Last updated on 27 February 2019.
Scope of this policy
This policy describes how Lisowczycy Sp. z o.o. collects, uses, consults or otherwise processes an individual’s personal data in the context of making reservation, purchase of and participation in horse tours, car tours and other touristic events (hereinafter the “Service“).
This policy includes a description of your data protection rights, including a right to object to some of the processing activities we carry out.
In this privacy policy we” or “us” refers to Lisowczycy Spółka z ograniczoną odpowiedzialnością. We also use the commercial alias “Dirty Hooves” while offering our services. We are a company registered at District Court for Wrocław – Fabryczna, VI Commercial Division of KRS under KRS number 0000657148, located in Wrocław, under address ul. Jałowcowa 7, 51-180 Wrocław (Poland), phone +48 798 295 444, e-mail address: agnieszka@lisowczycy.pl.
We will process your personal data as a data controller.
This policy is to be read as consistent with the other applicable rules, such as Terms and Conditions of Participation in a Horse Tour or in a Car Tour, relating to the Service.
For the purpose of this policy, the following term “Data Protection Legislation” shall mean the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”), as well as any legislation and/or regulation implementing or created pursuant to the GDPR and the e-Privacy legislation, or which amends, replaces, re-enacts or consolidates any of them, and all other national applicable laws relating to processing of personal data and privacy that may exist under applicable law, in particular The Polish Act of 10 May 2018 on protection of personal data.
For the purpose of this policy, “controller”, “processor”, “third party”, “supervisory authority”, “personal data”, “processing”, “data subject”, shall have the meanings set out in the applicable Data Protection Legislation.
For what purpose do we process your personal data?
We collect and process your personal data only for the purposes of drawing up and then concluding a contract for the provision of travel services, insurance, hotel reservations, accommodation, accounting and tax operations. The data is stored with due diligence and compliance with the security standards described in this Policy. Any possible use of data for marketing purposes requires separate, explicit consent.
Who can receive your personal data?
In the context of the Service, to ensure that the benefits provided for in the Tour Programme are properly provided and legal requirements (such as locally applicable registration obligation in hotel facilities) are met, your personal data will be made available to service providers of services provided for in the Tour Programme or the Tour Participation Agreement, if necessary and as far as necessary, i.e. the insurer – AXA Ubezpieczenia Towarzystwo Ubezpieczeń i Reasekuracji S.A. located in Warsaw, ul. Chłodna 51, 00-867 Warszawa, agritourism farm, horse rental, hotels or accommodation facilities, suppliers of additional services provided for in the Tour Programme, and if necessary also the national or local tourist board.
In order to improve our Service, we may from time to time change the service providers with which we work.
Is your personal data used for direct marketing communications?
If you have explicitly consented, we may, from time to time, contact you with information about our Service. Consent to marketing communication can be withdrawn at any time by contacting us at the end of the Policy.
How long is your personal data stored?
We will retain your information only for the period necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.
How is your personal data shared with third parties?
We only share or disclose information as described herein, including with third parties. The transfer of data takes place in a safe manner, with the obligation of the entity receiving the data to secure them and maintain confidentiality.
Your personal data will also be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of the data controller legitimate interests in compliance with applicable laws.
Is your personal data transferred outside the European Economic Area (EEA)?
In the context of the provision of the Service and for the purposes described in this policy, if the Tour takes place outside the EEA, your personal data will be transferred outside the EEA, notably to countries that do not provide an ‘adequate’ level of data protection. However, when such a transfer happens, we ensure that it takes place in accordance with this policy and that the necessary safeguards are put in place, ensuring that the transfer is regulated by standard contractual clauses approved by the European Commission as ensuring an adequate protection.
What are your rights?
Once you have provided your personal data, several rights are recognized under the Data Protection Legislation, which you can in principle exercise free of charge, subject to statutory exceptions. In particular, you have the following rights:
- Right to withdraw consent: if your personal data is processed on the basis of you consent, you have the right to withdraw your consent at any time you choose and on your own initiative. You can do so in any form, in particular by personal contact in offices of the Company, by phone: +48 798 295 444, or via e-mail: agnieszka@lisowczycy.pl. The withdrawal of your consent will not affect the lawfulness of the collection and processing of your data based on your consent up until the moment where you withdraw your consent.
- Right to access, review, and rectify your data: you have the right to access, review, and rectify your personal data. You may be entitled to ask us for a copy of your information, to review or correct it if you wish to review or rectify any information like your name, email address, post address and other data, you can easily do so by personal contact in offices of the Company or via e-mail: agnieszka@lisowczycy.pl.
- Right to erasure: you have the right to erasure of all the personal data processed by as described herein in case it is no longer needed for the purposes for which the personal data was initially collected or processed, in accordance with the Data Protection Legislation.
- Right to object or restriction of processing: under certain circumstances described in the Data Protection Legislation, you may ask for a restriction of processing or object to the processing of your personal data.
- Right to object to processing for direct marketing: where your personal data is processed for direct marketing purposes, you may object to such processing, in any form.
- Right to data portability: you have the right to receive the Personal Data processed in a format which is structured, commonly used and machine-readable and to transmit this data to another service provider.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.
To exercise any of these rights, you can get in touch with us using the details set out below.
If you have unresolved concerns, you have the right to lodge a complaint with an EU data protection authority where you live, work or where you believe a breach may have occurred. In Poland, such authority is President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warszawa, POLAND, phone +48 22 531 03 00, e-mail: kancelaria@giodo.gov.pl.
What security measures are put in place?
Appropriate technical and organisational measures are implemented in order to ensure an appropriate level of security of your personal data, including but without limitation:
personal data are stored only in IT systems protected against unauthorized access by third parties (password protected computer, working under full and safe version of operating system, anti-virus and anti-malware software, automatic security updates, network protection using a firewall), and personal data recorded on paper, are in a locked room, accessible only to persons authorized by the Company.
In the event personal information is compromised as a result of a security breach and where the breach is likely to result in a high risk to the rights and freedoms, we will make the necessary notifications, as required under the Data Protection Legislation.
What are the rules for the Newsletter service?
As part of the free and voluntary Newsletter service, we can send you information about our offer to your e-mail address, in particular about the Tours, events and activities we offer.
The Newsletter service is provided free of charge for an indefinite period or until you cancel the Newsletter service or until the Newsletter service is terminated by us, which can happen at any time, without giving a reason.
The possibility to use the Newsletter service depends on you having a computer or other multimedia device with access to the Internet, enabling any web browser to be launched and the you having an active e-mail account.
The Newsletter service is ordered while registering the User by entering the correct e-mail address of the User in the registration form on our website, with the possibility of entering the User’s first and last name. In order to begin the use of the Newsletter service it is necessary that you read this Policy, agree to its terms and conditions, and consent to the processing of personal data provided by you (e-mail address, first and last name) and consent to the sending of commercial information to the e-mail address provided by the User in the registration form.
All the personal data of Users collected by the us during the registration, will be processed only for the purpose of implementation of Newsletter services, sending the newsletter messages for Users, accepting and considering complaints by Users, saving data in Cookies files and in order to terminate the Newsletter service. The processing of Users’ personal data for purposes other than those mentioned above will be possible only with the additional consent of the Users.
The personal data of the Users will be processed in order to provide information about our offer, both in an automated way, through searching in a database, including in the form of profiling, as well as in a non-automated way, but only by authorized persons.
We will process the personal data of Users for the period necessary to provide the Newsletter service or until the User exercises the right to delete or withdraw their consent to data processing. The data will then be deleted, unless a longer processing period is required or allowed by law (for example to establish, enforce or defend legal claims).
You can, at any time, without giving a reason and without bearing any costs, cancel the Newsletter service provided by Lisowczycy Sp. z o.o. by clicking on the link placed in the footer of each Newsletter that allows to opt out of receiving messages. The cessation of sending information to the provided e-mail address occurs immediately.
In connection with the registration, implementation and resignation from the Newsletter service, you have all the rights regarding personal data protection described above in this Policy.
How are the “cookie” files used and do we use the customer profiling mechanism?
“Cookies” are IT data, in particular text files, stored in your end devices such as a computer, smartphone, tablet or similar device, that are sent via websites. Cookie files allow, among other things, to recognize your device and display a website tailored to your individual preferences.
On our website, available at https://dirtyhooves.com, we use “cookies” to personalize content and ads, to offer social functions, by linking the page with Facebook, Instagram and Youtube and to analyze traffic on our website. Appropriate information about the use of “cookies” is displayed automatically when you visit our website.
We provide information on how you use our website in an automated way to social, advertising and analytical partners. Partners (ie. Google, Facebook, Instagram and Youtube) may combine this information with other data received from you or obtained while you are using their services. The applied Customer profiling mechanism is fully automated and does not include collecting data about the identity of people visiting our Website.
Our website uses the storage and access to “cookies” on the basis of the consent expressed by the website user, expressed during the configuration of the web browser or configuration of the selected website. You have the option of changing your browser settings at any time and determining the conditions of storage or access to this information by our Company.
Typically the software used to browse websites allows for the storage of “cookies” on your end device by default. These settings can be changed in the web browser settings in such a way as to block the automatic handling of “cookie” files or inform about their every transfer to the User’s device. In view of the above, you may refuse to allow us to use “cookies” and associated mechanisms of automated Client profiling, by changing the settings of your web browser.
Changes to this policy
We reserve the right to modify and update this privacy policy from time to time. We will bring these changes to your attention should they be indicative of a fundamental change to the processing or be relevant to the nature of the processing or be relevant to you and impact your data protection rights.
How can we be contacted?
Questions, comments, remarks, requests or complaints regarding this Privacy Policy are welcome and should be addressed to:
Company Address: Lisowczycy Sp. z o.o., ul. Jałowcowa 7, 51-180 Wrocław, POLAND