Privacy policy and cookie policy

Use of the blog and website https://statek-krakow.pl and the online store under the name https://bilety.statek-krakow.pl/ implies acceptance of the following terms of the Privacy Policy and Cookies Policy.

As a User, familiarize yourself with its provisions. The following table of contents will help you. In it, I inform you how I take care of Users’ data, how I process it, to whom I entrust it and many other important issues related to personal data.

Table of Contents:

§1 GENERAL PROVISIONS

This Privacy Policy and Cookies Policy sets out the rules for the processing and protection of personal data provided by Users and Cookies and other technologies appearing on the website https://statek-krakow.pl and in the online store under the name https://statek-krakow.pl/bilety/.

The administrator of the site and the personal data submitted as part of it is:

Krystian Kapusta conducting business under the name Aqua Fun Krystian Kapusta, at the address Bulwar Czerwieński dz. No. 172/7, 31-069 Krakow, NIP: 6791224838 in accordance with the document generated from the system of Central Registration and Information on Business Activity.

I care about the security of personal information and the privacy of the Site User. I am glad that you visited my Site.

If you have any doubts regarding the provisions of this Privacy Policy and the Cookies Policy, please contact the Administrator via e-mail address: info@statek-krakow.pl

The Administrator reserves the right to make changes to the privacy policy, and each User of the site is obliged to know the current privacy policy. The reason for changes may be the development of Internet technology, changes in generally applicable law or the development of the Site through, for example, the use of new tools by the Administrator. At the bottom of the page is the publication date of the current Privacy Policy.

§2 DEFINITIONS

Administrator – Krystian Kapusta conducting business under the name Aqua Fun Krystian Kapusta, at the address Bulwar Czerwieński dz. No. 172/7, 31-069 Krakow, NIP: 6791224838 in accordance with the document generated from the system of Central Registration and Information on Business Activity.

User – any entity staying on the site and using it.

Website and/or Online Store – the website and online store located at https://statek-krakow.pl and https://statek-krakow.pl/bilety/.

Form or Forms – places on the Site that allow the User to enter personal data, for the purposes indicated therein, e.g. to place an order, to contact the User.

RODO – means the Regulation of the European Parliament and of the Council EU 2016/679 of April 27, 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation).

Law on Personal Data Protection – Law of May 10, 2018. On the protection of personal data (Journal of Laws 2018, item 1000, as amended).

Law on Provision of Electronic Services – the law of July 18, 2002. On provision of services by electronic means (Journal of Laws No. 144, item 1204, as amended).

Telecommunications Law – the law of July 16, 2004. Telecommunications Law (Journal of Laws 2021, item 576, as amended).

§3 PERSONAL DATA AND PRINCIPLES OF THEIR PROCESSING

WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?

The administrator of the User’s personal data is Krystian Kapusta conducting business under the name Aqua Fun Krystian Kapusta, at the address Bulwar Czerwieński dz. No. 172/7, 31-069 Krakow, NIP: 6791224838 in accordance with the document generated from the system of Central Registration and Information on Business Activity.

The administrator co-administers with social media platform providers, such as. Facebook, Instagram, Trip Advisor, etc. indicated herein with respect to data of persons using social media and following the Administrator’s profile on the respective social media platform and interacting with the Administrator. The principles of co-administration are indicated below in terms of each social media platform on which the Administrator has a profile.

IS THE PROVISION OF DATA VOLUNTARY? WHAT IS THE CONSEQUENCE OF NOT GIVING THEM?

Provision of data is voluntary, however, failure to provide certain information, as a rule marked as mandatory on the Administrator’s pages, will be associated with the inability to perform a given service and achieve a specific purpose or take certain actions.

Provision by the User of data that is not mandatory or excess data that the Administrator does not need to process is based on the decision of the User himself, and then the processing is carried out on the basis of the premise contained in Art. 6 paragraph. 1(a) RODO (consent). The User gives consent to the processing of this data and to the anonymization of data that the Administrator does not require and does not want to process, but the User has nevertheless provided to the Administrator.

FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA PROVIDED AS PART OF YOUR USE OF THE SITE?

The User’s personal data on the Administrator’s Site may be processed for the following purposes and on the following legal grounds:

  1. To provide a service or perform a concluded contract, to send an offer (e.g. advertising) at the request of the User – on the basis of Art. 6 paragraph. 1(b) of the DPA (necessity to conclude and/or perform a contract or take action on a request);
  2. To issue an invoice, bill and fulfill other obligations under the tax law in case of making orders in the Online Store or other products and services – on the basis of Art. 6 paragraph. 1(c) of the RODO (legal obligation);
  3. to give a discount or inform about promotions and interesting offers of the Administrator or entities recommended by the Administrator – on the basis of Art. 6 paragraph. 1(a) RODO (consent);
  4. storage of unpaid orders – pursuant to Art. 6 paragraph. 1(f) RODO (legitimate interest of the administrator);
  5. processing of complaints or claims related to the contract – on the basis of Art. 6 paragraph. 1(b) of the DPA (necessary for the conclusion and/or performance of the contract) and pursuant to Art. 6 paragraph. 1(c) of the RODO (legal obligation);
  6. To establish, assert or defend against claims – on the basis of Art. 6 paragraph. 1(f) RODO (legitimate interest of the administrator);
  7. telephone contact on matters related to the implementation of the service – pursuant to Art. 6 paragraph. 1(b) of the DPA (necessary for the conclusion and/or performance of the contract);
  8. telephone contact for the purpose of presenting an offer and direct marketing – on the basis of Art. 6 paragraph. 1(a) of the RODO (consent) and pursuant to Art. 6 paragraph. 1(f) of the DPA (legitimate interest of the controller), if you are already a customer;
  9. Creation of records related to RODO and other regulations – pursuant to Art. 6 paragraph. 1(c) of the RODO (legal obligation) and Art. 6 paragraph. 1(f) RODO (legitimate interest of the administrator);
  10. archives and evidence, for the purpose of securing information that can be used to prove facts – pursuant to Art. 6 paragraph. 1(f) RODO (legitimate interest of the administrator);
  11. Analytical, involving, among other things, analysis of data collected automatically when using the website, including cookies, e.g. Google Analytics cookies, Pixel Meta (Facebook) – on the basis of Art. 6 paragraph. 1(f) RODO (legitimate interest of the administrator);
  12. The use of cookies on the Site and its sub-sites – based on Art. 6 paragraph. 1(a) RODO (consent);
  13. Management of the Website and the Administrator’s websites on other platforms – based on Art. 6 paragraph. 1(f) RODO (legitimate interest of the administrator);
  14. for the Administrator’s internal administrative purposes related to the management of contact with the User, which is a legitimate interest of the Data Controller under Art. 6 paragraph. 1(f) RODO (legitimate interest of the administrator),
  15. in order to adjust the content displayed on the Administrator’s websites to individual needs and to continuously improve the quality of services offered – on the basis of Art. 6 paragraph. 1(f) RODO (legitimate interest of the administrator),
  16. for the purpose of direct marketing directed to the User of its own products or services or recommended products of third parties – on the basis of Art. 6 paragraph. 1(f) RODO (legitimate interest of the administrator),
  17. In order to create their own databases of Users – on the basis of Art. 6 paragraph. 1(f) RODO (legitimate interest of the administrator),
  18. in order to operate the fanpage named “Statek Kraków- cruises on the Vistula River in Kraków” on Facebook and interact with users – pursuant to Art. 6 paragraph. 1(f) RODO (legitimate interest of the administrator).
  19. in order to operate the account on Instagram under the name Cruises_after_Vistula_Kraków and interact with users – pursuant to Art. 6 paragraph. 1(f) RODO (legitimate interest of the administrator).
  20. for the purpose of targeting advertising on social media and websites, such as Facebook Leads Ads or Facebook Custom Audience, You Tube and remarketing targeting – based on Art. 6 paragraph. 1(a) of the RODO (consent) and based on Art. 6 paragraph. 1(f) of the RODO (the Administrator’s legitimate interest) consisting of promoting and advertising the Administrator’s services through remarketing targeted to those who subscribe to the mailing or visit the relevant website).

Provision by the User of data that is not mandatory or excess data that the Administrator does not need to process is based on the decision of the User himself, and then the processing is carried out on the basis of the premise contained in Art. 6 paragraph. 1(a) RODO (consent). The User gives consent to the processing of this data and to the anonymization of data that the Administrator does not require and does not want to process, but the User has nevertheless provided to the Administrator.

HOW IS THE DATA COLLECTED?

Only the data that the user himself provides is collected and processed (with the exception – in certain situations – of data collected automatically through cookies and login data, as discussed below).

When you visit the site, data on the visit itself is automatically collected, such as your IP address, domain name, browser type, operating system type, etc. (login data). Automatically collected data may be used to analyze user behavior on the website, collect demographic information about users, or to personalize the content of the website to improve it. However, this data is processed only for the purposes of administering the site, providing efficient hosting services, or targeting marketing content, and is not associated with the data of individual users. You can read more about cookies later in this policy.

Data may also be collected for the purpose of filling out forms on the Site, as discussed further in the privacy policy.

Information society services

The administrator does not collect children’s data. The user should be at least 16 years of age to independently consent to the processing of personal data for the purpose of providing information society services, among others. for marketing purposes, or obtain the consent of a legal guardian (such as a parent) for this purpose.

If the User is under 16 years of age, he/she should not use the Site and https://statek-krakow.pl.

The Administrator shall be entitled to make reasonable efforts to verify whether the User meets the age requirement referred to above, or whether the person who has parental authority or custody over the User who is under 16 years of age has given consent or approved it.

WHAT ARE THE USER RIGHTS?

The user is entitled at any time to the rights contained in Art. 15- 21 RODO ie:

  • The right to access the content of his data,
  • The right to data portability,
  • The right to correct data,
  • The right to rectify data,
  • The right to delete data if there is no basis for processing,
  • The right to limit the processing if it has been done incorrectly or without legal basis,
  • The right to object to the processing of data on the basis of a legitimate interest of the controller,
  • The right to lodge a complaint to the supervisory authority – the President of the Office for Personal Data Protection (under the terms of the Personal Data Protection Act), if he/she considers that the processing of his/her data is incompatible with the current legal provisions on data protection,
  • The right to be forgotten, if further processing is not provided for by currently applicable laws.

The Administrator notes that these rights are not absolute and do not apply to all processing activities of the User’s personal data. This applies, for example, to the right to obtain a copy of the data. This entitlement must not adversely affect the rights and freedoms of others. I refer you to the text of the RODO to learn about the limitations on your rights.

However, the user always has the right to file a complaint with the supervisory authority.

In order to exercise his/her rights, the User may contact the Administrator via e-mail address: info@statek-krakow.pl or by letter to the Administrator’s place of business address, if provided in this privacy policy, indicating the scope of his/her requests. The response will be provided no later than 30 days from the date of receipt of the request and its justification, unless an extension of this period is justified in accordance with the RODO.

CAN A USER REVOKE HIS/HER CONSENT?

If the User has consented to a certain action, such consent may be revoked at any time, which will result in the removal of the e-mail address from the Administrator’s mailing list and the cessation of the indicated actions (in the case of a subscription based on consent). Withdrawal of consent shall not affect the processing of data performed on the basis of consent before its withdrawal.

In some cases, the data may not be completely deleted and will be retained to defend against possible claims for a period of time in accordance with the provisions of the Civil Code Act or, for example, to comply with legal obligations imposed on the Administrator.

Each time, the Administrator will refer to the User’s request, adequately justifying further actions arising from legal obligations.

DO WE TRANSFER YOUR DATA TO THIRD COUNTRIES?

User data may be transferred outside the European Union – to third countries.

Due to the fact that the Administrator uses third-party providers of various services e.g. Meta Platforms Ireland Limited (Facebook and subsidiaries) hereafter referred to as Meta or Facebook, Google, Microsoft, etc. your data may be transferred to the United States of America (USA) in connection with their storage on American servers (in whole or in part). Google and Facebook use the compliance mechanisms provided by the RODO (e.g., certificates) or standard contractual clauses for their services.They will only be transferred to recipients that guarantee the highest data protection and security, including by:

  • cooperation with processors of personal data in countries for which a relevant decision of the European Commission has been issued,
  • Use of standard contractual clauses issued by the European Commission (as is the case with Google, for example),
  • application of binding corporate rules approved by the relevant supervisory authority,
  • or to those whose personal data the User has consented to the transfer of.

Detailed information is available in the content of the privacy policy of each provider of these services, available on their websites. For example:

Google Ireland Limited: https://policies.google.com/privacy?hl=pl

Meta Platforms Ireland Limited: https://www.facebook.com/privacy/explanation.

Currently, the services offered by Google and Meta are mainly provided by entities located in the European Union. You should, however, each time read the privacy policies of these suppliers to receive up-to-date information on data protection.

HOW LONG DO WE KEEP USER DATA?

The User’s data will be kept by the Administrator for the duration of the performance of the individual services/achievement of objectives and:

  • for the period of service performance and cooperation, as well as for the period of the statute of limitations for claims under the law – with respect to data provided by contractors and customers or Users,
  • for the period of discussions and negotiations preceding the conclusion of a contract or the performance of a service – with regard to the data provided in the request for proposal,
  • for the period required by law, including tax law – for personal data involving compliance with obligations under applicable regulations,
  • Until an objection filed under Art. 21 RODO – for personal data processed on the basis of a legitimate interest of the controller, including for direct marketing purposes,
  • Until the withdrawal of consent or the achievement of the purpose of processing, business purpose – for personal data processed on the basis of consent. After the withdrawal of consent, the data may still be processed to defend against possible claims in accordance with the statute of limitations for such claims or the period (shorter) indicated to the User,
  • Until obsolete or no longer useful – with respect to personal data processed primarily for analytical, statistical, cookie usage and administration of the Administrator’s Sites.

Data retention periods indicated in years are calculated at the end of each year in which data processing began. This is intended to streamline data processing and management.

Detailed processing periods of personal data, pertaining to individual processing activities, are included in the Administrator’s register of processing activities.

LINKS TO OTHER SITES

Links referring to other websites may appear on the Site. They will open in a new browser window or in the same window. The administrator is not responsible for the content provided by these sites. The user is obliged to read the privacy policy or terms and conditions of these sites.

SOCIAL MEDIA ACTIVITY - FACEBOOK

The Administrator is the administrator of the User’s personal data on the fanpage on Facebook under the name Statek Kraków- cruises on the Vistula River in Kraków, at https://www.facebook.com/statekkrakow on Facebook (hereinafter Fanpage).

The User’s personal data provided on Fanpage will be processed for the purpose of administering and managing Fanpage, communicating with the User, interacting with the User, directing marketing content to the User and creating a Fanpage community.

The basis for their processing is the User’s consent and the administrator’s legitimate interest in interacting with Users and Fanpage Observers. The user voluntarily chooses to like/watch the Fanpage.

The rules of the Fanpage are set by the Administrator, however, the rules of staying in the social network Facebook are based on the rules of Facebook.

At any time, the User can stop watching the Fanpage.

However, the Administrator will not then display to the User any content originating from the Administrator and related to the Fanpage.

The Administrator can see a User’s personal information, such as name, surname or general information, which the User posts on his/her profiles as public. Processing of other personal data is carried out by the social network Facebook and under the terms of its regulations.

The User’s personal data will be processed for the period of running/existence of the Fanpage based on the consent given by liking/clicking “Observe” the Fanpage or interacting, e.g. leaving a comment, sending a message, and in order to realize the Administrator’s legitimate interests, i.e. Marketing of its own products or services or defense against claims.

The User’s personal data may be shared with other data recipients, such as Facebook, cooperating advertising agencies or other subcontractors operating the Administrator’s Fanpage, IT service, if there is contact outside Facebook.

Other rights of the User are described in this privacy policy.

User data may be transferred to third countries in accordance with Facebook’s regulations.

The data may also be profiled, which helps to better personalize the advertising offer targeted to you. However, they will not be processed in an automated manner within the meaning of the RODO (having a negative impact on your rights and freedoms).

SOCIAL MEDIA ACTIVITY - INSTAGRAM

The Administrator is the administrator of the User’s personal data on the profile page under the name Cruises_after_Vistula_Kraków, at https://www.instagram.com/rejsy_po_wisle_krakow/ on Instagram (hereinafter Profile).

The User’s personal data provided on the Profile will be processed for the purpose of administering and managing the Profile, communicating with the User, interacting with the User, targeting the User with marketing content and creating a Profile community.

The basis for their processing is the User’s consent and the administrator’s legitimate interest in interacting with Users and Profile Watchers. The user voluntarily chooses to like/watch the Profile.

The rules of the Profile are set by the Administrator, however, the rules of staying in the social network Facebook are based on the rules of Facebook.

At any time, the User may stop watching the Profile. However, the Administrator will not then display to the User any content originating from the Administrator and related to the Profile.

The Administrator can see a User’s personal information, such as name, surname or general information, which the User posts on his/her profiles as public. Processing of other personal data is carried out by the social network Instagram and under the terms of its regulations.

The User’s personal data will be processed for the period of running/existence of the Profile based on the consent given by liking/clicking “Observe” the Profile or interacting, e.g. leaving a comment, sending a message, and for the purpose of realizing the Administrator’s legitimate interests, i.e. Marketing of its own products or services or defense against claims.

The User’s personal data may be shared with other data recipients, such as the Instagram portal, cooperating advertising agencies or other subcontractors servicing the Administrator’s Profile, IT service, if contact is made outside the Instagram portal.

Other rights of the User are described in this privacy policy.

User data may be transferred to third countries in accordance with Instagram’s regulations.

The data may also be profiled, which helps to better personalize the advertising offer targeted to you. However, they will not be processed in an automated manner within the meaning of the RODO (having a negative impact on your rights and freedoms).

SOCIAL MEDIA ACTIVITY - TRIP ADVISOR

The administrator of the User’s personal data on the profile page on Trip Advisor, under the name Aqua Fun- Vistula Cruises, at the following address

https://www.tripadvisor.com/Attraction_Review-g274772-d19271743-Reviews-Aqua_Fun_River_Cruises-Krakow_Lesser_Poland_Province_Southern_Poland.html on Trip Advisor (hereinafter referred to as Profile) is the Administrator.

The User’s personal data provided on the Profile will be processed for the purpose of administering and managing the Profile, communicating with the User, interacting with the User, targeting the User with marketing content and creating a Profile community.

The basis for their processing is the User’s consent and the administrator’s legitimate interest in interacting with Users and Profile Watchers. The user voluntarily chooses to like/watch the Profile.

The rules of the Profile are set by the Administrator, however, the rules of staying in the Trip Advisor social network are based on the rules of Trip Advisor.

At any time, the User may stop watching the Profile.

However, the Administrator will not then display to the User any content originating from the Administrator and related to the Profile.

The Administrator can see a User’s personal information, such as name, surname or general information, which the User posts on his/her profiles as public. Processing of other personal data is carried out by the social network Instagram and under the terms of its regulations.

The User’s personal data will be processed for the period of running/existence of the Profile based on the consent given by liking/clicking “Observe” the Profile or interacting, e.g. leaving a comment, sending a message, and for the purpose of realizing the Administrator’s legitimate interests, i.e. Marketing of its own products or services or defense against claims.

The User’s personal data may be shared with other data recipients, such as the Instagram portal, cooperating advertising agencies or other subcontractors servicing the Administrator’s Profile, IT service, if contact is made outside the Instagram portal.

Other rights of the User are described in this privacy policy.

User data may be transferred to third countries in accordance with Instagram’s regulations.

The data may also be profiled, which helps to better personalize the advertising offer targeted to you. However, they will not be processed in an automated manner within the meaning of the RODO (having a negative impact on your rights and freedoms).

DATA SECURITY

The User’s personal data is stored and protected with due diligence, in accordance with the Administrator’s implemented internal procedures. The Administrator processes information about the User using appropriate technical and organizational measures that meet the requirements of generally applicable laws, in particular the laws on personal data protection. These measures are primarily designed to protect Users’ personal data from unauthorized access.

In particular, only authorized persons who are obliged to keep the data confidential or entities entrusted with the processing of personal data under a separate data entrustment agreement have access to Users’ personal data.

At the same time, the user should be diligent in securing his/her personal data transmitted over the Internet, in particular, do not disclose his/her login information to third parties, use anti-virus protection and keep software up-to-date.

WHO MAY BE THE RECIPIENTS OF PERSONAL DATA?

The Administrator informs that it uses the services of third parties. Entities to which it entrusts the processing of personal data (such as, for example, courier companies, electronic payment intermediary companies, companies offering accounting services) guarantee the application of appropriate measures for the protection and security of personal data required by law, in particular by the RODO.

The Administrator informs the User that he entrusts the processing of personal data to, among others. to the following entities from the scope of storing personal data on the server, for the purpose of issuing accounting documents, for the purpose of operating the payment system and electronic transactions, for the purpose of operating the domain and mail server, for the purpose of IT support or management of the Site from the IT side, to other contractors or subcontractors engaged for technical or administrative support, or to provide legal assistance to the Administrator and its clients, e.g. accounting, IT, graphic design, copywriters, debt collection companies, lawyers, etc.., to authorities, e.g. the tax office – for the purpose of fulfilling legal and tax obligations related to billing and accounting.

Entities that process personal data, like the Administrator, shall ensure compliance with European standards for the protection of personal data, including standards set by legal acts and decisions of the European Commission, and shall apply compliance mechanisms also when transferring data outside the EEA, among others. in the form of standard contractual clauses adopted by the European Commission Decision 2021/915 of June 4, 2021. on standard contractual clauses between controllers, and processors pursuant to art. 28 para. 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council and Art. 29 paragraph. 7 of Regulation (EU) 2018/1725 of the European Parliament and of the Council https://eur-lex.europa.eu/legal-content/PL/TXT/PDF/?uri=CELEX:32021D0915&from=PL.

HAVE WE APPOINTED A DATA PROTECTION OFFICER?

The Personal Data Controller hereby informs that he has not appointed a Data Protection Officer (DPO) and performs the duties related to the processing of personal data independently.

The User acknowledges that his/her personal data may be transferred to authorized state authorities in connection with their proceedings, at their request and upon fulfillment of the prerequisites confirming the necessity of obtaining such data from the Administrator.

DO WE PROFILE YOUR DATA?

The User’s personal data will not be used for automated decision-making affecting the User’s rights and obligations or freedoms within the meaning of the RODO.

As part of the website and tracking technologies, the User’s data may be profiled, which helps to better personalize the company’s offerings that the Administrator directs to the User (mainly through so-called behavioral advertising). However, this should not have any effect on the legal situation of the User, in particular on the terms of the contracts he has entered into or the contracts he intends to enter into. It can only help to better tailor content and targeted advertising to your interests. The information used is anonymous and is not associated with personal information provided by the user, e.g. in the purchase process. These are derived from statistical data, e.g. gender, age, interests, approximate location, behavior on the Site.

Each User has the right to object to profiling if it would adversely affect the User’s rights and obligations.

If you want to learn more about behavioral advertising click here: https://www.youronlinechoices.com/pl/o-reklamie-behawioralnej.

§4 FORMS

The Administrator uses the following types of forms on the Site:

  1. Order form in the Store – When placing an order in the Administrator’s online store, you must provide certain data in accordance with the rules contained in the rules of sale in order to execute the order, fulfill the legal obligations imposed on the Administrator, for billing, claims processing, for statistical and archival purposes, as well as for direct marketing to customers, which is the Administrator’s legitimate interest.

    These are: name, surname, company name, tax ID, telephone number, e-mail address, date and time of the cruise for which the customer orders a ticket.

    The administrator keeps the data for the duration of the order or service, and after its completion for the period necessary to protect against claims. In addition, for the time indicated by the law, e.g. tax law (among other things, the period for keeping invoices).

  2. Complaint and withdrawal form – If you use the Administrator’s services or products, you may file a complaint or withdraw from the concluded contract. For this purpose, the Administrator allows you to fill out a claim form and a withdrawal form attached to the terms of sale. You can also perform these actions without filling out the form, however, providing the necessary data.

    The data required in this case are: name, surname or, if applicable, username, residential or business address (if the order was made on behalf of a company), e-mail address, telephone number (if applicable), bank account number (if a refund will be necessary). Details are indicated in the form and the Terms of Sale.

    Provision of data is voluntary, but necessary to process the complaint in accordance with the law and the Rules of Sale. Data will be stored for the purpose of the complaint procedure / withdrawal from the contract, as well as for archival purposes and defense against claims.

The Administrator may entrust the processing of personal data to third parties without the separate consent of the User (on the basis of an entrustment agreement). The data obtained from the forms cannot be transferred to third parties.

If you use third-party providers, you should read their privacy policies, available from the providers of these services, on their websites.

§5 DISCLAIMER AND COPYRIGHT

  1. The content presented on the Site does not constitute expert advice or guidance (e.g., educational) and does not relate to a specific factual situation. If the User wishes to obtain assistance on a specific matter, he/she should contact the person authorized to provide such advice or the Administrator at the contact information provided. The Administrator is not responsible for the use of the content of the Site or actions or omissions based on it.
  2. All content posted on the Site is subject to the copyright of certain individuals and/or the Administrator (e.g. photos, texts, other materials, etc.). The administrator does not agree to copy these contents in whole or in part without his express prior consent.
  3. The Administrator hereby informs the User that any dissemination of the content provided by the Administrator constitutes a violation of the law and may give rise to civil or criminal liability. The Administrator may also claim appropriate compensation for material or non-material damages in accordance with applicable laws.
  4. The administrator is not responsible for the use of materials available on the site in an unlawful manner.
  5. Content posted on the Site is current as of the date of posting, unless otherwise indicated.

§6 TECHNOLOGIES

In order to use the Administrator’s website, it is necessary to have:

  • Internet-enabled devices,
  • An active e-mail inbox that receives e-mail messages,
  • A web browser that allows you to view web pages,
  • Software capable of reading content in the presented formats, e.g. pdf., video, mp3, mp4.

§7 COOKIE POLICY

  1. Like most websites, the Administrator’s Site uses the so-called “webpages”. Tracking technologies, i.e. cookies (“cookies”), which allows the site to be improved to meet the needs of its visitors.
  2. The site does not collect any information automatically, except for the information contained in cookies.
  3. Cookies (so-called “cookies”) are computer data, small text files that are stored on your terminal device, e.g. computer, tablet, smartphone, when you use my Site.
  4. These can be my own cookies (coming directly from my website) and third-party cookies (coming from websites other than my website).
  5. Cookies allow me to customize the content of my website and the needs of other visitors. They also enable the creation of statistics that show how users of the site use the site and how they navigate through it. This allows me to improve my website, its content, structure and design.
  6. The Administrator uses the following third-party cookies on the Site:
    • Meta conversion pixel (Facebook) and ads created through Facebook Facebook Ads (Facebook Custom Audiences) – in order to manage Facebook ads and conduct remarketing activities, which is a legitimate interest of the Administrator. The Administrator may also target advertising content to the User through Facebook as part of contact advertising.

      Meta’s (Facebook) Pixel tool is provided by Meta Platforms Irleand Limited and its affiliates. It’s an analytical tool that helps measure the effectiveness of ads, shows what actions Page Users take, and helps you reach a specific group of people (Facebook Ads, Facebook Insights). The Administrator may also target advertising content to the User through the Facebook portal as part of contact ads.

      The administrator may also conduct remarketing under Art. 6 paragraph. 1(f) of the RODO (the administrator’s legitimate interest to promote and advertise services directed to persons who have agreed to send offers (or persons similar to them or to users who have liked the Fanpage) in such a way that the email addresses provided are uploaded to the marketing tool offered by Meta Platforms Ireland Limited, the so-called “Marketing Tool”. advertising manager, and then the advertising created by the Administrator or authorized persons is directed to them, through the Administrator’s advertising account, provided that these persons are also users of the Facebook platform (they have an account set up there). Each time the data is deleted after the advertising campaign ends. When the next advertising campaign is implemented, an updated contact database is uploaded to the tool). Accurate information about the so-called. groups of non-standard recipients, the rules of data hashing and the processing of such data can be found in Facebook’s privacy policy at this link https://www.facebook.com/legal/terms/customaudience# and https://www.facebook.com/legal/terms/dataprocessing, and the Administrator recommends that each User familiarize himself with these rules.

      The information collected through the use of Facebook Pixel is anonymous and does not identify the User. They show general data about users: location, age, gender, interests. The Facebook provider may combine this information with the information you provide to it within your Facebook account, and then use it in accordance with its own purposes and objectives.

      The administrator recommends reviewing the details related to the use of the Facebook Pixel tool and possibly asking questions of the tool’s provider, as well as managing your Facebook privacy settings. For more information, visit: https://www.facebook.com/privacy/explanation. At any time you can opt out of cookies responsible for displaying remarketing ads, e.g. on https://www.facebook.com/help/1075880512458213/.

      By using the site, the user agrees to the installation of the indicated cookie on his/her terminal device.

    • Embedded Google Analytics code – to analyze the statistics of the Site. Google Analytics uses its own cookies to analyze the activities and behaviors of Site users. These files are used to store information, such as which page the User came from to the current website. They help improve the Site.

      This tool is provided by Google Ireland Limited. The actions taken in the use of the Google Analytics code are based on the Administrator’s legitimate interest in the creation and use of statistics, which then enables the improvement of the Administrator’s services and optimization of the Site.

      As part of the use of the Google Analytics tool, the Administrator does not process any identifiable User data.

      The administrator recommends reading the details related to the use of the Google Analytics tool, the possibility of disabling the tracking code and possibly asking questions to the provider of this tool at the link: https://support.google.com/analytics#topic=3544906.

    • Social media referral plugins e.g.. Facebook, Instagram, Trip Advisor.

      When the user clicks on the icon of a particular plug-in, he is referred to the site of an external provider, in this case the owner of a particular social networking site, e.g., “The Social Network”. Facebook. He then has the option of clicking “Like” or “Share” and liking the Administrator’s fanpage, located on Facebook, or directly sharing its content (post, article, video, etc.).

      The administrator recommends reviewing Facebook’s privacy policy before creating an account on the site. The administrator has no control over the data processed by Facebook. From the moment the user clicks on the social media referral plug-in button, personal data is processed by the social network, e.g. Facebook, which becomes their controller and decides the purposes and scope of their processing. Cookies left by the Facebook plug-in (or other third parties) may also be applied to the User’s device when the User accesses the Site and then associated with data collected on the Facebook portal. By using the Site, the user accepts this fact. The controller has no control over the processing of data by third parties in this way.

      The above tips should also be applied to service:

      Facebook – fanpage located at URL: https://www.facebook.com/statekkrakow/

      Profile on the social network Instagram, located at the URL: https://www.instagram.com/rejsy_po_wisle_krakow/

      Profile on TripAdvisor, located at URL: https://www.tripadvisor.com/Attraction_Review-g274772-d19271743-Reviews-Aqua_Fun_River_Cruises-Krakow_Lesser_Poland_Province_Southern_Poland.html

    • Tools for evaluating the effectiveness of Google Ads campaigns – for the purpose of advertising and remarketing campaigns, which is a legitimate interest of the Administrator.

      The Administrator does not collect any data that would allow the identification of the User’s personal information. The Administrator recommends reading Google’s privacy policy to learn the details of how these features work and how to disable them, if necessary, from the User’s browser.

    • Content from portals and websites of third-party providers. The Administrator may embed content from third-party portals, services, blogs and other websites on the Site. In particular, these may include videos from You Tube.

      The aforementioned third parties may record certain data about the reproductions of content the User has made.

      If you do not want this to happen, please log out of the respective portal (if you have an account there and are logged in) before visiting my Site or do not play the given content on the Site. You can also change your browser settings and block certain content from certain portals from being shown to you.

      You Tube

      The YouTube service is operated by Google LLC and allows you to play recordings found on the Administrator’s sites. You Tube may save cookies on the User’s device about recordings played and assigns them to the User’s account on You Tube, if the User is logged in.
      By using the recordings posted on YouTube, you are using services provided electronically by Google LLC. For details on the processing of personal data, see the privacy policy and terms and conditions of this portal: https://policies.google.com/privacy and https://www.youtube.com/t/terms

  7. Again, the Administrator recommends reviewing the privacy policies of each of the providers of the above services in order to learn about the possibility of making changes and settings to ensure the protection of your rights.
  8. The site uses two types of cookies: session cookies, which are deleted after closing the browser, logging out or leaving the website, and permanent cookies, which are stored on the user’s terminal device, allowing the browser to recognize them the next time the user accesses the site, for the time specified in the parameters of the cookies or until they are deleted by the user.
  9. In many cases, web browsing software (web browser) allows cookies to be stored on the user’s terminal device by default. Users of the Website may change their cookie settings at any time. These settings can be changed, in particular, in such a way as to block the automatic handling of cookies in the settings of your web browser or inform you of their placement on the Site User’s device each time. Detailed information about the possibility and methods of handling cookies is available in the settings of your software (web browser).
  10. The Administrator informs that restrictions on the use of cookies (disabling them, limiting them) may affect some of the functionalities available on the Website and hinder its operation.
  11. More information about cookies is available at http://wszystkoociasteczkach.pl/ or in the “Help” section of your web browser menu.

§8 CONSENT TO COOKIES

When you access the Site for the first time, you must agree to cookies or take other possible actions indicated in the message in order to continue using the content of the Site. Use of the Site implies consent. If you do not want to give such consent – leave the Site. Also, you can always change your browser settings, disable or delete cookies. The “help” tab of the User’s browser contains the necessary information.

§9 SERVER LOGS

  1. Use of the Site involves sending requests to the server on which the Site is stored.
  2. Each request to the server is recorded in the server logs. Logs include, among others. The User’s IP address, the date and time of the server, information about the Internet browser and the operating system used by the User.
  3. Logs are saved and stored on the server.
  4. Server logs are used for the administration of the Site, and their contents are not disclosed to anyone other than persons and entities authorized to administer the server.
  5. The Administrator does not use server logs in any way to identify the User.
Date of publication of the Privacy Policy: 01.01.2023
Date of last update: 27.03.2024