- Details of Personal Data Controller
We kindly inform you that the Data Controller of your personal data provided in regard to the provision of services is Weco-Travel Services Sp. z o.o. with its headquarters at Al. Jana Pawla II 19, Warsaw (00-854), registered in the Register of Entrepreneurs of the National Court Register under the KRS No.: 638872, Vat No. (NIP): 527-278-08-36
hereinafter referred to as the Company.
- Data Protection Officer (DPO)
The Company has its Data Protection Officer (DPO). Currently this position is held by Ms Joanna Ostrowska who will support you in any requests and issues related to the personal data protection and provide answers for any questions regarding processing of your personal data. Contact with the DPO is possible via the contact form.
- Purpose and grounds for personal data processing
- In order to provide services in accordance with the scope of our business activity, the Company processes your personal data for various purposes, but always in accordance with the law. Below you may find specific purposes for the processing of personal data together with the corresponding legal grounds.
- In order to provide our services, the following personal data may be processed:
- name and surname;
- e-mail address;
- telephone number;
- while performing visa services - the necessary data indicated in the relevant provisions;
- date of birth in the case indicated in the relevant provisions;
- while performing airport services – the necessary data regarding an identity document (ID).
- The basis for the processing of your personal data starting from May 25th, 2018, constitutes the Art. 6, section 1, points (a), (b), (c) and (f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR).
- The Company on its website, like other entities, uses the so-called website cookies, i.e. short text information saved on a computer, phone, tablet or other user’s device. They can be read by our system as well as by systems belonging to other entities providing services (e.g. Facebook, Google, etc.).
- The abovementioned cookies play an important and mostly useful role on the website, therefore you can find the detailed description of their specificity below (if the information appears to be insufficient, please feel free to contact us):
- ensuring security - cookies are used to authenticate users and prevent unauthorized use of the client's panel. They are therefore used to protect the user's personal data against unauthorized access;
- positive impact on the processes and general efficiency of using the website - cookies are used to ensure that the website works efficiently and that you can use the features available on it. It is possible thanks to remembering the settings between subsequent visits on the website. Thanks to the cookies, you can efficiently navigate the website and its corresponding subpages;
- Session status - cookies often record information about how visitors use the website, for example which subpages are most frequently displayed. They also enable identification of errors on some subpages. Hence, cookies used to save the so-called "session state" improve services and increase the comfort of browsing websites;
- maintaining session status - if the client logs in to his panel, cookies allow the session to be maintained. This means that after switching to another subpage, you do not have to enter your login and password again, which significantly contributes to the enhanced comfort of using the website;
- creating statistics - cookies are used to analyze how users use the particular website (how many users open the website, how long they remain on the website, which content arouses the most interest, etc.). Thanks to this, it is possible to constantly improve the website and adapt its operation to the preferences of users. In order to track activity and create statistics, we use Google tools such as Google Analytics; in addition to reporting website usage statistics, the Google Analytics along with some of the abovementioned web cookies contribute to displaying more relevant content designed for the particular user of Google services (e.g. Google search engine) and across the entire web;
- Importantly, most of web cookies remain anonymous for us, i.e. they contain no additional information. Basing on such cookies we are unable to determine your identity.
- Right to withdraw consent
- If the processing of personal data takes place basing on your prior consent, you can withdraw it at any time - at your discretion.
- If you would like to withdraw your consent to the processing of personal data, please send a message to our Data Protection Officer (DPO) using the contact form.
- If the processing of your personal data took place basing on your consent, its withdrawal does not mean that the processing of personal data up to this point had been illegal. In other words, until the withdrawal of your consent has been received, we have the right to process your personal data.
- Requirement to provide personal data
- Providing any personal data is voluntary and depends on your decision. However, in some cases, providing certain personal data is necessary to meet your expectations regarding the services offered by our Company.
- Automated decision-making and profiling
We kindly inform you that we do not use neither automated neither decision-making nor profiling.
- Recipients of personal data
- Like most companies, we use the support of other entities in our business activities, which often involve the necessity to provide particular personal data. This means that in some cases, for successful order fulfillment, it is necessary to provide your personal data to the contractors with whom we cooperate.
- In addition, there is a possibility that on the basis of the appropriate law or decision of the competent authority, we will be obliged to pass your personal data to other public or private entity. Thus it is extremely difficult to predict who may apply for the disclosure of personal data. Nevertheless, we assure you that every request to disclose your personal data is analyzed thoroughly and no information will be accessed by an unauthorized person.
- Transfer of personal data to third countries
- We would like to inform you that in connection with the services we provide, your personal data may be transferred by us outside the European Economic Area, but only for the purpose of completing the ordered service.
- GDPR imposes certain restrictions on the transfer of personal data to third countries. However, on account of the fact that European law does not apply in such countries, the protection of personal data of EU citizens may be insufficient. Therefore, each personal data controller is required to identify the legal grounds for such transferring and processing.
- At any time, we will provide you additional clarifications regarding the transfer and processing of personal data, in particular when such an issue raises your concern.
- Personal data processing period
- In accordance with the applicable law, we do not process your personal data "infinitely", but for the time that is needed to fulfill the order. After this period, your personal data will be permanently removed or destroyed.
- In a situation where it is not needed to perform other operations on your personal data than storing, until they are permanently removed or destroyed, we additionally secure them - through pseudonymization. Pseudonymization involves such encryption of personal data or a personal data set that it is impossible to read them without an additional key, and thus such information remains completely useless for an unauthorized person.
- Rights of data subjects
- We kindly inform you that you have the right to:
- access to your personal data;
- rectification of personal data;
- deletion of personal data;
- restriction on the processing of personal data;
- object to the processing of personal data;
- move your personal data.
- We respect your rights under the provisions of personal data protection and we try to facilitate their implementation to the highest possible extent.
- Please note that the abovementioned rights are not of an absolute nature, therefore in certain situations we may legally refuse to exercise them. However, refusal may only happen after a thorough analysis of the case and only if such a decision is necessary.
- We would like to inform that you have the right to object the processing of your personal data at any time basing on the legitimate interest of the Data Controller in relation to your particular situation. However, please note that in accordance with the law, we may refuse to accept the objections if we prove that:
- there are legitimate grounds for processing that take precedence over your interests, rights and freedoms
- there are grounds for establishing, investigating or defending claims.
- Furthermore, you have the right to object at any time to the processing of your personal data for marketing purposes. As soon as we receive such an objection, we will stop processing your personal data for this particular purpose.
- You can exercise your rights by sending a message to the Data Protection Officer (DPO) using the contact form.
- Right to file a complaint
If you believe that your personal data is being processed against the binding provisions of law, you can file a complaint directly to the Inspector General for the Protection of Personal Data.
- Final provisions