1. The data controller is TML KRAKÓW SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, located at ul. Floriańska 5, 31-019 Kraków, Poland, registered in the National Court Register under number 0001016790, NIP: 6751777235, REGON: 524343674 (hereinafter: "Controller").

2. For matters related to personal data protection, you can contact us at: info@tomorrowland.pl or in writing to the Controller's registered address.

1. The Controller collects and processes the following personal data:

• First and last name — for Customer identification and booking processing

• Email address — for contact, sending booking confirmations and service information

• Phone number — for contact regarding bookings

• Booking data — date, time, selected package, number of persons

• Payment data — processed by an external payment provider (Stripe)

2. Providing personal data is voluntary but necessary for booking processing and service provision.

1. Personal data is processed for the following purposes:

a) Performance of a service contract (Art. 6(1)(b) GDPR) — booking, visit handling, settlements

b) Fulfillment of legal obligations (Art. 6(1)(c) GDPR) — maintaining accounting documentation

c) Legitimate interest of the Controller (Art. 6(1)(f) GDPR) — direct marketing of own services, defense against claims, statistical analysis

d) Based on consent (Art. 6(1)(a) GDPR) — sending marketing information, newsletter

1. Personal data may be transferred to the following categories of recipients:

• Payment service providers (Stripe) — to the extent necessary for payment processing

• IT and hosting service providers — to the extent necessary for website operation

• Analytics service providers (in the future: PostHog, Google Analytics) — for website traffic analysis

• Government authorities — in cases provided for by law

2. Data may be transferred to third countries (outside the EEA) in connection with using services of entities located in those countries, while ensuring an appropriate level of data protection.

1. Personal data is stored for the following periods:

• Booking-related data — for 3 years from the booking date (statute of limitations for claims)

• Accounting data — for 5 years from the end of the tax year

• Data processed based on consent — until withdrawal of consent

• Marketing data — until objection is raised

1. Every data subject has the right to:

a) Access their personal data

b) Rectification (correction) of data

c) Erasure of data ("right to be forgotten")

d) Restriction of processing

e) Data portability

f) Object to processing

g) Withdraw consent at any time (without affecting the lawfulness of processing before withdrawal)

2. To exercise the above rights, please contact the Controller.

3. Every person has the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland).

1. The website uses cookies for the following purposes:

a) Ensuring proper website operation (technical cookies)

b) Remembering user preferences (language, session)

c) Statistical analysis of website traffic (analytical cookies — in the future)

2. Users can change cookie settings in their browser at any time.

3. Disabling cookies may affect the proper functioning of some website features.

4. Detailed information about cookie management is available in web browser settings.

1. The Controller applies appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or destruction.

2. Data transmission is carried out using SSL protocol (HTTPS).

3. Only authorized persons have access to personal data.

1. The Controller reserves the right to change this Privacy Policy.

2. Users will be informed of significant changes through a notice on the website.

3. The current version of the Privacy Policy is always available on the website.

1. For matters related to personal data protection, you can contact us:

• Email: info@tomorrowland.pl

• Address: ul. Floriańska 5, 31-019 Kraków, Poland

• Phone: +48 792-252-177