Information for Affiliate Partners whose personal data will be processed by IdoBooking sp. z o.o.

Information for Affiliate Partners whose personal data will be processed by IdoBooking sp. z o.o.

  1. The controller of Affiliate Partners' personal data (hereinafter: "AP") is IdoBooking sp. z o.

o. (also referred to as the "Operator") with its registered office at al. Piastów 30, 71-064 Szczecin, entered in the register of entrepreneurs kept by the District Court Szczecin-Centrum in Szczecin, XIII Commercial Division of the National Court Register under the number 00001118562 NIP: 8522710288; REGON: 529324888; with the share capital of PLN 200,000.00.
IdoBooking may be contacted by e-mail: sales@idobooking.com and by phone: +48 91 443 66 00.

  1. The Data Protection Inspector at IdoBooking is Rafał Malujda, e-mail address: gdpr- inspector@idobooking.com.
  2. The processing of personal data provided by AP when joining the Affiliate Programme, including the data of persons signing the agreement and indicated for its execution (regardless of whether the data of such persons, such as first name, surname, position, e-mail or telephone number, was obtained from such persons directly or through AP) is based on art. 6 para. 1 lit. b, c or f GDPR for the purposes of fulfilling the contract concluded by AP with the Operator and issuing accounting evidence, for marketing purposes, as well as for the correct and full implementation of the ordered service and for the fulfilment of legal obligations incumbent on IdoBooking, e.g. for the purposes of fulfilling the demands of inspection authorities, courts, public prosecutor's office, for the purposes of proceedings provided for by the law, as well as for the fulfilment of other obligations imposed on the Controller under universally applicable regulations. Legitimate interests pursued by the Operator in relation to the processing of personal data on the basis of Article 6(1)(f) of the GDPR are also the conduct of correspondence, archiving of correspondence and documentation related to the services provided, and direct marketing of its own products and services.
  3. Recipients of personal data processed by the Operator are the Operator's business partners, hosting companies, software providers, marketing agencies, Internet and card payment operators, accounting offices, law firms and other entities, to which the Operator entrusts AP personal data or makes them available on the basis of an appropriate agreement for the purpose of providing services.
  4. IdoBooking transfers personal data outside the European Economic Area - to the USA. The entity to which the data is transferred is a member of the EU-US Data Privacy Framework. By decision of the European Commission, personal data can be securely transferred from the EU

to US companies participating in the aforementioned programme, without the need for additional data protection safeguards.

  1. IdoBooking providers declare that they may transfer personal data outside the European Economic Area, such as to the USA. If a country has not been recognised by the European Commission as providing an adequate level of protection for personal data, the provider implements appropriate safeguards to ensure an adequate level of data protection. These include, in particular, standard contractual clauses approved by the European Commission and binding corporate rules approved by the relevant supervisory authority.
  2. The Operator will store AP's personal data until the expiry of the statute of limitations for claims arising from the concluded contract or for the period required by separate regulations on tax and accounting obligations - whichever period ends later. After the expiry of this period, the Customer's personal data will be processed by the Operator on the basis of Article 6(1)(f) of the GDPR, i.e. for the purposes resulting from the Operator's legitimate interests, such as possible defence, investigation or establishment of claims, as well as for the purposes of marketing campaigns.
  3. APs have the right to request from the Operator access to their personal data, rectification, erasure or restriction of processing, as well as the right to object to processing and the right to data portability.
  4. The right to data portability allows data subjects to access their personal data in a structured, commonly used and machine-readable format and to transmit it to another controller without hindrance from the original controller. This right is available in situations where the legal basis for the processing is:

the consent of the data subject (Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR), or
the performance of a contract to which the data subject is party (Article 6(1)(b) GDPR). Data covered by the right to portability must be processed by technical means, e.g. in IT systems. This right does not apply to data processed in paper form. This right only covers personal data that the person has provided to the controller, such as data entered during account registration, data in online forms or data collected during the use of services (e.g. purchase history, user preferences). The data subject may request that the data be transferred directly to another controller if this is technically possible. The right to data portability does not affect the rights and freedoms of others - if the rights of others could be affected by the data portability, the controller may limit the scope of the portability. The right to data portability does not extend to situations where the processing is based on a legal ground other than consent or contract, e.g. a legal obligation of the controller or a task carried out in the public interest.

  1. AP has the right to lodge a complaint with the supervisory authority, which is the President of the Office for Personal Data Protection.
  2. The provision of personal data by AP is a contractual requirement and is voluntary but necessary for the performance of the Service. Failure to provide personal data prevents AP from joining the Partner Programme.