Privacy Policy

Introduction

ShimmyTours ("we," "us," or "our") operates shimmytours.com. This Privacy Policy explains how we collect, use, and protect your personal information when you use our website and services.

We are committed to protecting your privacy and ensuring transparency about how we handle your data in accordance with the General Data Protection Regulation (GDPR) and applicable Polish law.

Data Controller

What Information We Collect

Information you provide directly

• ◆Name – when you contact us or request tour information
• ◆Email address – for communication and booking inquiries
• ◆Phone number – for WhatsApp communication and tour coordination
• ◆Tour preferences and requests – information you share about your travel plans

Information collected automatically

• ◆Website usage data – through Google Analytics (IP address, browser type, pages visited, time spent on site)
• ◆Cookies – small text files stored on your device (see Section 7)

How We Use Your Information

Legitimate Business Purposes

• ◆Responding to inquiries – answering your questions about tours and services
• ◆Booking coordination – organizing and confirming your tour reservations
• ◆Customer service – providing support before, during, and after your tour
• ◆Improving our services – understanding how visitors use our website

Legal Basis (GDPR)

• ◆Consent – you voluntarily provide your information when contacting us
• ◆Contract performance – processing necessary to provide tour services you've requested
• ◆Legitimate interests – improving our website and business operations

How We Share Your Information

We do not sell, rent, or trade your personal information to third parties.

Service Providers

• ◆Google Analytics – website analytics (anonymized data)
• ◆Google Workspace – email hosting and communication
• ◆Web hosting provider – secure storage of website data

Legal Requirements

We may disclose information if required by law, court order, or to protect our legal rights.

Third-party tour providers

When booking organized tours (Auschwitz, Salt Mine, etc.), we share necessary information (name, contact details) with official tour operators to complete your booking.

Data Retention

We retain your personal information only as long as necessary:

• ◆Active inquiries – until your tour is completed plus 1 year for customer service
• ◆Completed bookings – up to 3 years for business records and legal compliance
• ◆Marketing communications – until you unsubscribe or withdraw consent
• ◆Website analytics – Google Analytics retains data for 26 months

You may request deletion of your data at any time (see Section 9).

Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• ◆Secure communication – encrypted email (Google Workspace)
• ◆Access controls – limited access to personal data
• ◆Regular backups – secure data storage
• ◆HTTPS encryption – secure website connection

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Cookies and Tracking

Cookies are small text files placed on your device that help us understand how you use our website.

Essential Cookies

• ◆Required for website functionality
• ◆Cannot be disabled

Analytics Cookies (Google Analytics)

• ◆Track website usage and visitor behavior
• ◆Help us improve our website
• ◆You can opt out using your browser settings or the cookie banner

Managing Cookies

• ◆You can control cookies through your browser settings
• ◆Disabling cookies may affect website functionality
• ◆Learn more: allaboutcookies.org

Third-Party Services

Our website uses the following third-party services:

Google Analytics

• ◆Collects anonymized usage data
• ◆Privacy policy: policies.google.com/privacy

WhatsApp (Meta)

• ◆Used for customer communication
• ◆Privacy policy: whatsapp.com/legal/privacy-policy

These services have their own privacy policies and are not controlled by ShimmyTours.

Your Rights Under GDPR

• ◆Right to Access – request a copy of the personal information we hold about you
• ◆Right to Rectification – request correction of inaccurate or incomplete data
• ◆Right to Erasure ("Right to be Forgotten") – request deletion of your personal data
• ◆Right to Restrict Processing – request that we limit how we use your data
• ◆Right to Data Portability – request your data in a structured, machine-readable format
• ◆Right to Object – object to processing based on legitimate interests
• ◆Right to Withdraw Consent – withdraw consent for data processing at any time

To exercise these rights, contact us

We will respond to your request within 30 days.

International Data Transfers

Your data may be transferred to and stored on servers located outside Poland/EU (e.g., Google's global infrastructure). When this occurs, we ensure appropriate safeguards are in place to protect your information in accordance with GDPR requirements.

Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the updated policy on this page with a revised "Last updated" date.

Significant changes will be communicated via email or website notification.

Contact Us

If you have questions about this Privacy Policy or how we handle your personal data:

Supervisory Authority

You have the right to lodge a complaint with the Polish data protection authority: