INFORMATION ON PERSONAL DATA PROCESSING

The notification is implemented in the scope of guidelines resulting from the Regulation 2016/679 of the European Parliament and the Council of the EU of April 27 2016. on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

The following information is addressed to travelers, people making reservations for others and employees and co-workers of companies that plan to establish or have established cooperation with eTravel or related companies.

PERSONAL DATA CONTROLLER

I. The Controller of your Personal Data is eTravel S.A., Al. Jerozolimskie 96, 00-807 Warsaw, +48 22 492 08 60, sekretariat@etravel.pl.

II. The Data Protection Officer is Mirosław Bohun, ul. 10 Lutego 16, 81-364 Gdynia, tel. +48 22 492 08 05, rodo@etravel.pl. You may contact him with regards to all matters related to the processing of personal data and the use of rights related to data processing.

PURPOSE AND BASIS OF PROCESSING

III. eTravel S.A. offers services in the field of selling travel services and travel management. We provide these services directly or through our partners. Thus, your personal data may be processed as part of the following goals:

1. Arranging a tourist service offer, making reservations in booking systems, providing data to service providers and entities participating in the booking process, distribution of messages, handling claims. The data will be processed on the basis of art. 6 section 1 (b) of the GDPR, because it is necessary for the performance of the agreement, ie. purchasing of a service or taking necessary steps prior to purchasing a service.

2. Implementation of marketing activities. The data will be processed on the basis of art. 6 section 1 (f) of the GDPR, under the legitimate interest pursued by the Controller. In this case, the legitimate interest is the presentation of products and services offers but only if you are already our client or you have agreed to receive commercial information by email. You have the right to object to this processing.

3. The service of our Call Center, servicing the emergency line, generating sales reports, registering and settling sales, preventing abuse in services and improving them, service of withdrawal from the contract, administrative purposes. The data will be processed on the basis of art. 6 section 1 (f) of the GDPR, under the legitimate interest pursued by the Controller. In this case, the legitimate interest is using IT infrastructure to provide services, providing after-sales services, settling sold services and broadly understood sales management. You have the right to object to each of these processings.

4. Implementation of guidelines of authorized units of state administration. The data will be processed on the basis of art. 6 section 1 (c) of the GDPR, the legal obligation imposed on the Controller.

5. Protection of your (or others’) health, life and wealth in the event of an emergency while traveling. The data will be processed on the basis of art. 6 section 1 (d) of the GDPR.

6. Implementation of loyalty programs, both own and service providers'. The data will be processed on the basis of art. 6 section 1 (a) of the GDPR, your consent expressed directly or by a clear affirmative action or signifies agreement.

7. Establishing cooperation between eTravel and the company you represent, correspondence within the already established cooperation. The data will be processed on the basis of art. 6 section 1 (f), i.e. under the legitimate interest of the Controller. The legal interest in this case is establishing and conducting business relations. You have the right to object to this processing.

8. Transfer of personal data to the subsidiary - eTravel Services Sp. z o.o. The data will be processed on the basis of art. 6 section 1 (f), i.e. under the legitimate interest of the Controller. The legal interest in this case is the optimization of sales processes of services through specialized units of the organization. You have the right to object to this processing.

DATA RECIPIENTS

IV. The recipients of personal data, that the Controller provides or entrusts, are third parties within the recipient categories such as travel agents and suppliers, airlines, hotel chains, hotels, car rental companies, railway service providers, shipowners, companies providing personal transport services, insurance companies, reservation system providers, IT service providers, visa brokers, financial institutions involved in payment processing, companies dealing with archiving or disposing of documents, subsidiaries of the eTravel capital group and authorized units of state administration.

V. Personal data will be transferred to third countries or international organizations (outside the European Economic Area) if it is required to achieve the purpose of processing.

RETENTION OF DATA AND THE RIGHTS OF THE DATA SUBJECT

VI. Personal data will be processed for the period in which the purposes of processing will be fulfilled. After this date, they will be deleted or anonymized (encrypted in a way that makes it impossible to identify the owner of the data). Data may be processed after the services have ended, but only if it is permitted or required under applicable law, e.g. processing for billing purposes or for handling claims.

VII. You have the right to access personal data, demand their rectification, removal or limitation of processing, the right to object to the processing, the right to transfer data.

VIII. You have the right to withdraw your prior consent to the processing of personal data.

IX. You have the right to lodge a complaint with the supervisory body.

SOURCE FROM WHICH THE DATA IS OBTAINED AND ITS VOLUNTARY PROVISION

X. The Controller obtained personal data directly from the data subject, from a third party (e.g. when the booking is not made by the traveler), automatically through our websites.

XI. The provision of data is voluntary. In the case of purchase of tourist services, providing eTravel with personal data is, however, a prerequisite for the execution of the order. In the event of not receiving personal data, the Controller is not able to execute the order.