

Like almost all other websites, our website uses a file and cookies.

Cookies are small text files stored on your end device (e.g., computer, tablet, smartphone). They can be read by our IT system (own cookies) or third-party IT systems (third-party cookies). Cookies may save and store certain information, which IT systems can then access for specific purposes.

Some of the cookies we use are deleted after the web browser session ends, i.e., after closing it (so-called session cookies). Other cookies are stored on your device and enable us to recognize your browser the next time you visit the website (persistent cookies).

If you want to learn more about cookies, you can read this material, for example: https://pl.wikipedia.org/wiki/HTTP_cookie.

#13: On what basis do we use cookies?

We use cookies based on your consent, except when cookies are necessary to properly provide services to you electronically.

Regarding your consent to cookies, we assume that you express such consent through your web browser’s settings or additional software supporting cookie management. We assume that you agree to all cookies we use that are not blocked by your browser or additional software you use.

Remember that disabling or limiting the use of cookies may prevent you from using some of the functions available on our website and may cause difficulties in using our website and many other websites that use cookies. For example, if you block social networking plug-in cookies, the buttons, widgets and social functions implemented on our website may be unavailable to you.

#14: Can you disable cookies?

Yes, you can manage cookie settings in your web browser. You can block all or select cookies. You can also block cookies for specific websites. You can also delete previously saved cookies and other websites and plug in data at any time.

Web browsers also offer the option of using incognito mode. You can use it if you do not want information about visited websites and downloaded files to be saved in your browsing and download history. Cookies created in incognito mode are deleted when all incognito windows are closed.

Browser plug-ins such as Ghostery are also available to control cookies (https://www.ghostery.com). The option to control cookies may also be provided by additional software, particularly anti-virus packages.

In addition, there are tools available on the Internet that allow you to control certain types of cookies, particularly to collectively manage behavioural advertising settings (e.g. www.youronlinechoices.com/, www.networkadvertising.org/choices).

Remember that disabling or limiting the use of cookies may prevent you from using some of the functions available on our website and may cause difficulties in using our website and many other websites that use cookies. For example, if you block social networking plug-in cookies, the buttons, widgets and social functions implemented on our website may be unavailable to you.

#15: For what purposes do we use first-party cookies?

Own cookies are used to ensure the proper functioning of individual website mechanisms, such as maintaining the session after logging in to the account, remembering the recently viewed products, and adding products to the basket.

Own cookies also store information about your cookie settings defined via the cookie management mechanism.

Own cookies are also used to support the mechanism for recovering abandoned carts.

#16: What third-party cookies are used?

Our website uses the following third-party cookies:

• Google Analytics,
• Google Tag Manager,
• Facebook, Instagram, (social networking tools cookies),
  Details about individual third-party cookies are described below.

Google Analytics – details

We use Google Analytics, provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. We carry out activities in this area based on our legitimate interest in creating statistics and analyzing them to optimize our websites.

We have implemented a special Google Analytics tracking code in our website’s code to use Google Analytics. The tracking code uses cookies from Google LLC for the Google Analytics service. You can block the Google Analytics tracking code anytime by installing the browser add-on provided by Google: https://tools.google.com/dlpage/gaoptout.

Google Analytics automatically collects information about your use of our website. The information collected in this way is most often transferred to Google servers, which may be located around the world, and stored there.

Due to the IP anonymization that we have activated, your IP address is shortened before being forwarded. Only in exceptional cases is the full IP address transferred to Google servers and shortened there. The anonymized IP address transmitted by your browser as part of Google Analytics is generally not combined with other Google data.

We emphasize that Google Analytics does not collect any data that would allow your identification. Therefore, data collected as part of Google Analytics does not constitute personal data for us. The information we have access to within Google Analytics includes, in particular:

• information about the operating system and web browser you are using,
• subpages you view on our website,
• time spent on our website and its subpages,
• transitions between individual subpages,
• the source from which you come to our site.

We also do not collect personal data as part of Advertising Features. The information we have access to is, in particular:

• the age range you are in,
• your gender
• Your approximate location limited to the town,
• Your interests determined by your online activity.

Google Analytics and Google Analytics 360 services have been certified by the independent security standard ISO 27001. ISO 27001 is one of the most widely recognized standards in the world and certifies that systems supporting Google Analytics and Google Analytics 360 meet the appropriate requirements.

If you are interested in details related to Google’s use of data from websites and applications that use Google services, we encourage you to read this information: https://policies.google.com/technologies/partner-sites.

Google Tag Manager – details

We use the Google Tag Manager tool provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, which enables the management of tags, i.e. small pieces of code thanks to which we are able to control user traffic and behavior, collect information about advertising effectiveness and take action to improve our website. Google Tag Manager does not collect any information that identifies you, however, this tool triggers other tags, which in turn may collect data.

Social tools – details

Our website uses plug-ins, buttons and other social media tools, hereinafter collectively referred to as “plug-ins”, provided by social networking sites such as Facebook and Instagram.

When you display our website that contains a plug-in of a given social networking site, your browser sends information about your visit to the administrator of that social networking site. Since the plug-in is a fragment of a social networking site embedded in our website, the browser sends information about a request to download the content of a given social networking site to our website.

The plug-ins collect certain information about you, such as your user ID, the website you are visiting, the date and time, and other information about your web browser.

Social networking site administrators use some of this information to personalize our website’s viewing conditions. For example, when you visit a page with a “Like” button, the social media administrator needs information about who you are to show you which of your friends also like our page.

The information collected by plug-ins may also be used by social media administrators for their own purposes, such as improving their own products, creating user profiles, analyzing and optimizing their own activities, and targeting advertising. We have no real influence on how social media administrators then use the information collected by plug-ins. You can find details in this regard in individual social networking sites’ regulations and privacy policies.

Social networking plug-ins collect and transmit information to the administrators of these websites even when you browse our website without being logged in to your social networking account. But then the browser sends a more limited set of information.

If you have logged in to one of the social networking sites, the website administrator can directly assign your visit to our website to your profile on that site.

If you do not want social networking sites to assign the data collected during your visit to our website directly to your profile on a given website, you must log out of that website before visiting our website. You can also completely prevent plug-ins from being loaded on the website by using appropriate extensions for your browser, e.g. script blocking.

In addition, using some plug-ins may involve publishing certain information on your social media profiles. For example, information about clicks on the “Like” button may be available on your Facebook timeline. Of course, if you share some content on your social media using plugins embedded on our website, this share will naturally be visible in your profile.

When it comes to details related to the processing of information collected by plug-ins by the administrators of social networking sites, in particular, the purpose and scope of data collection and their further processing and use by the administrators, as well as the possibility of contact and your rights in this regard and the possibility of making settings ensuring the protection of your privacy, you will find everything in the privacy policies of individual service providers:

Facebook – https://www.facebook.com/privacy/explanation,
Instagram – https://www.facebook.com/help/instagram/155833707900388,

#17: Do we track your behavior on our website?

Yes, we use Google Analytics, Google AdWords, Hotjar and Facebook Custom Audiences, which collect information about your activities on our website. These tools were described in detail in the question about third-party cookies, so we will not repeat this information here.

#18: Are we targeting you with targeted ads?

No, we do not use Facebook Ads or Google Ads.

§ 19: How can you manage your privacy?

The answer to this question can be found in many places in this privacy policy when describing individual tools, behavioral advertising, cookie consent, etc. However, for your convenience, we have once again collected this information in one place. Below you will find a list of options for managing your privacy.

• cookie settings in the web browser,
• browser plug-ins supporting cookie management, e.g. Ghostery,
• additional software managing cookies,
• incognito mode in the web browser,
• behavioral advertising settings, e.g. youronlinechoices.com,
• Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout,

#20: What are server logs?

Using the website involves sending queries to the server where the website is stored. Each query sent to the server is saved in the server logs.

Logs include, among others: Your IP address, server date and time, information about the web browser and operating system you are using. Logs are saved and stored on the server.

The data saved in the server logs is not associated with specific people using the website and is not used by us to identify you.

Server logs are only auxiliary material used to administer the website, and their content is not disclosed to anyone other than persons authorized to administer the server.

#21: Is there anything else you should know?

As you can see, the subject of personal data processing, the use of cookies and managing generally understood privacy is quite complicated. We have made every effort to ensure that this document provides you with the most comprehensive knowledge possible on issues that are important to you. If anything is unclear to you, you want to learn more or just talk about your privacy, please write to us at rezerwacja@basenprzesieka.pl.