Privacy

The controller of your personal data is:
MOUNTAIN SHELTER FOGELE & SZTARBAŁA SP. Z O.O.
ul. Opatkowicka 10B, 30-499 Kraków, Poland
Tax ID (NIP): 6793361858

Contact regarding personal data protection:
Data Protection Officer
e-mail: iod@mshelter.pl

§2. Legal Basis for Processing We process your personal data in accordance with:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR),
the Polish Act of 10 May 2018 on Personal Data Protection,
the Electronic Communications Law,
and other applicable provisions of Polish law.

§3. Scope of Processed Data We process the following categories of personal data:

identification data (first name, last name),
contact details (e-mail address, phone number, residential address),
reservation and stay details (arrival and departure dates, number of guests, preferences, special requests),
payment data (processed to the necessary extent by payment operators and for accounting purposes),
technical data (IP address, browser information, operating system, cookie data),
other data voluntarily provided in correspondence or forms.

§4. Purposes and Legal Grounds for Processing Your data is processed for the following purposes:

Reservation handling and provision of accommodation services
→ Art. 6(1)(b) GDPR (performance of a contract)
Handling inquiries, requests, and correspondence
→ Art. 6(1)(f) GDPR (legitimate interest)
Complaint handling and pursuing claims
→ Art. 6(1)(f) GDPR (legitimate interest of the Controller)
Compliance with legal obligations (Accounting Act, Tax Ordinance)
→ Art. 6(1)(c) GDPR (legal obligation)
Own marketing and newsletter distribution (Electronic Communications Law requirements)
→ Art. 6(1)(a) GDPR (consent) or Art. 6(1)(f) GDPR (legitimate interest in B2B/B2C relationships with appropriate communication consents)
Analytics, statistics, and service improvement
→ Art. 6(1)(f) GDPR (legitimate interest)
Marketing profiling
→ Art. 6(1)(a) GDPR (explicit consent)

§5. Data Retention Period We retain your data only as long as necessary:

Reservation and contract data
→ up to 6 years from the end of the calendar year in which the service was performed
Accounting and tax data
→ 5 years from the end of the calendar year in which the tax payment deadline expired
Marketing and newsletter data
→ until consent is withdrawn or an effective objection is raised
Analytical data (including cookies)
→ up to 26 months or until consent is withdrawn

After these periods, data is permanently deleted or fully anonymized. §6. Profiling For marketing purposes, we may carry out profiling, i.e., automated analysis of your preferences, behavior on the website, and reservation history in order to better tailor offers and advertisements. We use, among others, analytical and marketing cookies for this purpose. Decisions based on profiling do not produce legal effects for you nor significantly affect you in a similar way. You have the right to object to profiling at any time. §7. Data Recipients Your data may be shared with the following categories of trusted recipients:

payment system operators (for transaction authorization),
IT service providers, hosting, and website maintenance providers,
reservation systems (e.g., Profitroom),
marketing and analytics tool providers (Google, Meta, TikTok, and others),
entities processing data on our behalf under data processing agreements (e.g., accounting offices, law firms, courier companies),
authorized public authorities, only where there is a clear legal obligation.

§8. Data Transfers Outside the EEA Due to the use of global services (e.g., Google, Meta, TikTok tools), your personal data may be transferred to third countries outside the European Economic Area (in particular to the United States). Such transfers are based on appropriate legal safeguards, including:

European Commission adequacy decisions (e.g., EU–US Data Privacy Framework), or
approved Standard Contractual Clauses, combined with additional safeguards in accordance with transfer impact assessments (TIA).

§9. Your Rights In connection with the processing of your personal data, you have the right to:

access your data and receive a copy,
rectify (correct) your data,
erase your data (“right to be forgotten”),
restrict processing,
object to processing (especially for direct marketing and profiling),
data portability,
withdraw consent at any time (without affecting the lawfulness of processing before withdrawal),
not be subject to decisions based solely on automated processing that produce legal effects.

To exercise your rights, contact our Data Protection Officer at: iod@mshelter.pl

If you believe that data processing violates the law, you have the right to lodge a complaint with the supervisory authority:
President of the Personal Data Protection Office (UODO)
ul. Stawki 2, 00-193 Warsaw, Poland
www.uodo.gov.pl

§10. Cookies Our website uses cookies and similar tracking technologies. Cookies that are not strictly necessary for the operation of the website are used only based on your voluntary consent, in accordance with the Electronic Communications Law. Detailed information about types, purposes, and retention periods of cookies can be found in our Cookie Policy. You can manage your preferences at any time via the consent panel on the website or through your browser settings. §11. Voluntary Provision of Data Providing data is voluntary; however, due to technical and legal requirements, it is necessary for:

completing a reservation,
processing payments,
handling inquiries,
performing a contract.

Failure to provide required data will prevent us from delivering accommodation services. §12. Final Provisions We reserve the right to amend this Privacy Policy due to:

technological developments,
changes in personal data protection laws,
development of our services.

The current version is always available on our website. Registered users or newsletter subscribers will be notified of significant changes via e-mail. Last updated: 27 April 2026

Privacy

Subscribe to the newsletter