Privacy policy and cookies policy

Using the blog and website https://statek-krakow.pl and the online shop under the name https://bilety.statek-krakow.pl/ means acceptance of the following terms and conditions of the Privacy Policy and Cookies Policy.

As a User, please familiarise yourself with its provisions. The following table of contents will be of help. I inform you how I take care of Users’ data, how do I process it, who I entrust it to and many other important issues related to personal data.

Table of contents:

§1 GENERAL PROVISIONS

This Privacy Policy and Cookies Policy defines the rules for the processing and protection of personal data provided by Users and Cookies, as well as other technologies appearing on the website https://statek-krakow.pl and in the online shop under the name https://statek-krakow.pl/bilety/.

The Controller of the website and the personal data submitted as part of it is:

Krystian Kapusta running a business named ‘Aqua Fun Krystian Kapusta’, at Bulwar Czerwieński plot no. 172/7, 31-069 Kraków, TAX ID: 6791224838 in accordance with the document generated from the Central Registration and Information on Economic Activity system.

I care about the security of personal data and the privacy of the Website User. I am delighted that you have visited my Website.

In case of any doubts regarding the provisions of this Privacy Policy and Cookies Policy, please contact the Controller via e-mail: info@statek-krakow.pl

The Controller reserves the right to introduce changes to the privacy policy, and each User of the website is obliged to know the current privacy policy. Reasons for changes may include the development of online technologies used on the site, changes in applicable laws, or the development of the Website, e.g., through the introduction of new tools by the Controller. At the bottom of the page you will find the publication date of the current Privacy Policy.

§2 DEFINITIONS

Controller – Krystian Kapusta running a business named ‘Aqua Fun Krystian Kapusta’, at Bulwar Czerwieński, plot no. 172/7, 31-069 Kraków, TAX ID: 6791224838 in accordance with the document generated from the Central Registration and Information on Economic Activity system.

User – any entity staying on and using the website.

Website and/or Online Store – the website and online shop located athttps://statek-krakow.pl and https://statek-krakow.pl/bilety/.

Form or Forms – places on the Website that allow the User to enter personal data for the purposes indicated therein, e.g., to place an order, to contact the User.

DGPR – means the Regulation of the European Parliament and of the Council EU 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Data Protection Act – Act of May 10, 2018 on the protection of personal data (Journal of Laws of 2018, item 1000 as amended).

Act on provision of services by electronic means – Act of July 18, 2002 on the provision of electronic services (Journal of Laws No. 144, item 1204 as amended).

Telecommunications Law – Law of July 16, 2004, Telecommunications Law (Journal of Laws of 2021, item 576 as amended).

§3 PERSONAL DATA AND PRINCIPLES OF THEIR PROCESSING

WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?

The Controller of the User’s personal data is Krystian Kapusta, running a business named ‘Aqua Fun Krystian Kapusta’, at Bulwar Czerwieński plot no. 172/7, 31-069 Kraków, TAX ID: 6791224838 in accordance with the document generated from the Central Registration and Information on Economic Activity system.

The Controller co-administers with social media platform providers, e.g., Facebook, Instagram, Trip Advisor, etc. indicated in this document regarding the data of people using social media and following the Controller’s profile on a given social media platform and interacting with the Controller. The principles of co-administration are set out below for each social media platform on which the Controller has a profile.

IS THE PROVISION OF DATA VOLUNTARY? WHAT IS THE CONSEQUENCE OF NOT PROVIDING THEM?

Providing data is voluntary, however, failure to provide certain information, generally marked on the Controller’s website as mandatory, will result in the inability to provide a given service and achieve a specific goal or take specific actions.

The User’s provision of data that is not mandatory or excess data that the Controller does not need to process is based on the User’s own decision, and then the processing takes place on the basis of the premise set out in Art. 6 sec. (1)(a) of the GDPR (consent). The User consents to the processing of this data and to anonymize data that the Controller does not require and does not want to process but were provided by the User to the Controller nonetheless.

FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS DO WE PROCESS THE USER'S PERSONAL DATA PROVIDED WHILE USING THE WEBSITE?

The User’s personal data on the Controller’s Website may be processed for the following purposes and on the following legal bases:

  1. providing a service or performance of a concluded contract, sending an offer (e.g., advertising) at the User’s request – pursuant to Art. 6 sec. 1(b) of the GDPR (necessity to conclude and/or perform a contract or to take action on a request);
  2. issuing an invoice, bill and fulfilling other obligations arising from tax law in the case of orders placed in the Online Store or other products and services – pursuant to Art. 6 sec. 1(c) of the GDPR (legal obligation);
  3. granting a discount or informing about promotions and interesting offers of the Controller or entities recommended by him – pursuant to Art. 6 sec. 1(a) of the GDPR (consent);
  4. storing unpaid orders – pursuant to Art. 6 sec. 1(f) of the GDPR (legitimate interest of the controller);
  5. handling complaints or claims related to the contract – on the basis of Art. 6 sec. (1)(b) of the GDPR (necessity to conclude and/or perform the contract) and pursuant to Art. 6 sec. 1(c) of the GDPR (legal obligation);
  6. determining, investigating or defending against claims – pursuant to Art. 6 sec. 1(f) of the GDPR (legitimate interest of the controller);
  7. telephone contact in matters related to the provision of the service – pursuant to Art. 6 sec. 1(b) of the GDPR (necessity to conclude and/or perform the contract);
  8. telephone contact for the purpose of making an offer and for direct marketing – pursuant to Art. 6 sec. (1)(a) of the GDPR (consent) and pursuant to Art. 6 sec. 1(f) of the RODO (legitimate interest of the controller) if you are already a customer;
  9. the creation of records relating to the GDPR and other legislation – pursuant to Art. 6 sec. (1)(c) of the GDPR (legal obligations) and Art. 6 sec. 1(f) of the GDPR (legitimate interest of the controller);
  10. archival and evidentiary purposes, for the purpose of securing information that may be used to prove facts – pursuant to Art. 6 sec. 1(f) of the GDPR (legitimate interest of the controller);
  11. analytical purposes, consisting of, among others, the analysis of data collected automatically when using the website, including cookies, e.g., Google Analytics cookies, Meta Pixel (Facebook) – pursuant to Art. 6 sec. 1(f) of the GDPR (legitimate interest of the controller);
  12. use of cookies on the Website and its subpages – pursuant to Art. 6 sec. 1(a) of the GDPR (consent);
  13. managing the Website and the Controller’s pages on other platforms – pursuant to Art. 6 sec. 1(f) of the GDPR (legitimate interest of the controller);
  14. for internal administrative purposes of the Controller related to managing contact with the User, which is the legally justified interest of the Data Controller pursuant to Art. 6 sec. 1(f) of the GDPR (legitimate interest of the controller);
  15. in order to adjust the content displayed on the Controller’s websites to individual needs and to constantly improve the quality of the services offered – pursuant to Art. 6 sec. 1(f) of the GDPR (legitimate interest of the controller);
  16. for the purpose of direct marketing to the User of own products or services or recommended products of third parties – pursuant to Art. 6 sec. 1(f) of the GDPR (legitimate interest of the controller);
  17. for the creation of its own User databases – pursuant to Art. 6 sec. 1(f) of the GDPR (legitimate interest of the controller);
  18. in order to operate a fanpage called “Statek Kraków – rejsy po Wiśle w Krakowie” on Facebook and interact with users – pursuant to Art. 6 sec. 1(f) of the GDPR (legitimate interest of the controller);
  19. in order to operate the account on Instagram under the name Rejsy_po_Wiśle_Kraków and to interact with users – pursuant to Art. 6 sec. 1(f) of the GDPR (legitimate interest of the controller);
  20. in order to target advertising in social media and on websites, such as Facebook Leads Ads or Facebook Custom Audience, You Tube, and to target remarketing – pursuant to Art. 6 sec. 1(a) of the GDPR (consent) and pursuant to Art. 6 sec. 1(f) of the GDPR (legitimate interest of the Controller) consisting of the promotion and advertising of the Controller’s services through remarketing targeted at those subscribed to the mailing or visiting the website concerned).

The User’s provision of data that is not mandatory or excess data that the Controller does not need to process is based on the User’s own decision, and then the processing takes place pursuant to the premise set out in Art. 6 sec. (1)(a) of the GDPR (consent). The User consents to the processing of this data and to anonymize data that the Controller does not require and does not want to process but were provided by the User to the Controller nonetheless.

HOW IS DATA COLLECTED?

Only the data that the user provides is collected and processed (except – in certain situations – data collected automatically using cookies and login data, as described below).

When visiting the website, data regarding the visit itself is automatically collected, e.g., the user’s IP address, domain name, browser type, operating system type, etc. (login data). Automatically collected data can be used to analyze user behavior on the website, collect demographic data about users, or to personalize the content of the website for improvement purposes. However, this data is processed only for the purposes of website administration and ensuring efficient hosting services, and is not associated with the data of individual Users. You can read more about cookies later in this policy.

Data may also be collected for the purpose of filling out forms available on the Website, which is discussed further in the privacy policy.

Information society services

The Controller does not collect children’s data. The user should be at least 16 years of age to consent to the processing of personal data for the purpose of providing information society services, including for marketing purposes, or obtain the consent of a legal guardian (e.g., parent) for this purpose.

If the User is under 16 years of age, they should not use the Website and service https://statek-krakow.pl.

The Controller is entitled to make reasonable efforts to verify whether the User meets the age requirement referred to above, or whether the person exercising parental authority or guardianship over a User who is under 16 years of age has given consent or approved it.

WHAT ARE THE USER RIGHTS?

The user shall at all times be entitled to the rights contained in Art. 15- 21 of the GDPR i.e.,:

  • the right of access to the content of his data,
  • the right to transfer data,
  • the right to correct data,
  • the right to rectify data,
  • the right to erasure of the data if there is no longer any justification for its processing,
  • the right to restrict processing if it was performed incorrectly or without a legal justification,
  • the right to object to the processing of data on the basis of the legitimate interest of the controller,
  • the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office (in accordance with the principles set out in the Personal Data Protection Act), if the User considers that the processing of their data is inconsistent with the currently applicable data protection law,
  • the right to be forgotten if further processing is not provided for by currently applicable law.

The Controller points out that these rights are not absolute and do not apply to all processing activities of the User’s personal data. This applies to the right to obtain a copy of your data, for example. This right cannot adversely affect the rights and freedoms of other people. In order to learn about the limitations regarding User rights, please refer to the GDPR.

However, the user always has the right to lodge a complaint with the supervisory authority.

In order to exercise his or her rights, the User may contact the Controller via e-mail: info@statek-krakow.pl or by letter to the Controller’s place of business address, if provided in this privacy policy, indicating the scope of their requests. The answer will be given no later than 30 days from the date of receipt of the request and its justification, unless it is justified to extend this deadline in accordance with the GDPR.

CAN A USER WITHDRAW THEIR CONSENT?

If the User has consented to a specific action, such consent may be withdrawn at any time, which will result in the deletion of the e-mail address from the Controller’s mailing list and the cessation of the indicated activities (in the case of registration based on consent). Withdrawal of consent does not affect data processing that was carried out on the basis of consent before its withdrawal.

In some cases, the data may not be completely deleted and will be retained in order to defend against possible claims for a period of time in accordance with the provisions of the Civil Code or, for example, in order to fulfill legal obligations imposed on the Controller.

Each time, the Controller will respond to the User’s request, adequately justifying further actions resulting from legal obligations.

DO WE TRANSFER YOUR DATA TO THIRD COUNTRIES?

User data may be transferred outside the European Union – to third countries.

Due to the fact that the Controller uses external providers of various services e.g., Meta Platforms Ireland Limited (Facebook and subsidiaries), hereinafter referred to as Meta or Facebook, Google, Microsoft, etc., the User’s data may be transferred to the United States of America (USA) due to the fact that they are stored on American servers (in whole or in part). Google and Facebook use GDPR compliance mechanisms (e.g., certificates) or standard contractual clauses for their services. They will only be transferred to recipients who guarantee the highest protection and security of data, including by:

  • cooperation with entities processing personal data in countries in respect of which an appropriate decision of the European Commission has been issued,
  • application of standard contractual clauses issued by the European Commission (as is the case, for example, with Google),
  • the application of binding corporate rules approved by the competent supervisory authority,
  • or to those whose personal data the User has consented to.

Detailed information is available in the privacy policies of each of the providers of these services, available on their websites. For example:

Google Ireland Limited: https://policies.google.com/privacy?hl=pl

Meta Platforms Ireland Limited: https://www.facebook.com/privacy/explanation.

Currently, the services offered by Google and Meta are mainly provided by entities located in the European Union. You should, however, always refer to the privacy policies of these providers for up-to-date information on data protection.

HOW LONG DO WE KEEP YOUR DATA?

The User’s data will be stored by the Controller for the duration of the implementation of individual services/achieving goals and:

  • for the period of service and cooperation, as well as for the period of limitation of claims in accordance with the provisions of law – in relation to data provided by contractors, customers or Users,
  • for the period of talks and negotiations preceding the conclusion of the contract or provision of the service – in relation to the data provided in the inquiry,
  • for the period required by law, including tax law – in relation to personal data related to the fulfillment of obligations arising from applicable regulations,
  • until an objection is effectively filed pursuant to Art. 21 of the GDPR – in relation to personal data processed on the basis of a legitimate interest of the controller, including for direct marketing purposes,
  • until the consent is withdrawn or the processing purpose or business purpose is achieved – in relation to personal data processed on the basis of consent. After withdrawal of consent, the data may still be processed in order to defend against possible claims in accordance with the limitation period for these claims or the (shorter) period indicated to the User.
  • until it becomes outdated or no longer useful – in relation to personal data processed mainly for analytical and statistical purposes, the use of cookies and the administration of the Controller’s Websites.

Data storage periods indicated in years are counted at the end of each year in which data processing began. This is intended to improve the process of data processing and management.

Detailed periods of personal data processing relating to individual processing activities are included in the Controller’s register of processing activities.

LINKS TO OTHER SITES

Links to other websites may appear on the Site. They will open in a new browser window or in the same window. The controller is not responsible for the content provided by these sites. The user is obliged to read the privacy policy or regulations of these websites.

SOCIAL MEDIA ACTIVITIES - FACEBOOK

The Controller of the User’s personal data on the fanpage on Facebook under the name Statek Kraków – rejsy po Wiśle w Krakowie, at https://www.facebook.com/statekkrakow on Facebook (hereinafter Fanpage).

The User’s personal data provided on the Fanpage will be processed for the purpose of administering and managing the Fanpage, communicating with the User, interacting, sending marketing content to the User and creating a Fanpage community.

The basis for their processing is the User’s consent and the administrator’s legitimate interest in interacting with Fanpage Users and Followers. The user voluntarily chooses to like/watch the Fanpage.

The rules governing the Fanpage are established by the Controller, however, the rules for staying on the Facebook social networking site result from Facebook’s regulations.

The user can stop following the Fanpage at any time.

The controller will not, however, display any Fanpage-related content from the controller to the User.

The controller can see the User’s personal data, such as e.g., name, surname or general information, which the User posts on his profiles as public. The processing of other personal data is carried out by the Facebook social networking site and under the terms and conditions contained in its regulations.

The User’s personal data will be processed for the period of operation/existence of the Fanpage based on the consent expressed by liking/clicking “Follow” the Fanpage or interacting, e.g., leaving a comment, sending a message, and in order to implement the legitimate interests of the controller, i.e., marketing your own products or services or defending against claims.

The User’s personal data may be made available to other data recipients, such as Facebook, cooperating advertising agencies or other subcontractors operating the Controller’s Fanpage, IT service, if contact occurs outside of Facebook.

Other rights of the User are described in this privacy policy.

User data may be transferred to third countries in accordance with Facebook’s regulations.

This data can also be profiled, which helps to better personalize the advertising offer addressed to the User. However, they will not be processed in an automated manner within the meaning of the GDPR (having a negative impact on the rights and freedoms of the User).

SOCIAL MEDIA ACTIVITIES – INSTAGRAM

The Controller is the administrator of the User’s personal data on the profile page under the name Rejsy_po_Wiśle_Kraków, at https://www.instagram.com/rejsy_po_wisle_krakow/ on Instagram (hereinafter the Profile).

The User’s personal data provided on the Profile will be processed for the purposes of administering and managing the Profile, communicating with the User, interacting, directing marketing content to the User, and creating a Profile community.

The basis for their processing is the User’s consent and the administrator’s legitimate interest in interacting with Users and Profile Followers. The user voluntarily chooses to like/watch the Profile.

The rules governing the Profile are established by the Controller, however, the rules for staying on the Facebook social networking site result from Facebook’s regulations.

The User can stop watching the Profile at any time. However, the Controller will not then display any content from the Administrator related to the Profile to the User.

The controller can see the User’s personal data, such as e.g., name, surname or general information, which the User posts on his profiles as public. The processing of other personal data is carried out by the Instagram social networking site and under the terms and conditions contained in its regulations.

The User’s personal data will be processed for the period of maintaining/existence of the Profile based on the consent expressed by liking/clicking “Follow” the Profile or interacting, e.g., leaving a comment, sending a message and in order to implement the legitimate interests of the Controller, i.e., marketing your own products or services or defending against claims.

The User’s personal data may be made available to other data recipients, such as the Instagram portal, cooperating advertising agencies or other subcontractors handling theController’s Profile, IT service, if contact occurs outside the Instagram portal

Other rights of the User are described in this privacy policy.

User data may be transferred to third countries in accordance with Instagram’s regulations.

This data can also be profiled, which helps to better personalize the advertising offer addressed to the User. However, they will not be processed in an automated manner within the meaning of the GDPR (having a negative impact on the rights and freedoms of the User).

SOCIAL MEDIA ACTIVITIES - TRIP ADVISOR

The controller of the User’s personal data on the profile page on the Trip Advisor portal, under the name Aqua Fun – Rejsy po Wiśle, at

https://www.tripadvisor.com/Attraction_Review-g274772-d19271743-Reviews-Aqua_Fun_River_Cruises-Kraków_Lesser_Poland_Province_Southern_Poland.html on Trip Advisor (hereinafter the Profile) is the Controller.

The User’s personal data provided on the Profile will be processed for the purposes of administering and managing the Profile, communicating with the User, interacting, directing marketing content to the User, and creating a Profile community.

The basis for their processing is the User’s consent and the administrator’s legitimate interest in interacting with Users and Profile Followers. The user voluntarily chooses to like/watch the Profile.

The rules governing the Profile are set by the Controller, however, the rules for staying on the Trip Advisor social networking site result from the Trip Advisor regulations.

The User can stop watching the Profile at any time.

However, the Controller will not then display to the User any content from the Controller related to the Profile.

The controller can see the User’s personal data, such as e.g., name, surname or general information, which the User posts on his profiles as public. The processing of other personal data is carried out by the Instagram social networking site and under the terms and conditions contained in its regulations.

The User’s personal data will be processed for the period of maintaining/existence of the Profile based on the consent expressed by liking/clicking “Follow” the Profile or interacting, e.g., leaving a comment, sending a message and in order to implement the legitimate interests of the Controller, i.e., marketing your own products or services or defending against claims.

The User’s personal data may be made available to other data recipients, such as the Instagram portal, cooperating advertising agencies or other subcontractors handling theController’s Profile, IT service, if contact occurs outside the Instagram portal

Other rights of the User are described in this privacy policy.

User data may be transferred to third countries in accordance with Instagram’s regulations.

This data can also be profiled, which helps to better personalize the advertising offer addressed to the User. However, they will not be processed in an automated manner within the meaning of the GDPR (having a negative impact on the rights and freedoms of the User).

DATA SECURITY

The User’s personal data are stored and protected with due care, in accordance with the Controller’s implemented internal procedures.The Controller processes information about the User using appropriate technical and organizational measures that meet the requirements of generally applicable law, in particular the provisions on the protection of personal data. These measures are primarily intended to protect Users’ personal data from unauthorised access.

In particular, only authorized persons who are obliged to keep this data secret or entities entrusted with the processing of personal data on the basis of a separate data entrustment agreement have access to Users’ personal data.

At the same time, the User should exercise due diligence in securing their personal data transmitted via the Internet, in particular not disclosing their login details to third parties, using anti-virus protection and updating the software.

WHO MAY BE THE RECIPIENTS OF PERSONAL DATA?

The Controller informs that they use the services of external entities. Entities entrusted with the processing of personal data (such as courier companies, companies intermediating electronic payments, companies offering accounting services) guarantee the use of appropriate protection and security measures for personal data required by law, in particular by the GDPR.

The Controller informs the User that they entrusts the processing of personal data, among others: the following entities in the field of storing personal data on the server, in order to issue accounting documents, in order to operate the payment system and electronic transactions, in order to operate the domain and mail server, in order to provide IT support or IT management of the Website, other contractors or subcontractors engaged in technical and administrative support, or to provide legal assistance to the Controller and its customers, e.g., accounting, IT, graphic, copywriting assistance, debt collection companies, lawyers, etc., offices, e.g., tax office – in order to fulfill legal and tax obligations related to with settlements and accounting.

Entities that process personal data, such as the Controller, ensure compliance with European standards in the field of personal data protection, including standards set by legal acts and decisions of the European Commission, and apply compliance mechanisms also when transferring data outside the EEA, among others. in the form of standard contractual clauses adopted by the European Commission, Decision 2021/915 of 4 June 2021 on standard contractual clauses between controllers and processors pursuant to Art. 28 sec. 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council and Art. 29 sec. 7 of Regulation (EU) 2018/1725 of the European Parliament and of the Council https://eur-lex.europa.eu/legal-content/PL/TXT/PDF/?uri=CELEX:32021D0915&from=EN.

DO WE HAVE AN APPOINTED DATA PROTECTION OFFICER?

The Personal Data Controller hereby informs you that they have not appointed a Data Protection Officer (DPO) and performs the duties related to the processing of personal data personally.

The User acknowledges that their personal data may be transferred to authorized state authorities in connection with the proceedings conducted by them, at their request and after meeting the conditions confirming the necessity to obtain this data from the Controller

DO WE PROFILE YOUR DATA?

The User’s personal data will not be used for automated decision-making that affects the User’s rights, obligations or freedoms within the meaning of the GDPR.

As part of the website and tracking technologies, the User’s data may be profiled, which helps to better personalize the company’s offer that the Controller sends to the User (mainly through the so-called behavioral advertising). However, this should not have any impact on the User’s legal situation, in particular on the terms of the contracts concluded by him or the contracts he intends to conclude. It can only help to better tailor content and targeted advertising to the User’s interests. The information used is anonymous and is not associated with personal data provided by the User, e.g., in the purchase process. They result from statistical data, e.g., gender, age, interests, approximate location, behavior on the Website.

Every User has the right to object to profiling if it would have a negative impact on the User’s rights and obligations.

If you want to learn more about behavioural advertising click here: https://www.youronlinechoices.com/pl/o-reklamie-behawioralnej.

§4 FORMS

The Controller uses the following types of forms within the website:

  1. Order form in the Store – When placing an order in the Administrator’s online store, you must provide certain data in accordance with the rules contained in the sales regulations in order to complete the order, fulfill legal obligations imposed on the Administrator, settle accounts, consider claims, for statistical and archival purposes, as well as for marketing purposes directly towards customers, which is the legitimate interest of the Controller.

    These are: first name, surname, company name, TAX ID, telephone number, e-mail address, date and time of the cruise for which the customer orders a ticket.

    The controller will keep the data for the duration of the order or service and, after completion, for the period necessary to protect against claims. In addition, for the time indicated by legal regulations, e.g., tax law (such as the mandatory period for storing invoices).

  2. Complaint and withdrawal form – If you use the Controller’s services or products, you can submit a complaint or withdraw from the concluded contract. For this purpose, the Contoller enables you to fill out the complaint form and the contract withdrawal form attached to the sales regulations. You can also perform these activities without filling out the form, but providing the necessary data.

    The data required in this case are: name, surname or possibly user name, residential address or company address (if the order was placed on behalf of the company), e-mail address, telephone number (possibly), bank account number (if a return is necessary). The details are indicated in the form and in the Terms and Conditions of Sale.

    The provision of data is voluntary, but necessary to process the complaint in accordance with the law and the Terms and Conditions of Sale. The data will be stored for the purposes of the complaints procedure / withdrawal from the contract and for archiving and defence against claims.

The Controller may entrust the processing of personal data to third parties without the User’s separate consent (on the basis of an entrustment agreement). Data obtained from the forms may not be passed on to third parties.

If the User uses the services of external providers, they should read their privacy policies, available from the providers of these services, on their websites.

§5 DISCLAIMER AND COPYRIGHT

  1. The content presented on the Website does not constitute advice or specialist guidance (e.g., educational) and does not refer to a specific factual situation. If the User wants to get help in a specific matter, they should contact the Controller or the person authorized to provide such advice, using the contact details provided. The Controller is not responsible for the use of the content contained on the Website or any actions or omissions undertaken on its basis.
  2. All content posted on the Website is the subject of copyright of specific persons and/or the Controller (e.g., photos, texts, other materials, etc.). The controller does not consent to the copying of such content in whole or in part without their express prior consent.
  3. The Controller hereby informs the User that any distribution of content made available by the Controller constitutes a violation of the law and may result in civil or criminal liability. The Controller may also demand appropriate compensation for material or non-material losses in accordance with applicable regulations.
  4. The Controller is not responsible for the illegal use of materials available on the website.
  5. The content posted on the Site is current as of the date of posting, unless otherwise indicated.

§6 TECHNOLOGIES

In order to use the Controller’s website, it is necessary to have:

  • Internet-enabled devices,
  • An active e-mail inbox receiving e-mails,
  • A web browser capable of displaying web pages,
  • Software capable of reading content in the presented formats, e.g., pdf., video, mp3, mp4.

§7 COOKIE POLICY

  1. Like most websites, the Controller’s Website uses the so-called tracking technologies, i.e., cookies (“cookies”), which enable the website to be improved to meet the needs of its visitors.
  2. The website does not automatically collect any information, except for information contained in cookies.
  3. Cookie files (so-called ‘cookies’) are IT data, small text files that are stored on the end device, e.g., computer, tablet, smartphone, when you use my Website.
  4. These may include my own cookies (which come directly from my website) and third-party cookies (which come from websites other than my website).
  5. Cookies allow me to tailor the content of my website to your individual needs and the needs of other visitors. They also enable the creation of statistics that show how users of the website use it and how they move around it. This allows me to improve my website, its content, structure and design.
  6. The Controller uses the following third-party cookies on the Site:
    • Meta conversion pixel (Facebook) and ads created via Facebook Facebook Ads (Facebook Custom Audiences) – in order to manage Facebook ads and carry out remarketing activities, which is a legitimate interest of the Controller. The Controller may also target advertising content to the User via Facebook as part of contact advertising.

      The Meta Pixel Tool (Facebook) is provided by Meta Platforms Ireland Limited and its affiliated companies. This is an analytical tool that helps measure the effectiveness of advertisements, shows what actions the Website Users take, and helps reach a specific group of people (Facebook Ads, Facebook Insights). The Controller may also target advertising content to the User via the Facebook portal as part of contact advertising.

      The Controller may also conduct remarketing pursuant the Art. 6 sec. 1 (f) of the GDPR (legitimate interest of the controller, consisting in the promotion and advertising of services addressed to people who have consented to sending offers (or people similar to them or to users who liked the Fanpage) in such a way that the e-mail addresses provided are uploaded to the marketing tool offered by Meta Platforms Ireland Limited, the so-called advertising manager, and then an advertisement created by the Controller or authorized persons is directed to them through the Controller’s advertising account, provided that these persons are also users of the Facebook platform (they have an account set up there). Each time, this data is deleted after the end of the advertising campaign. In the event of another advertising campaign, an updated contact database is uploaded to the tool). Precise information about the so-called non-standard groups of recipients, the rules of data hashing and processing of these data can be found in Facebook’s privacy policy under this link https://www.facebook.com/legal/terms/customaudience# and https://www.facebook.com/legal/terms/dataprocessing, and the Controller recommends that each User reads these rules.

      Information collected through the use of Facebook Pixel is anonymous and does not allow for the identification of the User. They show general data about users: location, age, gender, interests. The Facebook provider may combine this information with information that the User provides to him as part of his Facebook account, and then use it in accordance with his own assumptions and purposes.

      The Controller recommends that you read the details related to the use of the Facebook Pixel tool and, if necessary, ask questions to the provider of this tool, as well as manage your privacy settings on Facebook. For more information, see: https://www.facebook.com/privacy/explanation. At any time, you can opt out of cookies responsible for displaying remarketing advertisements, e.g., at https://www.facebook.com/help/1075880512458213/.

      By using the website, you consent to the installation of the indicated cookie on your terminal device.

    • Embedded Google Analytics code – to analyse the statistics of the Site. Google Analytics uses its own cookies to analyse the actions and behaviour of the Website Users. These files are used to store information, for example on the page that directed the User to the current website. They help to improve the website.

      This tool is provided by Google Ireland Limited. Activities undertaken as part of the use of the Google Analytics code are based on the Controller’s legitimate interest in the creation and use of statistics, which then enables the improvement of the Controller’s services and optimisation of the Website.

      As part of the use of the Google Analytics tool, the Controller does not process any personally identifiable User data.

      The Controller recommends reading the details related to the use of the Google Analytics tool, the possibility of disabling the tracking code and possibly asking questions to the provider of this tool under the link: https://support.google.com/analytics#topic=3544906.

    • Social media referral plug-ins e.g., Facebook, Instagram, Trip Advisor.

      The user, after clicking on the icon of the respective plug-in, is redirected to the website of the external provider, in this case the owner of the respective social network, e.g. Facebook. Then, you can click “Like” or “Share” and like the Administrator’s fanpage on Facebook or directly share its content (post, article, video, etc.).

      The Controller recommends reading Facebook’s privacy policy before creating an account on this website. The controller has no influence over the data processed by Facebook. From the moment the user clicks on the social media referral plug-in button, personal data is processed by the social network e.g., Facebook, which becomes their controller and decides on the purposes and scope of their processing. Cookies left by the Facebook plug-in (or other third parties) may also be applied to the User’s device after entering the Website and then associated with data collected on Facebook. The User accepts this fact by using the website, The controller has no influence over the processing of data by third parties in this way.

      The above instructions should also apply to the service:

      Facebook – fanpage located at URL: https://www.facebook.com/statekkrakow/

      Profile on the social network Instagram, located at URL: https://www.instagram.com/rejsy_po_wisle_krakow/

      Profile on TripAdvisor, located at URL: https://www.tripadvisor.com/Attraction_Review-g274772-d19271743-Reviews-Aqua_Fun_River_Cruises-Kraków_Lesser_Poland_Province_Southern_Poland.html

    • Tools for evaluating the effectiveness of Google Ads campaigns – in order to conduct advertising and remarketing campaigns, which is a legitimate interest of the Controller.

      The Controller does not collect any data that would allow the identification of User’s personal data. The Controller recommends reading Google’s privacy policy to learn the details of how these functions work and how to disable them from the User’s browser.

    • Content from portals and websites of external providers. The Controller may embed content from portals, services, blogs and other websites of external providers on the website. This may include, in particular, videos from the website You Tube.

      These third parties may save certain data about the content you have played.

      If you do not want this to happen, log out of the website (if you have an account there and are logged in) before visiting my Website or do not play the content on the Website. You can also change your browser settings and block certain content from certain portals from being shown to you.

      You Tube

      The YouTube website is operated by Google LLC and allows you to play the recordings on the Controller’s websites. Youtube may save cookies on the User’s device during recordings and assigns them to the User’s YouTube account if they are logged in.
      By using recordings uploaded to YouTube, you are using services provided electronically by Google LLC. For details regarding the processing of personal data, please refer to the privacy policy and rules of procedure of this portal: https://policies.google.com/privacy and https://www.youtube.com/t/terms

  7. The Controller once again recommends reading the privacy policy of each of the providers of the above services in order to learn about the possibilities of making changes and settings that ensure the protection of the User’s rights.
  8. The website uses two types of cookies: session cookies, which are deleted after closing the browser, logging out or leaving the website, and persistent cookies, which are stored on the user’s end device, which allows the browser to be recognized the next time you visit the website, for the time specified in the cookie parameters or until they are deleted by the User.
  9. In many cases, the software used to browse websites (web browser) allows the storage of cookies on the User’s end device by default. The Website Users can make changes to the cookies settings at any time. In particular, these settings can be changed so that the automatic support for cookies will be blocked on the browser, or there will be information on their use on the device every time. Detailed information on the possibility and handling of cookies is available in the settings of your software (web browser).
  10. The Controller informs that restrictions on the use of cookies (disabling them, limiting them) may affect some of the functionalities available on the Website’s websites and make its functioning more difficult.
  11. More information on cookies is available at http://wszystkoociasteczkach.pl/ or in the “Help” section of your browser menu.

§8 CONSENT TO COOKIES

When you first enter the Website, you must consent to cookies or take other possible actions indicated in the message in order to continue using the content of the Website. Use of the website implies consent. If you do not wish to give such consent, please leave the website. Alternatively, you can always change your browser settings, disable or delete cookies. The “Help” tab in the user’s browser contains the necessary information.

§9 SERVER LOGS

  1. Using the Website involves sending queries to the server on which the Website is stored.
  2. Each query sent to the server is saved in the server logs. Logs include, among others: User’s IP address, server date and time, information about the web browser and operating system used by the User.
  3. Logs are saved and stored on the server.
  4. The server logs are used for the administration of the website, and their contents are not disclosed to anyone other than the persons and entities authorised to administer the server.
  5. The Controller does not use server logs in any way to identify the User.
Privacy Policy publication date: 01/01/2023
Date of the last update: 27.03.2024