Privacy policy
Stara Piekarnia — Jaśkiewicza 9, 59-600 Lwówek Śląski, Poland
This policy describes how personal data is collected, processed, and protected for people using stara-piekarnia.com and making reservations at the “Stara Piekarnia” property. It has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
1. Data controller
The controller of your personal data is:
Expanding Web Marcin Dancewicz
ul. Malinowskiego 1, 59-600 Lwówek Śląski, Poland
Tax ID (NIP): PL6161455447, REGON: 369984358
tel.: +48 666 669 510
email: rezerwacje@stara-piekarnia.com
For any data-processing matters, please contact us at the email above.
2. Data collected
When making a Reservation we collect:
- full name,
- email address,
- phone number,
- stay dates and number of guests,
- optional message / request.
In addition:
- payment data (card number, transaction token) is collected exclusively by the payment provider Stripe — we only receive payment confirmation and transaction id; we do not have access to the card number;
- IP address and connection timestamps (server logs) — to the extent necessary to ensure site security.
3. Purposes and legal bases for processing
| Purpose | Legal basis | Retention period |
|---|---|---|
| Performance of the rental agreement (reservation, stay, contact) | art. 6(1)(b) GDPR (necessary for contract performance) | the term of the contract and 3 years thereafter (claims limitation period) |
| Issuance and retention of accounting documents (invoices, receipts) | art. 6(1)(c) GDPR (legal obligation — Polish Tax Ordinance, Accounting Act) | 5 years from the end of the tax year |
| Site security, abuse prevention | art. 6(1)(f) GDPR (legitimate interest of the Controller) | up to 12 months (server logs) |
4. Data recipients
Your data may be shared with the following processors:
- Stripe Payments Europe, Ltd. (Ireland) — payment processing. Stripe processes full card data; we only receive the payment status.
- Google Ireland Ltd. — email provider (Google Workspace) receiving reservation messages, and web-font provider (Google Fonts) used to render the page.
- Hosting provider — the site runs on a server owned by the Controller, hosted on Google Cloud Platform infrastructure (Netherlands region).
- Public authorities — only to the extent required by law.
5. Transfers outside the EEA
We use services that may transfer data outside the European Economic Area (notably Google — USA). Such transfers take place on the basis of Standard Contractual Clauses approved by the European Commission, or adequacy decisions (EU-U.S. Data Privacy Framework). Stripe processes data within the EEA (Ireland).
6. Your rights
In connection with the processing of your data you have the following rights:
- right of access — to learn what data we hold,
- right to rectification — of inaccurate or incomplete data,
- right to erasure (“right to be forgotten”) — to the extent it does not conflict with the Controller’s legal obligations,
- right to restriction of processing,
- right to data portability,
- right to object — in case of processing based on legitimate interest,
- right to lodge a complaint with the President of the Polish Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl).
To exercise these rights, please email: rezerwacje@stara-piekarnia.com.
7. Profiling and automated decision-making
We do not use profiling or automated decision-making within the meaning of art. 22 GDPR.
8. Cookies
The site uses cookies to a minimal extent:
- Our (functional) cookies:
sp_sess— a session cookie set only after logging into the admin panel. Necessary for login to work, expires when the browser is closed. Consent is not required (art. 173(3) of the Polish Telecommunications Act). - Third-party cookies: Google Fonts may set cookies on its own domains when loading typefaces. Stripe sets its own cookies only on its own site (stripe.com) when you proceed to payment.
We do not use analytics tools (Google Analytics, Facebook Pixel, etc.) or marketing cookies.
You can manage cookies in your browser settings — blocking the session cookie will prevent logging into the admin panel.
9. Security
We use technical and organisational data-protection measures, including HTTPS encryption, limited database access, passwords hashed with bcrypt, and regular software updates. Despite these measures, we encourage you to be cautious when sharing data online.
10. Changes to the policy
This policy may be updated from time to time (for example, in case of legal or technical changes). The current version is always available at: stara-piekarnia.com/polityka-prywatnosci.php (Polish, binding) or stara-piekarnia.com/en/privacy (English translation).
← back to home