§ 1

  1. The Administrator of personal data collected via the osadatatraart.pl online service is Anna Kozera doing business under the name TATRA ART Anna Kozera, entered into the Central Register and Information on Economic Activity of the Republic of Poland kept by the minister responsible for economy, place of business and correspondence address: Krzeptówki Street 104, 34-500 Zakopane, NIP: 6572380024, REGON: 364131639, e-mail: biuro.tatraart@gmail.com, telephone number: +48 608 208 348, hereinafter referred to as the “Administrator” and simultaneously being “Service Provider”.
  2. Personal data collected by the Administrator via the website is processed in accordance with the Regulation of the European Parliament and the Council (EU) 2016/679 of 27th April, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repeal of the directive 95/46/EC (general regulation on data protection), hereinafter referred to as the GDPR.
  3. Any words or phrases written in the content of this Privacy Policy with a capital letter should be understood in accordance with their definition contained in the Regulations of the online Website osadatatraart.pl.


§ 2


    1. The Administrator processes the personal data of the osadatatraart.pl website Users in the case of:
      • making reservations on the Website in order to perform the contract, pursuant to Art. 6 sec. 1 b GDPR (reservation processing),
      • subscribing to the Newsletter for the purpose of sending commercial information by electronic means. Personal data is processed after expressing separate consent, pursuant to Art. 6 sec. 1 a GDPR.
    1. Reservation the User provides:
      • Name and surname,
      • Address,
      • E-mail address,
      • Telephone number,
    2. Newsletter the User provides
      • Name and surname,
      • E-mail address.
    1. Personal data of the Users is stored by the Administrator:
      • if the data processing is based on the performance of the contract, the User’s personal data is processed by the Administrator as long as it is necessary to perform the contract, and after that time for the period corresponding to the period of limitation of claims. Unless a specific law provides otherwise, the period of limitation is ten years, and for claims for periodic benefits and claims related to running a business – three years.
      • if the basis for the processing of personal data is consent, the personal data of the User is processed by the Administrator until the consent is canceled and after the consent is revoked for a period of time corresponding to the period of limitation of claims that can be raised by the Administrator and which can be raised against him. Unless a specific law provides otherwise, the period of limitation is ten years, and for claims for periodic benefits and claims related to running a business – three years.
  2. When using the Website, additional information may be downloaded, in particular: the IP address assigned to the User’s computer or the external IP address of the Internet provider, domain name, browser type, access time, type of operating system.
  3. Navigational data may also be collected from Users, including information about links and references on which they choose to click or other activities undertaken on our Website. Legal basis – a legitimate interest (Article 6 sec. 1 f GDPR), consisting in facilitating the use of electronic services and improving the functionality of these services.
  4. Providing personal data by the User is voluntary.
  5. Personal data will also be processed in a automated way in the form of profiling, provided that the User agrees to the basis of Article 6 sec. 1 a GDPR. The result of profiling will be assigning a profile to a given person in order to make decisions regarding him/her or to analyze or predict his/her preferances, behaviors and attitudes.
  6. The administrator takes special care to protect the interests of people, and in particular ensures that the data collected by him are:
    1. processed in accordance with the law,
    2. collected for specified, legitimate purposes and not subject to further processing incompatible with these purposes,
    3. factually correct and adequate in relation to the purposes for which they are processed and kept in a form that permits the identification of persons whom they concern, no longer than it is necessary to achieve the purpose of processing.


§ 3


  1. Personal data of the Users is transferred to service providers used by the Administrator while running the Service. Service providers to whom personal data is transferred, depending on contractual arrangements and circumstances, or are subject to the Administrator’s instructions as to the purposes and methods of data processing (processors) or independently determine the purposes and methods of their processing (administrators).
  2. Personal data of the Service Users is stored exclusively in the European Economic Area (EEA).


§ 4


  1. The data subject has the right to access his/her personal data and the right to rectify, delete, limit processing, the right to data transfer, the right to object, the right to withdraw consent at any time without affecting the legality of the processing that has been carried out on the basis of consent before its withdrawal.
  2. The User’s legal basis:
    1. Access to data – Art. 15 GDPR.
    2. Rectification of data– Art. 16 GDPR.
    3. Deleting data (the so-called right to be forgotten) – Art. 17 GDPR.
    4. Restriction of processing – Art. 18 GDPR.
    5. Transfer of data – Art. 20 GDPR.
    6. The right to object – Art. 21 GDPR.
    7. Withdrawal of consent – Art. 7 par. 3 GDPR.
  3. In order to exercise the rights referred to in point 2, you can send an appropriate e-mail to the following address: tatraart@gmail.com.
  4. In the event of the User obtaining the right resulting from the above rights, the Administrator fulfills the request or refuses to meet it immediately, however not later than within one month after receiving it. However, if – due to the complexity of the request or the number of requests – the Administrator will not be able to fulfill the request within a month, but within the next two months informing the User about the intended extension and its reasons.
  5. If it is found that the processing of personal data violates the provisions of the GDPR, the data subject has the right to file a complaint with the President of the Office for Personal Data Protection.


§ 5


  1. The Administrator’s website uses “cookies“.
  2. The installation of “cookies” is necessary for the proper provision of services on the website. The “cookie ” files contain information necessary for the proper functioning of the website and they also give the opportunity to compile general statistics of website visits.
  3. The website uses two types of “cookies”: “session” and “persistent”.
    1. “Session” “cookies” are temporary files that are stored in the User’s device until they log out (leave the site).
    2. “Persistent” “cookies” are stored in the User’s device for the time specified in the specifications of the “cookies” or until they are removed by the Service Recipient.
  4. The administrator uses his own cookies in order to better understand how the Users interact with the content of the site. The files collect information about the method of using the website by the User, the type of website from which the User was redirected, and the number of visits and the time of the User’s visit to the website. This information does not record specific personal data of the User, but it is used to develop statistics on the use of the website.
  5. The Administrator uses external cookies to collect general and anonymous static data via analytical tools of Google Analytics (external cookie administrator: Google Inc., based in the USA).
  6. The User has the right to decide on the access of “cookies” to his computer by selecting them in the window of his/her browser.  Detailed information about the possibilities and ways of handling “cookies” are available in the software (web browser) settings.


§ 6


  1. The Administrator uses technical and organizational measures to ensure that personal data being processed is protected against hazards and categories of protected data, in particular, protects data against unauthorized access, being taken by an unauthorized person, processing in violation of applicable laws and changes, loss, damage or destruction.
  2. The Administrator provides appropriate technical resources to prevent the acquisition and modification of personal data by unauthorized personnel sent by electronic means.
  3. In matters not covered by this Privacy Policy, the provisions of the GDPR and other relevant provisions of the Polish law shall apply accordingly


Download TERMS & CONDITIONS – link
Download PRIVACY POLICY – link