1. Data Controller
Gołąbek Kamila Saternus
Strachocin 31, 57-550 Stronie Śląskie, Poland
Tax ID (NIP): 6381700564
Email: info@golabek.pl
2. Data Protection Officer
For data protection inquiries: info@golabek.pl
3. Purposes and Legal Basis for Data Processing
We process your personal data for the following purposes:
- Booking and contract performance — name, address, phone, email; legal basis: Art. 6(1)(b) GDPR; retention: duration of contract + 5 years.
- Correspondence and communication — name, email, message content; legal basis: Art. 6(1)(a), (b) GDPR; retention: 2 years from last correspondence.
- Payments — card details (via payment processor), bank account; legal basis: Art. 6(1)(b) GDPR; retention: 5 years per accounting law. Card data is processed by Stripe/PayU and is not stored on our servers.
- Defence of legal claims — contract data, correspondence, photos; legal basis: Art. 6(1)(f) GDPR; retention: 6 years after contract expiry.
- Marketing/Newsletter — email, name; legal basis: Art. 6(1)(a) GDPR; retention: until consent is withdrawn. You may unsubscribe at any time.
- Legal obligations — booking data for tax/accounting; legal basis: Art. 6(1)(c) GDPR; retention: 5 years or as required by law.
4. Data Recipients
Your data may be shared with:
- Payment processors (Stripe, PayU)
- Technical service providers (hosting, backup, email)
- Public authorities upon lawful request
- Accounting and legal advisors
- Insurance companies (in case of damage claims)
5. International Data Transfers
Data may be processed outside the EEA only by entities ensuring an adequate level of protection (e.g., EU adequacy decisions or Standard Contractual Clauses).
6. Cookies
Our website uses cookies for:
- Essential — proper functioning of forms, user sessions, language preference.
- Analytics — Google Analytics (anonymized traffic statistics, truncated IP).
- Functional — remembering user preferences (e.g., theme settings).
You can manage cookies in your browser settings. Disabling essential cookies may limit website functionality.
7. Your Rights (GDPR)
Under GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erasure (“right to be forgotten”)
- Restrict processing
- Data portability to another controller
- Object to processing based on legitimate interest
- Withdraw consent at any time (without affecting lawfulness of prior processing)
- Lodge a complaint with the Polish Data Protection Authority (UODO), ul. Stawki 2, 00-193 Warsaw, Poland
8. Data Security
We implement appropriate technical and organizational measures, including SSL/TLS encryption, regular backups, restricted data access, and security monitoring.
9. Policy Updates
We reserve the right to update this Policy. Significant changes will be communicated via the website.