The notification is implemented in the scope of guidelines resulting from the Regulation 2016/679 of the European Parliament and the Council of the EU of April 27 2016. on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
PERSONAL DATA CONTROLLER
I. The Controller of your Personal Data is eTravel S.A., Al. Jerozolimskie 142B, 02-305 Warsaw, +48 22 492 08 60, firstname.lastname@example.org.
II. The Data Protection Officer is Mirosław Bohun, ul. 10 Lutego 16, 81-364 Gdynia, tel. +48 22 492 08 05, email@example.com. You may contact him with regards to all matters related to the processing of personal data and the use of rights related to data processing.
PURPOSE AND BASIS OF PROCESSING
III . Personal data can be processed as part of the following purposes:
1. Arranging a tourist service, making reservations in booking systems, providing data to service providers and entities participating in the booking process, distribution of messages. The data will be processed on the basis of art. 6 section 1 (b) of the GDPR, because it is necessary for the performance of a purchase of a service or to take steps at the request prior to purchasing a tourist service.
2. Implementation of marketing activities. The data will be processed on the basis of art. 6 section 1 (f) of the GDPR, under the legitimate interest pursued by the Controller. In this case, the legitimate interest is the presentation of the offer but only if you are already our client.
3. Actions enabling the deliver the service of our Call Center, supporting the booking process, servicing the emergency line, handling claims, generating sales reports, settling sales, preventing abuse in services and improving them. The data will be processed on the basis of art. 6 section 1 (f) of the GDPR, under the legitimate interest pursued by the Controller. In this case, the legitimate interest is using IT infrastructure to provide services, providing after-sales services and settling sold services.
4. Implementation of guidelines of authorized units of state administration. The data will be processed on the basis of art. 6 section 1 (c) of the GDPR, the legal obligation imposed on the Controller.
5. Protection of your health and life in the event of an emergency while traveling. The data will be processed on the basis of art. 6 section 1 (d) of the GDPR.
6. Implementation of loyalty programs, both own and service providers’. The data will be processed on the basis of art. 6 section 1 (a) of the GDPR, your consent expressed directly or by a clear affirmative action or signifies agreement.
IV. The recipients of personal data, that the Controller provides or entrusts, are third parties within the recipient categories such as travel agents and suppliers, airlines, hotel chains, hotels, car rental companies, railway service providers, shipowners, companies providing personal transport services, insurance companies, reservation system providers, IT service providers, visa brokers, financial institutions involved in payment processing, subsidiaries of the eTravel capital group and authorized units of state Administration.
V. Personal data will be transferred to third countries or international organizations (outside the European Economic Area) if it is required to achieve the purpose of processing.
RETENTION OF DATA AND THE RIGHTS OF THE DATA SUBJECT
VI. Personal data will be processed for the period in which the purposes of processing will be fulfilled. After this date, they will be deleted or anonymized (encrypted in a way that makes it impossible to identify the owner of the data). Data may be processed after the services have ended, but only if it is permitted or required under applicable law, e.g. processing for billing purposes or for handling claims.
VII. The data owner has the right to access personal data, demand their rectification, removal or limitation of processing, the right to object to the processing, the right to transfer data.
VIII. The data owner has the right to withdraw his consent at any time.
If you withdraw your consent in scope of processing operations for which it was previously granted, the Controller will cease this processing and delete the data associated with it, unless it is used for other processing purposes based on a separate legal basis.
IX. The data owner has the right to lodge a complaint with the supervisory body.
SOURCE FROM WHICH THE DATA IS OBTAINED AND ITS VOLUNTARY PROVISION
X. The Controller obtained personal data directly from the data subject or from a third party authorized by him/her.
XI. The provision of data is of a voluntary nature, however, it is a contractual condition for the implementation of the order for the booking and purchase of tourist services. In the event of not receiving personal data, the Controller is not able to execute the request.