Privacy Policy





GFP Travel  Patrycja Bartecka, Twardowskiego 8 street, 44-180 Toszek, Poland

Tax Identification Number (NIP): 9691313716,

Register of the National Economy Number (REGON): 241360358


means IT data, in particular small text files, recorded and stored on the Devices, through which the User uses the websites of the Websites


means  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)


means the website belonging to the Controller and is available at the address:


means any computer, mobile, or other electronic device, from which the User can gain access to the Website.


means a person who visits a Website or uses services provided by the Controller

Data set

means a set of personal data collected by the Controller

  • 1 General provision
  1. This document provided information on the general principles of data processing in the Controller’s organization, information about the Controller (within the meaning of Article 13 of the GDPR), storing information or gaining access to information already stored in the User’s telecommunications terminal device through Cookies or web storage technology, used in connection with the User’s visit to the Website, including browsing, reading by the User of the content on the Website, placing orders and questions through e-mail or the Website (filling out the contact form available on the Website).
  2. Users’ data will be treated and protected according to GDPR regulations and other regulations relating to processing the personal data of Website Users.
  3. The Controller has exercised due diligence to adequately secure the personal data provided by Website Users, in particular, applying appropriate technical and organizational measures to ensure the protection of processed personal data. In addition, only authorized persons and entities acting on his express instructions have access to the processed data.


  • 2 Information clause
  1. The Controller processes Users’ data to:
  • handling of requests sent by Users within the contact form or by e-mail (Article 6 Section 1 Letter (b) and/or (f) of the GDPR);
  • handling of orders made by Users through the Website (Article 6 Section 1 Letter (b) of the GDPR);
  • proper display of the Website and messages appearing to Users and administration of the Website (Article 6 Section 1 Letter (f) of the GDPR);
  • conduct analytics, including data analysis of User behavior on the Website (Article 6 Section 1 (a) of the GDPR);
  • defend against potential claims (Article 6 Section 1 Letter (f) of the GDPR).
  1. Following applicable laws, the Controller does not process Users’ data indefinitely, but only up to a time: 
  • withdrawal of consent – concerning data whose basis for processing is the User’s consent;
  • achievement of the purpose of processing – concerning personal data which processing is necessary for the performance of a contract or to take action at the User’s request, before entering into a contract;
  • effective lodging of an objection, achievement of the purpose of processing, or termination of the legitimate interest of the Controller – concerning personal data processed based on the legitimate interest of the Controller;
  • becoming obsolete or obsolescence – concerning data processed to answer a question sent by the User via the contact form;
  • expiration of the statute of limitations for possible claims or defense against such claims.
  1. The Controller does not process special categories of personal data within the meaning of the GDPR.
  2. In connection with the processing of personal data, the User has the following rights:
  • correct, complete, update, or rectify their data;
  • request deletion of their data;
  • object to the processing of their data;
  • request restriction of the processing of their data;
  • transfer personal data to another entity (Controller) according to Article 20 GDPR;
  • withdraw consent at any time, if the basis for processing is solely your consent to the processing of their data.
  1. For the purposes above outlined, Users may send the relevant request in writing or by e-mail to the Controller’s e-mail address: or handle their matter in person at the seat of the Controller (the address indicated in the Controller’s definition).
  2. The Personal data of Users may be transferred outside the European Economic Area.
  3. User has the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for the Protection of Personal Data.
  4. The provision of personal data by the User is voluntary but necessary to use the functionalities of the Website and the communication of the Controller with the User.
  5. Automated decision-making, including profiling as referred to in Article 22 Section 1 and Section 4 of the GDPR, will not take place to Users.
  •         3 Cookies and similar technologies 

    1. This website uses cookies to improve your experience. We’ll assume you’re ok with this, but you can opt-out if you wish.


  • 4 Final provisions
  1. The Controller reserves the right to change this Privacy Policy at any time. However, Users will be notified about these changes.
  2. The amendments will be effective from the time indicated in the given notification and deemed accepted by the User from the time of the User’s continued use of the Website after the modify will come into effect.


This Private Policy is effective as of June 1st 2023

See also our other trips & tours