1.
The controller of personal data collected
directly from data subjects via websites included in the Service available at
www. kartaturysty.sitel and www. e-touristcard.site and Mobile Application is
Tomasz Staszewski, conducting business under the name: "2deal Tomasz
Staszewski", ul. Zdziarska 75F Lok. 1, 05-800 Pruszków, NIP 5222651752,
hereinafter referred to as the Administrator.
2.
The Administrator processes personal data in
accordance with Article 6(1)(f) of the RODO and other legal regulations
concerning the protection of personal data on the Internet. Above all, it
protects the security of the data made available to it, including against
access by unauthorised persons. To this end, measures of a technical and
organisational nature have been implemented.
3.
The legal basis for the processing of personal
data may be or may be:
o
Article 6 (1) (b) RODO - contractual
requirements, i.e. the need to dispose of the data for the purposes of
providing services by the Service;
o
Article 6 (1) (c) RODO - statutory
requirements, i.e. the need to fulfil legal obligations arising from legal
regulations;
o
Article 6(1)(f) RODO - legitimate requirements
of the Administrator, i.e. the need to pursue legitimate interests.
4.
Based on the grounds for processing personal
data listed in the previous paragraph, the Service will process the acquired
personal data for the following purposes:
o
for the purpose of providing services,
including for the purpose of handling queries and complaints, executing Users[ap]
instructions and concluding additional agreements;
o
in
order for the Service to comply with the law, including in particular tax
regulations;
o
for the purpose of asserting and defending
against claims, marketing products and services of the Service.
5.
The subjects indicated in point 2 give their
consent to the processing of personal data within the scope described in the
regulations by accepting it when creating an Account. On behalf of a Customer
who is at least 13 but under 18 years of age, as well as a person who is
partially incapacitated, the aforementioned consent must be confirmed by a
legal guardian or curator, as referred to in §4.2 of the Regulations.
6.
Apart from the data of entities indicated in
paragraph 5, Partners have the opportunity to introduce to the Service data of
other entities - Customers who are not Service Users, as well as their
employees and associates within the creation of Sub-accounts. In relation to
such data, as well as in relation to the Clients[ap] data provided to the Partners
in connection with the made Reservation, the personal data administrators in
accordance with the Personal Data Protection Act are the Partners. In this
regard, it is the Partner[ap]s responsibility to ensure that the personal data is
processed in a lawful manner.
7.
In order to perform the Services that have
been reserved, the Partners shall be provided with the Customers[ap] personal data
to the extent indicated in §5 (8) of the Terms of Service.
8.
Within the Site, personal data is collected
directly from its Users, which category includes:
o
Clients;
o
Partners - in the event that they conduct
business as sole proprietors or in the form of a civil partnership;
9.
Using the Service means that the User agrees
to have his/her personal data processed by the Administrator to the extent
specified in the Service Regulations and in its appendices.
10.
Administrator ensures that all Users exercise
their rights under RODO, in particular the right to inspect their own data, the
right to demand that their data be updated and removed, and the right to object
in the cases specified in the provisions of this Act. Users can exercise these
rights by logging into their Accounts, as well as by contacting the
Administrator in order to obtain relevant information or make declarations
related to data processing. After logging into an Account, the User may, in
particular, change the data entered, as well as delete the Account - which is
tantamount to the removal of associated Personal Data. 11.
11.
The Service provides for the possibility of
granting additional consent for the use of the personal data provided at the
stage of creating an Account and making Reservations, for marketing purposes by
Administrator-Partner[ap]s commercial partners and other entities to which the
Personal Data may be transferred for this purpose. Granting this consent is
tantamount to granting consent to receive commercial information by means of
electronic communication and using telecommunications terminal equipment for
this purpose.
12.
When paying for services booked as part of the
Partners[ap] offers available on the Website, it is also necessary to indicate the
data required to make the payment according to the chosen method. The scope of
this data is defined by the regulations of the intermediaries indicated in §8,
passage 2, letters a-b of the Regulations.
13.
Removal of personal data from the
Administrator[ap]s database takes place by submitting an appropriate declaration.
In order to be effective it must be submitted in a manner allowing verification
of the submitter, i.e. for example through the e-mail address associated with
the Account. Account and data connected to it will be removed from the personal
data base of the Service within 14 days from the date of receiving and
verifying the message.
14.
Service uses cookies for statistical purposes
and to enable operation of certain functions, e.g. remembering the user[ap]s login
data. Using the Website is subject to consent to the storage of these files in
the User[ap]s ICT system. Information on possible deactivation of the possibility
of storing this information is available at www.wszystkoociasteczkach.pl.
Changing the settings in accordance with the guidelines contained in the link
may be associated with incorrect functioning of some elements of the Service.
15.
Information contained in system logs created
on servers of the Service may contain various data, e.g. IP address. They are
used for technical purposes, to collect general, statistical information. The
above data can be made available to entities authorized on the basis of valid
legal regulations, including also in case of violation of the Administrator[ap]s
rights, attempted hacking, other activity to the Administrator[ap]s detriment or
violation of legal regulations.