Privacy Policy

How we process your personal data

Wersja polska →

Last updated: April 24, 2026

1. Data controller

The controller of your personal data is Zajazd Harasówka, located in Gniewkowo (88-140), ul. Kątna 14, Poland. For privacy inquiries contact biuro@harasowka.pl.

2. Scope of collected data

We process the following categories of personal data:

  • Contact details — first name, last name, email, phone number (from contact forms, event bookings, accommodation/catering inquiries).
  • Booking data — check-in/check-out dates, number of guests, dietary preferences (for weddings and events).
  • Social media integration data — access tokens and public data of our own business accounts: Facebook (Page Zajazd Harasówka), Instagram (@harasowka), TikTok (@harasowka). This data relates exclusively to our own company accounts and does not include personal data of our followers.
  • Analytics data — anonymous website traffic (Google Analytics), IP address (in server logs).

3. Purposes of processing

  • Responding to contact-form inquiries and fulfilling bookings (basis: Art. 6(1)(b) GDPR — contract).
  • Direct marketing of our hospitality and dining services (basis: Art. 6(1)(f) GDPR — legitimate interest).
  • Managing our presence on social media (Facebook, Instagram, TikTok) — publishing marketing content on our own business accounts.
  • Fulfilling legal obligations (accounting, taxes) — basis: Art. 6(1)(c) GDPR.

4. Social media integrations

We use an internal marketing tool that connects to the APIs of the following platforms in order to manage our own business accounts:

  • Meta (Facebook, Instagram) — Graph API v21. Scopes: pages_manage_posts, instagram_content_publish, pages_read_engagement. Access is restricted to our own business accounts.
  • TikTok — Content Posting API v2 and Display API. Scopes: video.upload, video.publish, user.info.basic, user.info.profile, user.info.stats, video.list. Access is restricted to the @harasowka account.

Access tokens are stored in a secure, encrypted database. We do not share these tokens with third parties. Data retrieved from these platforms is used exclusively to publish our own marketing materials and to report on our own post statistics (reach, likes, comments).

5. Recipients of data

Your data may be transferred to:

  • Hosting service providers (Hostinger — website and database hosting, EU).
  • Providers of email (SMTP), telecommunications, and accounting services.
  • Meta Platforms, Inc. and TikTok Pte. Ltd. — solely to the extent required by those platforms' APIs (publishing content on our accounts).
  • Public authorities — solely on the basis of applicable law.

We do not sell your personal data. We do not transfer it outside the EEA except when we use international service providers (Meta, TikTok) — in such cases, transfers are based on Standard Contractual Clauses of the European Commission.

6. Retention period

  • Contact-form data — up to 12 months from last contact.
  • Booking data — up to 5 years (tax obligation).
  • Social media integration tokens — until the account is disconnected.
  • Server logs — up to 90 days.

7. Your rights

Under the GDPR you have the right to:

  • access your data and receive a copy,
  • rectify (correct) your data,
  • erasure (right to be forgotten),
  • restrict processing,
  • data portability,
  • object to processing (including direct marketing),
  • lodge a complaint with the President of the Personal Data Protection Office (UODO) in Poland.

Send requests to: biuro@harasowka.pl.

8. Cookies

Harasowka.pl uses cookies solely for technical purposes (session, language preferences) and analytics (Google Analytics — anonymous traffic statistics). You can disable cookies in your browser settings.

9. Policy changes

We may update this privacy policy. Significant changes will be communicated by publishing the updated version on this page. The date of the last update is shown at the top of the document.

10. Contact

For privacy-related questions contact: biuro@harasowka.pl or call +48 52 355 80 78.