Information concerning the processing of personal data for Clients (including their employees designated to contact IdoBooking sp. z o. o.).

INFORMATION CLAUSES - INFORMATION OBLIGATION PURSUANT TO ART. 13 PAR. 1 and 2 AND ART. 14 GDPR

  1. The controller of personal data of Clients is IdoBooking sp. z o. o. (also referred to as ‘Operator’) (also referred to as ‘IdoBooking’) with its registered office at al. Piastów 30, 71-064 Szczecin, entered in the register of entrepreneurs kept by the District Court Szczecin-Centrum in Szczecin, XIII Business Division of the National Court Register under the number 00001118562 NIP: 8522710288; REGON: 529324888; with the share capital of PLN 200,000.00.
  2. In matters concerning personal data, IdoBooking may be contacted by e-mail: sales@idobooking.com and by phone: +48 91 443 66 00.
  3. The Data Protection Officer at IdoBooking is Rafał Malujda, e-mail address: gdpr-inspector@idobooking.com.
  4. The processing of personal data provided by Clients during the activation of the Service, including the data of persons signing the contract and indicated for its execution (regardless of whether the contact details of these persons such as e-mail or telephone number were obtained from these persons directly or through the Client) is carried out on the basis of Art. 6 para. 1 lit. b, c or f GDPR for the purposes of providing services by IdoBooking, including for the purpose of concluding and performing contracts concluded with IdoBooking Customers, as well as for the purpose of correct and full performance of the ordered service and fulfilment of legal obligations incumbent on IdoBooking, e.g. for the purpose of fulfilling demands of inspection authorities, courts, public prosecutor's office, for the purposes of proceedings provided for by the law, as well as for the purpose of fulfilling other obligations imposed on the Administrator by universally binding regulations. Legitimate interests pursued by the Operator in relation to the processing of personal data on the basis of Article 6(1)(f) GDPR are also the conduct of correspondence, archiving of correspondence and documentation related to the services provided, and direct marketing of its own products and services.
  5. On the basis of Article 6(1)(b) and (f) GDPR, the Operator processes the Customer's personal data in the form of profiling of the Customer's online shops and accommodation facilities for customer service and marketing. The Operator does not make automated decisions with regard to the Customer on the basis of profiling, as referred to in Article 22(1) and (4) GDPR.
  6. Recipients of personal data processed by IdoBooking are IdoBooking's business partners, hosting companies, software providers, marketing agencies, online and card payment operators, accounting offices, law firms and other entities to whom IdoBooking entrusts personal data or makes them available on the basis of an appropriate agreement for the purpose of providing services.
  7. Personal data may be transferred to entities located in third countries such as the USA and Canada for which the European Commission has declared an adequate level of protection for personal data (in the case of the USA, it is a condition that the entity in question has joined the ‘EU-US Data Protection Framework’).
  8. Personal data will be stored until the expiry of the statute of limitations for claims arising from the contract concluded/service provided or for the period required by separate regulations on tax and accounting obligations - whichever period ends later. After the expiry of this period, personal data will be processed by the Operator on the basis of Article 6(1)(f) GDPR, i.e. for the purposes resulting from the legitimate interests pursued by IdoBooking such as possible defense, investigation or establishment of claims, as well as for the purposes of marketing campaigns.
  9. The client has the right to request from IdoBooking access to their personal data, rectification, erasure or restriction of processing, as well as the right to data portability.
  10. The client has the right to object at any time - on grounds relating to his/her particular situation - to the processing of personal data concerning him/her based on Article 6(1)(e) or (f), including profiling on the basis of these provisions. The Operator shall no longer be allowed to process such personal data unless the Operator demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defense of claims.
  11. If personal data is processed for direct marketing purposes, The Client has the right to object at any time to the processing of personal data concerning him/her for such marketing, including profiling, to the extent that the processing is related to such direct marketing.
  12. If the Operator's processing of personal data is based on the consent given by the Client as referred to in Article 6(1)(a) of the GDPR, the Client has the right to withdraw the consent at any time without affecting the lawfulness of the processing performed on the basis of the consent before its withdrawal.
  13. The client has the right to lodge a complaint to the supervisory authority, which is the President of the Office for Personal Data Protection.
  14. The provision of personal data by the Client is a contractual requirement and is voluntary, but necessary for the performance of the Service. Failure to provide personal data will result in an inability to provide the Service.