Privacy Policy

Show Me Krakow operates this booking site for Krakow experiences. For GDPR purposes we act as the data controller for data collected through this site. You can reach us at info@showmekrakow.com for any privacy question or data request.

• Booking data - name, email, phone number, number of guests, selected experience and date, and any notes you add at checkout. This is required to create the reservation.
• Checkout recovery data - if you enter booking details before payment is finished, we may store your selected experience, date, time, guest details, contact details, checkout answers, promo code, and recovery token so the checkout can be resumed and a recovery email can be sent. Available recovery offers or promo codes are included only if you select the recovery offer option in checkout.
• Payment data - collected and processed directly by Stripe. We never see or store your full card number. We receive a payment status, the amount, and a Stripe reference.
• Booking reference - once confirmed, the reservation is held in Bókun (our booking system) and a reference is attached to your Stripe record.
• Site usage data - if you accept analytics cookies, we record pageviews, referrer, approximate location (from IP, truncated before storage where supported), device type, the experiences you view, and interaction signals such as clicks, scroll depth, heatmaps, and session recordings. This is used in aggregate to improve the site and spot confusing booking pages.
• First-party booking attribution - we record the page, guide, campaign, referrer, and booking step that led to checkout. This helps us understand which content and booking flows work. We do not use this to store card details or raw traveller form answers.
• Advertising measurement data - if you accept personalised offers cookies, Meta Pixel may record pageviews, booking events, and purchase events so we can measure ads and show more relevant offers.
• Communications - the content of any email or WhatsApp message you send us, so we can help you.

• To perform the booking contract - processing name, contact, payment, and reservation details is necessary to accept, confirm, and deliver the experience you booked (GDPR Art. 6(1)(b)).
• Legitimate interest - basic security logs, fraud prevention, and responding to support messages (GDPR Art. 6(1)(f)). We also use first-party booking attribution to understand which pages, campaigns, and checkout steps improve the booking experience, and to save unfinished checkout details so a booking can be recovered, resumed, or checked if payment fails.
• Consent - analytics and marketing cookies only run after you explicitly accept them in the cookie banner (GDPR Art. 6(1)(a)). Recovery offers or promo codes in checkout recovery emails are included only after you select the recovery offer option for that unfinished booking. You can withdraw consent at any time, and recovery emails include an unsubscribe link that stops future checkout recovery emails to that email address.
• Legal obligation - accounting records are kept as required by Polish tax law (GDPR Art. 6(1)(c)).

We share personal data only with processors that help us deliver the booking, and only the minimum needed for each role.

• Stripe - payment processing. Stripe handles card data directly under its own privacy notice. Data may be transferred to the United States under Standard Contractual Clauses.
• Bókun (a TripAdvisor company) - reservation and booking system. Your name, contact, and booking details are stored in Bókun so the experience operator can confirm and run the activity.
• Experience operators - the local host of the specific experience you booked receives the booking details needed to run the activity on the day.
• Google (Google Analytics) - if you accept improve site cookies, aggregated usage data is processed by Google. IP addresses are anonymized at the earliest possible point where supported.
• Microsoft Clarity - if you accept improve site cookies, Microsoft may process heatmap, session recording, click, scroll, device, and browser data so we can understand where visitors get stuck. Clarity is configured through our consent controls so its cookies are not granted unless you allow improve site cookies.
• Meta - if you accept personalised offers cookies, Meta Pixel may process ad measurement events and use them for advertising features under Meta’s own terms.
• Our hosting and email providers - for delivering the site, transactional messages, checkout recovery emails, and any opted-in recovery offer content.

We do not sell your personal data. Analytics and advertising tools only receive granted consent after you make that choice.

• Booking and payment records: 5 years after the booking date, to meet Polish accounting requirements.
• Unfinished checkout recovery records: only as long as needed for recovery follow-up, troubleshooting, or deletion requests.
• Support messages: up to 2 years after the last contact.
• First-party booking attribution: up to 14 months, then aggregate reporting where practical.
• Analytics data: up to 14 months in Google Analytics, then aggregated reports only.
• Microsoft Clarity heatmaps and session recordings: according to the retention settings in our Clarity workspace, then aggregate insights where practical.
• Advertising measurement data: according to Meta’s retention settings and your Meta account controls.
• Cookie consent choice: up to 12 months, then we ask again.

You can ask us, at any time, to:

• Confirm what personal data we hold about you, and receive a copy.
• Correct data that is wrong or incomplete.
• Delete data that is no longer needed, with limits for legally required records.
• Restrict or object to certain processing.
• Receive your data in a portable format, or have it transferred to another provider.
• Withdraw cookie consent at any time using the control in the Cookies section below.

Send any of these requests to info@showmekrakow.com. We respond within 30 days. You also have the right to lodge a complaint with the Polish data protection authority.

We use a small number of cookies. You control the optional ones from the cookie banner.

• Strictly necessary - remember your cookie choice, keep the checkout session working, and let the site load. No consent required.
• First-party attribution - remember a site session and the page or guide that led to checkout, so we can measure and improve our own booking flow. This does not load third-party analytics or advertising pixels.
• Improve site (optional) - Google Analytics 4 and Microsoft Clarity to understand which experiences travelers look at, where the site is confusing, and where the booking flow gets stuck. These tools only receive granted analytics consent after you allow improve site cookies. Clarity may use cookies such as _clck and _clsk.
• Personalised offers (optional) - Meta Pixel, Google ad measurement, and similar ad pixels to measure ads and show more relevant offers. Loaded or granted only after you allow personalised offers cookies.

You can change your choice at any time using the control below, or by clearing site data in your browser. Third parties you interact with directly may also set their own cookies under their own policies.

The site runs over HTTPS. Payment card data is handled by Stripe, which is PCI-DSS certified. Access to booking systems is limited to the people who need it to run the experience. No system is perfectly secure; if a breach affects you, we’ll notify you as required under GDPR.

This site and its experiences are aimed at adults. Some experiences are explicitly not suitable for children, and some have age minimums noted on the event page. We do not knowingly collect data from children under 16.

If we change anything material, we’ll update the date at the top and, for significant changes, mention it on the site or in an email to recent customers. The current version always lives at this URL.

Questions or data requests: info@showmekrakow.com. To stop checkout recovery emails, use the unsubscribe link in that email. For booking-specific questions, reply to your confirmation email or message us on WhatsApp.