General Provisions
1. The data controller of personal data collected through the website vabotrips.com is Vasyl Borchuk, conducting business under the company name VABO TRAVEL Sp. z o.o., with its registered office at SZLAK 77/222, 31-153 KRAKÓW, MAŁOPOLSKIE, NIP: 6762599240, REGON: 389263531, registered in the Central Registration and Information on Business, operating a joint business in the form of a civil partnership under the name VABO TRAVEL Sp. z o.o., registered office address: SZLAK 77/222, 31-153 KRAKÓW MAŁOPOLSKIE, email address: vabotrips@gmail.com, hereinafter referred to as the “Administrator”.
2. Personal data collected by the Administrator through the website is processed in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, and the Act on Personal Data Protection of May 10, 2018.
Type of Personal Data Processed, Purpose and Scope of Data Collection
1) PURPOSE OF PROCESSING AND LEGAL BASIS. The Administrator processes personal data through the website soultrip.pl in the case of:
– use by the user of the contact form. Personal data is processed based on Art. 6 sec. 1 letter f) of the GDPR as the legally justified interest of the Administrator.
2) TYPE OF PERSONAL DATA PROCESSED.
The Administrator processes the following categories of user personal data:
– First and last name,
– Date of birth,
– Place of birth,
– Citizenship,
– Address (residence),
– Email address,
– PESEL number,
– Telephone number.
3) DATA RETENTION PERIOD.
Personal data of users are stored by the Administrator:
1. in the case where the basis for data processing is the performance of a contract, as long as it is necessary for the execution of the contract, and thereafter for a period corresponding to the limitation period of claims. Unless otherwise provided by a specific provision, the limitation period is six years, and for claims for periodic benefits and claims related to the conduct of business activities – three years.
2. in the case where the basis for processing data is consent, as long as the consent is not withdrawn, and after the withdrawal of consent for a period of time corresponding to the limitation period of claims that may be raised by the Administrator and that may be brought against him. Unless otherwise provided by a specific provision, the limitation period is six years, and for claims for periodic benefits and claims related to the conduct of business activities – three years.
During the use of the website, additional information may be collected, in particular: the IP address assigned to the user’s computer or the external IP address of the Internet provider, domain name, type of browser, access time, type of operating system.
Data from users may also be collected on navigation, including information about links and references they decide to click on or other actions taken on the website. The legal basis for such activities is the legally justified interest of the Administrator (Art. 6 sec. 1 letter f GDPR), consisting of facilitating the use of services provided electronically and improving the functionality of these services.
The provision of personal data by the user is voluntary.
Personal data will also be processed automatically in the form of profiling if the user gives consent based on Art. 6 sec. 1 letter a) GDPR. The consequence of profiling will be assigning a profile to a person in order to make decisions concerning her or analyzing or predicting her preferences, behaviors, and attitudes.
The Administrator takes special care to protect the interests of the persons concerned, in particular ensuring that the data collected by him are:
1. processed in accordance with the law, collected for specified, lawful purposes and not subject to further processing incompatible with those purposes,
2. substantively correct and adequate in relation to the purposes in which they are processed and stored in a form that allows the identification of the persons they concern, no longer than is necessary to achieve the purpose of processing.
Disclosure of Personal Data
1. Personal data of users are transferred to service providers used by the Administrator in managing the website. Service providers to whom personal data are transferred, depending on the contractual arrangements and circumstances, either follow the Administrator’s instructions regarding the purposes and methods of processing these data (processors) or independently determine the purposes and methods of their processing (administrators).
2. Personal data of users are stored exclusively within the European Economic Area (EEA).
Right to Control, Access to One’s Own Data, and Their Correction
1. The person whose data is concerned has the right to access the content of their personal data and the right to rectify, delete, limit processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Legal bases for the user’s request:
– Access to data – Art. 15 GDPR
– Correction of data – Art. 16 GDPR.
– Deletion of data (the so-called right to be forgotten) – Art. 17 GDPR.
– Restriction of processing – Art. 18 GDPR.
– Data portability – Art. 20 GDPR.
– Objection – Art. 21 GDPR
– Withdrawal of consent – Art. 7 sec. 3 GDPR.
To exercise the rights mentioned in point 2, an appropriate email message can be sent to: vabotrips@gmail.com.
In the event that the user exercises a right arising from the above rights, the Administrator fulfills the request or refuses to fulfill it promptly, no later than within one month after its receipt. However, if – due to the complicated nature of the request or the number of requests – the Administrator will not be able to fulfill the request within a month, it will fulfill it within the next two months informing the user in advance within a month of receiving the request – about the intended extension of the term and its reasons.
In the event that it is found that the processing of personal data violates the provisions of the GDPR, the person whose data is concerned has the right to lodge a complaint with the President of the Office for Personal Data Protection.
Cookies
1. The website uses cookies or similar technology (collectively called: “cookies”) to collect information about the User’s access to the website (e.g., via a computer or smartphone) and his preferences. They are used, among others, for advertising and statistical purposes and to tailor the website to the individual needs of the User.
2. Cookies are pieces of information that contain a unique reference code that the website sends to the User’s device in order to store, and sometimes track information about the device used. They usually do not allow identifying the User’s person. Their main task is to better adapt the website to the User.
3. Some cookies on the website are available only during a particular internet session and expire after closing the browser. Other cookies are used to remember a User who has previously visited the website, thereby being recognized when they return to the website. They are then kept for a longer time.
4. Cookies used on this website are: “Persistent” cookies are stored on the user’s end device for a specified period in the parameters of the cookies or until they are deleted by the User.
5. All cookies appearing on the website are set by the administrator.
6. All cookies used by this website are compliant with current European Union law.
7. Most Users and some mobile browsers automatically accept cookies. If the User does not change the settings, cookies will be stored in the device’s memory.
8. The User can change the preferences for accepting cookies or change the browser to receive appropriate notification each time the cookie function is set. To change cookie acceptance settings, adjust the settings in the browser.
9. It is worth remembering that blocking or deleting cookies may prevent full use of the website.
10. Cookies will be used for necessary session management, including:
a. Creating a special login session for the User of the website, so that the page remembers that the User is logged in, and their requests were delivered effectively, securely, and consistently;
b. Recognizing a User who has previously visited the website, allowing identification of the number of unique users who have used the service and ensuring sufficient service capacity for the number of new users;
c. Recognizing whether a person visiting the website is registered on the website;
d. Recording information from the User’s device, including: cookies, IP address, and information about the browser used, in order to diagnose problems, administer and track the Use of the site;
e. Customizing elements of the layout or content of the website;
f. Collecting statistical information on how the User uses the page to possibly improve the site and determine which areas of the website are most popular with Users.
Final Provisions
The Administrator applies technical and organizational measures ensuring the protection of processed personal data appropriate to the risks and category of data protected, in particular, secures data against being disclosed to unauthorized persons, taken by an unauthorized person, processed in violation of applicable laws, and changed, lost, damaged, or destroyed.
The Administrator provides appropriate technical measures to prevent unauthorized persons from acquiring and modifying personal data transmitted electronically.
In matters not regulated by this Privacy Policy, the provisions of the GDPR and other relevant Polish law provisions shall apply accordingly.