Privacy Policy
Last updated: 23 June 2026
This Privacy Policy explains how Prague Uncovered s.r.o. ("we", "us", "our"), operator of UNCOVER Krakow, collects, uses and protects your personal data when you visit our website or become a member. We process personal data in accordance with the EU General Data Protection Regulation 2016/679 ("GDPR") and applicable Polish data protection law.
1. Controller
The data controller responsible for your personal data is:
Prague Uncovered s.r.o.
Korunn\u00ED 2569/108, Vinohrady, 10100 Prague 10, Czech Republic
Company ID: 24562947
Email: hello@uncoverkrakow.com
2. Categories of data we process
- Account data: name, email address, city, password hash.
- Payment data: billing address and last four digits of your card. Full card details are processed exclusively by Stripe, Inc.; we never see or store them.
- Membership data: plan, start and end date, reservations, event attendance.
- Communication data: emails and messages you send us.
- Technical data: IP address, device and browser information, pages visited, referring URL, timestamps, cookies and similar identifiers.
3. Purposes and legal bases
- Providing the service (Art. 6(1)(b) GDPR): creating and managing your membership, processing payments, delivering benefits and events.
- Communication (Art. 6(1)(b) and 6(1)(f) GDPR): responding to enquiries, sending service-related emails, notifying you of material changes.
- Marketing emails (Art. 6(1)(a) GDPR): sending newsletters and offers where you have opted in. You can withdraw consent at any time.
- Analytics and advertising (Art. 6(1)(a) GDPR): only if you accept cookies via our consent banner.
- Legal obligations (Art. 6(1)(c) GDPR): retention of invoices and accounting records.
- Security and fraud prevention (Art. 6(1)(f) GDPR): protecting our service, members and infrastructure.
4. Recipients and processors
We share personal data only with carefully selected processors who act on our instructions under a data processing agreement (Art. 28 GDPR):
- Stripe, Inc. \u2013 payment processing
- Supabase, Inc. \u2013 database and authentication hosting
- Cloudflare, Inc. \u2013 content delivery and security
- Google LLC \u2013 analytics and advertising (only with consent)
- Meta Platforms, Inc. \u2013 advertising and pixel (only with consent)
- Email delivery providers for transactional and marketing emails
We never sell your personal data.
5. International transfers
Some of our processors are based outside the European Economic Area (in particular in the United States). Where this is the case, transfers are safeguarded by Standard Contractual Clauses approved by the European Commission and, where applicable, by the EU\u2013US Data Privacy Framework certifications of the recipient.
6. Retention
- Account and membership data: for the duration of your membership and up to 3 years after termination.
- Invoices and accounting records: 10 years, as required by law.
- Marketing data: until you withdraw consent.
- Server logs: up to 30 days.
7. Your rights under the GDPR
You have the right to access, rectify, erase, restrict, port and object to the processing of your personal data, and to withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at hello@uncoverkrakow.com. You also have the right to lodge a complaint with a supervisory authority, in Poland the President of the Personal Data Protection Office (UODO).
8. Cookies
We use strictly necessary cookies to operate the site. Optional analytics and marketing cookies are only set after you give consent through our cookie banner. You can change or revoke your choice at any time.
9. Security
All traffic is encrypted in transit using HTTPS/TLS. Passwords are stored hashed. Production data is protected by access controls, logging and regular backups.
10. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email or via a notice in the member app at least 14 days before they take effect.