Privacy Policy

Last updated: 2026-04-25

1. Who we are

This website (theshamrockwarsaw.com) is operated by:

Shamrock Pub Sp. z o.o.
Zgoda 5, Warsaw, Poland
Email: privacy@theshamrockwarsaw.com

We are the data controller for any personal data we process through this website. References to "we", "us", or "our" mean the company above.

2. What data we collect and why

2.1 Website analytics

We use a self-hosted analytics tool (Umami) to understand how visitors use the site so we can improve it. Each pageview generates an anonymous event recording: page URL, referrer, browser type, operating system, screen size, preferred language, and country (derived from IP address; the IP itself is not stored).

To group your visits into a coherent session for accurate counts, we store a random visitor identifier in your browser's local storage. It is not linked to your name, email, or any other identifying information.

Legal basis: our legitimate interest in measuring and improving the website (Art. 6(1)(f) GDPR).

Retention: 12 months, after which event data is deleted.

2.2 Contact form

If you send us a message through the website's contact form, we process the name, email address, and any other information you choose to include in your message. We use it solely to respond to your inquiry.

Legal basis: our legitimate interest in responding to the inquiries you send us, and where applicable, steps taken at your request prior to entering a contract (Art. 6(1)(b) and (f) GDPR).

Retention: for the duration of the conversation and for up to 12 months afterwards, unless a longer period is required for legal or accounting reasons.

2.3 Newsletter

If you sign up for our newsletter, we collect your email address (and optionally your name) to send you occasional updates about events, promotions, and what's happening at the bar. We use a double opt-in process: after submitting your email, you'll receive a confirmation message and need to confirm before any newsletter is sent.

Every newsletter we send contains a one-click unsubscribe link. You can also unsubscribe at any time by emailing us at privacy@theshamrockwarsaw.com.

Legal basis: your consent (Art. 6(1)(a) GDPR), which you can withdraw at any time without affecting the lawfulness of processing before withdrawal.

Retention: until you unsubscribe or withdraw consent, whichever comes first.

3. Cookies and similar storage

We use the following items stored in your browser. We do not use third-party advertising or cross-site tracking technologies.

Name	Type	Purpose	Lifetime
sb_vid	localStorage	Stable anonymous visitor identifier for analytics	Until you clear browser data
sb_a_v2	localStorage + HttpOnly cookie	Analytics session continuity	30 minutes

You can clear these at any time through your browser's settings. Disabling them will not prevent the website from functioning, but analytics events will be recorded as new visitors more often.

4. Who processes your data

We share data only with service providers ("processors") who help us operate the website. They are bound by data-processing agreements and process data only on our instructions.

Vercel Inc. (United States) — hosting of the website and serverless functions.
Railway Corp. (United States) — hosting of our analytics application.
Neon Inc. (Germany — Frankfurt) — analytics database.
MailerLite Limited (Ireland, with infrastructure in the EU) — newsletter delivery.

5. Transfers outside the EEA

Some of our processors (Vercel and Railway) are located in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission, together with supplementary technical measures (encryption in transit and at rest), to ensure that personal data transferred outside the European Economic Area receives an adequate level of protection.

6. Your rights under GDPR

You have the right to:

access the personal data we hold about you (Art. 15);
have inaccurate data corrected (Art. 16);
request that your data be deleted (Art. 17);
request that processing be restricted (Art. 18);
receive your data in a portable format (Art. 20);
object to processing based on legitimate interests (Art. 21);
withdraw consent at any time, where processing is based on consent (Art. 7(3));
lodge a complaint with the supervisory authority in the EU country where you live or work.

To exercise any of these rights, email privacy@theshamrockwarsaw.com. We will respond within 30 days.

7. Automated decision-making

We do not make automated decisions or carry out profiling that produces legal or similarly significant effects on you.

8. Security

We take reasonable technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These include encryption in transit (HTTPS), encryption at rest, access controls on our infrastructure, and limiting access to personal data to authorised personnel only.

9. Children

Our website is intended for adults. We do not knowingly collect data from children under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it.

10. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent version. Significant changes will be highlighted on the website.