Privacy Policy

Show Me Krakow operates this booking site for Krakow experiences. For GDPR purposes we act as the data controller for data collected through this site. You can reach us at showmekrakow@gmail.com for any privacy question or data request.

• Booking data — name, email, phone number, number of guests, selected experience and date, and any notes you add at checkout. This is required to create the reservation.
• Payment data — collected and processed directly by Stripe. We never see or store your full card number. We receive a payment status, the amount, and a Stripe reference.
• Booking reference — once confirmed, the reservation is held in Bókun (our booking system) and a reference is attached to your Stripe record.
• Site usage data — if you accept analytics cookies, we record pageviews, referrer, approximate location (from IP, truncated before storage), device type, and the experiences you view. This is used in aggregate to improve the site.
• Communications — the content of any email or WhatsApp message you send us, so we can help you.

• To perform the booking contract — processing name, contact, payment, and reservation details is necessary to accept, confirm, and deliver the experience you booked (GDPR Art. 6(1)(b)).
• Legitimate interest — basic security logs, fraud prevention, and responding to support messages (GDPR Art. 6(1)(f)).
• Consent — analytics and marketing cookies only run after you explicitly accept them in the cookie banner (GDPR Art. 6(1)(a)). You can withdraw consent at any time.
• Legal obligation — accounting records are kept as required by Polish tax law (GDPR Art. 6(1)(c)).

We share personal data only with processors that help us deliver the booking, and only the minimum needed for each role.

• Stripe — payment processing. Stripe handles card data directly under its own privacy notice. Data may be transferred to the United States under Standard Contractual Clauses.
• Bókun (a TripAdvisor company) — reservation and booking system. Your name, contact, and booking details are stored in Bókun so the experience operator can confirm and run the activity.
• Experience operators — the local host of the specific experience you booked (e.g. the food tour or pub crawl operator) receives the booking details needed to run the activity on the day.
• Google (Google Analytics) — if you accept analytics cookies, aggregated usage data is processed by Google. IP addresses are anonymized at the earliest possible point.
• Our hosting and email providers — for delivering the site and transactional messages.

We do not sell your personal data, and we do not share it for third-party advertising.

• Booking and payment records: 5 years after the booking date, to meet Polish accounting requirements.
• Support messages: up to 2 years after the last contact.
• Analytics data: up to 14 months in Google Analytics, then aggregated reports only.
• Cookie consent choice: up to 12 months, then we ask again.

You can ask us, at any time, to:

• Confirm what personal data we hold about you, and receive a copy.
• Correct data that is wrong or incomplete.
• Delete data that is no longer needed (with limits for legally required records).
• Restrict or object to certain processing.
• Receive your data in a portable format, or have it transferred to another provider.
• Withdraw cookie consent at any time using the control in the Cookies section below.

Send any of these requests to showmekrakow@gmail.com. We respond within 30 days. You also have the right to lodge a complaint with the Polish data protection authority (Urząd Ochrony Danych Osobowych, UODO).

We use a small number of cookies. You control the optional ones from the cookie banner.

• Strictly necessary — remember your cookie choice, keep the checkout session working, and let the site load. No consent required.
• Analytics (optional) — Google Analytics 4 to understand which experiences travelers look at and where the site is confusing. Loaded only after you click Accept.

You can change your choice at any time using the control below, or by clearing site data in your browser. Third parties you interact with directly (Stripe, Bókun) may also set their own cookies under their own policies.

The site runs over HTTPS. Payment card data is handled by Stripe, which is PCI-DSS certified. Access to booking systems is limited to the people who need it to run the experience. No system is perfectly secure; if a breach affects you, we’ll notify you as required under GDPR.

This site and its experiences are aimed at adults. Some experiences are explicitly not suitable for children, and some have age minimums noted on the event page. We do not knowingly collect data from children under 16.

If we change anything material, we’ll update the date at the top and, for significant changes, mention it on the site or in an email to recent customers. The current version always lives at this URL.

Questions or data requests: showmekrakow@gmail.com. For booking-specific questions, reply to your confirmation email or message us on WhatsApp.