PRIVACY POLICY

General information

• This Privacy Policy is a set of rules intended to inform you about all aspects of the process concerning the acquisition, processing and safeguarding of your personal data. The Policy is addressed to all Users of the Administrator's Website and those using the Newsletter, Account and forms (contact, booking, birthday).
• This Policy sets forth the rules regarding the processing of personal data by the Personal Data Controller which is, depending on the Website you are using:

• This Policy may be amended and updated, in situations of changes in practices related to
  with the processing of personal data (taking into account, among other things, the current case law and PUODO guidelines) or changes in generally applicable laws. The Administrator will inform the Users about the changes to the Policy in an appropriate manner, by placing relevant information on the Website, and in the case of Users using the Newsletter service, Account or forms, by directing this information to the User's specified e-mail address.
• Use of the Administrator's Website involves the User's familiarization with the contents of this Privacy Policy and, in the case of subscribing to the Newsletter, acceptance thereof.
• Provision of personal data to the Administrator is voluntary, but in the case of processing of data stored in necessary cookies, Newsletter subscription or communication with the Administrator through forms, providing data will be a necessary condition for realization of the indicated purposes and proper functioning of the Website.

Definitions

• Administrator means the entity that decides how and for what purposes Personal Data is Processed. The Administrator is responsible for the compliance of the processing with applicable data protection laws.
• Personal Information means any information about any identified natural person or an individual who is identifiable.
• Process, Process or Processed means any action related to Personal Data, whether or not performed by automated means, such as: acquiring, recording, organizing, structuring, storing, adapting or changing, retrieving, consulting, using, making available by transmission, disseminating or making available by any other means, organizing or combining, limiting, deleting or destroying.
• Processor means any person or entity that Processes Personal Data on behalf of the Administrator (other than an employee of the Administrator).
• Website
• https://www.majalandkownaty.pl/pl,
• https://www.majalandwarsaw.pl/pl
• https://www.majalandgdansk.pl/pl

• Administrator's fanpage on social networks:

• Electronic Services -. services provided through the Website. Provision of Electronic Services to Users on the Website is made under the terms of this Policy and applies to the Newsletter service, Account and forms.

Processing of Users' Personal Data

• The Administrator may obtain Users' Personal Data in particular, in the following cases:
• Provision of Personal Data by Users (e.g., contact by email, telephone, through forms or any other means) on the basis of Article 6(1)(f) of the RODO (legitimate interest of the Administrator - responding to a message, inquiry) in connection with the need to handle a reported issue or inquiry,
• Investigate claims and take action in connection with the defense of the Administrator's rights, conduct legal proceedings and, inter alia, to enable the use of the Website via cookies, to prevent fraud in the use of the Website, in particular to operate, maintain, improve and make available all its functions, as well as to create compilations, analyses and statistics for the Administrator's internal needs, this includes, in particular: reporting, marketing research, planning the development of the Website, Newsletter, Account services, development work, creation of statistical models based on Article 6(1)(f) of the RODO (the aforementioned legitimate interest of the Administrator),
• obtain Personal Data of Users published on social media (Administrator's Fanpage) (e.g., obtaining information from Users' private profile on social media, to the extent that such information is visible as public) based on 6(1)(f) RODO (legally justified interest of the Administrator - promotion of its own activities and services, maintaining a social profile (Fanpage), building and strengthening relationships with customers, conducting analysis and statistics on the popularity and functioning of the profile as well as determining, investigating and defending against possible claims concerning the use of the profile, responding to contact),
• User's consent to the processing of the provided personal data for the purpose of sending the Newsletter, Based on Article 6(1)(a) (consent) sending commercial information - Newsletter (email, sms/telephone), providing marketing content via electronic communication, in accordance with Article 398 and the Electronic Communications Law,
• solicit or ask Users for Users' Personal Information when Users visit the Administrator's sites or use any features or resources available on or through the Website cookies precisely and third parties. When Users visit the Site, Users' devices and browsers may automatically share certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connection to the Site and other technical information regarding communications), some of which may constitute Personal Information. When visiting the Website, no Personal Data of Users will be stored by the Administrator, without an appropriate legal basis. With regard to cookies, the Administrator - in addition to the necessary files, will each time obtain the User's consent to install other cookies (including third-party Google Analytics files). The granting of the aforementioned consent is optional and does not affect the ability to use the Website. Processing takes place on the basis of Article 6(1)(a) (consent - with regard to other, except necessary cookies) and 399 of the Electronic Communications Law (legal provision - with regard to necessary cookies)..
• Account and forms: registration, reservation, birthday party on the basis of Article 6(1)(b) of the RODO (conclusion of a contract for the provision of electronic services) to enable you to purchase a ticket as part of your annual subscription (MajaPass) and to take advantage of the Park's offerings (depending on the service selected).
• Contact form Based on Article 6(1)(f) of the RODO (legitimate interest of the Administrator to respond to the inquiry directed by the User).

Providing personal data is voluntary, it is not a statutory obligation. In certain cases, however, without providing personal data, it is not possible to use the full functionality of the Website or Newsletter services, Account or forms. Categories of Users' Personal Data processed by the Administrator may, in particular, include:

• Personal data: first name(s), last name(s),
• Contact information: company details, email address, phone number, address.
• Message content: all communications (inquiries, statements, views and opinions), sent through the contact form or which have been published on the Administrator's website or its Fanpages by the User.
• IP number, cookies and information about how you use our Website and Newsletter - When using the Website or Newslstter.
• Image: when publishing an opinion, leaving a comment, clicking the "I like it" on the Administrator's social networking site (Fanpage) (as long as on the private account of this site the User has shared his image), sharing a video on YT or TikTok, sharing an image when creating a User Account.
• Behavioral data (consent to Google Ads): Information about user activity on websites, clicks on ads, data on time spent on the site and interactions with content.

The Administrator uses fanpage type profiles on social media. Public data shared by social media users may be used for:

• to respond to private messages that are directed to us,
• conduct discussions within the comments under individual posts,
• sharing our posts with those who follow our Fanpage,
• marketing by providing information about our services and ourselves through posts we make on our Fanpage, including sponsored posts that are displayed to a wider range of Users,
• statistical by presenting data about the display of our posts, their reach, the number of interactions; the data presented to us by the owners of social networks is statistical, but it is created based on the observation of behavior on our Fanpage.

Currently, the Administrator's Site uses redirects to the following social networks (Fanpage):

• Facebook,
• Instagram,
• LinkedIn,
• YouTube,
• TikTok
• Upon liking the Administrator's post, leaving a comment, sending a private message, subscribing to the channel, the Administrator together with:
• Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland
• LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
• Google Ireland Limited Google Building Gordon House, 4 Barrow St, Grand Canal Dock, Dublin 4, D04 V4X7, Ireland
• TikTok Technology Limited The Sorting Office, Ropemaker Place, Dublin 2, Dublin, D02 HD23, Ireland, Ireland.

become Administrators of your personal data provided on its Fanpage in terms of data processing for statistical and advertising purposes.

Accordingly, we encourage you to read the privacy policy:

• Facebook - https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
• Linkedin - https://pl.linkedin.com/legal/privacy-policy
• Instagram- https://privacycenter.instagram.com/policy/
• Youtube- https://policies.google.com/privacy?hl=pl
• TikTok - https://www.tiktok.com/legal/page/eea/privacy-policy/pl

Sharing Personal Data with Third Parties

1. The Administrator may share Users' Personal Data:
2. persons authorized by the Administrator to process data,
3. entities entrusted with data processing, e.g., technical service providers and consulting service providers,
4. to other administrators, if required by law or in good faith that such action is necessary to comply with applicable laws, in particular in response to a request from a court, state authorities.
5. If we engage a third party to Process Users' Personal Data, in accordance with the Processing Entrustment Agreement entered into with such third party, the Processing Entity shall be required to:
   1. Process only Personal Data designated in prior written instructions from the Administrator; and
   2. to apply all measures to protect the confidentiality and security of Personal Data and to ensure compliance with all other requirements of generally applicable law.
6. Due to the use of Facebook, Instagram, Linkedin and TikTok, data may be transferred by these entities to third countries - the United States of America (USA) or China in connection with sharing internally by these entities to: Meta Platforms Inc. Google LLC (USA) or Bejing ByteDance Technology Co Ltd. (China )on which the Administrator has no influence.
7. Third party services
8. The website may contain features or links that redirect to sites and services provided by third parties that are not managed by us. The information you provide to these sites or services will be subject to their own privacy policies and data processing procedures.
9. The Administrator is not responsible for the processing procedures of independent Website Administrators and service providers.
10. We encourage you to read the privacy and security policies of third parties before providing them with information.
11. Data Protection
12. The Administrator informs that it has implemented appropriate technical and organizational measures to protect Personal Data, in particular including safeguards against accidental or unlawful destruction, loss, alteration, unauthorized publication, unauthorized access and other unlawful and unauthorized forms of Processing, in accordance with applicable law.
13. The Administrator is not responsible for the acts or omissions of Users. Users are responsible for ensuring that all Personal Information is transmitted to the Administrator in a secure manner.
14. Personal data will not be subjected to automated profiling, i.e. automated decision-making with respect to the User, i.e. decisions made by technical means without human involvement, producing legal effects with respect to the profiled person or otherwise significantly affecting the profiled person.

• Data Accuracy

1. The Administrator shall take all adequate measures to ensure that:
2. The Personal Data of Users that the Administrator processes is accurate and, if necessary, updated;
3. All Personal Data of Users that the Administrator processes that is erroneous (given the purpose for which it is processed) will be deleted or corrected without undue delay.
4. The Administrator, at any time, may ask Users about the accuracy of the Personal Data processed.

• Minimizing the Scope of Data

The Administrator shall take all adequate measures to ensure that the scope of Users' Personal Data that it processes is limited to Personal Data adequately required for the purposes indicated in this Policy.

1. International Data Transfer

Personal data may be shared and processed outside the European Economic Area (the European Economic Area consists of: European Union and Iceland, Liechtenstein and Norway, collectively the "EEA"). If personal data is transferred outside the EEA, the Administrator requires appropriate safeguards. The Administrator will fulfill its obligations under Chapter V of the RODO to ensure the accuracy of such processing based on, among other things, the European Commission's decisions on the appropriate level of privacy protection of the EU-US Data Privacy Framework.

1. Retention Period of Personal Data
2. The criteria determining the duration of the period for which the Administrator retains Users' Personal Data are as follows: The Administrator shall keep copies of Users' Personal Data in an identifiable form only as long as necessary to achieve the purposes indicated herein, unless a longer period of retention of Personal Data is required by common law. The Administrator may, in particular, keep Users' Personal Data for the entire period necessary to establish, exercise or defend claims (statute of limitations for claims under Article 118 of the Civil Code).
3. Personal data is stored:
4. for a period of 30 days from the moment of contact (telephone, email from the Website, contact form) personal data may be processed for a longer period if, as a result of the inquiry sent, the User decides to use the Administrator's services (Newsletter,)
5. in the case of the use of our services (Account, other forms) (conclusion of a contract) for the period of execution of the contract and the period necessary to consider complaints filed, until the resolution of any disputes and settlement of the parties, taking into account the applicable statute of limitations for claims
6. within the scope of the Administrator's internal administrative purposes as well as other purposes of data processing where the legal basis is the Administrator's legitimate interest, personal data will be stored until the fulfillment of the Administrator's legitimate interests constituting the basis for data processing or prior objection to such processing, after the Administrator has performed a proper analysis of the User's interest and the Administrator's basis for processing;
7. in the case of data processed on our Fanpage until you object to further processing by clicking "dislike", withdrawing liking a post or deleting a comment on a post, cancelling a Subscription
8. if you use our Newsleter services for the period of service provision or until you withdraw your consent to be sent commercial information by email and/or phone/sms.
9. Google Analytics
10. The administrator uses the tool Google Analytics provided by Google LLC, whose infrastructure is located at Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Administrator indicates that Google LLC (1600 Amphitheatre Parkway, Mountain View, California 94043, USA) has joined the EU-US Data Privacy Framework Agreement, i.e. provides an adequate level of security for the processing of personal data, in accordance with the RODO.
11. Google Analytics allows you to:
12. Tracking website traffic: information about the number of users, number of visits, sources of hits (e.g., ads, search engines, social media).
13. Monitoring user behavior: analysis of which pages are most visited, time spent on the site, bounce rate.
14. Segmentation of users: demographic, geographic and technological data (e.g., device type, browser).
15. Tracking goals and conversions: analyzing how users complete certain actions, such as purchases, newsletter sign-ups or downloads.
16. Google Analytics processes data that may include:
17. IP addresses: used to identify the geographic location of users, which in combination with other data may constitute personal information.
18. Cookies: storing unique user and session identifiers to track user activity, only after the user has given the appropriate consent.
19. Technical data: e.g. browser type, operating system, screen resolution, ISP.
20. The Administrator uses the function of IP address anonymization, which disables the possibility of identifying Users (the last octet of the IP address is masked from storing or processing data).
21. The Administrator processes data using the indicated tool in order to provide analyses and reports on website traffic and the effectiveness of marketing activities on the basis of the Administrator's legitimate interest and the User's consent (acceptance of Google Analytics cookies). The Administrator has entered into an appropriate Data Processing Entrustment Agreement with Google (Data Processing Agreement), regulating data security as required by law.
22. The administrator uses the mode Consent Mode phe tracking code is implemented to measure traffic and conversions on the Website even if the User does not consent to the storing of cookies, while fully complying with the requirements of the RODO, where the tracking code is implemented to collect only basic, anonymized and aggregated data regarding the time of visit to the Website, information about the referring page and to measure conversions from advertising campaigns. If the User consents to specific types of data processing (Google Analytics cookies), the corresponding tags will work to their full extent. If he or she does not give his or her consent, the tools will still function, but in a limited mode, collecting anonymous data without the possibility of any identification of the User. Tool Consent Mode helps to comply with the requirements under RODO and the provisions of the ePrivacy Directive by respecting Users' decisions regarding cookie consent.
23. The storage period for the collected data if you accept Google Analytics cookies is 14 months.
24. We encourage you to read Google's Privacy Policy located at: https://policies.google.com/privacy?hl=pl
25. You can configure your browser to block cookies related to Google Analytics. Google Analytics uses cookies such as _ga, _gid and _gat.
26. Users can also use a plug-in to block Google Analytics. Google offers a browser add-on to block Google Analytics, you can download it from the official site: https://tools.google.com/dlpage/gaoptout. Once installed, the plug-in will prevent data from being sent to Google Analytics from all sites visited.
27. The Administrator also uses Google Ads tools. As a result of consenting to the use of this tool, Users' Personal Data is processed for the purpose of displaying personalized ads on Google platforms and cooperating websites, analyzing the effectiveness of advertising campaigns, remarketing (displaying ads to users who have visited the advertiser's website), optimizing advertising content based on users' preferences.

• Facebook Pixel

1. The Administrator using the Pixel tracing services provided by Facebook becomes a joint controller of personal data with the service provider, i.e. Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland. The scope of joint data processing/co-management includes

1) collection of personal data and

2) their transmission to Facebook.

2. The types of personal data in connection with the Administrator's use of the Pixel product, on its website covered by co-administration with Meta Ireland are:
3. HTTP header information that contains information about the browser or application being used (e.g., user agent, country/language of location)
4. Information on standard/optional events, e.g. "displaying a Page" or "installing an application", further object properties and buttons pressed by site visitors, depending on the configuration of the Business Tool
5. Internet identifiers, including IP addresses and, if provided, Meta-linked identifiers or device identifiers (e.g., ad identifiers on mobile operating systems) and information about opting out/restricting ad monitoring

Further processing of data by Meta Ireland is not part of joint processing with the Auditee.

3. Third parties, including Meta, may use cookies, web beacons and similar technologies to collect or receive information from the Site and other places on the Internet and use it to provide measurement, targeting and ad delivery services. You may disable the collection and use of their information to support ad targeting, see details at: https://pl-pl.facebook.com/business/help/165516217407801?id=1913105122334058 In addition, the user can use mechanisms to make a choice (for example, by providing a link to the pages of the http://www.aboutads.info/choices and http://www.youronlinechoices.eu/
4. We encourage you to read the co-administration rules set by Meta, link to the page: https://www.facebook.com/legal/controller_addendum, Pixel's Terms of Use, link to the site: https://www.facebook.com/legal/terms/businesstools and mechanisms that allow users to make choices regarding the scope of the

• Cookies (cookies)

1. When the User uses the Website, data about the User is automatically collected. This data may include:
2. IP address,
3. domain name,
4. browser type,
5. operating system type.
6. This data may be collected by:
7. cookies,
8. Google Analytics system, Google Ads, Facebook Pixel,
9. and can be recorded in server logs.
10. A cookie is small text information in the form of text files stored by your browser on your computer's hard drive or smartphone's memory card. On subsequent visits to the Website, the information stored in the cookie is sent back to the Website. This allows the Website to recognize you and tailor content to your needs.
11. In order to improve our Website, provide the most relevant content and analyze how Users use our Website, we may use cookies.
12. We may process the data contained in cookies for purposes:
13. To personalize the Website: to remember information about the User so that the User does not have to re-enter that information on subsequent visits;
14. To provide customized advertising, content and information to the User;
15. Monitoring aggregate site usage metrics, such as the total number of visitors and pages viewed.
16. We use the following types of files:
17. session cookies, which are temporary files and are stored on a visitor's device until they leave the Site;
18. solid cookies, which are stored in the final device of the person visiting the Site for the time specified in the parameters of the file or until they are manually deleted;
19. We can divide cookies into the following categories of cookies:
20. Cookies neededwhich ensure the proper functioning of the site, security and maintained session, these are files installed by default, without them the Website cannot function properly (Cookie Hub) (files necessary for the functioning of the site, selected by default)
21. Analytics cookies allow us to improve the website by collecting and reporting information about its use(Google Analytics) (checkbox to be checked)....
22. Marketing cookies are used to track website visitors in order to enable publishers to place relevant and engaging ads (Google Ada, Facebook Pixel) (checkbox to be checked).
23. We use analytics and similar services that contain third-party cookies. When you use the Website, third-party cookies may be used to enable the functionality of the Website and its integrated sites or to analyze the effectiveness of advertising campaigns and collect anonymous information about the use of the Website for statistical purposes.
24. This Privacy Policy does not govern the use of third party cookies. Each third party sets its own rules for the use of cookies in its privacy policy. We encourage you to read the details related to data processing within Google Analytics, indicated in the explanations prepared by Google: https://support.google.com/analytics/answer/6004245, Facebook Pixel: https://www.facebook.com/privacy/policy
25. You can also change how cookies are used by your browser, and you can block or delete them. To do this, change your browser settings. Most browsers offer the option of accepting or rejecting all cookies, accepting only certain types, or notifying you each time a site tries to save them. You can also easily delete cookies that have already been stored on your device. Managing cookies depends on the browser you use. You can find out how to do this for a particular browser by clicking "help" in the browser menu. There you will learn how to control and delete cookies step by step.
    • Google Chrome
    • Safari (macOS)
    • Mozilla Firefox
    • Microsoft Edge
    • Microsoft Internet Explorer
    • Opera
26. At the same time, we would like to inform you that the lack of consent, removal, blocking or restriction of the placement of cookies may cause difficulties or even prevent the use of the Website.

• Newsletter
  1. The Administrator provides the Newsletter service electronically. The Newsletter service consists of sending information about offers, promotions and events related to the Administrator's activities to the e-mail address or telephone/sms (depending on the User's choice) provided by the User. The Administrator indicates that the Newsletter will not be sent at regular intervals (e.g. every month), the sending of the Newsletter will depend on promotional activities undertaken by the Administrator and will be irregular in nature.
  2. The service is provided in accordance with the provisions of the law, in particular the Act of 18 July 2002 on the provision of electronic services and the Regulation of the European Parliament and of the Council (EU) 2016/679 (RODO).
  3. In order to use the free Newsletter service, the User must have an active e-mail address, express voluntary consent to receive commercial information by e-mail. Newsletter subscription takes place by filling in a form available on the Administrator's Website (providing personal data in the form of name and surname and e-mail address, telephone number) and acceptance of this Privacy Policy (and the Park Regulations) regulating the principles of data processing and principles of service provision. Sending a message by the User in this manner constitutes a declaration of intent by the User to conclude the Newsletter service.
  4. The Administrator undertakes to provide the service in accordance with the Policy and applicable laws, to protect Users' personal data in accordance with RODO and the Personal Data Protection Act. The User undertakes to use the service in a manner consistent with the law and this Policy and not to provide unlawful content .
  5. The Newsletter service is provided for an indefinite period of time. The User has the right to opt out of receiving the Newsletter at any time by withdrawing consent to the provision of this service by directing his/her request:
  6. after pressing the unsubscribe button in the Newsletter service,
  7. dedicated email address: rodo@majaland.pl.

The request will be implemented effective at the end of the calendar month.

6. The statement of withdrawal of consent can be addressed at any time to the Administrator's e-mail or registered office address indicated in Chapter I. Upon withdrawal, the User's e-mail address will be immediately removed from the subscriber database.

1. Account
   1. The Administrator provides the Account service electronically. The service is provided in accordance with the provisions of the law, in particular the Act of July 18, 2002 on the provision of services by electronic means and the Regulation of the European Parliament and of the Council (EU) 2016/679 (RODO).
   2. The Account Service involves the creation of an individual User account on the Website allowing the purchase, management and use of the annual loyalty card MajaPass.
   3. The account allows you to purchase and manage your subscription to the Park's annual pass, access customized promotions and special offers, verify your purchase and transaction history, use the personalized messaging feature for events and offers.
   4. In order to use the free Account service, the User fills in the registration form available on the Administrator's Website . The User's sending a message in this manner by clicking on the "Register" field constitutes a declaration of intent by the User to conclude the Account service.
   5. Creating an account requires:

• Provide basic personal information in the registration form, i.e. name, surname, telephone number and e-mail address, address and photo in order to personalize services and facilitate identification of the cardholder (voluntary).
• create a unique login and password,
• Acceptance of the Park Regulations and Privacy Policy,
  6. Providing an e-mail address is required to activate the Account and to send confirmations of the purchased ticket.
  7. The account is named and cannot be shared with third parties. The user undertakes to protect his login information and not to make it available to unauthorized persons.
  8. The Administrator reserves the right to temporarily suspend the provision of the Account service in case of detection of suspicious activity, violation of the regulations or suspicion of unauthorized access.
  9. You have the right to access your Account, edit your data, unsubscribe and delete your account at any time, report technical problems and comments on the operation of the service.
  10. The account remains active as long as the user has a valid subscription. The user may request deletion of the account at any time by contacting the Administrator. Deletion of the account results in loss of access to purchase history, discounts and assigned benefits.
  11. The Account service is provided on a continuous basis. However, the Administrator is not responsible for the inability to provide the service for reasons beyond his control, in particular, lack of Internet access, technical errors of the site.
• Contact form

1. The Administrator provides a service to answer questions related to the offer of the Park, service, rules of cooperation, things lost with the help of the Contact Form.
2. Questions, Suggestions, Complaints can be sent via the Contact Form, for this purpose it is necessary to provide the subject of the inquiry, e-mail address, name and surname, enter the content of the message and click on the "Confirm" field. Failure to provide the address-email will prevent the User from sending a response to the inquiry.
3. The administrator will make every effort to answer the question within no more than 48
4. The contract for the provision of services is concluded as soon as the User submits the form, after pressing the "Confirm" button.

• Forms

1. The administrator also provides the service of being able to book tickets to the Park for groups, schools or book a birthday party, for example.
2. The forms allow you to purchase tickets to the Park as part of organized groups or for specific celebrations. The condition for using the possibility of booking tickets via forms is acceptance of the Park Regulations and Privacy Policy.
3. In order to use the Ticket Reservation Service, the User completes the given form and presses the "Send" button. The contract is concluded when the Service Provider receives confirmation of the ticket reservation by email or telephone. The Service Provider will make every effort to confirm the reservation within 72 hours after the User sends the form.

• Provision of services by electronic means

1. It is prohibited for Users to provide unlawful content.
2. The User is obliged to use the Administrator's website and the offered Services in a manner consistent with the provisions of law, good practice, using data consistent with the actual state of affairs and otherwise not acting inconsistently with the provisions of this Policy. The Administrator is not responsible for false data provided by the User or for non-delivery of services due to reasons beyond the Administrator's control (e.g. technical problems on the side of the Internet service provider).
3. The Administrator undertakes to provide the service in accordance with the Privacy Policy, applicable laws (UŚUDE), RODO and the Personal Data Protection Act.
4. The recipient is obliged to maintain confidentiality and not to disclose to third parties any information obtained in connection with the provision of Services by the Administrator including commercial, organizational, technological, financial information.
5. The technical requirements necessary to use the Services provided electronically are access to the Internet, a device enabling its use such as a computer, laptop or other mobile device with an Internet browser, access to e-mail and a configured e-mail account, any properly configured version of the Internet browser that supports, among other things, cookies (Internet Explorer, Opera, Mozilla Firefox, Safari, Google Chrome).
6. Use of the Services over the Internet, despite the Administrator's use of safeguards designed to prevent or significantly impede hacking (hacking attacks), may involve the risk of unwanted malware infecting the computer system. Therefore, the Administrator additionally recommends the use of updated anti-virus software and the use of an appropriate system firewall by the User.
7. The User has the right to file a complaint regarding the provision of electronic services. Complaints should be submitted in writing by directing them to the Administrator's registered office address or by e-mail to the e-mail address (indicated in Chapter I). The complaint should contain the name and e-mail address of the User (e-mail notification), description of the problem giving rise to the complaint, and the User's demand related to the complaint. The Administrator will consider the complaint within 14 days from the date of its receipt. The User will be informed of the result of the complaint consideration by the same communication channel used to address the complaint.

• Users' rights in connection with the processing of their personal data

1. You are entitled to the following rights in connection with the processing of your personal data:
2. The right of access to the personal data being processed - On this basis, the Administrator shall, at the request of the data subject, provide information about the processing of personal data concerning him/her, including, in particular, the purposes and legal grounds for the processing, the scope of the data held, the entities to which the personal data are disclosed and the planned date for their deletion. As part of the right of access, the data subject may also request information about to whom his or her personal data is shared and whether it is subject to profiling and automated decision-making. The data subject also has the right to obtain a copy of his or her data.
3. right to rectification - On this basis, the Administrator shall, at the request of the data subject, rectify any inconsistencies or errors regarding the processed personal data, and supplement or update it if it is incomplete or has changed;
4. right to erasure - on this basis, the Administrator shall, at the request of the data subject, delete the data whose processing is no longer necessary for the fulfillment of any of the purposes for which it was collected, the consent for its processing has been withdrawn or an objection has been raised and it is not required for the establishment, investigation or defense of the Administrator's claims;
5. The right to restrict and portability of processing - on this basis, the Administrator shall, at the request of the data subject, cease performing operations on such personal data, to the extent corresponding to the law, and shall also release such personal data, in a computer-readable format;
6. right to lodge a complaint - Exercising this right, a person who considers that his or her personal data is being processed in violation of applicable law may file a complaint with the President of the Office for Personal Data Protection (2 Stawki Street, 00-193 Warsaw);
7. right to object - The data subject may object at any time to the processing of personal data for the purposes for which they were collected and are processed, objection regarding direct marketing - if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him/her in this respect;
8. right to withdraw consent - if we process personal data on the basis of consent given, then at any time the data subject may withdraw that consent. The withdrawal of consent does not make the processing of personal data up to that point illegal, the withdrawal of consent does not affect the legality of previous processing, however, it will result in personal data no longer being used for those purposes from the moment of withdrawal of consent.
9. A request for the exercise of the rights described above can be submitted by regular mail by writing to the Administrator's registered office address or via the email address indicated in Chapter I.
10. The request should, as far as possible, indicate precisely what the request is about, i.e. in particular the addressee of the request and which of the rights described above the person making the request wants to exercise. If the Administrator is unable to determine the content of the request or identify the person making the request based on the notification made, it will ask the requestor for additional information.

PRIVACY POLICY

General information

• This Privacy Policy is a set of rules intended to inform you about all aspects of the process concerning the acquisition, processing and safeguarding of your personal data. The Policy is addressed to all Users of the Administrator's Website and those using the Newsletter, Account and forms (contact, booking, birthday).
• This Policy sets forth the rules regarding the processing of personal data by the Personal Data Controller which is, depending on the Website you are using:

• This Policy may be amended and updated, in situations of changes in practices related to
  with the processing of personal data (taking into account, among other things, the current case law and PUODO guidelines) or changes in generally applicable laws. The Administrator will inform the Users about the changes to the Policy in an appropriate manner, by placing relevant information on the Website, and in the case of Users using the Newsletter service, Account or forms, by directing this information to the User's specified e-mail address.
• Use of the Administrator's Website involves the User's familiarization with the contents of this Privacy Policy and, in the case of subscribing to the Newsletter, acceptance thereof.
• Provision of personal data to the Administrator is voluntary, but in the case of processing of data stored in necessary cookies, Newsletter subscription or communication with the Administrator through forms, providing data will be a necessary condition for realization of the indicated purposes and proper functioning of the Website.

Definitions

• Administrator means the entity that decides how and for what purposes Personal Data is Processed. The Administrator is responsible for the compliance of the processing with applicable data protection laws.
• Personal Information means any information about any identified natural person or an individual who is identifiable.
• Process, Process or Processed means any action related to Personal Data, whether or not performed by automated means, such as: acquiring, recording, organizing, structuring, storing, adapting or changing, retrieving, consulting, using, making available by transmission, disseminating or making available by any other means, organizing or combining, limiting, deleting or destroying.
• Processor means any person or entity that Processes Personal Data on behalf of the Administrator (other than an employee of the Administrator).
• Website
• https://www.majalandkownaty.pl/pl,
• https://www.majalandwarsaw.pl/pl
• https://www.majalandgdansk.pl/pl

• Administrator's fanpage on social networks:

• Electronic Services -. services provided through the Website. Provision of Electronic Services to Users on the Website is made under the terms of this Policy and applies to the Newsletter service, Account and forms.

Processing of Users' Personal Data

• The Administrator may obtain Users' Personal Data in particular, in the following cases:
• Provision of Personal Data by Users (e.g., contact by email, telephone, through forms or any other means) on the basis of Article 6(1)(f) of the RODO (legitimate interest of the Administrator - responding to a message, inquiry) in connection with the need to handle a reported issue or inquiry,
• Investigate claims and take action in connection with the defense of the Administrator's rights, conduct legal proceedings and, inter alia, to enable the use of the Website via cookies, to prevent fraud in the use of the Website, in particular to operate, maintain, improve and make available all its functions, as well as to create compilations, analyses and statistics for the Administrator's internal needs, this includes, in particular: reporting, marketing research, planning the development of the Website, Newsletter, Account services, development work, creation of statistical models based on Article 6(1)(f) of the RODO (the aforementioned legitimate interest of the Administrator),
• obtain Personal Data of Users published on social media (Administrator's Fanpage) (e.g., obtaining information from Users' private profile on social media, to the extent that such information is visible as public) based on 6(1)(f) RODO (legally justified interest of the Administrator - promotion of its own activities and services, maintaining a social profile (Fanpage), building and strengthening relationships with customers, conducting analysis and statistics on the popularity and functioning of the profile as well as determining, investigating and defending against possible claims concerning the use of the profile, responding to contact),
• User's consent to the processing of the provided personal data for the purpose of sending the Newsletter, Based on Article 6(1)(a) (consent) sending commercial information - Newsletter (email, sms/telephone), providing marketing content via electronic communication, in accordance with Article 398 and the Electronic Communications Law,
• solicit or ask Users for Users' Personal Information when Users visit the Administrator's sites or use any features or resources available on or through the Website cookies precisely and third parties. When Users visit the Site, Users' devices and browsers may automatically share certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connection to the Site and other technical information regarding communications), some of which may constitute Personal Information. When visiting the Website, no Personal Data of Users will be stored by the Administrator, without an appropriate legal basis. With regard to cookies, the Administrator - in addition to the necessary files, will each time obtain the User's consent to install other cookies (including third-party Google Analytics files). The granting of the aforementioned consent is optional and does not affect the ability to use the Website. Processing takes place on the basis of Article 6(1)(a) (consent - with regard to other, except necessary cookies) and 399 of the Electronic Communications Law (legal provision - with regard to necessary cookies)..
• Account and forms: registration, reservation, birthday party on the basis of Article 6(1)(b) of the RODO (conclusion of a contract for the provision of electronic services) to enable you to purchase a ticket as part of your annual subscription (MajaPass) and to take advantage of the Park's offerings (depending on the service selected).
• Contact form Based on Article 6(1)(f) of the RODO (legitimate interest of the Administrator to respond to the inquiry directed by the User).

Providing personal data is voluntary, it is not a statutory obligation. In certain cases, however, without providing personal data, it is not possible to use the full functionality of the Website or Newsletter services, Account or forms. Categories of Users' Personal Data processed by the Administrator may, in particular, include:

• Personal data: first name(s), last name(s),
• Contact information: company details, email address, phone number, address.
• Message content: all communications (inquiries, statements, views and opinions), sent through the contact form or which have been published on the Administrator's website or its Fanpages by the User.
• IP number, cookies and information about how you use our Website and Newsletter - When using the Website or Newslstter.
• Image: when publishing an opinion, leaving a comment, clicking the "I like it" on the Administrator's social networking site (Fanpage) (as long as on the private account of this site the User has shared his image), sharing a video on YT or TikTok, sharing an image when creating a User Account.
• Behavioral data (consent to Google Ads): Information about user activity on websites, clicks on ads, data on time spent on the site and interactions with content.

The Administrator uses fanpage type profiles on social media. Public data shared by social media users may be used for:

• to respond to private messages that are directed to us,
• conduct discussions within the comments under individual posts,
• sharing our posts with those who follow our Fanpage,
• marketing by providing information about our services and ourselves through posts we make on our Fanpage, including sponsored posts that are displayed to a wider range of Users,
• statistical by presenting data about the display of our posts, their reach, the number of interactions; the data presented to us by the owners of social networks is statistical, but it is created based on the observation of behavior on our Fanpage.

Currently, the Administrator's Site uses redirects to the following social networks (Fanpage):

• Facebook,
• Instagram,
• LinkedIn,
• YouTube,
• TikTok
• Upon liking the Administrator's post, leaving a comment, sending a private message, subscribing to the channel, the Administrator together with:
• Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland
• LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
• Google Ireland Limited Google Building Gordon House, 4 Barrow St, Grand Canal Dock, Dublin 4, D04 V4X7, Ireland
• TikTok Technology Limited The Sorting Office, Ropemaker Place, Dublin 2, Dublin, D02 HD23, Ireland, Ireland.

become Administrators of your personal data provided on its Fanpage in terms of data processing for statistical and advertising purposes.

Accordingly, we encourage you to read the privacy policy:

• Facebook - https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
• Linkedin - https://pl.linkedin.com/legal/privacy-policy
• Instagram- https://privacycenter.instagram.com/policy/
• Youtube- https://policies.google.com/privacy?hl=pl
• TikTok - https://www.tiktok.com/legal/page/eea/privacy-policy/pl

Sharing Personal Data with Third Parties

1. The Administrator may share Users' Personal Data:
2. persons authorized by the Administrator to process data,
3. entities entrusted with data processing, e.g., technical service providers and consulting service providers,
4. to other administrators, if required by law or in good faith that such action is necessary to comply with applicable laws, in particular in response to a request from a court, state authorities.
5. If we engage a third party to Process Users' Personal Data, in accordance with the Processing Entrustment Agreement entered into with such third party, the Processing Entity shall be required to:
   1. Process only Personal Data designated in prior written instructions from the Administrator; and
   2. to apply all measures to protect the confidentiality and security of Personal Data and to ensure compliance with all other requirements of generally applicable law.
6. Due to the use of Facebook, Instagram, Linkedin and TikTok, data may be transferred by these entities to third countries - the United States of America (USA) or China in connection with sharing internally by these entities to: Meta Platforms Inc. Google LLC (USA) or Bejing ByteDance Technology Co Ltd. (China )on which the Administrator has no influence.
7. Third party services
8. The website may contain features or links that redirect to sites and services provided by third parties that are not managed by us. The information you provide to these sites or services will be subject to their own privacy policies and data processing procedures.
9. The Administrator is not responsible for the processing procedures of independent Website Administrators and service providers.
10. We encourage you to read the privacy and security policies of third parties before providing them with information.
11. Data Protection
12. The Administrator informs that it has implemented appropriate technical and organizational measures to protect Personal Data, in particular including safeguards against accidental or unlawful destruction, loss, alteration, unauthorized publication, unauthorized access and other unlawful and unauthorized forms of Processing, in accordance with applicable law.
13. The Administrator is not responsible for the acts or omissions of Users. Users are responsible for ensuring that all Personal Information is transmitted to the Administrator in a secure manner.
14. Personal data will not be subjected to automated profiling, i.e. automated decision-making with respect to the User, i.e. decisions made by technical means without human involvement, producing legal effects with respect to the profiled person or otherwise significantly affecting the profiled person.

• Data Accuracy

1. The Administrator shall take all adequate measures to ensure that:
2. The Personal Data of Users that the Administrator processes is accurate and, if necessary, updated;
3. All Personal Data of Users that the Administrator processes that is erroneous (given the purpose for which it is processed) will be deleted or corrected without undue delay.
4. The Administrator, at any time, may ask Users about the accuracy of the Personal Data processed.

• Minimizing the Scope of Data

The Administrator shall take all adequate measures to ensure that the scope of Users' Personal Data that it processes is limited to Personal Data adequately required for the purposes indicated in this Policy.

1. International Data Transfer

Personal data may be shared and processed outside the European Economic Area (the European Economic Area consists of: European Union and Iceland, Liechtenstein and Norway, collectively the "EEA"). If personal data is transferred outside the EEA, the Administrator requires appropriate safeguards. The Administrator will fulfill its obligations under Chapter V of the RODO to ensure the accuracy of such processing based on, among other things, the European Commission's decisions on the appropriate level of privacy protection of the EU-US Data Privacy Framework.

1. Retention Period of Personal Data
2. The criteria determining the duration of the period for which the Administrator retains Users' Personal Data are as follows: The Administrator shall keep copies of Users' Personal Data in an identifiable form only as long as necessary to achieve the purposes indicated herein, unless a longer period of retention of Personal Data is required by common law. The Administrator may, in particular, keep Users' Personal Data for the entire period necessary to establish, exercise or defend claims (statute of limitations for claims under Article 118 of the Civil Code).
3. Personal data is stored:
4. for a period of 30 days from the moment of contact (telephone, email from the Website, contact form) personal data may be processed for a longer period if, as a result of the inquiry sent, the User decides to use the Administrator's services (Newsletter,)
5. in the case of the use of our services (Account, other forms) (conclusion of a contract) for the period of execution of the contract and the period necessary to consider complaints filed, until the resolution of any disputes and settlement of the parties, taking into account the applicable statute of limitations for claims
6. within the scope of the Administrator's internal administrative purposes as well as other purposes of data processing where the legal basis is the Administrator's legitimate interest, personal data will be stored until the fulfillment of the Administrator's legitimate interests constituting the basis for data processing or prior objection to such processing, after the Administrator has performed a proper analysis of the User's interest and the Administrator's basis for processing;
7. in the case of data processed on our Fanpage until you object to further processing by clicking "dislike", withdrawing liking a post or deleting a comment on a post, cancelling a Subscription
8. if you use our Newsleter services for the period of service provision or until you withdraw your consent to be sent commercial information by email and/or phone/sms.
9. Google Analytics
10. The administrator uses the tool Google Analytics provided by Google LLC, whose infrastructure is located at Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Administrator indicates that Google LLC (1600 Amphitheatre Parkway, Mountain View, California 94043, USA) has joined the EU-US Data Privacy Framework Agreement, i.e. provides an adequate level of security for the processing of personal data, in accordance with the RODO.
11. Google Analytics allows you to:
12. Tracking website traffic: information about the number of users, number of visits, sources of hits (e.g., ads, search engines, social media).
13. Monitoring user behavior: analysis of which pages are most visited, time spent on the site, bounce rate.
14. Segmentation of users: demographic, geographic and technological data (e.g., device type, browser).
15. Tracking goals and conversions: analyzing how users complete certain actions, such as purchases, newsletter sign-ups or downloads.
16. Google Analytics processes data that may include:
17. IP addresses: used to identify the geographic location of users, which in combination with other data may constitute personal information.
18. Cookies: storing unique user and session identifiers to track user activity, only after the user has given the appropriate consent.
19. Technical data: e.g. browser type, operating system, screen resolution, ISP.
20. The Administrator uses the function of IP address anonymization, which disables the possibility of identifying Users (the last octet of the IP address is masked from storing or processing data).
21. The Administrator processes data using the indicated tool in order to provide analyses and reports on website traffic and the effectiveness of marketing activities on the basis of the Administrator's legitimate interest and the User's consent (acceptance of Google Analytics cookies). The Administrator has entered into an appropriate Data Processing Entrustment Agreement with Google (Data Processing Agreement), regulating data security as required by law.
22. The administrator uses the mode Consent Mode phe tracking code is implemented to measure traffic and conversions on the Website even if the User does not consent to the storing of cookies, while fully complying with the requirements of the RODO, where the tracking code is implemented to collect only basic, anonymized and aggregated data regarding the time of visit to the Website, information about the referring page and to measure conversions from advertising campaigns. If the User consents to specific types of data processing (Google Analytics cookies), the corresponding tags will work to their full extent. If he or she does not give his or her consent, the tools will still function, but in a limited mode, collecting anonymous data without the possibility of any identification of the User. Tool Consent Mode helps to comply with the requirements under RODO and the provisions of the ePrivacy Directive by respecting Users' decisions regarding cookie consent.
23. The storage period for the collected data if you accept Google Analytics cookies is 14 months.
24. We encourage you to read Google's Privacy Policy located at: https://policies.google.com/privacy?hl=pl
25. You can configure your browser to block cookies related to Google Analytics. Google Analytics uses cookies such as _ga, _gid and _gat.
26. Users can also use a plug-in to block Google Analytics. Google offers a browser add-on to block Google Analytics, you can download it from the official site: https://tools.google.com/dlpage/gaoptout. Once installed, the plug-in will prevent data from being sent to Google Analytics from all sites visited.
27. The Administrator also uses Google Ads tools. As a result of consenting to the use of this tool, Users' Personal Data is processed for the purpose of displaying personalized ads on Google platforms and cooperating websites, analyzing the effectiveness of advertising campaigns, remarketing (displaying ads to users who have visited the advertiser's website), optimizing advertising content based on users' preferences.

• Facebook Pixel

1. The Administrator using the Pixel tracing services provided by Facebook becomes a joint controller of personal data with the service provider, i.e. Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland. The scope of joint data processing/co-management includes

1) collection of personal data and

2) their transmission to Facebook.

2. The types of personal data in connection with the Administrator's use of the Pixel product, on its website covered by co-administration with Meta Ireland are:
3. HTTP header information that contains information about the browser or application being used (e.g., user agent, country/language of location)
4. Information on standard/optional events, e.g. "displaying a Page" or "installing an application", further object properties and buttons pressed by site visitors, depending on the configuration of the Business Tool
5. Internet identifiers, including IP addresses and, if provided, Meta-linked identifiers or device identifiers (e.g., ad identifiers on mobile operating systems) and information about opting out/restricting ad monitoring

Further processing of data by Meta Ireland is not part of joint processing with the Auditee.

3. Third parties, including Meta, may use cookies, web beacons and similar technologies to collect or receive information from the Site and other places on the Internet and use it to provide measurement, targeting and ad delivery services. You may disable the collection and use of their information to support ad targeting, see details at: https://pl-pl.facebook.com/business/help/165516217407801?id=1913105122334058 In addition, the user can use mechanisms to make a choice (for example, by providing a link to the pages of the http://www.aboutads.info/choices and http://www.youronlinechoices.eu/
4. We encourage you to read the co-administration rules set by Meta, link to the page: https://www.facebook.com/legal/controller_addendum, Pixel's Terms of Use, link to the site: https://www.facebook.com/legal/terms/businesstools and mechanisms that allow users to make choices regarding the scope of the

• Cookies (cookies)

1. When the User uses the Website, data about the User is automatically collected. This data may include:
2. IP address,
3. domain name,
4. browser type,
5. operating system type.
6. This data may be collected by:
7. cookies,
8. Google Analytics system, Google Ads, Facebook Pixel,
9. and can be recorded in server logs.
10. A cookie is small text information in the form of text files stored by your browser on your computer's hard drive or smartphone's memory card. On subsequent visits to the Website, the information stored in the cookie is sent back to the Website. This allows the Website to recognize you and tailor content to your needs.
11. In order to improve our Website, provide the most relevant content and analyze how Users use our Website, we may use cookies.
12. We may process the data contained in cookies for purposes:
13. To personalize the Website: to remember information about the User so that the User does not have to re-enter that information on subsequent visits;
14. To provide customized advertising, content and information to the User;
15. Monitoring aggregate site usage metrics, such as the total number of visitors and pages viewed.
16. We use the following types of files:
17. session cookies, which are temporary files and are stored on a visitor's device until they leave the Site;
18. solid cookies, which are stored in the final device of the person visiting the Site for the time specified in the parameters of the file or until they are manually deleted;
19. We can divide cookies into the following categories of cookies:
20. Cookies neededwhich ensure the proper functioning of the site, security and maintained session, these are files installed by default, without them the Website cannot function properly (Cookie Hub) (files necessary for the functioning of the site, selected by default)
21. Analytics cookies allow us to improve the website by collecting and reporting information about its use(Google Analytics) (checkbox to be checked)....
22. Marketing cookies are used to track website visitors in order to enable publishers to place relevant and engaging ads (Google Ada, Facebook Pixel) (checkbox to be checked).
23. We use analytics and similar services that contain third-party cookies. When you use the Website, third-party cookies may be used to enable the functionality of the Website and its integrated sites or to analyze the effectiveness of advertising campaigns and collect anonymous information about the use of the Website for statistical purposes.
24. This Privacy Policy does not govern the use of third party cookies. Each third party sets its own rules for the use of cookies in its privacy policy. We encourage you to read the details related to data processing within Google Analytics, indicated in the explanations prepared by Google: https://support.google.com/analytics/answer/6004245, Facebook Pixel: https://www.facebook.com/privacy/policy
25. You can also change how cookies are used by your browser, and you can block or delete them. To do this, change your browser settings. Most browsers offer the option of accepting or rejecting all cookies, accepting only certain types, or notifying you each time a site tries to save them. You can also easily delete cookies that have already been stored on your device. Managing cookies depends on the browser you use. You can find out how to do this for a particular browser by clicking "help" in the browser menu. There you will learn how to control and delete cookies step by step.
    • Google Chrome
    • Safari (macOS)
    • Mozilla Firefox
    • Microsoft Edge
    • Microsoft Internet Explorer
    • Opera
26. At the same time, we would like to inform you that the lack of consent, removal, blocking or restriction of the placement of cookies may cause difficulties or even prevent the use of the Website.

• Newsletter
  1. The Administrator provides the Newsletter service electronically. The Newsletter service consists of sending information about offers, promotions and events related to the Administrator's activities to the e-mail address or telephone/sms (depending on the User's choice) provided by the User. The Administrator indicates that the Newsletter will not be sent at regular intervals (e.g. every month), the sending of the Newsletter will depend on promotional activities undertaken by the Administrator and will be irregular in nature.
  2. The service is provided in accordance with the provisions of the law, in particular the Act of 18 July 2002 on the provision of electronic services and the Regulation of the European Parliament and of the Council (EU) 2016/679 (RODO).
  3. In order to use the free Newsletter service, the User must have an active e-mail address, express voluntary consent to receive commercial information by e-mail. Newsletter subscription takes place by filling in a form available on the Administrator's Website (providing personal data in the form of name and surname and e-mail address, telephone number) and acceptance of this Privacy Policy (and the Park Regulations) regulating the principles of data processing and principles of service provision. Sending a message by the User in this manner constitutes a declaration of intent by the User to conclude the Newsletter service.
  4. The Administrator undertakes to provide the service in accordance with the Policy and applicable laws, to protect Users' personal data in accordance with RODO and the Personal Data Protection Act. The User undertakes to use the service in a manner consistent with the law and this Policy and not to provide unlawful content .
  5. The Newsletter service is provided for an indefinite period of time. The User has the right to opt out of receiving the Newsletter at any time by withdrawing consent to the provision of this service by directing his/her request:
  6. after pressing the unsubscribe button in the Newsletter service,
  7. dedicated email address: rodo@majaland.pl.

The request will be implemented effective at the end of the calendar month.

6. The statement of withdrawal of consent can be addressed at any time to the Administrator's e-mail or registered office address indicated in Chapter I. Upon withdrawal, the User's e-mail address will be immediately removed from the subscriber database.

1. Account
   1. The Administrator provides the Account service electronically. The service is provided in accordance with the provisions of the law, in particular the Act of July 18, 2002 on the provision of services by electronic means and the Regulation of the European Parliament and of the Council (EU) 2016/679 (RODO).
   2. The Account Service involves the creation of an individual User account on the Website allowing the purchase, management and use of the annual loyalty card MajaPass.
   3. The account allows you to purchase and manage your subscription to the Park's annual pass, access customized promotions and special offers, verify your purchase and transaction history, use the personalized messaging feature for events and offers.
   4. In order to use the free Account service, the User fills in the registration form available on the Administrator's Website . The User's sending a message in this manner by clicking on the "Register" field constitutes a declaration of intent by the User to conclude the Account service.
   5. Creating an account requires:

• Provide basic personal information in the registration form, i.e. name, surname, telephone number and e-mail address, address and photo in order to personalize services and facilitate identification of the cardholder (voluntary).
• create a unique login and password,
• Acceptance of the Park Regulations and Privacy Policy,
  6. Providing an e-mail address is required to activate the Account and to send confirmations of the purchased ticket.
  7. The account is named and cannot be shared with third parties. The user undertakes to protect his login information and not to make it available to unauthorized persons.
  8. The Administrator reserves the right to temporarily suspend the provision of the Account service in case of detection of suspicious activity, violation of the regulations or suspicion of unauthorized access.
  9. You have the right to access your Account, edit your data, unsubscribe and delete your account at any time, report technical problems and comments on the operation of the service.
  10. The account remains active as long as the user has a valid subscription. The user may request deletion of the account at any time by contacting the Administrator. Deletion of the account results in loss of access to purchase history, discounts and assigned benefits.
  11. The Account service is provided on a continuous basis. However, the Administrator is not responsible for the inability to provide the service for reasons beyond his control, in particular, lack of Internet access, technical errors of the site.
• Contact form

1. The Administrator provides a service to answer questions related to the offer of the Park, service, rules of cooperation, things lost with the help of the Contact Form.
2. Questions, Suggestions, Complaints can be sent via the Contact Form, for this purpose it is necessary to provide the subject of the inquiry, e-mail address, name and surname, enter the content of the message and click on the "Confirm" field. Failure to provide the address-email will prevent the User from sending a response to the inquiry.
3. The administrator will make every effort to answer the question within no more than 48
4. The contract for the provision of services is concluded as soon as the User submits the form, after pressing the "Confirm" button.

• Forms

1. The administrator also provides the service of being able to book tickets to the Park for groups, schools or book a birthday party, for example.
2. The forms allow you to purchase tickets to the Park as part of organized groups or for specific celebrations. The condition for using the possibility of booking tickets via forms is acceptance of the Park Regulations and Privacy Policy.
3. In order to use the Ticket Reservation Service, the User completes the given form and presses the "Send" button. The contract is concluded when the Service Provider receives confirmation of the ticket reservation by email or telephone. The Service Provider will make every effort to confirm the reservation within 72 hours after the User sends the form.

• Provision of services by electronic means

1. It is prohibited for Users to provide unlawful content.
2. The User is obliged to use the Administrator's website and the offered Services in a manner consistent with the provisions of law, good practice, using data consistent with the actual state of affairs and otherwise not acting inconsistently with the provisions of this Policy. The Administrator is not responsible for false data provided by the User or for non-delivery of services due to reasons beyond the Administrator's control (e.g. technical problems on the side of the Internet service provider).
3. The Administrator undertakes to provide the service in accordance with the Privacy Policy, applicable laws (UŚUDE), RODO and the Personal Data Protection Act.
4. The recipient is obliged to maintain confidentiality and not to disclose to third parties any information obtained in connection with the provision of Services by the Administrator including commercial, organizational, technological, financial information.
5. The technical requirements necessary to use the Services provided electronically are access to the Internet, a device enabling its use such as a computer, laptop or other mobile device with an Internet browser, access to e-mail and a configured e-mail account, any properly configured version of the Internet browser that supports, among other things, cookies (Internet Explorer, Opera, Mozilla Firefox, Safari, Google Chrome).
6. Use of the Services over the Internet, despite the Administrator's use of safeguards designed to prevent or significantly impede hacking (hacking attacks), may involve the risk of unwanted malware infecting the computer system. Therefore, the Administrator additionally recommends the use of updated anti-virus software and the use of an appropriate system firewall by the User.
7. The User has the right to file a complaint regarding the provision of electronic services. Complaints should be submitted in writing by directing them to the Administrator's registered office address or by e-mail to the e-mail address (indicated in Chapter I). The complaint should contain the name and e-mail address of the User (e-mail notification), description of the problem giving rise to the complaint, and the User's demand related to the complaint. The Administrator will consider the complaint within 14 days from the date of its receipt. The User will be informed of the result of the complaint consideration by the same communication channel used to address the complaint.

• Users' rights in connection with the processing of their personal data

1. You are entitled to the following rights in connection with the processing of your personal data:
2. The right of access to the personal data being processed - On this basis, the Administrator shall, at the request of the data subject, provide information about the processing of personal data concerning him/her, including, in particular, the purposes and legal grounds for the processing, the scope of the data held, the entities to which the personal data are disclosed and the planned date for their deletion. As part of the right of access, the data subject may also request information about to whom his or her personal data is shared and whether it is subject to profiling and automated decision-making. The data subject also has the right to obtain a copy of his or her data.
3. right to rectification - On this basis, the Administrator shall, at the request of the data subject, rectify any inconsistencies or errors regarding the processed personal data, and supplement or update it if it is incomplete or has changed;
4. right to erasure - on this basis, the Administrator shall, at the request of the data subject, delete the data whose processing is no longer necessary for the fulfillment of any of the purposes for which it was collected, the consent for its processing has been withdrawn or an objection has been raised and it is not required for the establishment, investigation or defense of the Administrator's claims;
5. The right to restrict and portability of processing - on this basis, the Administrator shall, at the request of the data subject, cease performing operations on such personal data, to the extent corresponding to the law, and shall also release such personal data, in a computer-readable format;
6. right to lodge a complaint - Exercising this right, a person who considers that his or her personal data is being processed in violation of applicable law may file a complaint with the President of the Office for Personal Data Protection (2 Stawki Street, 00-193 Warsaw);
7. right to object - The data subject may object at any time to the processing of personal data for the purposes for which they were collected and are processed, objection regarding direct marketing - if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him/her in this respect;
8. right to withdraw consent - if we process personal data on the basis of consent given, then at any time the data subject may withdraw that consent. The withdrawal of consent does not make the processing of personal data up to that point illegal, the withdrawal of consent does not affect the legality of previous processing, however, it will result in personal data no longer being used for those purposes from the moment of withdrawal of consent.
9. A request for the exercise of the rights described above can be submitted by regular mail by writing to the Administrator's registered office address or via the email address indicated in Chapter I.
10. The request should, as far as possible, indicate precisely what the request is about, i.e. in particular the addressee of the request and which of the rights described above the person making the request wants to exercise. If the Administrator is unable to determine the content of the request or identify the person making the request based on the notification made, it will ask the requestor for additional information.

PRIVACY POLICY

General information

• This Privacy Policy is a set of rules intended to inform you about all aspects of the process concerning the acquisition, processing and safeguarding of your personal data. The Policy is addressed to all Users of the Administrator's Website and those using the Newsletter, Account and forms (contact, booking, birthday).
• This Policy sets forth the rules regarding the processing of personal data by the Personal Data Controller which is, depending on the Website you are using:

• This Policy may be amended and updated, in situations of changes in practices related to
  with the processing of personal data (taking into account, among other things, the current case law and PUODO guidelines) or changes in generally applicable laws. The Administrator will inform the Users about the changes to the Policy in an appropriate manner, by placing relevant information on the Website, and in the case of Users using the Newsletter service, Account or forms, by directing this information to the User's specified e-mail address.
• Use of the Administrator's Website involves the User's familiarization with the contents of this Privacy Policy and, in the case of subscribing to the Newsletter, acceptance thereof.
• Provision of personal data to the Administrator is voluntary, but in the case of processing of data stored in necessary cookies, Newsletter subscription or communication with the Administrator through forms, providing data will be a necessary condition for realization of the indicated purposes and proper functioning of the Website.

Definitions

• Administrator means the entity that decides how and for what purposes Personal Data is Processed. The Administrator is responsible for the compliance of the processing with applicable data protection laws.
• Personal Information means any information about any identified natural person or an individual who is identifiable.
• Process, Process or Processed means any action related to Personal Data, whether or not performed by automated means, such as: acquiring, recording, organizing, structuring, storing, adapting or changing, retrieving, consulting, using, making available by transmission, disseminating or making available by any other means, organizing or combining, limiting, deleting or destroying.
• Processor means any person or entity that Processes Personal Data on behalf of the Administrator (other than an employee of the Administrator).
• Website
• https://www.majalandkownaty.pl/pl,
• https://www.majalandwarsaw.pl/pl
• https://www.majalandgdansk.pl/pl

• Administrator's fanpage on social networks:

• Electronic Services -. services provided through the Website. Provision of Electronic Services to Users on the Website is made under the terms of this Policy and applies to the Newsletter service, Account and forms.

Processing of Users' Personal Data

• The Administrator may obtain Users' Personal Data in particular, in the following cases:
• Provision of Personal Data by Users (e.g., contact by email, telephone, through forms or any other means) on the basis of Article 6(1)(f) of the RODO (legitimate interest of the Administrator - responding to a message, inquiry) in connection with the need to handle a reported issue or inquiry,
• Investigate claims and take action in connection with the defense of the Administrator's rights, conduct legal proceedings and, inter alia, to enable the use of the Website via cookies, to prevent fraud in the use of the Website, in particular to operate, maintain, improve and make available all its functions, as well as to create compilations, analyses and statistics for the Administrator's internal needs, this includes, in particular: reporting, marketing research, planning the development of the Website, Newsletter, Account services, development work, creation of statistical models based on Article 6(1)(f) of the RODO (the aforementioned legitimate interest of the Administrator),
• obtain Personal Data of Users published on social media (Administrator's Fanpage) (e.g., obtaining information from Users' private profile on social media, to the extent that such information is visible as public) based on 6(1)(f) RODO (legally justified interest of the Administrator - promotion of its own activities and services, maintaining a social profile (Fanpage), building and strengthening relationships with customers, conducting analysis and statistics on the popularity and functioning of the profile as well as determining, investigating and defending against possible claims concerning the use of the profile, responding to contact),
• User's consent to the processing of the provided personal data for the purpose of sending the Newsletter, Based on Article 6(1)(a) (consent) sending commercial information - Newsletter (email, sms/telephone), providing marketing content via electronic communication, in accordance with Article 398 and the Electronic Communications Law,
• solicit or ask Users for Users' Personal Information when Users visit the Administrator's sites or use any features or resources available on or through the Website cookies precisely and third parties. When Users visit the Site, Users' devices and browsers may automatically share certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connection to the Site and other technical information regarding communications), some of which may constitute Personal Information. When visiting the Website, no Personal Data of Users will be stored by the Administrator, without an appropriate legal basis. With regard to cookies, the Administrator - in addition to the necessary files, will each time obtain the User's consent to install other cookies (including third-party Google Analytics files). The granting of the aforementioned consent is optional and does not affect the ability to use the Website. Processing takes place on the basis of Article 6(1)(a) (consent - with regard to other, except necessary cookies) and 399 of the Electronic Communications Law (legal provision - with regard to necessary cookies)..
• Account and forms: registration, reservation, birthday party on the basis of Article 6(1)(b) of the RODO (conclusion of a contract for the provision of electronic services) to enable you to purchase a ticket as part of your annual subscription (MajaPass) and to take advantage of the Park's offerings (depending on the service selected).
• Contact form Based on Article 6(1)(f) of the RODO (legitimate interest of the Administrator to respond to the inquiry directed by the User).

Providing personal data is voluntary, it is not a statutory obligation. In certain cases, however, without providing personal data, it is not possible to use the full functionality of the Website or Newsletter services, Account or forms. Categories of Users' Personal Data processed by the Administrator may, in particular, include:

• Personal data: first name(s), last name(s),
• Contact information: company details, email address, phone number, address.
• Message content: all communications (inquiries, statements, views and opinions), sent through the contact form or which have been published on the Administrator's website or its Fanpages by the User.
• IP number, cookies and information about how you use our Website and Newsletter - When using the Website or Newslstter.
• Image: when publishing an opinion, leaving a comment, clicking the "I like it" on the Administrator's social networking site (Fanpage) (as long as on the private account of this site the User has shared his image), sharing a video on YT or TikTok, sharing an image when creating a User Account.
• Behavioral data (consent to Google Ads): Information about user activity on websites, clicks on ads, data on time spent on the site and interactions with content.

The Administrator uses fanpage type profiles on social media. Public data shared by social media users may be used for:

• to respond to private messages that are directed to us,
• conduct discussions within the comments under individual posts,
• sharing our posts with those who follow our Fanpage,
• marketing by providing information about our services and ourselves through posts we make on our Fanpage, including sponsored posts that are displayed to a wider range of Users,
• statistical by presenting data about the display of our posts, their reach, the number of interactions; the data presented to us by the owners of social networks is statistical, but it is created based on the observation of behavior on our Fanpage.

Currently, the Administrator's Site uses redirects to the following social networks (Fanpage):

• Facebook,
• Instagram,
• LinkedIn,
• YouTube,
• TikTok
• Upon liking the Administrator's post, leaving a comment, sending a private message, subscribing to the channel, the Administrator together with:
• Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland
• LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
• Google Ireland Limited Google Building Gordon House, 4 Barrow St, Grand Canal Dock, Dublin 4, D04 V4X7, Ireland
• TikTok Technology Limited The Sorting Office, Ropemaker Place, Dublin 2, Dublin, D02 HD23, Ireland, Ireland.

become Administrators of your personal data provided on its Fanpage in terms of data processing for statistical and advertising purposes.

Accordingly, we encourage you to read the privacy policy:

• Facebook - https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
• Linkedin - https://pl.linkedin.com/legal/privacy-policy
• Instagram- https://privacycenter.instagram.com/policy/
• Youtube- https://policies.google.com/privacy?hl=pl
• TikTok - https://www.tiktok.com/legal/page/eea/privacy-policy/pl

Sharing Personal Data with Third Parties

1. The Administrator may share Users' Personal Data:
2. persons authorized by the Administrator to process data,
3. entities entrusted with data processing, e.g., technical service providers and consulting service providers,
4. to other administrators, if required by law or in good faith that such action is necessary to comply with applicable laws, in particular in response to a request from a court, state authorities.
5. If we engage a third party to Process Users' Personal Data, in accordance with the Processing Entrustment Agreement entered into with such third party, the Processing Entity shall be required to:
   1. Process only Personal Data designated in prior written instructions from the Administrator; and
   2. to apply all measures to protect the confidentiality and security of Personal Data and to ensure compliance with all other requirements of generally applicable law.
6. Due to the use of Facebook, Instagram, Linkedin and TikTok, data may be transferred by these entities to third countries - the United States of America (USA) or China in connection with sharing internally by these entities to: Meta Platforms Inc. Google LLC (USA) or Bejing ByteDance Technology Co Ltd. (China )on which the Administrator has no influence.
7. Third party services
8. The website may contain features or links that redirect to sites and services provided by third parties that are not managed by us. The information you provide to these sites or services will be subject to their own privacy policies and data processing procedures.
9. The Administrator is not responsible for the processing procedures of independent Website Administrators and service providers.
10. We encourage you to read the privacy and security policies of third parties before providing them with information.
11. Data Protection
12. The Administrator informs that it has implemented appropriate technical and organizational measures to protect Personal Data, in particular including safeguards against accidental or unlawful destruction, loss, alteration, unauthorized publication, unauthorized access and other unlawful and unauthorized forms of Processing, in accordance with applicable law.
13. The Administrator is not responsible for the acts or omissions of Users. Users are responsible for ensuring that all Personal Information is transmitted to the Administrator in a secure manner.
14. Personal data will not be subjected to automated profiling, i.e. automated decision-making with respect to the User, i.e. decisions made by technical means without human involvement, producing legal effects with respect to the profiled person or otherwise significantly affecting the profiled person.

• Data Accuracy

1. The Administrator shall take all adequate measures to ensure that:
2. The Personal Data of Users that the Administrator processes is accurate and, if necessary, updated;
3. All Personal Data of Users that the Administrator processes that is erroneous (given the purpose for which it is processed) will be deleted or corrected without undue delay.
4. The Administrator, at any time, may ask Users about the accuracy of the Personal Data processed.

• Minimizing the Scope of Data

The Administrator shall take all adequate measures to ensure that the scope of Users' Personal Data that it processes is limited to Personal Data adequately required for the purposes indicated in this Policy.

1. International Data Transfer

Personal data may be shared and processed outside the European Economic Area (the European Economic Area consists of: European Union and Iceland, Liechtenstein and Norway, collectively the "EEA"). If personal data is transferred outside the EEA, the Administrator requires appropriate safeguards. The Administrator will fulfill its obligations under Chapter V of the RODO to ensure the accuracy of such processing based on, among other things, the European Commission's decisions on the appropriate level of privacy protection of the EU-US Data Privacy Framework.

1. Retention Period of Personal Data
2. The criteria determining the duration of the period for which the Administrator retains Users' Personal Data are as follows: The Administrator shall keep copies of Users' Personal Data in an identifiable form only as long as necessary to achieve the purposes indicated herein, unless a longer period of retention of Personal Data is required by common law. The Administrator may, in particular, keep Users' Personal Data for the entire period necessary to establish, exercise or defend claims (statute of limitations for claims under Article 118 of the Civil Code).
3. Personal data is stored:
4. for a period of 30 days from the moment of contact (telephone, email from the Website, contact form) personal data may be processed for a longer period if, as a result of the inquiry sent, the User decides to use the Administrator's services (Newsletter,)
5. in the case of the use of our services (Account, other forms) (conclusion of a contract) for the period of execution of the contract and the period necessary to consider complaints filed, until the resolution of any disputes and settlement of the parties, taking into account the applicable statute of limitations for claims
6. within the scope of the Administrator's internal administrative purposes as well as other purposes of data processing where the legal basis is the Administrator's legitimate interest, personal data will be stored until the fulfillment of the Administrator's legitimate interests constituting the basis for data processing or prior objection to such processing, after the Administrator has performed a proper analysis of the User's interest and the Administrator's basis for processing;
7. in the case of data processed on our Fanpage until you object to further processing by clicking "dislike", withdrawing liking a post or deleting a comment on a post, cancelling a Subscription
8. if you use our Newsleter services for the period of service provision or until you withdraw your consent to be sent commercial information by email and/or phone/sms.
9. Google Analytics
10. The administrator uses the tool Google Analytics provided by Google LLC, whose infrastructure is located at Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Administrator indicates that Google LLC (1600 Amphitheatre Parkway, Mountain View, California 94043, USA) has joined the EU-US Data Privacy Framework Agreement, i.e. provides an adequate level of security for the processing of personal data, in accordance with the RODO.
11. Google Analytics allows you to:
12. Tracking website traffic: information about the number of users, number of visits, sources of hits (e.g., ads, search engines, social media).
13. Monitoring user behavior: analysis of which pages are most visited, time spent on the site, bounce rate.
14. Segmentation of users: demographic, geographic and technological data (e.g., device type, browser).
15. Tracking goals and conversions: analyzing how users complete certain actions, such as purchases, newsletter sign-ups or downloads.
16. Google Analytics processes data that may include:
17. IP addresses: used to identify the geographic location of users, which in combination with other data may constitute personal information.
18. Cookies: storing unique user and session identifiers to track user activity, only after the user has given the appropriate consent.
19. Technical data: e.g. browser type, operating system, screen resolution, ISP.
20. The Administrator uses the function of IP address anonymization, which disables the possibility of identifying Users (the last octet of the IP address is masked from storing or processing data).
21. The Administrator processes data using the indicated tool in order to provide analyses and reports on website traffic and the effectiveness of marketing activities on the basis of the Administrator's legitimate interest and the User's consent (acceptance of Google Analytics cookies). The Administrator has entered into an appropriate Data Processing Entrustment Agreement with Google (Data Processing Agreement), regulating data security as required by law.
22. The administrator uses the mode Consent Mode phe tracking code is implemented to measure traffic and conversions on the Website even if the User does not consent to the storing of cookies, while fully complying with the requirements of the RODO, where the tracking code is implemented to collect only basic, anonymized and aggregated data regarding the time of visit to the Website, information about the referring page and to measure conversions from advertising campaigns. If the User consents to specific types of data processing (Google Analytics cookies), the corresponding tags will work to their full extent. If he or she does not give his or her consent, the tools will still function, but in a limited mode, collecting anonymous data without the possibility of any identification of the User. Tool Consent Mode helps to comply with the requirements under RODO and the provisions of the ePrivacy Directive by respecting Users' decisions regarding cookie consent.
23. The storage period for the collected data if you accept Google Analytics cookies is 14 months.
24. We encourage you to read Google's Privacy Policy located at: https://policies.google.com/privacy?hl=pl
25. You can configure your browser to block cookies related to Google Analytics. Google Analytics uses cookies such as _ga, _gid and _gat.
26. Users can also use a plug-in to block Google Analytics. Google offers a browser add-on to block Google Analytics, you can download it from the official site: https://tools.google.com/dlpage/gaoptout. Once installed, the plug-in will prevent data from being sent to Google Analytics from all sites visited.
27. The Administrator also uses Google Ads tools. As a result of consenting to the use of this tool, Users' Personal Data is processed for the purpose of displaying personalized ads on Google platforms and cooperating websites, analyzing the effectiveness of advertising campaigns, remarketing (displaying ads to users who have visited the advertiser's website), optimizing advertising content based on users' preferences.

• Facebook Pixel

1. The Administrator using the Pixel tracing services provided by Facebook becomes a joint controller of personal data with the service provider, i.e. Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland. The scope of joint data processing/co-management includes

1) collection of personal data and

2) their transmission to Facebook.

2. The types of personal data in connection with the Administrator's use of the Pixel product, on its website covered by co-administration with Meta Ireland are:
3. HTTP header information that contains information about the browser or application being used (e.g., user agent, country/language of location)
4. Information on standard/optional events, e.g. "displaying a Page" or "installing an application", further object properties and buttons pressed by site visitors, depending on the configuration of the Business Tool
5. Internet identifiers, including IP addresses and, if provided, Meta-linked identifiers or device identifiers (e.g., ad identifiers on mobile operating systems) and information about opting out/restricting ad monitoring

Further processing of data by Meta Ireland is not part of joint processing with the Auditee.

3. Third parties, including Meta, may use cookies, web beacons and similar technologies to collect or receive information from the Site and other places on the Internet and use it to provide measurement, targeting and ad delivery services. You may disable the collection and use of their information to support ad targeting, see details at: https://pl-pl.facebook.com/business/help/165516217407801?id=1913105122334058 In addition, the user can use mechanisms to make a choice (for example, by providing a link to the pages of the http://www.aboutads.info/choices and http://www.youronlinechoices.eu/
4. We encourage you to read the co-administration rules set by Meta, link to the page: https://www.facebook.com/legal/controller_addendum, Pixel's Terms of Use, link to the site: https://www.facebook.com/legal/terms/businesstools and mechanisms that allow users to make choices regarding the scope of the

• Cookies (cookies)

1. When the User uses the Website, data about the User is automatically collected. This data may include:
2. IP address,
3. domain name,
4. browser type,
5. operating system type.
6. This data may be collected by:
7. cookies,
8. Google Analytics system, Google Ads, Facebook Pixel,
9. and can be recorded in server logs.
10. A cookie is small text information in the form of text files stored by your browser on your computer's hard drive or smartphone's memory card. On subsequent visits to the Website, the information stored in the cookie is sent back to the Website. This allows the Website to recognize you and tailor content to your needs.
11. In order to improve our Website, provide the most relevant content and analyze how Users use our Website, we may use cookies.
12. We may process the data contained in cookies for purposes:
13. To personalize the Website: to remember information about the User so that the User does not have to re-enter that information on subsequent visits;
14. To provide customized advertising, content and information to the User;
15. Monitoring aggregate site usage metrics, such as the total number of visitors and pages viewed.
16. We use the following types of files:
17. session cookies, which are temporary files and are stored on a visitor's device until they leave the Site;
18. solid cookies, which are stored in the final device of the person visiting the Site for the time specified in the parameters of the file or until they are manually deleted;
19. We can divide cookies into the following categories of cookies:
20. Cookies neededwhich ensure the proper functioning of the site, security and maintained session, these are files installed by default, without them the Website cannot function properly (Cookie Hub) (files necessary for the functioning of the site, selected by default)
21. Analytics cookies allow us to improve the website by collecting and reporting information about its use(Google Analytics) (checkbox to be checked)....
22. Marketing cookies are used to track website visitors in order to enable publishers to place relevant and engaging ads (Google Ada, Facebook Pixel) (checkbox to be checked).
23. We use analytics and similar services that contain third-party cookies. When you use the Website, third-party cookies may be used to enable the functionality of the Website and its integrated sites or to analyze the effectiveness of advertising campaigns and collect anonymous information about the use of the Website for statistical purposes.
24. This Privacy Policy does not govern the use of third party cookies. Each third party sets its own rules for the use of cookies in its privacy policy. We encourage you to read the details related to data processing within Google Analytics, indicated in the explanations prepared by Google: https://support.google.com/analytics/answer/6004245, Facebook Pixel: https://www.facebook.com/privacy/policy
25. You can also change how cookies are used by your browser, and you can block or delete them. To do this, change your browser settings. Most browsers offer the option of accepting or rejecting all cookies, accepting only certain types, or notifying you each time a site tries to save them. You can also easily delete cookies that have already been stored on your device. Managing cookies depends on the browser you use. You can find out how to do this for a particular browser by clicking "help" in the browser menu. There you will learn how to control and delete cookies step by step.
    • Google Chrome
    • Safari (macOS)
    • Mozilla Firefox
    • Microsoft Edge
    • Microsoft Internet Explorer
    • Opera
26. At the same time, we would like to inform you that the lack of consent, removal, blocking or restriction of the placement of cookies may cause difficulties or even prevent the use of the Website.

• Newsletter
  1. The Administrator provides the Newsletter service electronically. The Newsletter service consists of sending information about offers, promotions and events related to the Administrator's activities to the e-mail address or telephone/sms (depending on the User's choice) provided by the User. The Administrator indicates that the Newsletter will not be sent at regular intervals (e.g. every month), the sending of the Newsletter will depend on promotional activities undertaken by the Administrator and will be irregular in nature.
  2. The service is provided in accordance with the provisions of the law, in particular the Act of 18 July 2002 on the provision of electronic services and the Regulation of the European Parliament and of the Council (EU) 2016/679 (RODO).
  3. In order to use the free Newsletter service, the User must have an active e-mail address, express voluntary consent to receive commercial information by e-mail. Newsletter subscription takes place by filling in a form available on the Administrator's Website (providing personal data in the form of name and surname and e-mail address, telephone number) and acceptance of this Privacy Policy (and the Park Regulations) regulating the principles of data processing and principles of service provision. Sending a message by the User in this manner constitutes a declaration of intent by the User to conclude the Newsletter service.
  4. The Administrator undertakes to provide the service in accordance with the Policy and applicable laws, to protect Users' personal data in accordance with RODO and the Personal Data Protection Act. The User undertakes to use the service in a manner consistent with the law and this Policy and not to provide unlawful content .
  5. The Newsletter service is provided for an indefinite period of time. The User has the right to opt out of receiving the Newsletter at any time by withdrawing consent to the provision of this service by directing his/her request:
  6. after pressing the unsubscribe button in the Newsletter service,
  7. dedicated email address: rodo@majaland.pl.

The request will be implemented effective at the end of the calendar month.

6. The statement of withdrawal of consent can be addressed at any time to the Administrator's e-mail or registered office address indicated in Chapter I. Upon withdrawal, the User's e-mail address will be immediately removed from the subscriber database.

1. Account
   1. The Administrator provides the Account service electronically. The service is provided in accordance with the provisions of the law, in particular the Act of July 18, 2002 on the provision of services by electronic means and the Regulation of the European Parliament and of the Council (EU) 2016/679 (RODO).
   2. The Account Service involves the creation of an individual User account on the Website allowing the purchase, management and use of the annual loyalty card MajaPass.
   3. The account allows you to purchase and manage your subscription to the Park's annual pass, access customized promotions and special offers, verify your purchase and transaction history, use the personalized messaging feature for events and offers.
   4. In order to use the free Account service, the User fills in the registration form available on the Administrator's Website . The User's sending a message in this manner by clicking on the "Register" field constitutes a declaration of intent by the User to conclude the Account service.
   5. Creating an account requires:

• Provide basic personal information in the registration form, i.e. name, surname, telephone number and e-mail address, address and photo in order to personalize services and facilitate identification of the cardholder (voluntary).
• create a unique login and password,
• Acceptance of the Park Regulations and Privacy Policy,
  6. Providing an e-mail address is required to activate the Account and to send confirmations of the purchased ticket.
  7. The account is named and cannot be shared with third parties. The user undertakes to protect his login information and not to make it available to unauthorized persons.
  8. The Administrator reserves the right to temporarily suspend the provision of the Account service in case of detection of suspicious activity, violation of the regulations or suspicion of unauthorized access.
  9. You have the right to access your Account, edit your data, unsubscribe and delete your account at any time, report technical problems and comments on the operation of the service.
  10. The account remains active as long as the user has a valid subscription. The user may request deletion of the account at any time by contacting the Administrator. Deletion of the account results in loss of access to purchase history, discounts and assigned benefits.
  11. The Account service is provided on a continuous basis. However, the Administrator is not responsible for the inability to provide the service for reasons beyond his control, in particular, lack of Internet access, technical errors of the site.
• Contact form

1. The Administrator provides a service to answer questions related to the offer of the Park, service, rules of cooperation, things lost with the help of the Contact Form.
2. Questions, Suggestions, Complaints can be sent via the Contact Form, for this purpose it is necessary to provide the subject of the inquiry, e-mail address, name and surname, enter the content of the message and click on the "Confirm" field. Failure to provide the address-email will prevent the User from sending a response to the inquiry.
3. The administrator will make every effort to answer the question within no more than 48
4. The contract for the provision of services is concluded as soon as the User submits the form, after pressing the "Confirm" button.

• Forms

1. The administrator also provides the service of being able to book tickets to the Park for groups, schools or book a birthday party, for example.
2. The forms allow you to purchase tickets to the Park as part of organized groups or for specific celebrations. The condition for using the possibility of booking tickets via forms is acceptance of the Park Regulations and Privacy Policy.
3. In order to use the Ticket Reservation Service, the User completes the given form and presses the "Send" button. The contract is concluded when the Service Provider receives confirmation of the ticket reservation by email or telephone. The Service Provider will make every effort to confirm the reservation within 72 hours after the User sends the form.

• Provision of services by electronic means

1. It is prohibited for Users to provide unlawful content.
2. The User is obliged to use the Administrator's website and the offered Services in a manner consistent with the provisions of law, good practice, using data consistent with the actual state of affairs and otherwise not acting inconsistently with the provisions of this Policy. The Administrator is not responsible for false data provided by the User or for non-delivery of services due to reasons beyond the Administrator's control (e.g. technical problems on the side of the Internet service provider).
3. The Administrator undertakes to provide the service in accordance with the Privacy Policy, applicable laws (UŚUDE), RODO and the Personal Data Protection Act.
4. The recipient is obliged to maintain confidentiality and not to disclose to third parties any information obtained in connection with the provision of Services by the Administrator including commercial, organizational, technological, financial information.
5. The technical requirements necessary to use the Services provided electronically are access to the Internet, a device enabling its use such as a computer, laptop or other mobile device with an Internet browser, access to e-mail and a configured e-mail account, any properly configured version of the Internet browser that supports, among other things, cookies (Internet Explorer, Opera, Mozilla Firefox, Safari, Google Chrome).
6. Use of the Services over the Internet, despite the Administrator's use of safeguards designed to prevent or significantly impede hacking (hacking attacks), may involve the risk of unwanted malware infecting the computer system. Therefore, the Administrator additionally recommends the use of updated anti-virus software and the use of an appropriate system firewall by the User.
7. The User has the right to file a complaint regarding the provision of electronic services. Complaints should be submitted in writing by directing them to the Administrator's registered office address or by e-mail to the e-mail address (indicated in Chapter I). The complaint should contain the name and e-mail address of the User (e-mail notification), description of the problem giving rise to the complaint, and the User's demand related to the complaint. The Administrator will consider the complaint within 14 days from the date of its receipt. The User will be informed of the result of the complaint consideration by the same communication channel used to address the complaint.

• Users' rights in connection with the processing of their personal data

1. You are entitled to the following rights in connection with the processing of your personal data:
2. The right of access to the personal data being processed - On this basis, the Administrator shall, at the request of the data subject, provide information about the processing of personal data concerning him/her, including, in particular, the purposes and legal grounds for the processing, the scope of the data held, the entities to which the personal data are disclosed and the planned date for their deletion. As part of the right of access, the data subject may also request information about to whom his or her personal data is shared and whether it is subject to profiling and automated decision-making. The data subject also has the right to obtain a copy of his or her data.
3. right to rectification - On this basis, the Administrator shall, at the request of the data subject, rectify any inconsistencies or errors regarding the processed personal data, and supplement or update it if it is incomplete or has changed;
4. right to erasure - on this basis, the Administrator shall, at the request of the data subject, delete the data whose processing is no longer necessary for the fulfillment of any of the purposes for which it was collected, the consent for its processing has been withdrawn or an objection has been raised and it is not required for the establishment, investigation or defense of the Administrator's claims;
5. The right to restrict and portability of processing - on this basis, the Administrator shall, at the request of the data subject, cease performing operations on such personal data, to the extent corresponding to the law, and shall also release such personal data, in a computer-readable format;
6. right to lodge a complaint - Exercising this right, a person who considers that his or her personal data is being processed in violation of applicable law may file a complaint with the President of the Office for Personal Data Protection (2 Stawki Street, 00-193 Warsaw);
7. right to object - The data subject may object at any time to the processing of personal data for the purposes for which they were collected and are processed, objection regarding direct marketing - if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him/her in this respect;
8. right to withdraw consent - if we process personal data on the basis of consent given, then at any time the data subject may withdraw that consent. The withdrawal of consent does not make the processing of personal data up to that point illegal, the withdrawal of consent does not affect the legality of previous processing, however, it will result in personal data no longer being used for those purposes from the moment of withdrawal of consent.
9. A request for the exercise of the rights described above can be submitted by regular mail by writing to the Administrator's registered office address or via the email address indicated in Chapter I.
10. The request should, as far as possible, indicate precisely what the request is about, i.e. in particular the addressee of the request and which of the rights described above the person making the request wants to exercise. If the Administrator is unable to determine the content of the request or identify the person making the request based on the notification made, it will ask the requestor for additional information.