Privacy policy

1.       The controller of personal data collected directly from data subjects via websites included in the Service available at www. kartaturysty.sitel and www. e-touristcard.site and Mobile Application is Tomasz Staszewski, conducting business under the name: "2deal Tomasz Staszewski", ul. Zdziarska 75F Lok. 1, 05-800 Pruszków, NIP 5222651752, hereinafter referred to as the Administrator.

2.       The Administrator processes personal data in accordance with Article 6(1)(f) of the RODO and other legal regulations concerning the protection of personal data on the Internet. Above all, it protects the security of the data made available to it, including against access by unauthorised persons. To this end, measures of a technical and organisational nature have been implemented.

3.       The legal basis for the processing of personal data may be or may be:

o   Article 6 (1) (b) RODO - contractual requirements, i.e. the need to dispose of the data for the purposes of providing services by the Service;

o   Article 6 (1) (c) RODO - statutory requirements, i.e. the need to fulfil legal obligations arising from legal regulations;

o   Article 6(1)(f) RODO - legitimate requirements of the Administrator, i.e. the need to pursue legitimate interests.

4.       Based on the grounds for processing personal data listed in the previous paragraph, the Service will process the acquired personal data for the following purposes:

o   for the purpose of providing services, including for the purpose of handling queries and complaints, executing Users[ap] instructions and concluding additional agreements;

o    in order for the Service to comply with the law, including in particular tax regulations;

o   for the purpose of asserting and defending against claims, marketing products and services of the Service.

5.       The subjects indicated in point 2 give their consent to the processing of personal data within the scope described in the regulations by accepting it when creating an Account. On behalf of a Customer who is at least 13 but under 18 years of age, as well as a person who is partially incapacitated, the aforementioned consent must be confirmed by a legal guardian or curator, as referred to in §4.2 of the Regulations.

6.       Apart from the data of entities indicated in paragraph 5, Partners have the opportunity to introduce to the Service data of other entities - Customers who are not Service Users, as well as their employees and associates within the creation of Sub-accounts. In relation to such data, as well as in relation to the Clients[ap] data provided to the Partners in connection with the made Reservation, the personal data administrators in accordance with the Personal Data Protection Act are the Partners. In this regard, it is the Partner[ap]s responsibility to ensure that the personal data is processed in a lawful manner.

7.       In order to perform the Services that have been reserved, the Partners shall be provided with the Customers[ap] personal data to the extent indicated in §5 (8) of the Terms of Service.

8.       Within the Site, personal data is collected directly from its Users, which category includes:

o   Clients;

o   Partners - in the event that they conduct business as sole proprietors or in the form of a civil partnership;

9.       Using the Service means that the User agrees to have his/her personal data processed by the Administrator to the extent specified in the Service Regulations and in its appendices.

10.   Administrator ensures that all Users exercise their rights under RODO, in particular the right to inspect their own data, the right to demand that their data be updated and removed, and the right to object in the cases specified in the provisions of this Act. Users can exercise these rights by logging into their Accounts, as well as by contacting the Administrator in order to obtain relevant information or make declarations related to data processing. After logging into an Account, the User may, in particular, change the data entered, as well as delete the Account - which is tantamount to the removal of associated Personal Data. 11.

11.   The Service provides for the possibility of granting additional consent for the use of the personal data provided at the stage of creating an Account and making Reservations, for marketing purposes by Administrator-Partner[ap]s commercial partners and other entities to which the Personal Data may be transferred for this purpose. Granting this consent is tantamount to granting consent to receive commercial information by means of electronic communication and using telecommunications terminal equipment for this purpose.

12.   When paying for services booked as part of the Partners[ap] offers available on the Website, it is also necessary to indicate the data required to make the payment according to the chosen method. The scope of this data is defined by the regulations of the intermediaries indicated in §8, passage 2, letters a-b of the Regulations.

13.   Removal of personal data from the Administrator[ap]s database takes place by submitting an appropriate declaration. In order to be effective it must be submitted in a manner allowing verification of the submitter, i.e. for example through the e-mail address associated with the Account. Account and data connected to it will be removed from the personal data base of the Service within 14 days from the date of receiving and verifying the message.

14.   Service uses cookies for statistical purposes and to enable operation of certain functions, e.g. remembering the user[ap]s login data. Using the Website is subject to consent to the storage of these files in the User[ap]s ICT system. Information on possible deactivation of the possibility of storing this information is available at www.wszystkoociasteczkach.pl. Changing the settings in accordance with the guidelines contained in the link may be associated with incorrect functioning of some elements of the Service.

15.   Information contained in system logs created on servers of the Service may contain various data, e.g. IP address. They are used for technical purposes, to collect general, statistical information. The above data can be made available to entities authorized on the basis of valid legal regulations, including also in case of violation of the Administrator[ap]s rights, attempted hacking, other activity to the Administrator[ap]s detriment or violation of legal regulations.