I. Details of Personal Data Controller
We kindly inform you that the Data Controller of your personal data provided in regard to the provision of services is Weco-Travel Services Sp. z o.o. with its headquarters at Al. Jana Pawla II 19, Warsaw (00-854), registered in the Register of Entrepreneurs of the National Court Register under the KRS No.: 638872, Vat No. (NIP): 5272780836 hereinafter referred to as the Company.
II. Data Protection Officer (DPO)
The Company has its Data Protection Officer (DPO). Currently this position is held by Ms Karolina Taber who will support you in any requests and issues related to the personal data protection and provide answers for any questions regarding processing of your personal data. Contact with the DPO is possible via contact form.
III. Purpose and grounds for personal data processing
In order to provide services in accordance with the scope of our business activity, the Company processes your personal data for various purposes, but always in accordance with the law. Below you may find specific purposes for the processing of personal data together with the corresponding legal grounds.
Arranging a tourist service offer, making reservations in booking systems, providing data to service providers and entities participating in the booking process, distribution of messages, handling claims.
The service of phone calls, generating sales reports, registering and settling sales, preventing abuse in services and improving them, service of contract withdrawal, administrative purposes.
Implementation of marketing activities. In this case, the legitimate interest is the presentation of products and services offers but only if you are already our client or you have agreed to receive commercial information by email. You have the right to object to this processing. (For more information: see point IV. therein)
Implementation of guidelines of authorized units of state administration.
Protection of your (or others') health, life and wealth in the event of an emergency while traveling.
Implementation of loyalty programs, both own and service providers.
In order to provide our services, the following personal data may be processed:
- name and surname;
- e-mail address;
- telephone number;
- while performing visa services - the necessary data indicated in the relevant provisions;
- date of birth in the case indicated in the relevant provisions;
- while performing airport services -- the necessary data regarding an identity document (ID).
The basis for the processing of your personal data starting from May 25th, 2018, constitutes the Art. 6, section 1, points (a), (b), (c) and (f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR).
The provider of technical services for sending the newsletter is the processor FreshMail Sp. z o. o. with headquarters at Al. 29 Listopada 155c, 31-406 in Cracow.
Purpose: sending offers, tourism industry messages and information as well as invitations to events
- E-mail address (required)
- Name (voluntary)
- Date of notification (registered automatically)
- Selected country of registration (automatically registered)
When you subscribe to the newsletter, we will record your behavior in it (tracking the opening of emails and clicking on links).
The legal basis for sending the newsletter is your consent pursuant to Art. 6 section 1, point (a) GDPR.
Your data will be stored until you unsubscribe from the newsletter. You can unsubscribe at any time. A link can be found at the end of each newsletter. After unsubscribing from the newsletter, you will not receive any further offers from us and your personal data will no longer be used and will be deleted immediately.
The Company on its website, like other entities, uses the so-called website cookies, i.e. short text information saved on a computer, phone, tablet, or other user's device. They can be read by our system as well as by systems belonging to other entities providing services (e.g. Facebook, Google, etc.).
The abovementioned cookies play an important and mostly useful role on the website, therefore you can find the detailed description of their specificity below (if the information appears to be insufficient, please feel free to contact us):
- ensuring security - cookies are used to authenticate users and prevent unauthorized use of the client's panel. They are therefore used to protect the user's personal data against unauthorized access;
- positive impact on the processes and general efficiency of using the website - cookies are used to ensure that the website works efficiently and that you can use the features available on it. It is possible thanks to remembering the settings between subsequent visits on the website. Thanks to the cookies, you can efficiently navigate the website and its corresponding subpages;
- session status - cookies often record information about how visitors use the website, for example which subpages are most frequently displayed. They also enable identification of errors on some subpages. Hence, cookies used to save the so-called "session state" improve services and increase the comfort of browsing websites;
- maintaining session status - if the client logs in to his panel, cookies allow the session to be maintained. This means that after switching to another subpage, you do not have to enter your login and password again, which significantly contributes to the enhanced comfort of using the website;
- creating statistics - cookies are used to analyze how users use the particular website (how many users open the website, how long they remain on the website, which content arouses the most interest, etc.). Thanks to this, it is possible to constantly improve the website and adapt its operation to the preferences of users. In order to track activity and create statistics, we use Google tools such as Google Analytics; in addition to reporting website usage statistics, the Google Analytics along with some of the abovementioned web cookies contribute to displaying more relevant content designed for the particular user of Google services (e.g. Google search engine) and across the entire web;
Importantly, most of web cookies remain anonymous for us, i.e. they contain no additional information. Basing on such cookies we are unable to determine your identity.
VI. Right to withdraw consent
If the processing of personal data takes place basing on your prior consent, you can withdraw it at any time - at your discretion.
If you would like to withdraw your consent to the processing of personal data, please send a message to our Data Protection Officer (DPO) who may be reached via contact form.
If the processing of your personal data took place basing on your consent, its withdrawal does not mean that the processing of personal data up to this point had been illegal. In other words, until the withdrawal of your consent has been received, we have the right to process your personal data.
VII. Requirement to provide personal data
Providing any personal data is voluntary and depends on your decision. However, in some cases, providing certain personal data is necessary to meet your expectations regarding the services offered by our Company.
VIII. Automated decision-making and profiling
We kindly inform you that we do not use neither automated neither decision-making nor profiling.
IX. Recipients of personal data
Like most companies, we use the support of other entities in our business activities, which often involve the necessity to provide particular personal data. This means that in some cases, for successful order fulfillment, it is necessary to provide your personal data to the contractors with whom we cooperate.
The recipients of personal data, that the Controller provides or entrusts, are third parties within the recipient categories such as travel agents and suppliers, airlines, hotel chains, hotels, car rental companies, railway service providers, shipowners, companies providing personal transport services, insurance companies, reservation system providers, IT service providers, visa brokers, financial institutions involved in payment processing, Weco-Travel subsidiaries and authorized units of state Administration. Nevertheless, we assure you that every request to disclose your personal data is analyzed thoroughly and no information will be accessed by an unauthorized person.
X. Transfer of personal data to third countries
We would like to inform you that in connection with the services we provide, your personal data may be transferred by us outside the European Economic Area, but only for the purpose of completing the ordered service.
GDPR imposes certain restrictions on the transfer of personal data to third countries. However, on account of the fact that European law does not apply in such countries, the protection of personal data of EU citizens may be insufficient. Therefore, each personal data controller is required to identify the legal grounds for such transferring and processing.
At any time, we will provide you additional clarifications regarding the transfer and processing of personal data, in particular when such an issue raises your concern.
XI. Personal data processing period
In accordance with the applicable law, we do not process your personal data "infinitely", but for the time that is needed to fulfill the order. After this period, your personal data will be permanently removed or destroyed.
In a situation where it is not needed to perform other operations on your personal data than storing, until they are permanently removed or destroyed, we additionally secure them - through pseudonymization. Pseudonymization involves such encryption of personal data or a personal data set that it is impossible to read them without an additional key, and thus such information remains completely useless for an unauthorized person.
XII. Rights of data subjects
- We kindly inform you that you have the right to:
- access to your personal data;
- rectification of personal data;
- deletion of personal data;
- restriction on the processing of personal data;
- object to the processing of personal data;
- move your personal data.
We respect your rights under the provisions of personal data protection and we try to facilitate their implementation to the highest possible extent.
Please note that the abovementioned rights are not of an absolute nature, therefore in certain situations we may legally refuse to exercise them. However, refusal may only happen after a thorough analysis of the case and only if such a decision is necessary.
We would like to inform that you have the right to object the processing of your personal data at any time basing on the legitimate interest of the Data Controller in relation to your particular situation. However, please note that in accordance with the law, we may refuse to accept the objections if we prove that:
- there are legitimate grounds for processing that take precedence over your interests, rights, and freedoms or
- there are grounds for establishing, investigating, or defending claims.
Furthermore, you have the right to object at any time to the processing of your personal data for marketing purposes. As soon as we receive such an objection, we will stop processing your personal data for this particular purpose.
You can exercise your rights by sending an email to the Data Protection Officer (DPO) who can be reached via contact form.
XIII. Right to file a complaint
If you believe that your personal data is being processed against the binding provisions of law, you can file a complaint directly to the Inspector General for the Protection of Personal Data.
XIV. Final provisions