With due regard for the privacy of users visiting the website https://grupapingwina.pl/ (hereinafter the “Service”), the Service Administrator introduces this privacy policy (hereinafter the “Privacy Policy”).
I. PERSONAL DATA CONTROLLER:
II. PURPOSES, LEGAL GROUNDS AND PERIOD OF PERSONAL DATA PROCESSING
1. Processing of personal data for contact purposes
The Service Administrator processes personal data of users who contact the Service Administrator using the contact details provided in the Service (email addresses, telephone numbers) in order to respond to the user’s inquiry. The legal basis for such processing is the legitimate interest of the Service Administrator. Personal data will be processed for the period necessary to provide a response and handle the matter.
2. Processing of personal data for the purchase of a Pingwin PASS / admission tickets to the observation tower / lessons (e.g. skiing/snowboarding) / admission tickets to other attractions referred to in the Service
Where the Service enables the purchase of a Pingwin PASS, an admission ticket to the observation tower, lessons (e.g. skiing, snowboarding) or an admission ticket to other attractions referred to in the Service, the user’s personal data are processed in accordance with the rules described in the relevant terms and conditions as well as in the information on personal data processing provided for those services. In connection with a purchase, the controller of personal data may be both the Service Administrator and the entity carrying out sales within the online store, in particular E-SKIPASS sp. z o.o., as well as PayPro S.A.
If, during the purchase of a pass or admission ticket (hereinafter jointly the “Pass”) for attractions referred to in the Service, no terms and conditions containing information on personal data processing have been made available, the controller of personal data is the company that provides the possibility to purchase the Pass within that service (hereinafter the “Company”). In such a case, the Company processes the personal data of the purchaser or the person for whom the Pass was purchased in order to enable the purchase and provide the service for which the Pass was purchased, on the basis of the Company’s legitimate interest. The above personal data may also be processed for the purpose of pursuing or defending claims related to the provision of services covered by the purchased Pass, on the basis of the Company’s legitimate interest, and for the purpose of fulfilling the Company’s obligations arising from provisions of law, including accounting and reporting obligations.
The period of processing of personal data for the above purposes depends on the type of service for which the Pass was purchased. In justified cases related to pursuing or defending claims, this period may be extended until the limitation period for claims expires. Where processing is necessary to comply with obligations arising from provisions of law, personal data will be processed for the period required by such provisions.
Full information on the processing of personal data, including information on the rights of data subjects and the contact details of the personal data controller, is provided in the privacy policy available in the service through which the Pass can be purchased.
3. Processing of personal data for newsletter subscription
If the Service provides such functionality, the User may subscribe to the newsletter by providing an email address. Full information regarding the processing of personal data in connection with newsletter subscription is provided below:
INFORMATION CLAUSE REGARDING THE PROCESSING OF PERSONAL DATA OF PERSONS SUBSCRIBING TO THE NEWSLETTER
4. Processing of personal data for marketing and promotional purposes (social media)
Personal data are processed for marketing and promotional purposes also through public profiles within social media platforms such as Facebook, TikTok, Instagram, Pinterest and YouTube, administered by the Service Administrator. Personal data processed within such profiles primarily include data of persons visiting the profiles, to which the Service Administrator has access, for example through comments, likes, online identifiers, or any interaction between the profile visitor and the Service Administrator or an entity engaged by the Service Administrator to manage such profiles.
The purposes of processing are to enable activity of persons visiting the profiles, to manage the profiles effectively by presenting information about initiatives, activities, events, services or products, and to carry out statistical and analytical activities using tools provided by the operators of the above social media platforms.
The legal basis for processing is the legitimate interest of the Service Administrator consisting in promoting its activity and offered services. Personal data will be processed for as long as the above purposes are pursued by the Service Administrator or until an objection to processing for this purpose is raised.
The rules for processing personal data in connection with the use of the indicated social media platforms are set out in their terms and conditions and privacy policies.
5. Processing of personal data for the purpose of making a hotel reservation
Personal data are processed in connection with telephone contact or sending an email message to the telephone numbers or email addresses indicated in the Service for the purpose of making a hotel reservation. The legal basis for processing is taking steps to conclude a contract and concluding a reservation agreement. Personal data will be processed for the period of performance of the reservation agreement.
6. Processing of personal data for the purpose of defending claims
Only in justified cases, the Service Administrator may process personal data for the purpose of defending against or pursuing claims related to the use of the Service and the functionalities available in the Service, or in connection with the processing of personal data for other purposes referred to in this Privacy Policy. The legal basis for processing is the legitimate interest of the Service Administrator consisting in protecting its business interests. Personal data will be processed until the limitation period for potential claims expires.
III. RECIPIENTS OF PERSONAL DATA
Users’ personal data may be disclosed by the Service Administrator to the following entities:
a) other companies belonging to the Pingwina Group,
b) entities providing service and maintenance of the Service and IT solutions,
c) entities providing hosting of servers on which the Service operates,
d) entities providing marketing and advertising services related to mailing databases and the newsletter,
e) public authorities,
f) companies handling online sales and payments,
g) entities responsible for hotel reservations available within the Service,
h) social media providers,
i) entities providing advisory, legal and accounting services.
The Service Administrator discloses personal data to the above entities only to the extent necessary to achieve the relevant processing purpose referred to in points 1 to 5 above.
Users’ personal data will not be transferred outside the European Economic Area. The Service Administrator informs, however, that due to marketing and promotional activities carried out via social media referred to in point 4 above, personal data will be processed by the owners of such social media platforms and may also be transferred outside the European Economic Area in accordance with their terms and privacy policies.
IV. RIGHTS OF DATA SUBJECTS
The data subject (the user of the Service) has the right to:
a) request access to personal data,
b) request rectification of personal data,
c) request erasure of personal data,
d) request restriction of processing of personal data,
e) request data portability.
Where consent was granted for newsletter delivery, the data subject has the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal. Consent may be withdrawn by sending an email to iod@czarnygron.pl.
At any time, the data subject has the right to object to the processing of personal data for marketing purposes.
Where personal data are processed on the basis of the legitimate interest of the Service Administrator, the data subject has the right to object to such processing for reasons related to their particular situation.
The above rights may be exercised only in accordance with the relevant provisions of the GDPR.
In order to exercise the above rights, the data subject should contact the Data Protection Officer at the email address indicated in Section I above.
The data subject has the right to lodge a complaint with the supervisory authority, namely the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych).
V. COOKIES
During the first visit to the Service, the Service Administrator informs the user about the use of cookies. Cookies are small fragments of text that are sent to the user’s browser and which the browser sends back on subsequent visits to the website. Cookies are stored in the user’s browser when the user makes appropriate settings while using the Service.
This Privacy Policy also governs matters related to the processing of personal data in connection with the use of cookies.
Cookies are stored on the user’s end device when the user gives explicit consent. Consent is not required for “required cookies” because they are necessary for the proper functioning of the Service. Consent for other cookies may be given by using the Service without changing cookie settings and by clicking the “Accept” button. If the user does not consent to the installation of any cookies other than required cookies, the user should choose the “Reject” option. If the user wishes to change settings, the user should select “Settings”. This option allows the user to make choices and give consent to selected cookies.
In addition, the user can manage cookies independently via the browser used, including blocking or deleting cookies. Comprehensive information is available in the browser settings. The user may also change the selected preferences using the tool available throughout the use of the Service in the form of a “cookie” icon. Restrictions or disabling cookies and similar technologies may affect certain functionalities available in the Service.
Detailed information on cookies used, including their storage period, is available in the cookie management tool.
Types of cookies:
REQUIRED COOKIES
The Service Administrator uses required cookies primarily to provide services and functionalities of the Service that the user wishes to use. Consent is not required for required cookies. The legal basis for processing data in connection with required cookies is the necessity of processing for the performance of a contract in connection with the user’s use of the Service.
ANALYTICAL COOKIES
The Service Administrator uses analytical cookies to obtain information such as the number of visits and traffic sources in the Service. They are used to determine how users navigate websites by compiling statistics on traffic within the Service. The legal basis for processing personal data in connection with analytical cookies is the user’s consent expressed upon the first entry to the Service via the tool made available to the user.
As part of the use of analytical cookies, the Service Administrator uses Google Analytics provided by Google, a tool used to analyze website statistics. The purpose, scope and rules of personal data processing by the provider of this tool are set out in its terms and privacy policy.
MARKETING COOKIES
Marketing cookies make it possible to tailor advertising content displayed to users’ interests within the Service and outside the Service. On the basis of information from these cookies and the user’s activity in other services, an interest profile is created.
The legal basis for processing personal data in connection with marketing cookies is the user’s consent expressed upon the first entry to the Service via the tool made available to the user.
As part of the use of marketing cookies, the Service Administrator uses the Meta Pixel tool provided by Meta, used to analyze the effectiveness of advertisements and actions taken by users within the Service. The purpose, scope and rules of personal data processing by the provider of this tool are set out in its terms and privacy policy.
In addition, marketing or analytical cookies may be placed on the user’s end device by business partners cooperating with the Service Administrator (third-party cookies). Information about business partners placing cookies on the user’s end device is available in the cookie management tool.
Recipients of personal data processed in connection with cookies may include entities providing services, including service and technical support for applications, software, IT systems and the Service, business partners of the Service Administrator, marketing and advertising agencies, entities providing IT solutions used in the process of collecting and handling cookies, and, in justified cases, entities supporting the Service Administrator in pursuing or defending claims.
Additional information on the rules of personal data processing in connection with cookies, including in particular information on the rights granted, is provided in Section IV (RIGHTS OF DATA SUBJECTS) and Section I (PERSONAL DATA CONTROLLER).
VI. ADDITIONAL INFORMATION:
The Service Administrator reserves the right to review and introduce changes to the content of this Privacy Policy on an ongoing basis.
