We would like to present to you with an information clause, obligation to comply with which results from new provisions on the protection of personal data, i.e. Regulation of the European Parliament and of the Council (EU) 2016/679 of 27/04/2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (general regulation on data protection) (EU Official Journal L 119, p. 1) [hereinafter GDPR]. WhyNotTravel sp. z o. o. sp. k. with headquarters in Kielnarowa 108a, 36-020 Tyczyn, KRS [National Court Register Number] 0000459238, NIP [Tax Identification Number]: 813-338-05-14, REGON [National Business Registry Number]: 180003786 attaches great importance to your privacy. We would like to assure you that we treat personal data obtained during contact with us with particular care and taking into account obligations arising from applicable provisions on the protection of personal data. With this information, you can find out how we use the information, as well as find information about rights that you are entitled to in connection with the processing of personal data by our company.
1. Personal data controller and basis as well as purposes of processing
Controller of personal data is WhyNotTravel sp. z o. o. sp. k. with headquarters in Kielnarowa 108a, 36-020 Tyczyn, KRS [National Court Register Number] 0000459238, NIP [Tax Identification Number]: 813-338-05-14, REGON [National Business Registry Number]: 180003786.
Data controller can be contacted in writing, with the use of traditional mail, as well as via e-mail, by phone in the following way:
- a. Address: Kielnarowa 108a, 36-020 Tyczyn
- b. Tel.: +48 517 949 166
- c. email: firstname.lastname@example.org
Scope of data: we process the following categories of your data, identifying information (name surname, name of business entity, NIP [Tax Identification Number], number and series of identity card or passport number) contact details (phone number, e-mail address), and correspondence data (home address), data concerning concluded contracts, financial data (bank account number, credit card number).
2. Information about the processing of personal data
Your personal data will be processed for the following purposes:
- Conclusion or execution of the contract concluded between parties, including ensuring correctness of quality of services provided – for the duration of the contract and settlements after its completion, as well as for the time of limitation of claims of art. 6 par. 1 b of GDPR
- Compliance with legal obligations, such as issuing and storing invoices and accounting documents, responding to complaints, for the duration of performance of duties and for a period during which the law orders storage of documents – art. 6 par. 1 let. c of GDPR;
- Determining, defending against and pursuing claims – for a period during which claims under the contract are time-barred – art. 9 par. 2 let. f of GDPR;
- Completing legitimate interests of the Controller (direct marketing) for the duration of the Controller’s business purpose – art. 6 par. 1 let. f of GDPR;
3. Forwarding your personal data:
Recipients of personal data are:
- Entities processing data on our behalf, participating in the contract only
for purposes related to the provision of our services, including airlines, hotels etc.;
- Entities cooperating in the field of IT services;
- Entities providing advisory services/legal assistance, audit services, entities conducting payment activities;
If we disclose data to third parties, we require them to maintain confidentiality
and security of information and to use data only to provide us with a given service or product.
4. Rights related to the processing of personal data
As Data Controller, we provide the following rights, in the implementation of which you can submit an application for:
- Correction of data,
- Removal of data processed unreasonably or placed on our websites.
- Restriction of processing (interruption of operations on data – according to the submitted application) when:
- You are questioning the accuracy of personal data – for a period allowing the Controller to check the correctness of this data;
- Processing is against the law, and you are opposed to deleting personal data, in turn demanding the restriction of data processing;
- The controller does not need data, but it is necessary for you to establish, investigate, defend claims.
- Access to data – information about the data processed by us and a copy of this data,
- Transferring of data to another data controller,
- The right to object to the processing of data when it is based on legitimate interest of the Controller.
Rights indicated above can be exercised by submitting an application in writing to the address of the Controller, i.e. WhyNotTravel sp. z o. o. sp. k. Kielnarowa 108a, 36-020 Tyczyn, application can also be submitted via e-mail. Controller may request additional information in order to authenticate the person performing the rights.
You have the right to lodge a complaint to the President of the Office for the Protection of Personal Data if the processing of your personal data violates the law.
6. Processing method
Your personal data is processed electronically and manually.
The controller makes every effort to provide all means of physical, technical
and organizational protection of personal data against their accidental or intentional destruction, accidental loss, change, unauthorized disclosure, use or access, in accordance with all applicable regulations.