phone mobile mobile pin heart heart user user Biuro Podróży ITAKA Flag of Belarus airplane CB5DFB7F-C92F-41CB-9FB1-916D616FF3EC E0FBD33F-841B-452B-BF16-225B7D943904
How to book?

PERSONAL DATA

  1. The Controller of the personal data collected, in particular through the website www.itaka.pl (Website) and mobile application (Application), is Nowa Itaka sp. z o.o. with its registered office in Opole 45-072, ul. Reymonta 39, entered into the Register of Entrepreneurs kept by the District Court in Opole, 8th Division of the National Court Register under No. 0000002269, Polish Tax Identification Number (NIP) 754-26-86-316, Polish National Business Register Number (REGON) 532179139, share capital PLN 3,315,000 Contact the Controller: phone no.: 77 5412 202, e-mail address: info@itaka.pl. The Controller of data is responsible for the security of the personal data transferred and for their processing in accordance with the provisions of the law.
  2. The Controller has appointed a Data Protection Officer (DPO), who can be contacted in matters related to the processing of personal data and the exercise of rights vested in the users in accordance with the provisions on the protection of personal data via e-mail: daneosobowe@itaka.pl
  3. Personal data is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC and other currently applicable (i.e. for the entire period of processing specified data) provisions of the law on personal data protection.
  4. Each time the purpose and scope of data processed by the Controller result from the concluded agreement, consent of the Website user or mobile application, or legal regulations and are specified in detail as a result of actions taken by the user.

TABLE OF CONTENTS

  1. IF YOU BUY HOLIDAYS FROM US OR ARE A PARTICIPANT OF A GROUP TRIP
  2. IF YOU USE THE CAR RENTAL BOOKING SERVICE
  3. IF YOU LOG IN TO THE CUSTOMER ZONE
  4. IF YOU USE THE OFFER FORM
  5. IF YOU USE THE CONTACT FORM
  6. IF YOU USE OUR HOTLINE
  7. IF YOU USE THE ITAKA CHATBOT APP
  8. IF YOU SUBSCRIBE TO THE NEWSLETTER
  9. IF YOU USE OUR BLOG
  10. IF YOU VISIT OUR SOCIAL MEDIA CHANNELS
  11. IF YOU USE ITAKA'S FANPAGE
  12. DATA COLLECTED AUTOMATICALLY
  13. FINAL PROVISIONS

IF YOU BUY HOLIDAYS FROM US OR ARE A PARTICIPANT OF A GROUP TRIP

  1. The Controller processes personal data for the following purposes:
    1. Conclusion of an agreement for participation in a tourist event and its performance (also applies to the performance of other tourist services provided according to the customer's choice, in particular the service of visa mediation), including ensuring the correct quality of services (legal basis – Article 6 sec. 1 let. b of the GDPR) – “performance of the agreement”.
    2. Performance of the Controller's legal obligations, e.g. financial settlements and accounting reporting, including issuing and storing invoices (legal basis – Art. 6 sec. 1 let. c of the GDPR) – “legal obligation”.
    3. Claiming damages resulting from the agreement (legal basis – Art. 6 sec. 1 let. f of the GDPR) – “legitimate interest”. The deadlines for claiming damages resulting from the agreement are specified in detail in the Civil Code and the Act on tourist events and related tourist services.
    4. Improvement of the quality of services provided, including customer satisfaction surveys (legal basis – Art. 6 sec. 1 let. f of the GDPR) – “legitimate interest”.
    5. Sending marketing information (e.g. newsletter), where consent is given to the use of data for this purpose (legal basis – Art. 6 sec. 1 let. a of the GDPR) – “consent”.
    6. Direct marketing (products and services of the Controller and their partners), including personalization of marketing content (legal basis – Art. 6 sec. 1 let. f of the GDPR) - “legitimate interest”. The Controller may process personal data in order to prepare and present a customized offer for a tourist event. Such data will also be processed in an automated manner, however decisions taken will not have any legal effect on the customer.
  2. The Controller may process personal data in order to perform the agreement for participation in a tourist event, in particular:
    1. given name(s),
    2. surname,
    3. date of birth,
    4. gender,
    5. e-mail address,
    6. phone number,
    7. residence address,
    8. specimen of the signature,
    9. and data from identity card or passport necessary to perform the agreement (depending on the country of departure or offer) and to verify the identity of the customer, i.e. place of birth, citizenship, facial image, series and number of the document, authority issuing the document, date of issue and date of expiry of the document.
  3. Provision of personal data indicated above is voluntary, but necessary for the conclusion of the agreement and its performance. The consequence of a failure to provide personal data will be the impossibility of concluding and performing the agreement.
  4. To the extent necessary to conclude and perform the agreement for participation in a tourist event and to ensure the proper quality of services, the Controller may also process special categories of personal data (including data concerning health, e.g. disabled persons, persons with reduced mobility, persons requiring special medical care) if the data subject has given their explicit consent to the processing of such data for the indicated purpose (legal basis – Art. 9 sec. 2 let. a of the GDPR) – “consent”.
  5. The Controller has the right to process personal data for the period necessary to achieve the purposes specified in point 4. above. Depending on the legal basis, this will be accordingly:
    1. the time needed to perform the agreement (where the copy of an identity card or passport obtained for the purposes of the visa mediation service shall be erased immediately after obtaining the visa from the competent authorities responsible for issuing it),
    2. time of performing legal obligations and time period the legal regulations require data to be stored for, e.g. tax regulations,
    3. the time after which the claims resulting from the agreement expire,
    4. the time to object,
    5. the time until the withdrawal of consent.
  6. Subject to all data security guarantees, the Controller may transfer the personal data of the customer – apart from persons authorized by the data Controller – to other entities, including:
    1. entities processing data on behalf of the Controller, e.g. agents, technical service providers and entities providing consulting services,
    2. other Controllers to the extent necessary for the provision of services and legal requirements, e.g. electronic payment operators, couriers, carriers, insurers, hotel service providers, additional service providers (e.g. parking lots, airport services), local or national tourist chambers, contractors providing services for the Controller on the basis of concluded agreements.
  7. To the extent necessary for the proper performance of the agreement, the Controller may transfer data to countries outside the European Economic Area (EEA) which do not provide an adequate level of protection. However, the Controller shall ensure that the transfer is carried out in a secure, controlled manner and is secured by appropriate agreements with the recipients, meeting the conditions set out in Chapter V of the GDPR. The Controller may also transfer personal data to countries outside the EEA for which the European Commission has established that they offer an adequate level of protection.
  8. In connection with the processing of personal data by the Controller, the customer is entitled to:
    1. the right to access personal data,
    2. the right to rectify personal data,
    3. the right to delete personal data (the right to be forgotten),
    4. the right to limit the processing of personal data,
    5. the right to transfer data to another Controller,
    6. the right to withdraw consent if the Controller processes personal data of the customer based on consent at any time and in any way, without affecting the lawfulness of the processing carried out on the basis of consent prior to its withdrawal,
    7. the right to object to the processing of data if the basis for the processing is the legitimate interest of the Controller,
    8. the right to lodge a complaint with the Director of the Office for Personal Data Protection (Prezes Urzędu Ochrony Danych Osobowych), if the customer considers that the processing of personal data violates the provisions of the Regulation.
  9. In order to exercise the rights specified above, please contact the Controller via e-mail: daneosobowe@itaka.pl.
  10. The data of all persons mentioned in the booking confirmation/travel document were obtained by the Controller directly from the person who made the booking for the purpose of concluding an agreement on participation in a tourist event.
  11. The Customer concluding an agreement for participation in a tourist event with Nowa Itaka sp. z o.o. also does so on behalf of all the persons mentioned in the booking confirmation/travel document and thus assumes responsibility for informing them about the rules of personal data processing specified in this document by the Data Controller.

IF YOU USE THE CAR RENTAL BOOKING SERVICE

Detailed information on the processing of personal data collected in connection with the service is available on the dedicated website: https://samochody.itaka.pl/pl/privacy-and-policies.

IF YOU LOG IN TO THE CUSTOMER ZONE

  1. The Controller processes personal data for the following purposes:
    1. Conclusion of an agreement for the provision of services by electronic means (in accordance with the Act of 18 July 2002 on the provision of services by electronic means, Journal of Laws, No. 144, item 1204, as amended), including the registration and operation of a user account in the Customer Zone at www.itaka.pl and in a mobile application (legal basis – Art. 6 sec. 1 let. b of the GDPR) – “performance of the agreement”.
    2. Claiming damages resulting from the agreement (legal basis – Art. 6 sec. 1 let. f of the GDPR) – “legitimate interest”. The deadlines for claiming damages resulting from the agreement are specified in detail in the Civil Code.
    3. Sending marketing information (e.g. newsletter), where consent is given to the use of data for this purpose (legal basis – Art. 6 sec. 1 let. a of GDPR) – “consent”.
    4. Direct marketing (products and services of the Controller and their partners), including personalization of marketing content (legal basis – Art. 6 sec. 1 let. f of the GDPR) - “legitimate interest”. The Controller may process personal data in order to prepare and present a customized offer for a tourist event. Such data will also be processed in an automated manner, however decisions taken will not have any legal effect on the customer.
  2. Providing personal data is voluntary, however it is necessary to conclude an agreement, including registration and operation of a user account in the Customer Zone.
  3. The Controller has the right to process personal data for the period necessary to achieve the purposes specified above. Depending on the legal basis, this will be accordingly:
    1. the time needed to perform the agreement,
    2. time of performing legal obligations and time period the legal regulations require data to be stored for, e.g. tax regulations,
    3. the time after which the claims resulting from the agreement expire,
    4. the time to object,
    5. the time until the withdrawal of consent.
  4. Subject to all data security guarantees, the Controller may transfer the personal data of the user – apart from persons authorized by the data Controller – to other entities, including:
    1. entities processing data on behalf of the Controller, e.g. technical service providers and entities providing consulting services,
    2. other Controllers to the extent necessary for the implementation of services, on the basis of concluded agreements.
  5. To the extent necessary for the proper performance of the agreement, the Controller may transfer data to countries outside the European Economic Area (EEA) which do not provide an adequate level of protection. However, the Controller shall ensure that the transfer is carried out in a secure, controlled manner and is secured by appropriate agreements with the recipients, meeting the conditions set out in Chapter V of the GDPR. The Controller may also transfer personal data to countries outside the EEA for which the European Commission has established that they offer an adequate level of protection.
  6. In connection with the processing of personal data by the Controller, the user is entitled to:
    1. the right to access personal data,
    2. the right to rectify personal data,
    3. the right to delete personal data (the right to be forgotten),
    4. the right to limit the processing of personal data,
    5. the right to transfer data to another Controller,
    6. the right to withdraw consent if the Controller processes personal data of the user based on consent at any time and in any way, without affecting the lawfulness of the processing carried out on the basis of consent prior to its withdrawal,
    7. the right to object to the processing of data if the basis for the processing is the legitimate interest of the Controller,
    8. the right to lodge a complaint with the Director of the Office for Personal Data Protection (Prezes Urzędu Ochrony Danych Osobowych), if the user considers that the processing of personal data violates the provisions of the Regulation.
  7. In order to exercise the rights specified above, please contact the Controller via e-mail: daneosobowe@itaka.pl.

IF YOU USE THE OFFER FORM

  1. The Controller processes personal data for the purpose of:
    1. Processing the inquiry, i.e. presentation of an offer for participation in a tourist event (legal basis – Art. 6 sec. 1 let. b of the GDPR) – “taking action at the request of the data subject prior to the conclusion of the agreement”.
    2. Sending marketing information (e.g. newsletter), where consent is given to the use of data for this purpose (legal basis – Art. 6 sec. 1 let. a of the GDPR) – “consent”.
    3. Direct marketing (products and services of the Controller and their partners), including personalization of marketing content (legal basis – Art. 6 sec. 1 let. f of the GDPR) - “legitimate interest”. The Controller may process personal data in order to prepare and present a customized offer for a tourist event. Such data will also be processed in an automated manner, however decisions taken will not have any legal effect on the customer.
  2. The provision of data is voluntary, but necessary to process the inquiry, i.e. to present an offer for a tourist event. The consequence of a failure to provide the required personal data is the lack of possibility to send an offer to the user.
  3. The Controller has the right to process personal data for the period necessary to achieve the purposes specified above. Depending on the legal basis, this will be accordingly:
    1. time necessary to process the inquiry, i.e. prepare and present an offer and obtain a response from the customer, but not longer than 60 months from the date of sending the offer.
    2. the time to object,
    3. the time until the withdrawal of consent.
  4. Subject to all data security guarantees, the Controller may transfer the personal data of the user – apart from persons authorized by the data Controller – to other entities, including:
    1. entities processing data on behalf of the Controller, e.g. technical service providers and entities providing consulting services.
    2. other Controllers, to the extent necessary to provide answer the question asked.
  5. 5. The Controller may transfer data to countries outside the European Economic Area (EEA) which do not provide an adequate level of protection. However, the Controller shall ensure that the transfer is carried out in a secure, controlled manner and is secured by appropriate agreements with the recipients, meeting the conditions set out in Chapter V of the GDPR. The Controller may also transfer personal data to countries outside the EEA for which the European Commission has established that they offer an adequate level of protection.
  6. In connection with the processing of personal data by the Controller, the user is entitled to, respectively:
    1. the right to access personal data,
    2. the right to rectify personal data,
    3. the right to delete personal data (the right to be forgotten),
    4. the right to limit the processing of personal data,
    5. the right to transfer data to another Controller in cases in which the basis for the processing is the consent given,
    6. the right to withdraw consent if the Controller processes personal data of the customer based on consent at any time and in any way, without affecting the lawfulness of the processing carried out on the basis of consent prior to its withdrawal,
    7. the right to object to the processing of data if the basis for the processing is the legitimate interest of the Controller,
    8. the right to lodge a complaint with the Director of the Office for Personal Data Protection (Prezes Urzędu Ochrony Danych Osobowych), if the user considers that the processing of personal data violates the provisions of the Regulation.
  7. In order to exercise the rights specified above, please contact the Controller via e-mail: daneosobowe@itaka.pl.

IF YOU USE THE CONTACT FORM

  1. The Controller processes personal data for the purpose of:
    1. Answering questions asked with the use of the contact form (or e-mail and telephone address) available at www.itaka.pl and the mobile application (legal basis – Art. 6 sec. 1 let. f of the GDPR) – “legitimate interest”.
    2. Sending marketing information (e.g. newsletter), where consent is given to the use of data for this purpose (legal basis – Art. 6 sec. 1 let. a of the GDPR) – “consent”.
    3. Direct marketing (products and services of the Controller and their partners), including personalization of marketing content (legal basis – Art. 6 sec. 1 let. f of the GDPR) - “legitimate interest”. The Controller may process personal data in order to prepare and present a customized offer for a tourist event. Such data will also be processed in an automated manner, however decisions taken will not have any legal effect on the customer.
  2. Providing the data indicated in the contact form and in the mobile application is voluntary, but necessary to answer the question. The consequence of a failure to provide the required personal data is the lack of possibility to send a reply to the user.
  3. The Controller has the right to process personal data for the period necessary to achieve the purposes specified above. Depending on the legal basis, this will be accordingly:
    1. the period necessary for the implementation of the purpose indicated above, i.e. until the moment of answering the inquiry sent by the user,
    2. the time to object,
    3. the time until the withdrawal of consent.
  4. Subject to all data security guarantees, the Controller may transfer the personal data of the user – apart from persons authorized by the data Controller – to other entities, including:
    1. entities processing data on behalf of the Controller, e.g. technical service providers and entities providing consulting services,
    2. other Controllers, to the extent necessary to provide answer the question asked.
  5. The Controller may transfer data to countries outside the European Economic Area (EEA) which do not provide an adequate level of protection. However, the Controller shall ensure that the transfer is carried out in a secure, controlled manner and is secured by appropriate agreements with the recipients, meeting the conditions set out in Chapter V of the GDPR. The Controller may also transfer personal data to countries outside the EEA for which the European Commission has established that they offer an adequate level of protection.
  6. In connection with the processing of personal data by the Controller, the user is entitled to:
    1. the right to access personal data,
    2. the right to rectify personal data,
    3. the right to delete personal data (the right to be forgotten),
    4. the right to limit the processing of personal data,
    5. the right to transfer data to another Controller in cases in which the basis for the processing is the consent given,
    6. the right to withdraw consent if the Controller processes personal data of the customer based on consent at any time and in any way, without affecting the lawfulness of the processing carried out on the basis of consent prior to its withdrawal,
    7. the right to object to the processing of data if the basis for the processing is the legitimate interest of the Controller,
    8. the right to lodge a complaint with the Director of the Office for Personal Data Protection (Prezes Urzędu Ochrony Danych Osobowych), if the user considers that the processing of personal data violates the provisions of the Regulation.
  7. In order to exercise the rights specified above, please contact the Controller via e-mail: daneosobowe@itaka.pl.

IF YOU USE OUR HOTLINE

  1. The Controller processes personal data in order to process requests made via the Hotline telephone service, the contact numbers of which are available on the website www.itaka.pl and in the mobile app, including:
    1. Answering questions asked during phone calls (legal basis - Art. 6 sec. 1 let. f of the GDPR) – “legitimate interest”.
    2. Collection and use of personal data obtained through a call recording system for the purpose of verification of the correctness of the services provided (legal basis - Art. 6 sec. 1 let. f of the GDPR) – “legitimate interest”.
    3. Establishing, pursuing or defending claims - for the duration of proceedings and the statute of limitations for potential claims. The legal basis is the realization of the Controller's legitimate interest (legal basis - Art. 6 sec. 1 let. f of the GDPR) – “legitimate interest”.
    4. Sending marketing information (e.g. newsletter), where consent is given to the use of data for this purpose (legal basis – Art. 6 sec. 1 let. a of the GDPR) – “consent”.
    5. Direct marketing (products and services of the Controller and their partners), including personalization of marketing content (legal basis – Art. 6 sec. 1 let. f of the GDPR) - “legitimate interest”. The Controller may process personal data in order to prepare and present a customized offer for a tourist event. Such data will also be processed in an automated manner, however decisions taken will not have any legal effect on the customer.
  2. The Controller of data is responsible for the security of the personal data provided during phone calls and for their processing in accordance with the provisions of the law.
  3. Records from call recording systems will be stored for no longer than three months from the date of recording. If a recording constitutes evidence in proceedings conducted under the law, or the Controller has become aware that it may constitute evidence in proceedings, this period shall be extended until the proceedings are finally concluded. After these periods, recordings containing personal data shall be destroyed.
  4. The Controller has the right to process personal data for the period necessary to achieve the purposes specified above. Depending on the legal basis, this will be accordingly:
    1. the period necessary for the implementation of the purpose indicated above, i.e. until the moment of answering the inquiry made by the user,
    2. the time to object,
    3. the time until the withdrawal of consent.
  5. Subject to all data security guarantees, the Controller may transfer the personal data of the user – apart from persons authorized by the data Controller – to other entities, including:
    1. entities processing data on behalf of the Controller, e.g. technical service providers and entities providing consulting services,
    2. other Controllers, to the extent necessary to provide answer the question asked.
  6. The Controller may transfer data to countries outside the European Economic Area (EEA) which do not provide an adequate level of protection. However, the Controller shall ensure that the transfer is carried out in a secure, controlled manner and is secured by appropriate agreements with the recipients, meeting the conditions set out in Chapter V of the GDPR. The Controller may also transfer personal data to countries outside the EEA for which the European Commission has established that they offer an adequate level of protection.
  7. In connection with the processing of personal data by the Controller, the user is entitled to:
    1. the right to access personal data,
    2. the right to rectify personal data,
    3. the right to delete personal data (the right to be forgotten),
    4. the right to limit the processing of personal data,
    5. the right to transfer data to another Controller in cases in which the basis for the processing is the consent given,
    6. the right to withdraw consent if the Controller processes personal data of the customer based on consent at any time and in any way, without affecting the lawfulness of the processing carried out on the basis of consent prior to its withdrawal,
    7. the right to object to the processing of data if the basis for the processing is the legitimate interest of the Controller,
    8. the right to lodge a complaint with the Director of the Office for Personal Data Protection (Prezes Urzędu Ochrony Danych Osobowych), if the user considers that the processing of personal data violates the provisions of the Regulation
  8. In order to exercise the rights specified above, please contact the Controller via e-mail: daneosobowe@itaka.pl.

IF YOU USE THE ITAKA CHATBOT APP

  1. The Controller processes personal data for the purpose of:
    1. Answering questions asked with the use of the ITAKA Chatbot software available in Messenger application (legal basis – Art. 6 sec. 1 let. f of the GDPR) – “legitimate interest”.
    2. Processing the inquiry, i.e. presentation of an offer for a tourist event (legal basis – Art. 6 sec. 1 let. b of the GDPR) – “taking action at the request of the data subject prior to the conclusion of the agreement”.
    3. Sending marketing information (e.g. newsletter), where consent is given to the use of data for this purpose (legal basis – Art. 6 sec. 1 let. a of the GDPR) – “consent”.
    4. Direct marketing (products and services of the Controller and their partners), including personalization of marketing content (legal basis – Art. 6 sec. 1 let. f of the GDPR) - “legitimate interest”. The Controller may process personal data in order to prepare and present a customized offer for a tourist event. Such data will also be processed in an automated manner, however decisions taken will not have any legal effect on the customer.
  2. In order to contact the Controller, i.e. to use the ITAKA Chatbot software, the user of the Messenger application provides personal data, in particular their name and other data (in accordance with the rights specified by the user in the application settings). The provision of data is voluntary, but necessary to make contact and obtain answer to a question asked.
  3. The Controller processes personal data of the user in order to process the inquiry. Provision of data is voluntary, but necessary to process the inquiry, i.e. to present an offer for a tourist event. The consequence of a failure to provide the required personal data is the lack of possibility to send an offer to the user.
  4. The Controller has the right to process personal data for the period necessary to achieve the purposes specified above. Depending on the legal basis, this will be accordingly:
    1. time necessary to process the inquiry, i.e. prepare and present an offer and obtain a response from the customer, but not longer than 60 months from the date of sending the offer
    2. the time to object,
    3. the time until the withdrawal of consent.
  5. Subject to all data security guarantees, the Controller may transfer the personal data of the user – apart from persons authorized by the data Controller – to other entities, including:
    1. entities processing data on behalf of the Controller, e.g. technical service providers and entities providing consulting services,
    2. other Controllers to the extent necessary for the implementation of services, on the basis of concluded agreements.
  6. The Controller may transfer data to countries outside the European Economic Area (EEA) which do not provide an adequate level of protection. However, the Controller shall ensure that the transfer is carried out in a secure, controlled manner and is secured by appropriate agreements with the recipients, meeting the conditions set out in Chapter V of the GDPR. The Controller may also transfer personal data to countries outside the EEA for which the European Commission has established that they offer an adequate level of protection.
  7. In connection with the processing of personal data by the Controller, the user is entitled to:
    1. the right to access personal data,
    2. the right to rectify personal data,
    3. the right to delete personal data (the right to be forgotten),
    4. the right to limit the processing of personal data,
    5. the right to transfer data to another Controller in cases in which the basis for the processing is the consent given,
    6. the right to withdraw consent if the Controller processes personal data of the customer based on consent at any time and in any way, without affecting the lawfulness of the processing carried out on the basis of consent prior to its withdrawal,
    7. the right to object to the processing of data if the basis for the processing is the legitimate interest of the Controller,
    8. the right to lodge a complaint with the Director of the Office for Personal Data Protection (Prezes Urzędu Ochrony Danych Osobowych), if the user considers that the processing of personal data violates the provisions of the Regulation
  8. In order to exercise the rights specified above, please contact the Controller via e-mail: daneosobowe@itaka.pl.

IF YOU SUBSCRIBE TO THE NEWSLETTER

  1. The Controller processes personal data for the purpose of:
    1. Providing marketing information to persons interested in the Controller's offer by means of a newsletter (legal basis – Art. 6 sec. 1 let a of the GDPR) – "consent".
    2. Direct marketing (products and services of the Controller and their partners), including personalization of marketing content (legal basis – Art. 6 sec. 1 let. f of the GDPR) - “legitimate interest”. The Controller may process personal data in order to prepare and present a customized offer for a tourist event. Such data will also be processed in an automated manner, however decisions taken will not have any legal effect on the customer.
  2. The provision of data is voluntary, but necessary to receive marketing information. The consequence of a failure to provide the required personal data is the lack of possibility to send a newsletter to the user.
  3. A user using a newsletter may at any time and without giving any reason, resign from receiving it, in particular by clicking on the deactivation link contained in each e-mail sent to the user or by sending correspondence to the following address: info@itaka.pl.
  4. The Controller has the right to process personal data for the period necessary to achieve the purposes specified above. Depending on the legal basis, this will be accordingly:
    1. the time until the withdrawal of consent,
    2. the time to object.
  5. The Controller may transfer the personal data of the user – apart from persons authorized by the data Controller – to other entities, including:
    1. entities processing data on behalf of the Controller, e.g. technical service providers and entities providing consulting services,
    2. other Controllers to the extent necessary for the implementation of services and legal requirements, on the basis of concluded agreements.
  6. The Controller may transfer data to countries outside the European Economic Area (EEA) which do not provide an adequate level of protection. However, the Controller shall ensure that the transfer is carried out in a secure, controlled manner and is secured by appropriate agreements with the recipients, meeting the conditions set out in Chapter V of the GDPR. The Controller may also transfer personal data to countries outside the EEA for which the European Commission has established that they offer an adequate level of protection.
  7. In connection with the processing of personal data by the Controller, the user is entitled to:
    1. the right to access personal data,
    2. the right to rectify personal data,
    3. the right to delete personal data (the right to be forgotten),
    4. the right to limit the processing of personal data,
    5. the right to transfer data to another Controller in cases in which the basis for the processing is the consent given,
    6. the right to withdraw consent if the Controller processes personal data of the customer based on consent at any time and in any way, without affecting the lawfulness of the processing carried out on the basis of consent prior to its withdrawal,
    7. the right to object to the processing of data if the basis for the processing is the legitimate interest of the Controller,
    8. the right to lodge a complaint with the Director of the Office for Personal Data Protection (Prezes Urzędu Ochrony Danych Osobowych), if the user considers that the processing of personal data violates the provisions of the Regulation.
  8. In order to exercise the rights specified above, please contact the Controller via e-mail: daneosobowe@itaka.pl.

IF YOU USE OUR BLOG

  1. The Controller processes personal data in order to enable the user to exchange information, including adding comments on the Controller's blog, and to answer questions of the user (legal basis – Art. 6 set. 1 let. f of the GDPR) – “legitimate interest”.
  2. The provision of data is voluntary, but necessary to use the blog. The consequence of failure to provide the required personal data is the inability to register and exchange information, including adding comments on the Controller's blog.
  3. The Controller has the right to process personal data until an objection is expressed by the user.
  4. The Controller may transfer the personal data of the user – apart from persons authorized by the data Controller – to other entities, including:
    1. entities processing data on behalf of the Controller, e.g. technical service providers and entities providing consulting services,
    2. other Controllers to the extent necessary for the implementation of services and legal requirements, on the basis of concluded agreements.
  5. The Controller may transfer data to countries outside the European Economic Area (EEA) which do not provide an adequate level of protection. However, the Controller shall ensure that the transfer is carried out in a secure, controlled manner and is secured by appropriate agreements with the recipients, meeting the conditions set out in Chapter V of the GDPR. The Controller may also transfer personal data to countries outside the EEA for which the European Commission has established that they offer an adequate level of protection.
  6. In connection with the processing of personal data by the Controller, the user is entitled to:
    1. the right to access personal data,
    2. the right to rectify personal data,
    3. the right to delete personal data (the right to be forgotten),
    4. the right to limit the processing of personal data,
    5. the right to transfer data to another Controller in cases in which the basis for the processing is the consent given,
    6. the right to withdraw consent if the Controller processes personal data of the customer based on consent at any time and in any way, without affecting the lawfulness of the processing carried out on the basis of consent prior to its withdrawal,
    7. the right to object to the processing of data if the basis for the processing is the legitimate interest of the Controller,
    8. the right to lodge a complaint with the Director of the Office for Personal Data Protection (Prezes Urzędu Ochrony Danych Osobowych), if the user considers that the processing of personal data violates the provisions of the Regulation.
  7. In order to exercise the rights specified above, please contact the Controller via e-mail: daneosobowe@itaka.pl.

IF YOU VISIT OUR SOCIAL MEDIA CHANNELS

  1. The Controller processes personal data of users visiting the Controller's profiles in social media (e.g. Facebook, Instagram, YouTube, LinkedIn, Twitter). This data is only processed in connection with the Controller's profile, including for the purpose of promoting the Controller's own brand (legal basis – Art. 6 sec. 1 let. f of the GDPR) – “legitimate interest”.
  2. The scope of personal data processing, detailed objectives, as well as rights and obligations of the user of a social networking website result directly from the regulations of a given portal.

IF YOU USE ITAKA'S FANPAGE

  1. Nowa Itaka sp. z o.o. is the Controller of personal data of users using the products and services offered by Facebook who visit the Controller's website, available at https://www.facebook.com/itakapl (hereinafter referred to as the Fanpage). The Controller is responsible for the security of the personal data transferred and for their processing in accordance with the provisions of the law.
  2. The Controller processes personal data of users who, using Facebook products and services, visit the Fanpage. These data is processed:
    1. in connection with the Fanpage, including for the purpose of promoting the Controller's own brand (legal basis - Art. 6 sec. 1 let. f of the GDPR) - “legitimate interest”;
    2. to answer questions asked via Messenger or other Facebook services (legal basis - Art. 6 sec. 1 let. f of the GDPR) – “legitimate interest”; where specific categories of data (e.g. health information) are provided in the content of the question, the user is deemed to have given consent to the use of the data by the Controller (legal basis - Art. 9 sec. 2 let. a of the GDPR) - “consent”;
  3. The Controller has the right to process:
    1. publicly available personal data (such as a username, profile picture, Facebook or Messenger activity status), the content of comments and other information made publicly available by the user using Facebook products and services,
    2. personal data provided by the user visiting the Fanpage, including the collection of information made available in the user's profile and other content, comments, messages and notifications (e.g. photos, contact details, place of residence, information about interests or worldviews),
    3. other personal data provided by users in messages using Messenger or other Facebook services (including contact and health information) in order to respond to an inquiry or to process a contact request.
  4. The scope of the processing of personal data, the specific purposes and the rights and obligations of the user using Facebook products and services are directly governed by Facebook's Terms of Service (available at: https://www.facebook.com/legal/terms) and the "Data Policy” (the document is available at https://www.facebook.com/policy) or provisions of law and are specified as a result of actions taken by a user on Facebook.
  5. The Controller has the right to process personal data for the period necessary to achieve the purposes specified above. Depending on the legal basis, this will be accordingly:
    1. the time until the objection is expressed (or the Facebook user account is deleted),
    2. the time until the withdrawal of consent (or deletion of the Facebook user account); the withdrawal of consent does not affect the lawfulness of data processing during the period when the consent was valid;
    3. the time period required to process an inquiry sent by the user via Messenger or other Facebook services.
  6. The directory of recipients of the personal data processed by the Controller results primarily from the scope of products and services used by the Facebook user, but also from the user's consent or the provisions of law. With all guarantees of data security, the Controller may transfer the personal data of the user visiting the Fanpage – in addition to the persons authorized by the Data Controller – to other entities, including entities processing the data on behalf of the Controller, e.g. providers of technical services and entities providing consulting services (including law firms) and contractors providing services to the Controller on the basis of concluded agreements.
  7. The Controller shall not transfer personal data of the user using Facebook products and services to countries outside the European Economic Area (to countries other than EU countries and Iceland, Norway and Liechtenstein).
  8. The Controller may process personal data of users using Facebook products and services who visit the Fanpage in order to analyze their use of the Controller's website and related content (page insights) - where users' use of the Fanpage and related content triggers the creation of an event for page insights that involves the processing of personal data (legal basis - Art. 6 sec. 1 let. f of the GDPR) - “legitimate interest”.
  9. In the case of personal data processed for the purpose of page insights regarding the user's activities on the Fanpage (including following or unfollowing the page, recommending the page in a post or comment, liking the page or a post, cancelling the liking), Nowa Itaka and Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) are the joint Controllers of the users' personal data. The types of data and the scope of its processing as well as the privacy policy and users' rights are specified in detail:
    1. in this document,
    2. in the document "Data Policy", published on the Facebook page at https://www.facebook.com/policy.
  10. The responsibility to notify the users of the Facebook products and services of the processing of data for the purposes of page insights and to allow them to exercise their rights in accordance with the GDPR is borne by Facebook (information about the data used to create the page insights was made available on the Facebook page at: https://www.facebook.com/legal/terms/information_about_page_insights _data).
  11. The Facebook Data Protection Officer can be contacted via the form that was made available on the Facebook page at https://www.facebook.com/help/contact/540977946302970.

DATA COLLECTED AUTOMATICALLY

  1. The Controller collects the information obtained automatically (so-called event logs).
  2. The event logs record data concerning sessions of users visiting the Website and using the services provided as part of the Website and the mobile app (in particular: IP address, date and time of visits, information about the Internet browser and operating system). This data is not associated with specific individuals.
  3. Access to the contents of the event logs is granted to persons authorized by the Controller.
  4. The chronological record of information about events is only auxiliary material, used for administrative purposes. The analysis of event logs makes it possible, in particular, to detect threats, ensure appropriate security, and perform statistics in order to better understand the way users use the website and the mobile app.
  5. The data indicated in section 2 above are used to diagnose problems related to the functioning of the Website and the App and to analyze possible security breaches, to manage the Website and the App and to generate statistics (legal basis – Art. 6 sec. 1 let. f of the GDPR) – “legitimate interest”.
  6. The website uses cookies for its operation. For more information, see the "COOKIES POLICY".

FINAL PROVISIONS

  1. The Controller shall secure the personal data processed by them in accordance with generally applicable regulations concerning personal data protection and security of information.
  2. This Privacy Policy is for informational purposes only and applies only to the website www.itaka.pl and mobile application. The Website and the mobile application may feature links to other websites (including websites of partners and other external entities cooperating with the Controller). The Controller suggests that each user, after accessing other websites, should read the privacy policy applicable there.
  3. The Controller reserves the right to introduce changes to the applicable Privacy Policy in case of technology development, changes in generally applicable legal regulations, including personal data protection and in case of the development of the Website.
  4. The Controller will notify the users about any relevant changes in the content of the privacy policy by publishing an announcement on the Website.

Copyright Nowa Itaka. All rights reserved.

Projekt i Wykonanie

Payment processing: 
arrow-rightarrow-rightclockfacebooktwitter