Endless Gravel Crew

Privacy Policy

1. General Provisions

1.1. The Data Controller is Jan Szuster (hereinafter: the “Controller”), operating under the domain endlessgravelcrew.com.

1.2. Contact regarding personal data: info@endlessgravelcrew.com.

1.3. This Privacy Policy sets out the rules for the collection, processing, and protection of personal data of camp participants and online store customers.

1.4. The Controller processes data in accordance with applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”).

2. Scope of Processed Data

2.1. In connection with registration for weekend camps, the following data are processed:

  • first and last name,
  • e-mail address,
  • phone number,
  • invoicing details (if provided by the customer).

2.2. In connection with registration for international camps, the following data are processed:

  • first and last name,
  • e-mail address,
  • phone number,
  • residential address,
  • PESEL number (or other identification number, if applicable),
  • ID document number and expiry date (if applicable),
  • invoicing details (if provided by the customer).

2.3. Data of online store customers include:

  • first and last name,
  • e-mail address,
  • delivery address,
  • phone number,
  • invoicing details (if provided by the customer).

2.4. During all events organized by Endless Gravel Crew, photos and video recordings may be taken that include participants’ likeness.

3. Purposes and Legal Basis of Processing

3.1. Data of camp participants are processed for the purposes of:

  • receiving applications and managing registrations (Art. 6(1)(b) GDPR – performance of a contract),
  • provision of services during camps (Art. 6(1)(b) GDPR),
  • ensuring safety and maintaining contact with participants (Art. 6(1)(f) GDPR – legitimate interest of the Controller),
  • purchasing insurance or tickets (if applicable) in the case of international camps (Art. 6(1)(b) GDPR).

3.2. Data of store customers are processed for the purposes of:

  • fulfilling orders and delivering goods (Art. 6(1)(b) GDPR),
  • handling complaints and returns (Art. 6(1)(c) GDPR – legal obligations),
  • conducting marketing communications (Art. 6(1)(f) GDPR – legitimate interest of the Controller).

3.3. Image data of event participants are processed for the purposes of:

  • publishing event reports on Endless Gravel Crew’s social media channels (non-commercial purposes – Art. 6(1)(f) GDPR),
  • sharing materials on the photo platform operated by Endless Gravel Crew (commercial purposes to a limited extent – Art. 6(1)(f) GDPR).

4. Data Sharing

4.1. Camp participants’ data may be shared with collaborators and staff of Endless Gravel Crew to the extent necessary for the organization and execution of the camp (e.g., guides, logistics staff).

4.2. In the case of international camps, data (first and last name, PESEL, residential address) may be provided to insurance companies in order to conclude an insurance contract.

4.3. Store customers’ data may be shared with:

  • courier and postal companies for the purpose of delivery,
  • payment operators for online payment processing,
  • entities providing accounting and legal services.

4.4. The Controller does not transfer personal data outside the European Economic Area unless it is necessary for the performance of the contract (e.g., insurance in the destination country).

5. Data Retention Period

5.1. Camp participants’ data are stored for the period necessary to carry out the event and for the duration of potential claims (maximum of 3 years).

5.2. Store customers’ data are stored for the period necessary to fulfill the order and subsequently in accordance with tax and accounting obligations (maximum of 6 years).

5.3. Photo and video materials may be stored and published indefinitely for archival and promotional purposes.

6. Rights of Data Subjects

Each person whose data are processed has the right to:

  • access their data,
  • rectify their data,
  • erase their data (“right to be forgotten”),
  • restrict processing,
  • data portability,
  • object to processing,
  • withdraw consent (if processing is based on consent).

To exercise these rights, please contact the Controller at: info@endlessgravelcrew.com.

7. Data Security

7.1. The Controller applies technical and organizational measures ensuring the protection of personal data appropriate to the risks of processing.

7.2. Access to data is granted only to authorized persons.

8. Cookies

8.1. The website endlessgravelcrew.com uses cookies, i.e. small text files stored on the user’s device.

8.2. Cookies are used for the purposes of:

  • ensuring proper functioning of the website (technical cookies),
  • analyzing website traffic and creating statistics (e.g., Google Analytics),
  • conducting marketing and remarketing activities (e.g., Meta Pixel).

8.3. Users may change cookie settings in their browser at any time. Restricting cookies may affect certain website functionalities.

8.4. Cookies may be placed on the user’s device both by the Controller and by third parties (e.g., Google, Meta).

9. Final Provisions

9.1. The Controller reserves the right to amend this Privacy Policy. The amended version will be published on endlessgravelcrew.com.

9.2. In matters not covered herein, the provisions of the GDPR and Polish law shall apply.