NOW LIVE: CURATED RETREATS, HOTELS & INTENTIONAL TRAVEL INSPIRATION
Privacy Policy
1. Who we are
The website address is: https://sanctumstay.com. The operator of the website is: Marcelina Brzostowska. Contact email: partners@sanctumstay.com.
2. Personal Data and GDPR Compliance
In accordance with the General Data Protection Regulation (GDPR), we act as the data controller for any personal information you provide. We process your data based on your consent, for the performance of a contract, or for our legitimate interests (such as site security and analytics). You have the right to access, rectify, or erase your personal data at any time.
3. Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
4. Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
5. Cookies
- User Convenience: If you leave a comment, you may opt-in to saving your name and email in cookies. These last for one year.
- Login & Session: If you visit our login page, we set a temporary cookie to check browser compatibility. When you log in, we set cookies to save your login info (2 days) and screen options (1 year). “Remember Me” extends login to two weeks.
- Content Management: If you edit or publish an article, a cookie indicating the post ID is saved for 1 day.
- Third-Party Cookies: Our partners (Google, Facebook) may also place cookies on your device to track activity and provide targeted content.
6. Third-Party Services and Analytics
We use third-party providers to monitor and analyze our website traffic:
- Google Analytics: We use this to track visitor behavior. Google may use the collected data to contextualize and personalize ads within its own network.
- Facebook (Meta) Pixel: We use this to measure the effectiveness of our advertising and to understand the actions of users on our site for marketing purposes.
- Spam Protection: Visitor comments may be checked through an automated spam detection service (e.g., Akismet).
- We may use other systems, eg. marketing automation platforms.
7. Embedded Content and External Links
Articles on this site may include embedded content (e.g., videos, images, articles). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These sites may collect data about you and use their own tracking. This website may also contain links to external sites. We are not responsible for the privacy practices, security, or content of any third-party websites.
8. Who we share your data with
- Password Resets: If you request a password reset, your IP address will be included in the reset email.
- Service Providers: We only share data with trusted third parties (like Google or hosting providers) to the extent necessary to run the website. We do not sell or trade your personal information to outside parties.
9. How long we retain your data
- Comments: Comments and their metadata are retained indefinitely.
- User Profiles: For users that register on our website, we store the personal information provided in their user profile. All users can see, edit, or delete their personal information at any time.
10. Your Rights Over Your Data
If you have an account or have left comments, you can request an exported file of the personal data we hold about you. You can also request that we erase any personal data we hold. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
11. Data Security
We implement standard security measures, including SSL encryption, to protect your personal information. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
12. Children’s Online Privacy Protection (COPPA)
Our website is not directed to children under the age of 13. We do not knowingly collect personal information from children. If we become aware that a child under 13 has provided us with data, we will delete it immediately.
13. California Privacy Rights (CCPA)
If you are a California resident, you have the right to request:
- Information about the categories of personal data we collect.
- A copy of your data.
- Deletion of your data. We do not “sell” your personal information as defined under the CCPA.
14. International Data Transfers
Our operations are global, and your information may be transferred to, stored, and processed in various countries, including but not limited to Poland, Spain, the European Union (EU/EEA), and the United States.
- Standard of Protection: By using this website, you acknowledge that data protection laws in these countries may differ from those in your home jurisdiction.
- GDPR & Privacy Shield: For users within the European Union (EU) or European Economic Area (EEA), we ensure that any transfer of personal data to a third country (like the USA) is protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other legally recognized mechanisms, to ensure a level of protection essentially equivalent to that guaranteed within the EU.
- Consent to Transfer: Regardless of where you live, by providing your information or interacting with our content, you explicitly consent to the cross-border transfer and processing of your data in any country where we or our third-party service providers (e.g., hosting, analytics) operate.