top of page
Banner

Privacy Policy

1. General Information

This Privacy Policy defines the rules for processing personal data of users of the website www.gorillarageroomszczecin.com, operated by TUZAMORE Sp. z o.o., with its registered office at ul. Jagiellońska 50/57, 70-382 Szczecin, Poland.

The controller of personal data is TUZAMORE Sp. z o.o.
Contact email: kontakt@gorillarageroomszczecin.com
Phone: +48 790 643 800

The controller ensures data security and lawful processing, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

The controller has not appointed a Data Protection Officer (DPO).
All matters related to personal data protection can be addressed directly via the email provided above.

2. Scope of Processed Data

Depending on how the website is used, the following personal data may be processed:

  • full name

  • email address

  • phone number

  • data provided in contact or reservation forms

  • payment-related data (processed by the payment operator)

  • technical data: IP address, cookie identifiers, device information, website visit statistics

The controller does not process special categories of personal data (sensitive data).

3. Purposes of Data Processing

Personal data are processed for the following purposes:

  • provision of services — handling reservations and contract performance

  • contact with users — responding to inquiries

  • online payment processing — via payment providers (e.g., Stripe)

  • direct marketing — only with user consent (e.g., newsletter)

  • statistics, analytics, and improvement of website functionality

  • compliance with legal obligations (including accounting)

  • ensuring website security and preventing abuse

4. Legal Basis for Data Processing

Personal data are processed on the basis of:

  • Art. 6(1)(b) GDPR — performance of a contract or steps prior to entering into a contract

  • Art. 6(1)(c) GDPR — legal obligation of the controller

  • Art. 6(1)(f) GDPR — legitimate interest of the controller (analytics, security)

  • Art. 6(1)(a) GDPR — user consent (marketing, cookies)

5. Data Recipients

Personal data may be transferred to:

  • online payment operators

  • IT, hosting, and analytics service providers

  • reservation system and email service providers

  • accounting office

  • public authorities — only where required by law

All entities process data under appropriate agreements and in compliance with GDPR.

6. Data Transfers Outside the EEA

Due to the use of tools such as:

  • Stripe

  • Wix

  • Google Analytics

  • Meta (Facebook, Instagram)

some personal data may be transferred to countries outside the European Economic Area (e.g., the USA). In such cases, data are protected using Standard Contractual Clauses (SCCs) in accordance with GDPR requirements.

7. Data Retention Period

Personal data are stored for the following periods:

  • service provision and tax/accounting obligations — up to 6 years

  • marketing data — until consent is withdrawn

  • technical and statistical data — from 30 days to 12 months

  • email correspondence — up to 12 months

8. User Rights

Users have the right to:

  • access personal data

  • rectify data

  • erase data (“right to be forgotten”)

  • restrict processing

  • data portability

  • object to processing

  • withdraw consent at any time

  • lodge a complaint with the President of the Personal Data Protection Office (UODO)

9. Data Security

The controller applies appropriate technical and organizational measures, including:

  • encrypted connections (SSL)

  • system access control

  • cooperation only with trusted service providers

  • regular server updates and security measures

10. Cookies

The website uses cookies for:

  • proper website functionality (technical cookies)

  • traffic statistics (Google Analytics)

  • marketing activities (e.g., Meta Pixel, Google Ads) — only with user consent

Users can manage cookies through the cookie banner available on the website and through browser settings. Cookie consent may be withdrawn at any time.

11. Data of Minors

The website is not intended for persons under 16 years of age. The controller does not knowingly process children’s personal data without parental or legal guardian consent.

12. Profiling

The website may use marketing tools that display personalized advertisements based on technical data and browsing history.

The controller does not make decisions concerning users solely by automated means, including decisions producing legal effects within the meaning of Art. 22 GDPR.

13. Changes to the Privacy Policy

The controller reserves the right to update this Privacy Policy. The current version is always available on the website.

14. Contact Regarding Personal Data

For matters related to personal data, contact:
📧 kontakt@gorillarageroomszczecin.com

bottom of page