PRIVACY POLICY
§ 1. General information
1. This Privacy Policy defines the rights and principles related to the processing of personal data within the provision of services using the MY-WCP tool, available at: https://my-wcp.com.
2. The fundamental rights and obligations regarding the protection of personal data, including the information obligation, are implemented based on Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), and the Act of 10 May 2018 on the protection of personal data. To the extent not regulated in this Privacy Policy, the provisions of the aforementioned legal acts shall apply.
§ 2. Data controller
1. The controllers of personal data of Users processed in connection with the provision of Intermediation Services realized via the MY-WCP service, such as intermediation in booking services, purchasing tickets, returning tickets, after-sales service, also via the hotline, including complaint handling or informing about the entity competent to handle the complaint, presenting information about available services in the field of business travel organization, are the following entities:
a. Weco-Travel Services Sp. z o. o. with its registered office in Warsaw at Aleja Jana Pawła II 19, 00-854 Warsaw.
b. Weco-Travel Sp. z o.o. with its registered office in Warsaw at Aleja Jana Pawła II 19, 00-854 Warsaw.
jointly acting as "Joint Controllers."
Within the joint controllership agreement, we have agreed on the scope of our responsibility regarding the fulfillment of obligations arising from the GDPR, in particular, we have agreed that Weco-Travel Services Sp. z o.o., as the Joint Controller, is responsible for fulfilling the legal information obligation towards you.
2. The controller of personal data of Users collected for the purpose of concluding and executing a contract for the provision of air, hotel, and other services selected by Users in connection with the organization of business trips is the entity providing the subject services and delivering the package of services available in MY-WCP.
§ 3. Data Protection Officer
The Joint Controllers have a Data Protection Officer - currently, it is Ms. Klaudia Dąbrowska, email address: iodo@wecotravel.pl, who will gladly assist you with all matters related to the protection of personal data, in particular, will answer any questions regarding the processing of your personal data. Contact with the Inspector (IODO) is possible via the contact form.
§ 4. Purposes and legal bases for processing personal data
1. In order to provide services, in accordance with the scope of our activity, we process your personal data - for various purposes, but always in accordance with the law. Below you will find the detailed purposes of processing personal data. Personal data will be processed on the basis and for the purpose of:
* Performing intermediation services in the sale of services related to the organization of business trips, including after-sales service, including handling returns, conducting complaint processes, and providing support via the hotline. This purpose also includes enabling the creation and maintenance of a User account in MY-WCP.
* Handling telephone calls, generating sales reports, registering and settling sales, preventing abuse of services, and improving services, handling withdrawal from the contract, administrative purposes.
* Implementation of loyalty programs of our own and service providers.
* Answering submitted inquiries, including via the contact form.
2. In order to perform services, we process such personal data as:
* Name and surname,
* Email address,
* Phone number,
* In the case of visa services, data indicated in relevant regulations,
* Date of birth in cases indicated in relevant regulations,
* In the case of airport services, also data concerning the identity document,
* Other data resulting from the destination of the trip or necessary for the performance of the service.
3. The basis for processing your personal data from May 25, 2018, is Article 6 paragraph 1 letters a), b), c) and f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
§ 5. Cookies
1. The Joint Controllers, like other entities, use so-called cookies, which are short text information stored on the user's computer, phone, tablet, or other device. They can be read by our system.
2. Cookies fulfill many, mostly useful functions, which we will try to describe below (if the information is insufficient, please contact us):
* Ensuring security - cookies are used to authenticate users and prevent unauthorized use of the customer panel. They serve to protect the user's personal data from access by unauthorized persons;
* Impact on processes and efficiency of using MY-WCP - cookies are used to ensure that it works efficiently and that you can use the functions available on it, which is possible, among other things, by remembering settings between subsequent visits to MY-WCP.
* Session state - cookies often store information about how visitors use the site, e.g. which subpages they display most often. They also enable the identification of errors displayed on some subpages. Cookies used to save the so-called "session state" thus help to improve services and increase the comfort of browsing pages;
* Creating statistics - cookies are used to analyze how users use the site. Thanks to this, the site can be constantly improved and its operation can be adapted to user preferences. To track activity and create statistics, we use Google tools such as Google Analytics; in addition to reporting website usage statistics, the Google Analytics pixel may also be used, together with some of the cookies described above, to help display more relevant content to the user in Google services (e.g. in the Google search engine) and throughout the network.
3. Importantly, many cookies are anonymized for us - without additional information, we are unable to identify your identity on their basis.
4. Your browser by default allows the use of cookies on the device, so please agree to the use of cookies on your first visit. However, if you do not wish to use cookies when browsing the site, you can change the settings in your browser - completely block the automatic handling of cookies or request notification each time a cookie is placed on the device. Settings can be changed at any time.
5. Respecting the autonomy of all people using the site, we feel obliged to warn that disabling or limiting the handling of cookies may cause quite serious difficulties in using the site, e.g. in the form of having to log in on each subpage, longer page loading time, limitations in the use of functionality.
§ 6. Right to withdraw consent
1. If the processing of personal data is based on consent, you can withdraw this consent at any time - at your own discretion.
2. If you would like to withdraw your consent to the processing of personal data, simply send a message to the Data Protection Officer via the contact form.
3. If the processing of your personal data was based on consent, its withdrawal does not mean that the processing of personal data up to that point was illegal. In other words, until you withdraw your consent, we have the right to process your personal data and its revocation does not affect the lawfulness of the processing carried out so far.
§ 7. Requirement to provide personal data
Providing any personal data is voluntary and depends on your decision. However, in some cases, providing certain personal data is necessary to meet your expectations regarding the use of the services offered by the Company.
§ 8. Automated decision-making and profiling
We would like to inform you that we do not make automated decisions, including those based on profiling.
§ 9. Recipients of personal data
1. Like most entrepreneurs, we use the help of other entities in our business, which often involves the need to transfer personal data. In connection with the above, if necessary, we transfer your personal data to contractors with whom we cooperate in the performance of services.
2. The recipients of personal data to whom the Controller makes available or entrusts data are third parties, within the categories of recipients such as intermediaries and tourist providers, airlines, hotel chains, hotels, car rentals, rail service providers, shipowners, companies providing passenger transport services, insurance companies, reservation system providers, IT service providers, visa intermediaries, financial institutions participating in payment processing, law firms and authorized state administration bodies. In order to exercise due diligence, each case of requesting access to personal data is always carefully analyzed by the Joint Controllers.
3. At the request of the User, who also uses other available solutions offered by the Joint Controllers, e.g. Amadeus Cytric, we synchronize systems, which allows the use of various services after one login.
§ 10. Transfer of personal data to third countries
1. We would like to inform you that in connection with the services we perform, your personal data may be transferred by us outside the European Economic Area, but only in order to perform the ordered service.
2. The GDPR introduces certain restrictions on the transfer of personal data to third countries, because since European regulations do not apply there as a rule, the protection of personal data of citizens of the European Union may unfortunately be insufficient. Therefore, each personal data controller has an obligation to identify the legal basis for such transfer.
§ 11. Period of processing personal data
1. In accordance with applicable law, we do not process your personal data "indefinitely," but for the time necessary to achieve the designated purpose. After this period, your personal data will be irretrievably deleted or destroyed.
2. In a situation where we do not need to perform operations on your personal data other than their storage, until permanent deletion or destruction, we additionally secure them - through pseudonymization. Pseudonymization consists in encrypting personal data, or a set of personal data, in such a way that without an additional key it cannot be read, and therefore such information becomes completely useless for an unauthorized person.
§ 12. Rights of data subjects
1. We would like to inform you that you have the right to access your personal data, rectify personal data, delete personal data, limit the processing of personal data, object to the processing of personal data, transfer personal data.
2. We respect your rights arising from the provisions on the protection of personal data and strive to facilitate their implementation to the highest possible extent.
3. We indicate that the listed rights are not absolute, and therefore in some situations we may legally refuse to fulfill them. However, if we refuse to consider the request, it is only after a thorough analysis and only in a situation where the refusal to consider the request is necessary.
4. Regarding the right to object, we explain that you have the right to object to the processing of personal data at any time based on the legally justified interest of the Personal Data Controller in connection with your particular situation. However, you must remember that in accordance with the regulations, we may refuse to consider the objection if we demonstrate that there are legitimate grounds for processing that override your interests, rights and freedoms or there are grounds for establishing, pursuing or defending claims.
5. In addition, you can object to the processing of your personal data for marketing purposes at any time. In such a situation, after receiving the objection, we will cease processing for this purpose.
§ 13. Right to lodge a complaint
If you believe that your personal data is processed in violation of applicable law, you can lodge a complaint with the President of the Personal Data Protection Office.
§ 14. Final provisions
1. In matters not covered by this Privacy Policy, the provisions on the protection of personal data shall apply.
2. The Privacy Policy may be supplemented or updated in accordance with the current needs of the Joint Controllers in order to provide users with current and reliable information regarding their personal data and information about them. Users will be informed of any changes to the Privacy Policy on the Website.
3. This Privacy Policy is effective from 01.07.2020