Sign In

Data Protection

Data Controller
a. The data controller for Users’ personal data is Tomasz Łuszcz, operating as an unregistered business, in accordance with the General Data Protection Regulation (GDPR) 2016/679, the Polish Act on the Protection of Personal Data (UODO), and applicable national law, including relevant provisions of the Civil Code.
b. Personal data is processed solely for purposes related to the provision of the Service.

Legal Basis for Data Processing
a. Data processing is conducted on the basis of the User’s consent (Art. 6(1)(a) GDPR), the necessity to perform a contract (Art. 6(1)(b) GDPR), or other legal obligations imposed on the Administrator (Art. 6(1)(c) GDPR).
b. In matters concerning the protection of personal rights, the provisions of the Civil Code (e.g., Articles 415 and 471) shall also apply.

Purposes and Scope of Data Processing
a. Personal data is collected and processed for the following purposes:

  • Registration and maintenance of the User Account,
  • Enabling the posting of advertisements, making reservations, and conducting transactions,
  • Communication with Users (including sending information about the services, Service updates, and responses to inquiries),
  • Personalization of content and offers based on User activity,
  • Fulfilling legal obligations and protecting the rights of the Administrator and Users.
    b. The data processed includes identification data (e.g., name, surname, email address, phone number), contact information, data related to activity on the Service (e.g., transaction history, preferences), and any other information provided by the User.

Principles of Data Processing
a. Personal data is processed in accordance with the principles of fairness, transparency, and purpose limitation (Art. 5 GDPR).
b. The Administrator is committed to applying the principles of data minimization, accuracy, storage limitation, and integrity and confidentiality. Data is processed only for specific, explicit, and legitimate purposes.

Technical and Organizational Measures
a. The Administrator employs modern technical measures such as encrypted connections (SSL/TLS), secure server configurations, intrusion detection systems, and regular security audits to safeguard personal data.
b. Access to personal data is restricted to authorized personnel who are bound by confidentiality obligations, as set forth in the internal policies of the Administrator.
c. Procedures for incident response, including detection, investigation, and remedy of data breaches, are in place to minimize the impact of any security incidents.

User Rights
a. Users have the right to:

  • Access their personal data (Art. 15 GDPR),
  • Rectify inaccurate or incomplete data (Art. 16 GDPR),
  • Have their data erased (“right to be forgotten” – Art. 17 GDPR),
  • Restrict processing of their data (Art. 18 GDPR),
  • Data portability (Art. 20 GDPR),
  • Object to the processing of their data, including automated decision-making and profiling (Arts. 21 and 22 GDPR).
    b. Requests to exercise these rights should be sent to biuro@mojezakopane.com, and the Administrator will respond within 30 days as stipulated by Art. 12 GDPR.
    c. Additionally, Users are entitled to protect their personal rights, including privacy and image rights, as provided under the Civil Code and UODO, which may result in compensation claims for violations.

International Data Transfers and Compliance
a. Personal data may be transferred to service providers (e.g., payment operators, IT service providers, courier companies) solely to the extent necessary for delivering the Service.
b. If personal data is transferred outside the European Economic Area (EEA), the Administrator will ensure that such transfers are conducted with appropriate safeguards, such as using standard contractual clauses approved by the European Commission.
c. The Administrator complies with international data protection standards and ensures that, where applicable, local laws offering higher levels of protection will prevail.

Profiling and Automated Processing
a. The Service may use analytical tools for profiling to personalize content and offers based on User behavior.
b. Users have the right to object to automated processing, including profiling, and may request human review of decisions made solely by automated means, in accordance with Arts. 21 and 22 GDPR.

Extended Data Protection Information (IOD)
a. Purpose: This section provides detailed information on the processing of personal data by the Administrator in compliance with GDPR, UODO, and applicable national law. It explains the types of data collected, methods of collection, processing purposes, and the rights of data subjects.
b. Data Collection and Processing:

  • Types of Data: Collected data includes personal identification information (e.g., name, surname, email, phone number), contact details, and any additional data provided during registration or communication.
  • Methods of Collection: Data is collected through registration forms, interactions with the Service, cookies, and similar tracking technologies.
  • Purpose: Data is used for account registration and maintenance, enabling advertisement posting, reservations, transaction processing, communication with Users, content personalization, and legal compliance.
  • Legal Basis: Processing is based on the User’s consent (Art. 6(1)(a) GDPR), necessity for contract performance (Art. 6(1)(b) GDPR), or other legal obligations (Art. 6(1)(c) GDPR).
    c. Data Security and Integrity: The Administrator employs state-of-the-art security measures (e.g., encryption, secure servers, intrusion detection) to protect personal data.
    d. User Rights: Detailed information regarding the rights to access, correct, delete, or restrict processing, and the right to data portability and to object to automated processing, is provided in this section and can be exercised by contacting the Administrator at biuro@mojezakopane.com.
    e. Data Retention and Deletion: Data is retained only as long as necessary for its intended purposes or as required by law, after which it is securely deleted or anonymized.
    f. Data Sharing and International Transfers: Personal data may be shared with third-party providers only as necessary for service delivery. Transfers outside the EEA are made with appropriate safeguards, such as standard contractual clauses.
    g. Transparency and Complaint Right: Comprehensive information is provided in the Privacy Policy, and Users have the right to lodge a complaint with a supervisory authority if they believe their data is processed unlawfully (Art. 77 GDPR).
    h. Integration with the Privacy Policy: This IOD section, together with the Privacy Policy, forms an integral part of these Terms and Conditions.

Additional Administrative Obligations
a. The Administrator conducts regular training for its staff on data protection and implements access control and incident management procedures.
b. Continuous monitoring and updating of security measures are undertaken to ensure the highest level of data protection.

UODO Provisions
a. Data is processed in full compliance with the Polish Act on the Protection of Personal Data (UODO).
b. All data processing activities, including security measures, data sharing, and the exercise of User rights, are carried out in accordance with UODO, which supplements and specifies the requirements of GDPR.

International Regulations and Compliance
a. The Service is accessible to Users from various countries and, as such, is subject to multiple legal frameworks. Although the Service is primarily governed by Polish law and EU regulations, Users from other jurisdictions are responsible for complying with the laws applicable in their own countries.
b. Where the law of a User’s country provides stronger consumer or privacy protections than those under Polish or EU law, such stronger provisions shall apply to the extent permitted.
c. The Administrator complies with international data protection standards and employs safeguards, such as standard contractual clauses, for data transfers outside the EEA.
d. Relevant supervisory authorities include the European Data Protection Board (EDPB) and the Polish Data Protection Office (UODO).

© All Rights Reserved.
en_USEnglish
pl_PLPolski en_USEnglish