Privacy Policy for tomdiserens.com
Effective Date: 30/08/2025
1. Administrator and Data Controller
The administrator and controller of personal data collected via tomdiserens.com is Białowieża Wildlife Services – Tomasz Diserens, located at Teremiski 52C, 17-230 Teremiski, Poland. You can reach us at tom@tomdiserens.com.
2. Commitment to Data Protection
We are committed to complying with applicable data protection laws (GDPR, Polish data protection provisions, CCPA where relevant), and we aim to ensure your data is handled safely and transparently in line with legal obligations and best practices.
3. Information We Collect
a. Information You Provide:
– Via contact forms: name, email, message content, marketing preferences.
– When booking tours: name, contact details, special requests (e.g., dietary or accessibility requirements), and in exceptional cases, passport or health-related information essential for tour arrangements.
b. Automatically Collected Data:
We gather technical and usage data, such as IP address, device and application settings, server logs, and browsing interactions when you visit the site.
c. Aggregated Data:
We create anonymized summaries of user behavior for analytics and website performance improvements. Such data cannot be traced back to individuals.
d. Special Categories of Data:
Only when necessary (for visas, medical accommodations, etc.), we may collect data such as dietary restrictions, medical conditions, or religious requirements, in compliance with careful necessity standards.
4. Use of WordPress Plugins & Third-Party Services
We use WordPress plugins like forms or consent management. These may involve third-party scripts or APIs—for example, embedding maps, social media features, analytics, or cookie consent banners.
Some features of our site, such as embedded maps or social media buttons, are provided via third‑party services. These services may collect or process your data (e.g., IP address), according to their own policies.
5. How We Use Your Information
We use your data to:
– Respond to inquiries and process bookings;
– Facilitate the execution of tour services;
– Provide customer service and post-tour follow-ups;
– Send newsletters or marketing communications only if you have consented (opt-in) or under legitimate interests following assessment;
– Perform statistical analysis and improve our offerings;
– Publish or share user-submitted content (e.g. reviews), with your consent and acknowledging that public content may no longer remain private.
6. Sharing Your Data
We do not sell your data. We may share your personal data only with:
– Payment processors (PayU), who handle card/bank data separately and securely; we do not store your full payment details.
– Service providers (e.g., hosting, accounting, email platform) under proper Data Processing Agreements;
– Local service partners (e.g., guides or accommodation providers) needed to execute your booking;
– Authorities if required by law.
We also may publish aggregated data for analytical or marketing purposes.
7. Marketing Communications
If you opt in, we may send newsletters or updates. You may unsubscribe anytime (e.g., via a link in emails), though we may still send you essential service messages (e.g., booking confirmations) even after unsubscribing.
8. Legal Bases for Processing
We rely on the following legal bases:
– Performance of a contract: to fulfill tour bookings;
– Consent: where you opt in to communications or certain features;
– Legitimate interest: for site improvement, analytics, and fraud prevention, assessed case by case;
– Legal obligation: for tax or accounting compliance.
9. Retention of Personal Data
We retain:
– Booking data for as long as needed for legal and tax purposes (e.g., up to 5 years);
– Inquiry contact data until the issue is resolved or as long as needed;
– Marketing preferences (e.g., opt‑out flags) as long as needed to honor your wishes.
We periodically review and securely delete data that is no longer needed.
10. Your Privacy Rights
Depending on your jurisdiction, you may have rights including:
– Access to your data;
– Correction or deletion;
– Restriction or objection to processing;
– Data portability;
– Withdrawal of consent.
You may exercise these rights by contacting us at tom@tomdiserens.com. You also have the right to lodge a complaint with a supervisory authority.
11. Transfers Outside the EU
Your data may be transferred outside the EU—for example, to third party payment services provider servers. We ensure appropriate safeguards such as SCCs are in place.
12. Security Measures
We protect your data using SSL/TLS encryption, secure server infrastructure, and limited access controls. Please note that no system is entirely immune to breaches, but we apply industry-standard protections.
13. Children’s Privacy
Our site is not intended for use by children under 16, and we do not knowingly collect data from minors.
14. Changes to This Policy
We may update this policy occasionally. Any changes will be posted here with a new effective date.