PRIVACY POLICY AND COOKIES POLICY

Using the website available at https://yourkrakowjourney.com constitutes acceptance of the terms set forth in this Privacy Policy and Cookies Policy.
As a User, please familiarize yourself with its provisions. This document informs you how I take care of Users’ data, how I process it, to whom I may entrust it, and other important matters related to personal data.

§1 GENERAL PROVISIONS

This Privacy Policy and Cookies Policy outlines the rules for processing and protecting personal data provided by Users and the use of cookies and other technologies appearing on the website https://yourkrakowjourney.com.
The website and the personal data provided through it are managed by the sole proprietorship Oskar Mielniczek AIRTAXI, NIP: 9182182281, Majdan Nepryski 174, 23-460 Józefów, Poland; phone: +48 514 536 247; email: yourkrakowjourney@gmail.com.
If you have any questions regarding the provisions of this Privacy and Cookies Policy, please contact the Administrator at: yourkrakowjourney@gmail.com.
The Administrator reserves the right to make changes to this policy. Each User of the website is required to be familiar with the current version. Changes may be caused by the development of internet technologies, changes in applicable law, or the development of the Website through the use of new tools by the Administrator.
The publication date of the current Privacy Policy is provided at the bottom of this page.

§2 DEFINITIONS

Administrator – a sole proprietorship:
Oskar Mielniczek AIRTAXI, NIP: 9182182281, Majdan Nepryski 174, 23-460 Józefów, Poland; phone: +48 514 536 247; email: yourkrakowjourney@gmail.com.
User – any entity visiting and using the website.
Website – the website/blog located at https://yourkrakowjourney.com.
Form(s) – designated areas on the Website allowing the User to enter personal data for specified purposes, e.g. to contact the User.
GDPR – General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Personal Data Protection Act – the Polish Act of 10 May 2018 on the protection of personal data (Journal of Laws 2018, item 1000, as amended).
Act on the Provision of Electronic Services – the Polish Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws 2020, item 344, as amended).
Telecommunications Law – the Polish Act of 16 July 2004, Telecommunications Law (Journal of Laws 2021, item 576, as amended).

§3 PERSONAL DATA AND PROCESSING RULES

WHO IS THE ADMINISTRATOR OF THE USER’S PERSONAL DATA?

The administrator of the User’s personal data is:
Oskar Mielniczek AIRTAXI, NIP: 9182182281, Majdan Nepryski 174, 23-460 Józefów, Poland; phone: +48 514 536 247; email: yourkrakowjourney@gmail.com.
Any inquiries, requests, or complaints regarding the processing of personal data should be directed to the above contact details.

The Administrator is a joint controller with social media platform providers, such as Facebook, etc., as indicated in this document, with respect to the data of individuals who use social media, follow the Administrator’s profile on a given platform, and interact with the Administrator. The rules of joint controllership are specified below for each social media platform where the Administrator maintains a profile.

IS PROVIDING PERSONAL DATA VOLUNTARY? WHAT ARE THE CONSEQUENCES OF NOT PROVIDING IT?

Providing personal data is voluntary. However, failure to provide certain information—typically marked as required on the Administrator’s website—may result in the inability to perform a given service, achieve a specific purpose, or take particular actions.

If the User provides data that is not required or provides excessive information the Administrator does not need to process, this is done at the User’s own discretion. In such cases, the processing is based on Article 6(1)(a) of the GDPR (consent). The User thereby consents to the processing of such data and the anonymization of any unnecessary information submitted voluntarily to the Administrator.

FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS DO WE PROCESS PERSONAL DATA PROVIDED WHEN USING THE WEBSITE?

The User’s personal data on the Administrator’s website may be processed for the following purposes and under the following legal bases:

HOW IS DATA COLLECTED?

Only the data voluntarily provided by the User is collected and processed (except in certain situations where data is automatically collected via cookies or login data, as explained below).

When visiting the website, data regarding the visit itself is automatically collected, such as the User’s IP address, domain name, browser type, and operating system. Automatically collected data may be used to analyze user behavior on the website, gather demographic information about users, or personalize the website’s content to improve it. However, this data is processed solely for the purpose of administering the website, ensuring smooth hosting service, or targeting marketing content, and is not associated with specific users. You can read more about cookies later in this policy.

Data may also be collected through forms located on the Website, which is further discussed in the later parts of this Privacy Policy.

INFORMATION SOCIETY SERVICES

The Administrator does not knowingly collect data from children. A User must be at least 16 years old to give consent for the processing of personal data in connection with information society services, including marketing purposes, or must obtain such consent from a legal guardian (e.g., a parent).

If the User is under the age of 16, they should not use the website or the service available at https://yourkrakowjourney.com.

The Administrator is entitled to make reasonable efforts to verify whether the User meets the age requirement mentioned above or whether the person holding parental responsibility or guardianship over a User under the age of 16 has given or approved such consent.

WHAT RIGHTS DOES THE USER HAVE?

The User has the following rights at any time, in accordance with Articles 15–21 of the GDPR:

• the right to access their data,
• the right to data portability,
• the right to rectify data,
• the right to correct inaccurate data,
• the right to erase data if there is no basis for processing it,
• the right to restrict processing if it was carried out incorrectly or without a legal basis,
• the right to object to data processing based on the legitimate interests of the Administrator,
• the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office (according to the provisions of the Personal Data Protection Act) if the User believes that their data is being processed in violation of applicable data protection laws,
• the right to be forgotten if further processing is not provided for by applicable laws.

The Administrator notes that these rights are not absolute and may not apply to all data processing activities. For example, the right to receive a copy of personal data must not adversely affect the rights and freedoms of others, such as copyright or professional secrecy. For details on the limitations of these rights, we refer Users to the text of the GDPR.

However, the User always has the right to file a complaint with the supervisory authority.

To exercise their rights, the User may contact the Administrator via email: yourkrakowjourney@gmail.com. A response will be provided within 30 days of receiving the request and its justification, unless an extension of the deadline is justified in accordance with the GDPR.

CAN THE USER WITHDRAW THEIR CONSENT?

If the User has given consent for a specific action, that consent may be withdrawn at any time. Withdrawal of consent will result in the removal of the email address from the Administrator’s mailing list and the cessation of the specified activities (in the case of subscriptions based on consent). Withdrawal of consent does not affect the lawfulness of data processing carried out on the basis of consent before its withdrawal.

In some cases, data may not be completely deleted and will be retained to defend against potential legal claims for a period consistent with the provisions of the Civil Code or to fulfill legal obligations imposed on the Administrator.

Each time, the Administrator will respond to the User’s request, justifying any continued data processing as required by legal obligations.

DO WE TRANSFER USER DATA TO THIRD COUNTRIES?

User data may be transferred outside the European Union – to third countries.

Due to the fact that the Administrator uses external service providers such as Meta Platforms Ireland Limited (Facebook and its affiliates), Google, Microsoft, etc., User data may be transferred to the United States of America (USA), as it may be stored on American servers (either in whole or in part). Google and Facebook apply GDPR-compliant mechanisms (e.g., certifications) or standard contractual clauses in relation to their services. Data will be transferred only to recipients who ensure the highest level of data protection and security, including:

a) cooperation with entities located in countries for which the European Commission has issued an adequacy decision,
b) the use of standard contractual clauses issued by the European Commission (as is the case with Google),
c) the use of binding corporate rules approved by the competent supervisory authority,
or based on the User’s consent for such data transfers.

Detailed information is available in the privacy policies of each service provider, accessible on their websites. For example:

• Google Ireland Limited: https://policies.google.com/privacy?hl=en
• Meta Platforms Ireland Limited: https://www.facebook.com/privacy/explanation

Currently, services provided by Google Ireland Limited and Meta Platforms Ireland Limited are mostly delivered by entities located within the European Union. However, Users are advised to always review the respective privacy policies of these providers to obtain up-to-date information regarding personal data protection.

HOW LONG DO WE RETAIN USER DATA?

User data will be stored by the Administrator for the duration of the services or until the purposes indicated in the table above are achieved, and:

a) for the duration of service provision and cooperation, as well as for the period of limitation of claims in accordance with the law — with regard to data provided by contractors, clients, or Users,
b) for the duration of conversations and negotiations preceding the conclusion of a contract or provision of a service — with regard to data provided in a service inquiry,
c) for the period required by law, including tax law — with regard to personal data related to compliance with applicable legal obligations,
d) until a valid objection is raised under Article 21 of the GDPR — with regard to personal data processed on the basis of the Administrator’s legitimate interests, including for direct marketing purposes,
e) until consent is withdrawn or the business purpose is achieved — with regard to personal data processed on the basis of consent. After consent is withdrawn, the data may still be processed for the purpose of defending against potential claims in accordance with the statute of limitations or a shorter period specified to the User,
f) until the data becomes outdated or no longer useful — with regard to personal data processed mainly for analytical, statistical purposes, cookie usage, and administration of the Administrator’s website(s).

The data retention periods specified in years are calculated from the end of the year in which data processing began. This approach helps to streamline data management and processing.

Specific data retention periods related to individual processing activities can be found in the Administrator’s register of processing activities.

LINKS TO OTHER WEBSITES

The Website may contain links to other websites. These links may open in a new browser window or the same one. The Administrator is not responsible for the content provided by these websites. Users are obliged to read the privacy policies or terms and conditions of those external websites.

SOCIAL MEDIA ACTIVITY – FACEBOOK

The Administrator manages User data on Facebook under the name Your Krakow Journey – Transfers & Tours (hereinafter referred to as the Fanpage).

Personal data provided by the User on the Fanpage will be processed for the purpose of administering and managing the Fanpage, communicating and interacting with Users, sending marketing content, and building the Fanpage community.

The legal basis for processing is the User’s consent and the Administrator’s legitimate interest in engaging with Users and Followers of the Fanpage. The User voluntarily decides to like or follow the Fanpage.

While the rules of engagement on the Fanpage are set by the Administrator, the general terms of use for the Facebook platform are governed by Facebook’s own regulations.

The User may unfollow the Fanpage at any time. In such cases, the Administrator will no longer display any content related to the Fanpage to the User.

The Administrator can see personal data such as the User’s first name, last name, or any public information shared on their profile. Other personal data is processed by Facebook according to its own privacy policies.

The User’s personal data will be processed for as long as the Fanpage is active or until consent is withdrawn by unliking/unfollowing the Fanpage or disengaging (e.g., no longer commenting or messaging). Data may also be processed for the purpose of legitimate interests of the Administrator, such as marketing their own products or services or defending against legal claims.

User data may be shared with other data recipients, such as Facebook, advertising agencies, subcontractors managing the Administrator’s Fanpage, IT service providers, or a virtual assistant — especially if the contact occurs outside the Facebook platform.

Other User rights are described in this Privacy Policy.

User data may be transferred to third countries in accordance with Facebook’s policies.

Such data may be subject to profiling to help personalize advertising content addressed to the User. However, it will not be processed in an automated manner that negatively affects the User’s rights and freedoms as defined under the GDPR.

Facebook’s Privacy Policy: https://www.facebook.com/privacy/explanation

DATA SECURITY

User’s personal data is stored and protected with due diligence, in accordance with the Administrator’s internal procedures. The Administrator processes User information using appropriate technical and organizational measures that meet the requirements of applicable law, particularly data protection regulations. These measures are primarily aimed at securing Users’ personal data from unauthorized access.
In particular, access to Users’ personal data is restricted to authorized personnel, who are required to keep this data confidential, or entities to whom personal data processing is entrusted based on a separate data processing agreement.
The User should also take care to secure their personal data transmitted over the internet, particularly by not disclosing their login details to third parties, using antivirus protection, and keeping their software up to date.

WHO MAY BE RECIPIENTS OF PERSONAL DATA?

The Administrator informs that it uses the services of external entities. Entities to whom personal data is entrusted guarantee the application of appropriate data protection and security measures as required by law, particularly by the GDPR.
The Administrator informs the User that it entrusts the processing of personal data to the following entities:
2. home.pl S.A., NIP: 852-21-03-252 – for storing personal data on servers,
3. FAKTUROWNIA SP Z O O (KRS: 0000572426, NIP: 5213704420) – for issuing accounting documents,
5. Google LLC – for using Google services, including email,
6. home.pl S.A., NIP: 852-21-03-252 – for managing the domain and email server,
8. other contractors or subcontractors involved in technical, administrative, or legal support for the Administrator and its clients, such as accounting, IT, graphic, copywriting firms, debt collection companies, lawyers, etc.
Personal data may also be shared with other recipients, such as authorities (e.g., the tax office) for fulfilling legal and tax obligations related to accounting and bookkeeping.
Entities that process personal data, like the Administrator, ensure compliance with European standards for personal data protection, including standards set by legal acts and decisions by the European Commission, and apply compliance mechanisms, even when transferring data outside the EEA, such as standard contractual clauses adopted by the European Commission in Decision 2021/915 of June 4, 2021, regarding standard contractual clauses between controllers and processors under Article 28(7) of Regulation (EU) 2016/679 and Article 29(7) of Regulation (EU) 2018/1725 link.

HAVE WE APPOINTED A DATA PROTECTION OFFICER?

The Data Controller hereby informs that no Data Protection Officer (DPO) has been appointed, and it independently fulfills the obligations related to personal data processing.
The User acknowledges that their personal data may be transferred to authorized state bodies in connection with ongoing proceedings, at their request, and after meeting the conditions confirming the necessity of obtaining such data from the Administrator.

DO WE PROFILE USER DATA?

User’s personal data will not be used for automated decision-making that impacts User rights or freedoms under the GDPR.
As part of the website and tracking technologies, User data may be profiled to better personalize the company’s offerings directed to the User (mainly through behavioral advertising). However, this should not have any effect on the User’s legal situation, particularly regarding the terms of any agreements the User has concluded or intends to conclude. It may only assist in better tailoring content and advertisements to the User’s interests. The information used is anonymous and not associated with any personal data provided by the User. This is based on statistical data such as gender, age, interests, approximate location, or website behavior.
Each User has the right to object to profiling if it negatively impacts their rights and obligations.

§4 FORMS

The Administrator uses the following types of forms on the Website:

1. Contact Form – enables users to send messages to the Administrator and contact them electronically. Personal data in the form of the user’s first name, last name, email address, and any data provided in the message will be processed by the Administrator in accordance with this Privacy Policy for the purpose of contacting the user.
   After the contact is concluded, the data may be archived, which is a legitimate interest of the Administrator. The Administrator cannot specify the exact period for archiving or deletion of the message, but the maximum period will not exceed the statute of limitations for claims under applicable law.
   

§5 DISCLAIMER AND COPYRIGHTS

1. The content presented on the Website does not constitute professional advice (e.g., educational) and does not relate to specific factual situations. If the user requires assistance regarding a specific issue, they should contact someone authorized to provide such advice or the Administrator using the provided contact details. The Administrator is not responsible for the use of the content on the Website or actions or omissions based on it.
   
2. All content placed on the Website is subject to the copyrights of specified individuals and/or the Administrator (e.g., photos, texts, other materials, etc.). The Administrator does not consent to the copying of such content in whole or in part without prior explicit consent.
   
3. The Administrator informs the User that any distribution of content provided by the Administrator constitutes a violation of the law and may lead to civil or criminal liability. The Administrator may also demand appropriate compensation for material or non-material losses according to applicable laws.
   
4. The Administrator is not responsible for the use of materials available on the website in an unlawful manner.
   
5. The content on the Website is current as of the date it was posted, unless otherwise stated.
   

§6 TECHNOLOGIES

To use the Administrator’s website, the following are necessary:
a) A device with access to the Internet,
b) An active email inbox,
c) A web browser capable of displaying websites,
d) Software that allows reading content in provided formats (e.g., pdf, video, mp3, mp4).

§7 COOKIE POLICY

1. Like most websites, the Administrator’s Website uses tracking technologies, such as cookies, to improve the Website based on the needs of its visitors.
   
2. The Website does not automatically collect any information, except for the information contained in cookies.
   
3. Cookies are small text files stored on the end user’s device, such as a computer, tablet, or smartphone, when using the Website.
   
4. These may be first-party cookies (coming directly from the Website) and third-party cookies (from other websites besides the Website).
   
5. Cookies allow the Website to tailor its content to the individual needs of the user and other visitors. They also enable the creation of statistics that show how users use the Website and how they navigate through it. This helps improve the website’s content, structure, and appearance.
   
6. The Administrator uses the following third-party cookies on the Website:
   a) Facebook Pixel and Facebook Ads (Facebook Custom Audiences) – to manage Facebook ads and conduct remarketing campaigns, which is a legitimate interest of the Administrator. The Administrator may also deliver advertising content to users through Facebook for contact ads.
   Facebook Pixel is provided by Meta Platforms Ireland Limited and its affiliates. It is an analytical tool that helps measure ad effectiveness, shows user actions on the Website, and helps target a specific group of people (Facebook Ads, Facebook Insights). The Administrator may also engage in remarketing based on Article 6(1)(f) of the GDPR (legitimate interest of the Administrator for promotion and advertising to individuals who have consented to receive offers or those similar or who liked the Facebook Fanpage).
   b) Google Analytics code – for analyzing Website statistics. Google Analytics uses its own cookies to analyze user activities and behavior on the Website. These cookies help improve the Website.
   c) Web Push Notifications – to better communicate with the user and quickly deliver valuable content or offers. Users can consent to receive web push notifications via their browser.
   d) Social Media Plugins – like Facebook, Instagram, WhatsApp, TripAdvisor. By clicking a plugin, the user is redirected to the respective social media page.
   e) Google Ads Campaign Tools – to run advertising and remarketing campaigns, which is a legitimate interest of the Administrator.
   
7. The Administrator recommends reviewing the privacy policies of each service provider to understand how users can manage their privacy settings.
   
8. The Website uses two types of cookies: session cookies, which are deleted after closing the browser, logging out, or leaving the Website, and persistent cookies, which are stored on the end user’s device to recognize the browser during the next visit.
   
9. The browser software typically allows cookies to be stored by default. Users can change these settings at any time, particularly to block cookies or notify them when cookies are placed on their device.
   
10. The Administrator informs users that restricting or disabling cookies may affect some functionalities of the Website and make its use more difficult.
    

§8 CONSENT TO COOKIES

Upon your first visit to the Website, you must give consent for cookies or take other possible actions indicated in the notification in order to continue using the content of the Website. Using the Website means giving consent. If you do not wish to give such consent, leave the Website. You can always change your browser settings, disable, or delete cookies. Necessary information can be found in the „Help” section of your browser.

§9 SERVER LOGS

1. Using the Website involves sending requests to the server where the Website is hosted.
   
2. Each request sent to the server is logged in the server logs. The logs include, among other things, the user’s IP address, the date and time of the server, and information about the browser and operating system used by the user.
   
3. Server logs are stored on the server.
   
4. Server logs are used for administering the Website, and their content is not disclosed to anyone except those authorized to administer the server.
   
5. The Administrator does not use server logs to identify the user.
   

Date of publication of the Privacy Policy: 11.04.2025
Date of last update: 11.04.2025