Information on personal data processing for Partners and Contractors

  1. The controller of personal data of Partners and Contractors is IdoBooking sp. z o. o. (also referred to as the ‘Operator’) with its registered office at al. Piastów 30, 71-064 Szczecin, entered into the register of entrepreneurs kept by the District Court Szczecin-Centrum in Szczecin, XIII Business Division of the National Court Register under the number 00001118562 NIP: 8522710288; REGON: 529324888; with a share capital of PLN 200,000.00.
  2. In matters concerning personal data, IdoBooking may be contacted by e-mail: sales@idobooking.com and by phone: +48 91 443 66 00. 3. The Data Protection Officer at IdoBooking is Rafał Malujda, e-mail address: gdpr-inspector@idobooking.com.
  3. The processing of personal data provided by Partners and Contractors, including the data of persons signing the contract and indicated for its execution (regardless of whether the contact details of these persons such as e-mail or telephone number were obtained from these persons directly or through a Partner/Contractor), takes place on the basis of:
    1. Article 6(1)(b) of the GDPR, i.e. for the purposes of carrying out the cooperation on the basis of the contract concluded, the provision by IdoBooking of the services performed in accordance with the order granted, including for the purposes of accounting, contact, making settlements, and other activities directly related to the subject matter of the contract,
    2. Article 6(1)(c) GDPR for purposes relating to the performance of regulatory obligations, where processing is necessary for compliance with a legal obligation incumbent on the Controller,
    3. Article 6(1)(f) GDPR, i.e. for the purposes of correspondence/contact with the Partner/Contractor (including potential ones), as well as for the purposes of archiving correspondence and documentation related to the services provided, and for the purposes of direct marketing of the Administrator's own products and services, e.g. sending a newsletter, which constitutes legitimate interests pursued by the Administrator.
  4. Recipients of the personal data processed by IdoBooking are IdoBooking's business partners, hosting companies, software providers, marketing agencies, Internet and card payment operators, accounting offices, law firms and other entities to whom IdoBooking entrusts personal data or makes them available on the basis of an appropriate agreement to provide services.
  5. Personal data may be transferred to entities located in third countries such as the USA and Canada for which the European Commission has declared an adequate level of protection for personal data (in the case of the USA, it is a condition that the entity in question has joined the ‘EU-US Data Protection Framework’).
  6. Personal data will be stored until the expiry of the statute of limitations for claims arising from the contract concluded/service provided or for the period required by separate regulations on tax and accounting obligations - whichever period ends later. After the expiry of this period, personal data will be processed by the Operator on the basis of Article 6(1)(f) GDPR, i.e. for the purposes resulting from the legitimate interests pursued by IdoBooking such as possible defense, investigation or establishment of claims, as well as for the purposes of marketing campaigns conducted.
  7. The Partner and Contractor has the right to request IdoBooking to access, rectify, delete or restrict processing of their personal data, as well as the right to data portability.
  8. The Partner and Contractor has the right to object at any time - on grounds relating to their particular situation - to the processing of personal data concerning them based on Article 6(1)(f) GDPR including profiling on the basis of these provisions. IdoBooking will no longer be allowed to process such personal data unless it demonstrates the existence of compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Partner or Contractor or grounds for establishing, asserting or defending claims.
  9. If personal data is processed for direct marketing purposes, the Partner or Contractor has the right to object at any time to the processing of personal data concerning it for such marketing, including profiling, to the extent that the processing is related to such direct marketing. If an objection is raised, the personal data may no longer be processed for such purposes.
  10. The Partner and Contractor has the right to lodge a complaint with the supervisory authority, which is the President of the Office for Personal Data Protection.
  11. The provision of personal data by the Partner and Contractor is a contractual requirement and is voluntary, but necessary for the provision of the service. Failure to provide personal data will result in the inability to provide the Service.