Privacy Policy

Data controller

The controller of your personal data is TatrActive (Łukasz Ryłko), contact: kontakt@tatractive.pl, phone: +48 508 710 246.

Scope of collected data

We only collect data necessary to provide our services:

• Booking form: full name, email, phone, number of participants
• Contact form: name, email, phone (optional), message content
• Payments: data processed by Stripe (we do not store payment card data)
• Cookies: technical cookies necessary for the website, analytical (Google Analytics)

Purpose of data processing

• Processing bookings and handling payments
• Communication regarding bookings (confirmations, reminders)
• Responding to contact form messages
• Website traffic analysis (Google Analytics — anonymized data)

Legal basis

We process data based on: consent (Art. 6(1)(a) GDPR), contract performance (Art. 6(1)(b) GDPR), and legitimate interest of the controller (Art. 6(1)(f) GDPR).

Data retention period

We retain booking data for the period required by tax regulations (5 years). Contact form data — until correspondence is completed. Cookies — according to browser settings.

Your rights

You have the right to:

• Access your personal data
• Rectify (correct) your data
• Delete your data ('right to be forgotten')
• Restrict processing
• Data portability
• Object to processing
• Lodge a complaint with the supervisory authority (UODO in Poland)

Data sharing

Your data may be shared with:

• Stripe — for online payment processing (PCI DSS certified)
• Supabase — database hosting (EU region, Frankfurt)
• Vercel — website hosting
• Google — analytics (anonymized data)

Cookies

We use technical cookies (necessary for the website) and analytical cookies (Google Analytics). On your first visit, we'll ask for your consent for analytical cookies. You can change your cookie settings in your browser at any time.