Privacy policy
Last updated: 20 September 2025
Beyond the Peak Last updated: 20 September 2025
This is a courtesy translation. In case of any discrepancy, the Polish version prevails.
§ 1. Basic information
1.1. This Privacy Policy sets out the rules for processing and protecting personal data provided by Users in connection with the use of the Beyond the Peak website available at beyondthepeak.pl.
1.2. The controller of personal data is e-Place Tomasz Budzyński, ul. Siemieńskiego 17a/5, 35-203 Rzeszów, Poland, entered in the register of entrepreneurs kept by the District Court, VAT ID (NIP): 5170364287, REGON: 181042943 (the “Administrator”).
1.3. Contact with the Administrator on personal data matters:
- Email address: hello@beyondthepeak.pl
1.4. The Administrator ensures that the collected data is processed lawfully, in particular in accordance with Regulation (EU) 2016/679 (GDPR) and the Polish Personal Data Protection Act.
§ 2. What data we collect and why
2.1. Newsletter and free materials
- Data collected: first name, email address
- Purpose: sending the newsletter with travel content, delivering free materials (to-do lists, guides, checklists), informing about new articles
- Legal basis: consent (Article 6(1)(a) GDPR)
2.2. Contact form
- Data collected: first name, email address, message content, optionally phone number
- Purpose: answering a question, communicating with the User
- Legal basis: legitimate interest of the Administrator (Article 6(1)(f) GDPR)
2.3. Website analytics
- Data collected: IP address, technical data (browser type, operating system), information on how the site is used
- Purpose: traffic analysis, content optimisation, visit statistics
- Legal basis: legitimate interest of the Administrator (Article 6(1)(f) GDPR)
2.4. Cookies
- Data collected: information stored in cookies on the User’s device
- Purpose: ensuring the correct operation of the site, remembering preferences, analytics
- Legal basis: consent (analytics/marketing cookies) or legitimate interest (functional cookies)
§ 3. Sharing data
3.1. The Administrator may entrust the processing of personal data to the following entities:
- Hosting provider – keeping beyondthepeak.pl running
- Newsletter service provider – sending the newsletter (e.g. MailChimp, MailerLite)
- Analytics tool providers – keeping statistics (e.g. Google Analytics)
3.2. All entities processing the data guarantee technical and organisational measures compliant with the GDPR.
3.3. The Administrator does not sell or share personal data with third parties for marketing purposes.
§ 4. Data retention period
4.1. Personal data is stored for the period necessary to achieve the purposes:
- Newsletter: until consent is withdrawn by the User
- Contact: 3 years from the last correspondence
- Analytics: 25 months (in line with Google Analytics)
- Cookies: in line with the Cookies Policy
4.2. After the retention period, data is automatically deleted or anonymised.
§ 5. Users’ rights
5.1. The User has the right to:
- Access their personal data
- Rectify incorrect data
- Erase data (the “right to be forgotten”)
- Restrict processing of data
- Port data to another controller
- Object to the processing of data
- Withdraw consent at any time
5.2. Rights are exercised by contacting the Administrator: hello@beyondthepeak.pl.
5.3. The Administrator responds to requests within one month of receipt.
5.4. The User may lodge a complaint with the President of the Personal Data Protection Office in the event of a GDPR breach.
§ 6. Data security
6.1. The Administrator applies technical and organisational measures protecting data against:
- Unauthorised access
- Accidental loss or destruction
- Unauthorised disclosure
- Unlawful alteration
6.2. Security measures include:
- Encryption of data transmission (SSL)
- Regular backups
- Access control to systems
- Periodic security audits
§ 7. Cookies
7.1. The beyondthepeak.pl website uses cookies in accordance with a separate Cookies Policy.
7.2. The User can control cookies through browser settings.
7.3. Disabling cookies may affect the functionality of the site.
§ 8. Changes to the Privacy Policy
8.1. The Administrator reserves the right to update this Policy.
8.2. Users will be informed about material changes through the beyondthepeak.pl website or by email.
8.3. The current version of the Policy is always available on the website.
§ 9. Definitions
Administrator – Beyond the Peak, represented by Tomasz Budzyński, the entity determining the purposes and means of processing personal data.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data.
User – a natural person using the beyondthepeak.pl website.
Personal data – information about an identified or identifiable natural person.
Processing – an operation performed on personal data (collecting, recording, organising, storing, processing, sharing, erasing).
§ 10. Final provisions
10.1. In matters not covered by this Policy, the GDPR and Polish law apply.
10.2. Any questions regarding the protection of personal data should be directed to: hello@beyondthepeak.pl
This Privacy Policy takes effect on 20 September 2025 on beyondthepeak.pl