Privacy Policy

1. The personal data controller means the owner of the website - company Woliński & Hotel, having its registered office at ul. Leszczyńskiego 11/6, Elbląg, 82-300, Poland.
In all matters related to personal data processing, please e-mail us at

2. Personal data of Users who use the website are processed for the following purposes:

- to provide electronically supplied services as regards e-book sales and processing of the placed order, where data processing is essential for contract fulfilment,
- to fulfil statutory responsibilities incumbent upon the Controller arising from, in particular, tax regulations and accountancy provisions, where the legal grounds for the processing is the legal responsibility,
- to handle complaints, where data processing serves for proper fulfilment of the contract,
- for analytical and statistical purposes, where data processing consists in analyzing users’ activity and preferences to improve the rendered services,
- to possibly establish, seek or defend a claim, where the legal grounds for the data processing is the Controller’s legitimate interest in protecting his rights,
- for marketing purposes consisting in emailing to Users who provided their e-mail addresses to this end notifications that may contain commercial information including, in particular, notifications about current offers available at the website or ither marketing content related to the website resources (the newsletter service).

3. The selling of the e-book, that is, a book saved as a file (digital content) entails processing of users’ personal data. Placing an order requires specified full name, country of origin and e-mail address at which a link is provided for the purpose of allow the file to be downloaded. In the case of Users who are business owners requiring an invoice that confirms the transaction, also the details of their business to be invoiced.

We process online payments through Przelewy24 (for credit and debit card purchases, Google Payment, Apple Pay and Blik) and PayPal, who can be contacted here: does not store credit card number of users, CVV code or card expiry date.

4. renders the newsletter service to Users who provided their e-mail address to this end. A failure to provide one’s e-mail address renders e-mailing the newsletter impossible.

The consent to personal data processing for the purpose of rendering the newsletter service can be withdrawn at any time by submitting a request to remove the data at from the e-mail address registered for the newsletter service.

5. The Controller processes personal data of Users visiting the Controller’s profiles run in the social media (Facebook, Linkedin). These data are processed solely with regard to the profile management, including for the purpose of informing Users about the Controller’s activity and promoting various types of events, services and products. The legal grounds for the processing of personal data by the Controller to this end is his legitimate interest consisting in promoting his own brand.

6. The website uses cookie files to provide the user with electronically supplied services and improve the quality of these services. Given the above, the Controller and other entities that render analytical and statistical services for use cookie files, storing information or acquiring access to the information already stored on the User’s terminal telecommunications device (a computer, a telephone, a tablet, etc.). The cookie files used to this end involve:

- cookie files with data entered by the User (session ID) for the duration of the session (user input cookies);
- cookie files used for monitoring website traffic, that is, for the purpose of analyzing data, including cookies: Google Analytics (these are files used by Google LLC, that is, the entity to whom the Controller has entrusted personal data processing, for the purpose of analyzing the ways in which the User uses the website, including creating statistics and reports on the website operation).

Should the User refuse to have cookie files saved on his device, to this end, he should manage browser settings as appropriate or delete the saved cookie files from the browser memory each time he uses the website. Bear in mind that restricted saving of cookie files may hinder the sue of the website or render it impossible.

7. The period during which the data are processed by the Controller depends on the type of rendered service and the purpose of data processing. As a rule, the data are processed throughout the time when a given service is rendered or a given order is processed, until:

- the contract expires,
- the consent granted is revoked if the legal grounds for the data processing is the User’s consent, or the submission of an effective objection to the data processing in cases where the legal grounds for the data processing is the Controller’s legitimate interest.

The period of data processing can be extended every time in cases where the processing is essential for establishing and exercising any possible claims or defending against such claims, and after that period, only in the case where and to the extent that is required by law. After the processing period, the data shall be irrevocably deleted or anonymized.

8. The User has the right to access, correction, erasure and limited processing of the data, as well as the right to transfer the data and the right to file an objection against data processing, the right to lodge a complaint with a personal data protection supervisory authority.

To the extent that the User’s data are processed based on the consent, it can be revoked at any time by contacting the Controller at the e-mail address:  The User can lodge a complaint regarding data processing for marketing purposes at the same e-mail address.

9. In connection with the rendered services, the personal data shall be disclosed to external entities, particularly suppliers responsible for handling IT systems serving for rendering services, banks and online payment service operators, entities rendering accounting services and marketing agencies (to the extent related to marketing services).

The Controller reserves the right to disclose the information related to the User to competent bodies or third parties who file a request for such information based on relevant legal grounds and in line with the binding law.

10. The degree of personal data protection outside the European Economic Area (EEA) differs from that ensured by the European law. For this reason, the Controller forwards the personal data outside the EEA only if necessary and with due degree of protection ensured, primarily by means of:

- collaborating with personal data processing entities in countries for which a relevant decision was issued by the European Commission;
- using standard contractual clauses issued by the European Commission;
- using binding corporate principles approved by a competent supervisory body.

The Controller shall always inform the User of the intention to transfer personal data outside the EEA when they are being collected.

11. The Controller conducts an ongoing risk analysis to ensure that the personal data are processed by him in a safe manner and, primarily, that the access to the data is granted solely to authorized persons and only to the extent to which it is necessary for the tasks performed by these persons.

The Controller undertakes all necessary actions to guarantee that his subcontractors and other cooperating entities use proper safety measures in every case where personal data are processed on the Controller’s order.

12. The data Controller appoints the Data Protection Officer who can be contacted via e-mail at on any matter related to personal data processing.

13. The privacy policy is verified on an ongoing basis and actualized if need be. The current version of the Privacy Policy has been adopted and enters into force as of May 1, 2022.