Data Processing Information by TravelBank Ltd.

INFORMATION REGARDING PERSONAL DATA PROCESSING
The obligation to inform is carried out within the scope of guidelines resulting from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

DATA CONTROLLER

I. The controller of your personal data is TravelBank Travel Agency Ltd., located at Al. Jerozolimskie 96, 00-807 Warsaw, +48 22 492 08 60, email: rodo@travelbank.com.pl (hereinafter referred to as TravelBank).

II. We have appointed a Data Protection Officer. You can contact them for any matters regarding the processing of personal data and the exercise of rights related to data processing at rodo@travelbank.com.pl.

PURPOSE AND LEGAL BASIS OF PROCESSING
III. Personal data may be processed for the following purposes:

Establishing cooperation between TravelBank and the company you represent, correspondence within established cooperation. Data will be processed based on Art. 6(1)(f), i.e., within the legitimate interests of the controller. The legitimate interest in this case is the establishment and maintenance of business relationships. You have the right to object to this processing.
Preparing offers for tourist services, making reservations in booking systems, sharing data with service providers, entities involved in the reservation process, distributing communications, handling claims. Data will be processed based on Art. 6(1)(b) GDPR as it is necessary for the performance of a contract, i.e., purchasing a service or taking necessary actions prior to purchasing a service.
Carrying out marketing activities. Data will be processed based on Art. 6(1)(f) GDPR, i.e., within the legitimate interests of the Controller. The legitimate interest in this case is presenting offers of products and services only if you are already our customer or have consented to receiving commercial information electronically. You have the right to object to this processing.
Operating our Call Center, handling emergency lines including recording outgoing and incoming calls. Data will be processed based on Art. 6(1)(f) GDPR, i.e., within the legitimate interests of the Controller. The legitimate interest in this case is ensuring service quality and protecting the interests of the Controller. You have the right to object to each of these processing activities.
Preventing abuse of services and improving services, handling contract withdrawal, administrative purposes. Data will be processed based on Art. 6(1)(f) GDPR, i.e., within the legitimate interests of the Controller. The legitimate interest in this case is using IT infrastructure to provide services, providing after-sales services, settling sold services, and broadly managing sales. You have the right to object to each of these processing activities.
Implementing guidelines of authorized state administration bodies. Data will be processed based on Art. 6(1)(c) GDPR, i.e., legal obligation incumbent on the Controller.
Protecting your (or others') health, life, and property in case of emergency situations during travel. Data will be processed based on Art. 6(1)(d) GDPR.
Implementing loyalty programs of TravelBank and service providers. Data will be processed based on Art. 6(1)(a) GDPR, i.e., your consent expressed directly or through specific, informed, and unambiguous expression of will.
Transferring personal data to related companies of the capital group, i.e., eTravel SA and eTravel Services Ltd. Data will be processed based on Art. 6(1)(f), i.e., within the legitimate interests of the controller. The legitimate interest in this case is optimizing sales processes through specialized organizational units. You have the right to object to this processing.

DATA RECIPIENTS
IV. Recipients of personal data to whom the Controller discloses or entrusts data are third parties within categories of recipients such as IT service providers, law firms, subsidiaries of the eTravel capital group, and authorized state administration bodies.

V. Personal data will not be transferred to third countries or international organizations (outside the European Economic Area).

DATA RETENTION AND RIGHTS OF THE DATA SUBJECT
VI. Personal data will be processed for the period during which the processing purposes are being pursued. After this period, they will be deleted or anonymized (encrypted in a way that prevents identification of the data owner). Data may be processed after the termination of services, however, only if permitted or required by applicable law, e.g., for accounting purposes or to assert claims.

VII. Data subjects have the right to access personal data, request their rectification, erasure, or restriction of processing, the right to object to processing, and the right to data portability.

VIII. Data subjects have the right to withdraw consent at any time. In case of withdrawal of your consent regarding processing operations for which it was previously given by you, the Controller will cease such processing and delete data associated with it, unless they are used for other processing purposes based on a separate legal basis.

IX. Data subjects have the right to lodge a complaint with a supervisory authority.

SOURCE OF DATA ACQUISITION AND VOLUNTARINESS OF DATA PROVIDING
X. The Controller obtained personal data directly from the person to whom the data relates or from a third party authorized by them.

XI. Providing data is voluntary but is a contractual condition for the execution of an order for reservation and purchase of tourist services. In the event of not providing personal data, the Controller cannot conclude a cooperation agreement.


Site map | Privacy policy | Data protection | Legal note