Privacy Policy

Privacy Policy and Cookies

In connection with the entry into force on 25 May 2018 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ EU L 119 p.1), the so-called GDPR — we commit to respecting your right to privacy on the Internet and to making every effort to properly secure all personal data provided. At the same time, we emphasize that the website www.albatrostravel.pl (the “Website“) can be browsed without providing any personal information.

Personal Data Controller

The controller of your personal data (the “Controller“) is Maciej Bujniewski conducting business under the name ALBATROS TRAVEL MACIEJ BUJNIEWSKI, with its registered office in Dobrzewino at ul. Wejherowska 3C, 84-208 Dobrzewino, e-mail biuro@albatrostravel.pl, phone: 607-374-333.

Data Protection Officer

The Controller has not appointed a Data Protection Officer. However, we commit to taking appropriate measures to protect against unauthorized access to or disclosure of your personal data to third parties. Our databases are secured against access by third parties. If you have any doubts regarding the processing of your data, do not hesitate to contact the Controller using the contact details provided above.

Purposes and Legal Basis for Data Processing, Legitimate Interest

Below we present all purposes of data processing that are standard in the Controller’s operations. The specific purpose of processing your data is communicated to you by the Controller each time your data is collected. Your personal data may therefore be processed for the following purposes:

• conclusion and performance of a contract/contracts, including ensuring transaction handling, resolving problems, and fulfilling your requests directed to us — as processing is necessary for the conclusion and performance of the contract/contracts (Art. 6(1)(b) GDPR);
• provision of electronic services and sending commercial information — based on your consent (Art. 6(1)(a) GDPR in conjunction with Art. 10(2) of the Act on Provision of Electronic Services);
• direct marketing of products or services, including establishing contact, presenting offers, conducting measurements and analyses, including profiling (i.e. using personal data to create your profile in terms of products and services you may be interested in), saving data in cookies, and collecting data from websites and mobile applications — based on your consent (Art. 6(1)(a) GDPR in conjunction with Art. 172 of the Telecommunications Law);
• fulfilling our legal obligations arising from EU or Polish law (e.g. towards the President of the Office of Competition and Consumer Protection, tax offices) — as processing is necessary to comply with a legal obligation to which we are subject (Art. 6(1)(c) GDPR);
• ensuring the handling of payment services, ensuring the security of services we provide electronically, handling your requests submitted e.g. through the contact form where not directly related to the performance of a contract, debt collection, conducting court, administrative and mediation proceedings, storing data for archival purposes, and ensuring accountability (fulfilling obligations arising from legal provisions) — as processing is necessary for the realization of our legitimate interest, which is the handling of provided services, fulfillment of your requests, the ability to establish, pursue, or defend against claims, and data archiving (Art. 6(1)(f) GDPR).

Newsletter

If you subscribe to our newsletter, we will use the data necessary for this purpose or separately provided by you in order to regularly send our newsletter to you by electronic means based on your consent.

You may unsubscribe from the newsletter at any time by sending us a message with the relevant information or by using the appropriate link included in the newsletter. After unsubscribing, we will delete your e-mail address unless you have expressly consented to further use of your data for other purposes or we have reserved the right to further use of data in cases permitted by law.

To Whom and Where May the Controller Transfer Your Data?

In addition to employees, authorized representatives, and members of the Controller’s governing bodies, your data will be accessible to persons and entities ensuring the operation, maintenance, and servicing of IT systems and solutions used by the Controller. Furthermore, depending on the nature of the matter, the Controller may transfer your personal data only to the following entities:

• entities cooperating with the Controller and providing services necessary in the course of its operations, in particular entities providing accounting, financial, legal advisory, or tax advisory services to the Controller — whereby such entities process data on the basis of an agreement with the Controller and solely in accordance with the Controller’s instructions;
• public authorities, including courts, upon their justified request.

For the purpose of contract performance, we transfer your data to the courier company handling deliveries, insofar as this is necessary for the delivery of ordered goods.

Depending on which payment service provider you choose during the ordering process, for the purpose of processing payments, we transfer the payment data collected for this purpose to the credit institution handling the payment and, where applicable, to the payment service provider selected by us or by you. Some payment service providers collect data independently if you set up an account with them. In such cases, you must log in to the payment service provider during the order using your access credentials. The privacy policy of the respective payment service provider also applies in such cases.

Use of Google (Universal) Analytics for Web Analytics

The Website uses Google (Universal) Analytics, a web analytics tool provided by Google Inc. (www.google.com). The above — within the framework of analysis and evaluation of interests — serves to protect our legitimate interest, which consists in the optimal presentation of our offer. Google (Universal) Analytics uses methods that enable the analysis of your use of the website — for example, cookies. Automatically collected information about your use of the Website is generally transferred to a Google server in the United States and stored there. Due to the IP anonymization activated on the Website, your IP address is shortened before being forwarded within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and shortened there. The anonymized IP address transmitted by your browser within the framework of Google Analytics is generally not combined with other Google data. Google LLC is headquartered in the USA and holds the EU-US Privacy Shield certificate. The current certificate is available at this link. Under the agreement between the USA and the European Commission, the latter has determined an adequate level of data protection for companies holding the Privacy Shield certificate. You can prevent the recording of data collected by cookies regarding your use of our website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at this link. Alternatively — instead of installing a browser plugin — you may also click this link to disable data collection by Google Analytics on the Website. An opt-out cookie will then be stored on your device. If you delete your cookies, you will need to click the above link again.

Google AdWords Remarketing

With the help of Google AdWords, we promote the Website in search results and on third-party pages. For this purpose, when you visit our website, a so-called Remarketing cookie from Google is automatically placed on your device, which, using a pseudonymous identifier (ID) and based on the pages you visit, enables the display of interest-based advertisements. The above — within the framework of analysis and evaluation of interests — serves to protect our legitimate interest, which consists in the optimal market performance of our website. Further data processing takes place only if you consent to Google linking your browsing and app usage history with your account and using information from your Google account to personalize advertisements displayed on websites. If in such a case you are logged in to Google during a visit to our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing purposes. For this purpose, Google temporarily combines your personal data with Google Analytics data to form target groups. Google AdWords Remarketing is a service provided by Google LLC (www.google.pl). Google LLC is headquartered in the USA and holds the EU-US Privacy Shield certificate. The current certificate is available at the provided link. Under the agreement between the USA and the European Commission, the latter has determined an adequate level of data protection for companies holding the Privacy Shield certificate. You can deactivate cookies used for remarketing by clicking this link. Additionally, you can obtain information about the use of cookies and the relevant settings on the Digital Advertising Alliance page.

Transfer of Data Outside the European Economic Area or to International Organizations

Apart from the cases described above, your personal data will not be transferred outside the territory of the European Economic Area or to international organizations.

How Long Will the Controller Store Your Data? (Information on Data Retention Periods)

The retention period of your data by the Controller will depend on the purpose of processing your data.

Where your data is processed by the Controller for the purpose of performing a contract between you and the Controller or for the purpose of fulfilling other obligations to you by the Controller (e.g. maintaining a customer account), the Controller will store your personal data for the period necessary to fulfill the Controller’s obligations to you, e.g. arising from the sales contract, and until the expiry of the limitation period for any claims you may have against the Controller and claims the Controller may have against you related to such obligations, e.g. arising from the sales contract, unless data storage is necessary for a longer period for tax obligation purposes — in such case, deletion will occur immediately after the expiry of the limitation period for tax obligations related to the obligation, e.g. the concluded contract (for example, for accounting purposes related to a given contract, your data will be stored for 5 years from the end of the calendar year in which the tax payment deadline related to the contract expired).

Where your data is processed by the Controller due to the necessity of processing for purposes arising from the Controller’s legitimate interests, the Controller will store your personal data for the period necessary to achieve the purposes arising from such interests, whereby for the purpose of direct marketing — for the duration of the legitimate interest in conducting marketing, unless you exercise your right and object to the processing of such data for marketing purposes. In such case, the Controller may store your data for the limitation period for your claims against the Controller or the Controller’s claims against you, arising from legal provisions, if the processing of such data is necessary for the purpose of establishing or pursuing claims, as well as for defending against such claims.

For the realization of the Controller’s legitimate interests comprising the establishment and pursuit of claims or defense against claims, the Controller may store your data for the limitation period for your claims against the Controller or the Controller’s claims against you arising from legal provisions (for example, the general limitation period for claims related to business activities is 3 years, and the general limitation period for consumer claims against the Controller is 10 years; the above data retention periods may change along with changes in generally applicable legal provisions).

For the realization of the Controller’s legitimate interests comprising the provision of a response to your message, question, complaint, or suggestion, the Controller may store your data for the period necessary to provide a response or handle the matter you have addressed to the Controller, whereby the Controller may extend this period by the limitation period for your claims against the Controller or the Controller’s claims against you arising from legal provisions, if the processing of such data is necessary for the purpose of establishing or pursuing claims, as well as for defending against such claims.

Furthermore, in the event of claims being directed against the Controller or by the Controller, e.g. in connection with a sales contract concluded between you and the Controller, your data will be stored for no longer than is necessary in connection with the relevant proceedings concerning such claims.

Where your data is processed by the Controller due to a legal obligation incumbent upon the Controller, the Controller will store such data for as long as the relevant legal obligation applies. If your data is necessary for documenting economic events for accounting purposes, your data in this respect will be stored by the Controller for as long as the Controller’s legal obligation to hold documentation of such events persists.

Information About Your Rights

Right of Access to Data

You have the right to request access to your personal data, including in particular information about whether the Controller processes your personal data and the scope of data held by the Controller, the purposes of data processing, categories of recipients of your data, where possible the planned data retention period, your rights regarding personal data, information about the sources from which the Controller obtained your data if they were not collected from you. You also have the right to obtain a copy of your data, with the reservation that the first copy of data is provided free of charge, and obtaining each subsequent copy may involve a reasonable fee reflecting the administrative costs of preparing such a copy.

Right to Rectification

You have the right to request the immediate rectification of inaccurate data or, taking into account the purposes of processing, the completion of incomplete data.

Right to Erasure (Right to Be Forgotten)

You have the right to request the erasure of your data if one of the following circumstances applies:

• the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
• you have effectively objected to the processing;
• the personal data has been processed unlawfully;
• the personal data must be erased to comply with a legal obligation;
• you have withdrawn your consent to the processing of personal data and the personal data was processed on the basis of your consent and there is no other legal basis for their processing.

However, you will not be able to exercise the right to erasure if, among other things, such data is necessary for the establishment, pursuit, or defense of claims.

Right to Restriction of Processing

You have the right to request restriction of processing in the following cases:

• if you contest the accuracy of the personal data — for a period allowing the verification of the accuracy of such data;
• the processing is unlawful and you oppose the erasure of personal data, requesting instead the restriction of their use;
• the personal data is no longer needed by the Controller but is needed by you for the establishment, pursuit, or defense of claims;
• if you have filed an objection — pending the determination of whether the legitimate grounds on the Controller’s side override the grounds of your objection.

Right to Data Portability

You have the right to receive your personal data that you have provided to the Controller in a structured, commonly used, machine-readable format, and you have the right to transmit that data to another controller without hindrance from the Controller, where:

• the processing is based on your consent or on a contract with you; and at the same time
• the processing is carried out by automated means.

You also have the right to request that the personal data be transmitted by the Controller directly to another data controller, where technically feasible.

Right to Object to Data Processing

You have the right to object at any time — on grounds relating to your particular situation — to the processing of your data where the legal basis for processing is the Controller’s legitimate interest.

As a result of the objection, the Controller will cease to process your personal data unless it demonstrates the existence of compelling legitimate grounds for processing which override your interests, rights, and freedoms, or grounds for establishing, pursuing, or defending claims.

If personal data is processed for direct marketing purposes, you may object at any time to such processing, including profiling, without having to demonstrate grounds relating to your particular situation, and the Controller is obliged to immediately cease such processing.

Right to Lodge a Complaint with the Supervisory Authority

You have the right to lodge a complaint with the President of the Office for Personal Data Protection (PUODO) if you believe that the processing of your personal data violates the applicable legal provisions in this regard.

Information on Whether the Provision of Personal Data Is a Statutory or Contractual Requirement or a Condition for Concluding a Contract, and on the Absence of an Obligation to Provide Data

All data is provided on a voluntary basis.

Depending on the situation in which the Controller may obtain your data, the provision of certain data (designated by the Controller as required data) may be a condition for concluding a contract with the Controller or a condition for the Controller to commence the provision of services, e.g. opening and maintaining a customer account.

Providing an address is necessary, e.g. for ordering an offer. Providing a phone number may be necessary to use additional services such as scheduling a meeting. Providing a first and last name (company name), address, and NIP (tax identification number) may constitute a statutory requirement and be necessary for the preparation of tax documentation.

When directing messages or requests to the Controller (e.g. requesting an offer), providing contact details is not a statutory or contractual requirement nor a condition for concluding a contract; however, providing the required data is necessary to enable the Controller to respond.

Information on the Consequences of Not Providing Data

Depending on the situation in which the Controller may obtain your data, failure to provide certain information may prevent: concluding a contract with the Controller, using additional services, opening and maintaining your customer account, receiving proper tax documentation from the Controller, receiving an offer or a response to a message directed to the Controller from the Controller, filing a complaint, objection, intervention, or changing an order instruction with the Controller.

Information on the Use of Data for Automated Decision-Making, Including Profiling

Your personal data will not be used for automated decision-making, including profiling.

What Are Cookies and How Do We Use Them

Cookies are IT data, in particular text files, which are stored on your end device (e.g. computer). Cookies typically contain the name of the website from which they originate, the duration of their storage on the end device, and a unique number. Cookies are used for the following purposes:

• adapting the content of the Website to the user’s preferences and optimizing the use of websites; in particular, these files allow the recognition of the Website user’s device and the appropriate display of the website, tailored to their individual needs;
• creating statistics that help understand how Website users use websites, which enables the improvement of their structure and content;
• maintaining the Website user’s session.

The following types of cookies are used within the Website:

• “necessary” cookies, enabling the use of services available within the Website, e.g. authentication cookies used for services that require authentication within the Website; cookies used to ensure security, e.g. used to detect fraud in the area of authentication within the Website;
• “performance” cookies, enabling the collection of information about how the Website pages are used;
• “functional” cookies, enabling the “remembering” of settings selected by the User and the personalization of the User’s interface, e.g. in terms of the selected language or region of origin, font size, website appearance, etc.;
• “advertising” cookies, enabling the delivery of advertising content more tailored to Users’ interests.

Internet browsers (your software) allow the storage of cookies on the end device by default. You can always change your browser settings regarding the use of cookies. Restrictions on the use of cookies may affect the functionality of the Website. Cookies placed on your end device may also be used by advertisers and partners cooperating with the Controller. We inform you that the entity responsible for placing cookies on your end device and having access to them is the Controller. Information on how to manage cookies is available in your software (internet browser) settings. More information about cookies is available e.g. at http://wszystkoociasteczkach.pl.

In the help menu of your internet browser, you will find explanations on how to change cookie settings. These are available at the following links:

• Internet Explorer™: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
• Safari™: http://safari.helpmax.net/pl/ochrona-i-prywatnosc/usuwanie-plikow-cookie/
• Chrome™: https://support.google.com/chrome/answer/95647?hl=pl&hlrm=en
• Firefox™: https://support.mozilla.org/pl/kb/usuwanie-ciasteczek
• Opera™: http://help.opera.com/Windows/12.10/pl/cookies.html

If you do not consent to the use of cookies, the functionality of the Website may be limited.