Information on personal data processing for Partners and Contractors

Information regarding the processing of personal data for Partners and Contractors (including their employees designated to contact IdoBooking sp. z o. o.)

1. The Controller of the personal data of Partners and Contractors is IdoBooking sp. z o. o. (also referred to as the "Operator") with registered office at 30 Piastów Avenue, 71-064 Szczecin, entered into the Register of Entrepreneurs kept by the District Court Szczecin- Centrum in Szczecin, XIII Commercial Division of the National Court Register under the number 00001118562 NIP: 8522710288; REGON: 529324888; with share capital of PLN 200,000.00. IdoBooking may be contacted by e-mail: sales@idobooking.com and by phone: +48 91 443 66 00.
2. The Data Protection Supervisor at IdoBooking is Rafał Malujda, e-mail address: gdpr- inspector@idobooking.com.
3. The processing of personal data provided by Partners and Contractors, including the data of persons signing the contract and indicated for its execution (regardless of whether the contact details of these persons such as e-mail or telephone number were obtained from these persons directly or through a Partner/Contractor), is carried out on the basis of:

Article 6(1)(b) of the GDPR, i.e. for the purposes of the performance of the cooperation on the basis of the contract concluded, the provision by IdoBooking of the services performed in accordance with the order granted, including for accounting purposes, contact purposes, making settlements, and other activities directly related to the subject matter of the contract,
Article 6(1)(c) of the GDPR for purposes relating to the performance of regulatory obligations. where processing is necessary for compliance with a legal obligation incumbent on the Controller,
Article 6(1)(f) GDPR, i.e. for the purposes of correspondence/contact with the Partner/Contractor (including potential ones), as well as for the purposes of archiving correspondence and documentation related to the services provided and for the purposes of direct marketing of the Controller's own products and services, e.g. sending a newsletter, which constitutes legitimate interests pursued by the Controller.

1. Recipients of personal data processed by IdoBooking are IdoBooking's business partners, hosting companies, software providers, marketing agencies, Internet and card payment operators, accounting offices, law firms and other entities, to whom IdoBooking entrusts personal data or makes them available on the basis of an appropriate agreement for the purpose of providing services.
2. IdoBooking transfers personal data outside the European Economic Area - to the USA. The entity to which the data is transferred is a member of the EU-US Data Privacy Framework. By decision of the European Commission, personal data can be securely transferred from the EU to US companies participating in the aforementioned programme, without the need for additional data protection safeguards.
3. IdoBooking providers declare that they may transfer personal data outside the European Economic Area, such as to the USA. If a country has not been recognised by the European Commission as providing an adequate level of protection for personal data, the provider implements appropriate safeguards to ensure an adequate level of data protection. These include, in particular, standard contractual clauses approved by the European Commission and binding corporate rules approved by the competent supervisory authority.
4. Personal data will be stored until the expiry of the statute of limitations for claims arising from the contract/provided service or for the period required by separate regulations on tax and accounting obligations - whichever period ends later. After the expiry of this period, personal data will be processed by the Operator on the basis of Article 6(1)(f) GDPR, i.e. for the purposes resulting from the legitimate interests pursued by IdoBooking such as possible defence, investigation or establishment of claims, as well as for the purposes of marketing campaigns conducted.
5. Partners and Contractors have the right to request from IdoBooking access to their personal data, rectification, erasure or restriction of processing, as well as the right to data portability.
6. The right to data portability allows Data Subjects to access their personal data in a structured, commonly used and machine-readable format and to transmit it to another controller without hindrance from the original controller. This right is available in situations where the legal basis for the processing is:

the consent of the data subject (Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR), or
the performance of a contract to which the data subject is party (Article 6(1)(b) GDPR). Data covered by the right to portability must be processed by technical means, e.g. in IT systems. This right does not apply to data processed in paper form. This right only covers personal data that the person has provided to the controller, such as data entered during account registration, data in online forms or data collected during the use of services (e.g. purchase history, user preferences). The data subject may request that the data be transferred directly to another controller if this is technically possible. The right to data portability does not affect the rights and freedoms of others - if the rights of others could be affected by the data portability, the controller may limit the scope of the portability. The right to data portability does not extend to situations where the processing is based on a legal ground other than consent or contract, e.g. a legal obligation of the controller or a task carried out in the public interest.

1. The Partner and Contracting Party has the right to object at any time - on grounds relating to their particular situation - to the processing of personal data concerning them based on Article 6(1)(f) of the GDPR including profiling on the basis of these provisions. IdoBooking will no longer be allowed to process this personal data unless it demonstrates the existence of valid legitimate grounds for the processing, overriding the interests, rights and freedoms of the Partner or Contractor or grounds for establishing, asserting or defending claims.
2. If personal data is processed for the purposes of direct marketing, the Partner or Contractor has the right to object at any time to the processing of personal data concerning it for such marketing, including profiling, to the extent that the processing is related to such direct marketing. If an objection is raised, the personal data may no longer be processed for such purposes.
3. The Partner and Contractor has the right to lodge a complaint with the supervisory authority, which is the President of the Office for Personal Data Protection.
4. The provision of personal data by the Partner and Contractor is a contractual requirement and is voluntary, but necessary for the provision of the service. Failure to provide personal data will result in the inability to provide the Service.