Privacy Policy

This Privacy Policy explains how personal data is collected, processed and protected when you use the website https://bmgpoland.com/ (the “Website”).

By using the Website, you acknowledge that you have read and understood this Privacy Policy.

1. Data controller

The controller of your personal data is:

Be My Guest Adrian Cwiklinski

Registered business in Poland

Tax ID (NIP): 6821749133

Business Registry No. (REGON): 540103360

Contact details:

Email: book@bmgpoland.com

Phone: +48 888 805 198

2. Principles of data processing

Personal data is processed in accordance with the General Data Protection Regulation (GDPR), in particular with the principles of:

  • lawfulness, fairness and transparency
  • purpose limitation
  • data minimisation
  • accuracy
  • storage limitation
  • integrity and confidentiality

3. Scope of personal data collected

Personal data is collected only when you voluntarily provide it, in particular through the contact or booking request forms available on the Website.

Depending on the form, this may include:

  • full name
  • email address
  • preferred date and time of the tour
  • number of participants in the tour
  • food preferences or dietary requirements related to the tour (provided voluntarily)
  • information about your plans or group relevant to the tour
  • any other information you choose to share in connection with your enquiry

Providing personal data is voluntary. However, failure to provide certain information may make it impossible to prepare a personalised offer or conclude a contract.

4. Purposes and legal bases of processing

Your personal data is processed for the following purposes:

a) Handling enquiries and communication

To respond to messages and requests submitted via the Website.

Legal basis: Article 6(1)(f) GDPR – legitimate interest (communication with users).

b) Preparing a personalised tour offer and organising a private food tour

Including scheduling, logistics and communication related to the tour.

Legal basis: Article 6(1)(b) GDPR – steps taken prior to entering into a contract and performance of a contract.

c) Invoicing and accounting

Invoices are issued for all private food tours in accordance with applicable tax regulations.

Legal basis: Article 6(1)(c) GDPR – legal obligation.

d) Food preferences and dietary requirements

Any information about food preferences or dietary needs is provided voluntarily and is processed solely for the purpose of organising the tour. This data is not used for profiling and is not shared beyond what is necessary to deliver the service.

Legal basis: Article 6(1)(b) GDPR, in conjunction with the voluntary provision of such data by the user.

e) Website analytics and improvement

To analyse website traffic, understand user behaviour and improve the quality of services.

Legal basis: Article 6(1)(a) GDPR – user consent (given via the cookie banner).

5. External booking platforms

The Website contains links to third-party booking platforms, including but not limited to:

  • Viator
  • Airbnb
  • TripAdvisor

All bookings and payments made through these platforms are processed under their own privacy policies and terms of service.

Be My Guest Adrian Cwiklinski is not the data controller for personal data processed on those platforms.

6. Social media links

The Website includes links to social media platforms, such as:

  • YouTube
  • Instagram
  • TikTok
  • Facebook

When you visit these platforms, your data is processed in accordance with their own privacy policies. The Data Controller is not responsible for the data processing practices of these platforms. Data may be transferred outside the European Economic Area (EEA), including to the United States.

7. Data recipients and transfers outside the EEA

Personal data may be processed by trusted service providers acting on behalf of the Data Controller, such as:

  • Webflow, Inc. (website hosting and form processing provider)
  • email service providers
  • Google Ireland Limited (Google Analytics, Google Search Console)
  • Microsoft Corporation (Microsoft Clarity)
  • external booking platforms (Viator, Airbnb, TripAdvisor)
  • social media platforms (YouTube, Instagram, TikTok, Facebook)

Some of these providers may be located outside the EEA. Data transfers outside the EEA are carried out in accordance with GDPR requirements, including the use of Standard Contractual Clauses (SCCs) or applicable adequacy decisions (such as the EU–US Data Privacy Framework).

8. Data retention period

Personal data is stored only for as long as necessary for the purposes for which it was collected:

  • enquiry data – for the duration of correspondence and up to 12 months thereafter
  • data related to tour organisation – for the duration of the service and related settlements
  • invoicing data – in accordance with applicable tax and accounting laws

9. Your rights

You have the right to:

  • access your personal data
  • rectify inaccurate or incomplete data
  • request erasure or restriction of processing
  • request data portability
  • object to processing based on legitimate interest
  • withdraw consent at any time (where processing is based on consent)

You also have the right to lodge a complaint with a competent supervisory authority in your country of residence or with the Polish supervisory authority (President of the Personal Data Protection Office).

10. Cookies, analytics and embedded content

The Website uses cookies and similar technologies to ensure proper functioning, analyse website traffic and improve user experience.

Cookies are managed through the CookiesYes consent management platform. Users may accept, reject or customise their cookie preferences at any time. Analytics and embedded content are activated only after user consent.

Necessary cookies

Required for the proper functioning of the Website and its forms. These cannot be disabled.

Analytics cookies

Activated only after user consent.

The Website uses:

  • Google Analytics – to analyse website traffic and improve user experience
  • Microsoft Clarity – to analyse user interactions and optimise website performance

These tools may collect information such as:

  • anonymised IP address
  • browser and device information
  • pages visited
  • time spent on the Website
  • interaction data

Google Search Console

The Website also uses Google Search Console to monitor website visibility in Google search results. This tool does not store cookies on users’ devices but processes aggregated performance data.

Embedded YouTube videos

The Website may contain embedded videos from YouTube (Google LLC).

When such content is displayed, YouTube may process personal data, including IP address and device information, and may use cookies or similar technologies.

Embedded videos are loaded only after user consent via the cookie banner. Where possible, videos may be embedded using YouTube’s privacy-enhanced mode (youtube-nocookie.com), which limits the use of cookies before user interaction.

Data transfers outside the EEA

Google and Microsoft services may transfer data outside the European Economic Area (EEA), including to the United States. Data transfers are carried out in accordance with GDPR requirements, including the use of Standard Contractual Clauses or adequacy decisions (such as the EU–US Data Privacy Framework).

Users can withdraw or modify their consent at any time via the cookie settings available on the Website.

11. External links

The Website may contain links to external websites not operated by the Data Controller. The Data Controller is not responsible for the content or privacy practices of those websites. Users are encouraged to review their privacy policies.

12. Final provisions

If you do not agree with this Privacy Policy, please refrain from using the Website or submitting personal data through it.