I invite you to discover the most beautiful surfing places in the world.

 

Privacy Policy and Information Clause

This document (“Privacy Policy”) sets forth the principles of processing and protection of customers’ personal data, as well as the rules for storing and accessing information on customer devices through Cookies files.

I. Definitions

  1. Administrator – means the administrator of customers’ personal data – Wojciech Ratajczyk, conducting business under the name of Przedsiębiorstwo Innowacji PINI, with its registered office in Krakow at 21/23 Koszykarska Street, Tax Identification Number (NIP) 5631469140, email address: contact@surfstories.eu
  2. Cookies – means computer data, in particular, small text files, saved and stored on Devices through which the Customer uses the Website.
  3. Website – means the website of the Administrator, operating in the domain surfstories.eu.
  4. Device – means an electronic device through which the Customer gains access to the Website.
  5. Customer – means any Customer using the Website or contacting the Administrator in any other way.
  6. GDPR – means the General Data Protection Regulation of the European Union 2016/679 of April 27, 2016.

II. Personal Data Protection

  1. The Privacy Policy applies when you use the services of the Administrator, i.e., when you use the Website, contact the Administrator, for example, via email or a form available on the Website, receive email messages from the Administrator, or contact the Administrator by phone.
  2. Depending on the services you use, the Administrator processes the following personal data: email address, First and Last Name, address, company name and data, Tax Identification Number (NIP), bank account number, phone number, message content, other data provided by the Customer in connection with the services entrusted to the Administrator or before the conclusion of the agreement.
  3. The Administrator uses personal data to provide services to Customers, conclude agreements, and to send and receive email in connection with the execution of the agreement or before its conclusion. The legal basis for data processing is the processing necessary for the performance of a contract or for the taking of steps at the request of the data subject prior to entering into a contract (based on Art. 6(1)(b) of GDPR), and in certain cases, the legal basis may also be a specific provision of law that allows the Administrator to process data to perform a legal obligation, e.g., accounting and tax regulations (based on Art. 6(1)(c) of GDPR).
  4. The Administrator requires the Customer to provide the personal data that are necessary for the performance of the contract, i.e., for providing services or responding to messages. If this information is not provided by the Customer, the Administrator will not be able to provide services or respond. In some cases, according to the law, e.g., tax laws, the Administrator may also require the provision of other necessary data. Except for the above cases, providing personal data by the Customer is voluntary.
  5. The Administrator entrusts personal data for processing to service providers who perform specific duties and functions on behalf of the Administrator. The Administrator provides data to service providers for the purpose of supporting the website, email service, postal and courier services, data storage services, legal services for the Administrator. The Administrator provides service providers with only the data necessary for the proper performance of services on behalf of or on behalf of the Administrator. When transferring data, the Administrator ensures that the service provider processes the data in compliance with security requirements and does not use the data for purposes other than the performance of services on behalf of the Administrator.
  6. The Administrator does not disclose personal data to other entities than service providers described above, except in cases where it is necessary due to legal regulations or decisions of authorities, as well as in cases where it is necessary to establish, assert, or defend the rights of the Administrator.
  7. The Administrator does not transfer personal data outside the European Union.
  8. The Administrator processes personal data of Customers only for the time necessary for the proper performance of agreements with Customers, i.e., providing services, pursuing claims related to the performance of the agreement, as well as for the period resulting from the obligations imposed on the Administrator by legal regulations (e.g., in the scope of performing tax and accounting obligations, in accordance with relevant regulations for a period of 5 years), only to the extent necessary.
  9. The Administrator ensures the use of proper technical and organizational data security measures to provide an appropriate level of data protection.
  10. Customers have the right to access their personal data, including requesting information about their data or receiving a copy of the data processed by the Administrator.
  11. Customers have the right to correct personal data when the data is incomplete, outdated, or incorrect.
  12. Customers have the right to object to the processing of personal data by the Administrator. “Marketing” objection – Customers have the right to object to the processing of their data for direct marketing. Objection due to a particular situation – Customers also have the right to object to the processing of their data based on the Administrator’s legitimate interest for purposes other than direct marketing, as well as when the processing is necessary for the Administrator to perform a task carried out in the public interest. In this case, it is necessary to indicate the specific situation justifying the cessation of data processing by the Administrator. The Administrator will cease to process the Customer’s data for these purposes, unless the Administrator demonstrates that the grounds for processing the data by the Administrator are superior to the Customer’s rights, or that the data is necessary for the Administrator to establish, assert, or defend claims.
  13. Customers have the right to request the restriction of the processing of personal data by the Administrator.
  14. Customers have the right to request the deletion of personal data.
  15. Customers have the right to request the transfer of personal data to the Customer or a designated third party.
  16. Customers have the right to file a complaint with the supervisory authority for data protection: the Office for Personal Data Protection (UODO), Stawki 2 Street, 00-193 Warsaw, Poland, website: http://www.uodo.gov.pl/
  17. The Administrator does not profile data. The Administrator does not automatically collect any information, except for information contained in Cookies files if the Customer consents.

III. Cookies Policy

  1. The Administrator collects information using Cookies files, stored on Customers’ Devices.
  2. Cookies are computer data, in particular, text files, which are stored in the end device of the Website Customer and are intended for the use of the Website. Cookies usually contain the name of the website they come from, the time they are stored on the Device, and a unique number. Cookies allow the identification of software used by the Customer and customize the Website to the individual needs of each Customer.
  3. The Administrator collects information using Cookies files for the following purposes: a) to adapt the services provided within the Website to the needs of Customers and to optimize the use of the Website; b) to develop general and anonymous statistics about the use of the Website by Customers, using analytical tools that help understand how Users use the Website, enabling the improvement of the structure and content.
  4. The Administrator collects information using the following categories of Cookies files: a) temporary files that remain on the Customer’s Device, usually until the web browser is closed. After closing the browser, the files are deleted. Such Cookies files are used by the Administrator, among other things, to remember Customer data. b) permanent files that remain on the Customer’s Device for a specified period or until deleted by the Customer. After closing the browser, the files are not deleted.
  5. Using the Website without changing the settings of the web browser concerning Cookies files means that they will be placed on the Customer’s Device.
  6. Customers can change the settings of Cookies files at any time. Customers can block or limit the placement of Cookies files on their Device by changing the settings of the web browser used. Detailed information on changing the settings of Cookies files is available in the settings of the web browser used by the Customer.
  7. Disabling or limiting the web browser’s option to save Cookies files does not prevent Customers from using the Website, but it may affect some functionalities available on the Website.
  8. The above information will be processed for technical purposes related to ensuring the proper functioning of the Website and for statistical purposes. The legal basis for data processing is the legitimate interest of the Administrator (based on Art. 6(1)(f) of GDPR).

IV. Social Plugins

  1. The Administrator uses technologies such as social media plugins, including the Facebook Social Plugin, which allow social media service providers to access Customer data. The Administrator’s websites include Facebook “Like” and “Recommend/Share” buttons linked to the Facebook service. For this purpose, the code referring to the Facebook service is placed in the appropriate sections and pages. By using the “Like” button or recommending an image or section of the page, the user logs into Facebook, where Facebook’s privacy policy applies. These rules can be found at http://pl-pl.facebook.com/help/cookies. Detailed information about the scope and purpose of data processing under the Facebook Social Plugin can be found at: https://www.facebook.com/full_data_use_policy