Weco-Travel Logo

Privacy Policy

Privacy policy of co-administrators: Weco-Travel Services Sp. z o.o. , a company based in Warsaw and Weco-Travel Sp. z o.o. also based in Warsaw

  1. Following entities are your personal data’s administrator:
  1. Weco-Travel Services Sp. z o.o. based in Warsaw, address: ul. Aleja Jana Pawła II 19, 00-854 Warszawa.
  2. Weco-Travel Sp. z o.o. based in Warsaw, address ul. Aleja Jana Pawła II 19, 00-854 Warszawa. working together as co-administrators. As a part of co-administrator’s contract, we agreed on the scope of our responsibility when it comes to performing GDPR related duties. This applies especially to the fact that Weco-Travel Services Sp. z o. o. is obligated, as a co-administrator, to fulfil the legal information obligation towards you. In connection to the scope of services provided, especially organising business trips ordered by your employer/contractor, we can act as a data processor depending on the type of service provided.

II. Data Protection Officer

Our company has a Data Protection Officer, who can help you with any personal data protection related matters, including answering your questions regarding processing your personal data. You can contact our Data Protection Officer (DPO) through a contact form.

III. Processing personal data – goals and bases.

In order to provide our services, our company processes your data – for various purposes, always in a lawful manner. Below you can find specified purposes:

  1. Preparing an offer of a travel service, making a reservation in reservation systems, forwarding data to service providers, entities participating in reservation-making process, distributing announcements, managing claims.
  2. Handling phone calls, sales report making, sales registration and settlement, preventing abuse when providing a service and perfecting our services, management when ending a contract, administrative reasons.
  3. Marketing related endeavours. In this case it is in our interest to present our products and services offer, but only if you already are our client or you agreed to receive commercial information electronically (for more information see point IV).
  4. Following guidelines of an authorized national administration unit.
  5. Protecting your (or others) health, life and/or possessions if a dangerous situation occurs when traveling.
  6. Providing our and our service providers’ loyalty programs.
  7. Answering questions asked through the contact form. In order to provide our services, we process personal data, such as: • Full name, • E-mail address, • Phone number, • If providing visa-related services, data required for the visa process, • Birth dates, in instances listed in applicable regulations, • If providing airport-related services, identification document information, • Other data required due to the destination of your trip or needed in order to provide you with our services The basis for the processing of your personal data from 25 May 2018 is Article 6 paragraph 1 letters a), b), c) and f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC

IV. Newsletter

Technical services provider responsible for sending you a newsletter: FreshMail Sp. z.o.o. based at al. 29 Listopada 155c, 31-406 in Cracow. Purpose: Sending offers, updates, industry news, and event invitations. Processed data: • e-mail address (obligatory) • name (optional) • registration date (automatically recorded) • Selected country of registration (automatically recorded) When you sign up, we will track your behaviour within the newsletter (tracking opening e-mails and opening links) Legal basis for sending the newsletter: Your consent under article 6 paragraph 1 letter a) GDPR. Your data will be stored until you unsubscribe to our newsletter. You can unsubscribe at any moment via a link placed at the very end of every newsletter. After unsubscribing you will not receive any further offers, your personal data will not be used and will be deleted immediately.

V. Cookies

  1. Our company, like other similar entities, uses so called “cookies” on its website. Cookies are short text files stored on your computer, phone, tablet, and other electronic devices. Those files can be read by our system or a third-party system we use (e.g. Facebook, Google)
  2. Cookies have many functions on our website. The most common useful functions of cookies are as follows (if you find the information insufficient, please contact us):
    Ensuring security - cookie files are used to verify users and preventing unauthorised use of the customer panel. Therefore, they are used to protect user’s personal data from being accessed by any unauthorised person; • Functionality and performance of the website - cookie files are used to ensure smooth performance of the website and convenient use of its function. Ability to keep settings between website visits is one of the factors making smooth navigation through the website possible; • session status - cookie files often store data on how the website is used by its users (e.g. which section of the website is the most viewed). They also help with identifying errors occurring. Cookies help with improving services and make searching through the website more convenient by storing your “session status”; • keeping session status - if a customer is logging into their profile, cookies make keeping the session status possible. This means not having to log in every time you re-enter the website, which makes visiting our website more comfortable; • creating statistics - cookies are used to analyse the way users utilize our website (e.g. how many users view the website, how long they view it, which content is the most viewed). This allows us to constantly improve the website and meet preferences of its users. To track activity and create statistics, we use Google tools (such as Google Analytics). On top of reporting statistics, Google Analytics is a tool which, when used with some of the cookie files, can help with showing users more personalised content withing Google services (e.g. Google search engine) and beyond them;
  3. Importantly, many of the cookie files are anonymous – we are not able to identify you without you providing us with more information.
  4. The search engine on your devices automatically allows cookies; therefore we encourage you to turn the cookies on when visiting our website for the first time. If you do not want the cookies to be used, you can change your search engine settings anytime – by blocking automatic cookies use altogether or by demanding notification every time cookie files are placed into your device.
  5. We respect the autonomy of every person who uses our website. That being said, we feel obligated to inform you that disallowing or restricting cookie files might result in major difficulties when navigating our website (e.g. having to log in every time you visit the website, longer loading screen, limited functionality).

VI. Right to withdraw consent

  1. If processing your data is based on your consent, you can withdraw it anytime.
  2. If you would like to withdraw your consent, contact our Data Protection Officer through the contact form.
  3. If processing your data was based on your consent, withdrawing it will not make previous data processing illegal. In other words, we have the right to process your data as long as we have your consent and withdrawing it will not change the legality of us processing your data at the time of your consent being valid.

VII. Providing personal data requirement

Providing us with your personal data is optional. However, there are certain instances in which providing personal data might be required in order to meet your expectations when using our services.

VIII. Automatic decision-making and profiling

We would like to inform you that we do not use automatic decision-making or profiling.

IX. Personal data recipients

  1. Like most of companies, we use third-party service providers, which often means having to forward your personal data to them. Therefore, if needed, we forward the data to our contractors when providing our services.
  2. Third-party travel services providers, airlines, railways, hotel chains, car rentals, transport services providers, insurance companies, reservation services providers, IT companies, visa agents, shipowners, payment managing companies, lawyers and authorised national administration units are the recipients of personal data shared by the administrator. Co-administrators carefully analyse every case of data request to ensure proper care.

X. Sharing personal data with third countries

  1. We would like to inform you that due to the nature of our services, your data can be shared beyond European Economic Area, but only if it is necessary to provide ordered services.
  2. GDPR sets certain limitations when it comes to sharing personal data with third countries, since they usually do not follow European regulations, therefore protection of EU citizens personal data might not be sufficient. Thus, every personal data administrator is required to identify legal basis of forwarding such data.
  3. We will provide you with additional information on sharing personal data, especially if you find this matter unsettling.

XI. Personal data processing period

  1. In alignment with legal regulations, we do not process your personal data indefinitely, but only as long as it is necessary to meet set goals. After that, your personal data will be permanently deleted and/or destroyed.
  2. If we do not need your personal data for anything beyond storing until permanent deletion and/or destruction, we secure them additionally by pseudonymization. Pseudonymization is encrypting personal data in a way that makes an additional key necessary to decipher them. Without such key, encrypted data becomes completely unreadable and therefore useless for an unauthorised person.

XII. Rights of data subjects

  1. We would like to inform you of your following rights: • Accessing your personal data; • personal data rectification; • personal data deletion; • limited data processing; • opposing processing your personal data; • transferring personal data.
  2. We respect your personal data protection rights and strive to exercise them as much as we can.
  3. Mentioned rights are not absolute, thus we can legally refuse to exercise some of them. However, if we do refuse, it is only after careful analyse and only if refusal is absolutely necessary.
  4. When it comes to filling an objection, we would like to inform you that you have right to object to processing your personal data at any given moment, based on legitimate interest of Personal Data Administrator, due to your particular situation. However, you need to remember that according to regulations we can reject your objection if we can prove: • Legal reasons superior to your interests, rights and freedom or • bases to establish, pursue or defend claims
  5. Furthermore, you can object to processing your personal data for marketing purposes at any given moment. In that case, after receiving and objection we will stop using your data for our marketing.
  6. You can exercise your rights by contacting Data Protection Officer through the contact form.

XIII. Right to file a complaint

If you believe your personal data is being processed unlawfully, you may file a complaint with the President of the Personal Data Protection Office.

XIV. Final provisions

  1. To extent not covered by this Privacy Policy, personal data protection regulations shall apply.
  2. The Privacy Policy might be supplemented or updated in accordance to current needs of co-administrators to ensure current and reliable personal data related information to our users. Users will be informed of any changes of this privacy policy on our website.
  3. This privacy policy is valid from August 1st 2025.