Information concerning the processing of personal data for Clients (including their employees designated to contact IdoBooking sp. z o. o.).

Information regarding the processing of personal data for Customers (including their employees designated to contact IdoBooking sp. z o. o.).

1. The controller of the Customers' personal data is IdoBooking sp. z o. o. (also referred to as the "Operator") with its registered office at 30 Piastów Avenue, 71-064 Szczecin, entered in the register of entrepreneurs kept by the District Court Szczecin-Centrum in Szczecin, XIII Business Division of the National Court Register under the number 00001118562 NIP: 8522710288; REGON: 529324888; with a share capital of PLN 200,000.00. IdoBooking may be contacted by e-mail: sales@idobooking.com and by phone: +48 91 443 66 00.
2. The Data Protection Inspector of IdoBooking is Rafał Malujda, e-mail address: gdpr- inspector@idobooking.com.
3. The processing of the personal data provided by Customers during the activation of the Service, including the data of the persons signing the contract and indicated for its execution (regardless of whether the contact data of these persons such as e-mail or telephone number was obtained from these persons directly or through the Customer) is carried out on the basis of Art. 6 (1) lit. b, c or f GDPR for the purposes of providing services by IdoBooking, including for the purpose of concluding and performing contracts concluded with IdoBooking Customers, as well as for the purpose of correct and full performance of the ordered service and fulfilment of legal obligations incumbent on IdoBooking, e.g. for the purpose of fulfilling demands of inspection authorities, courts, public prosecutor's office, for the purposes of proceedings provided for by the law, as well as for the purpose of fulfilling other obligations imposed on the Controller by universally binding regulations. Legitimate interests pursued by the Operator in relation to the processing of personal data on the basis of Article 6(1)(f) GDPR are also the conduct of correspondence, archiving of correspondence and documentation related to the services provided, and direct marketing of its own products and services.
4. On the basis of Article 6(1)(b) and (f) GDPR, the Operator processes the Customer's personal data in the form of profiling of the Customer's online shops and accommodation facilities for customer service and marketing. The profiling of personal data consists of its use to analyse or forecast the Customer's needs and preferences and interests related to the Operator's offer. Its purpose is to enable the Operator to offer the Customer services and products tailored to the Customer's needs and preferences. As a consequence of profiling, the Customer may become acquainted with the Operator's offer that fulfils his/her current needs and preferences. The Operator does not make automated decisions with regard to the Customer on the basis of profiling as referred to in Article 22(1) and (4) of the GDPR.
5. Recipients of the personal data processed by IdoBooking are IdoBooking's business partners, hosting companies, software providers, marketing agencies, online and card payment operators, accounting firms, law firms and other entities to whom IdoBooking entrusts personal data or makes them available on the basis of an appropriate agreement for the purpose of providing services.
6. IdoBooking transfers personal data outside the European Economic Area - to the USA. The entity to which the data is transferred is a member of the EU-US Data Privacy Framework. By decision of the European Commission, personal data can be transferred securely from the EU to US companies participating in the aforementioned programme, without the need for additional data protection safeguards.
7. IdoBooking providers declare that they may transfer personal data outside the European Economic Area, e.g. to the USA. If a country has not been recognised by the European Commission as providing an adequate level of protection for personal data, the provider implements appropriate safeguards to ensure an adequate level of data protection. These include, in particular, standard contractual clauses approved by the European Commission and binding corporate rules approved by the competent supervisory authority.
8. Personal data will be stored until the expiry of the statute of limitations for claims arising from the contract/provided service or for the period required by separate regulations on tax and accounting obligations - whichever period ends later. After the expiry of this period, personal data will be processed by the Operator on the basis of Article 6(1)(f) GDPR, i.e. for the purposes resulting from the legitimate interests pursued by IdoBooking such as possible defence, investigation or establishment of claims, as well as for the purposes of marketing campaigns conducted.
9. The Customer has the right to request from IdoBooking access to their personal data, rectification, erasure or restriction of processing, as well as the right to data portability.
10. The right to data portability allows data subjects to access their personal data in a structured, commonly used and machine-readable format and to transmit it to another controller without hindrance from the original controller. This right is available in situations where the legal basis for the processing is:

the consent of the data subject (Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR), or
the performance of a contract to which the data subject is party (Article 6(1)(b) GDPR). Data covered by the right to portability must be processed by technical means, e.g. in IT systems. This right does not apply to data processed in paper form. This right only covers personal data that the person has provided to the controller, such as data entered during account registration, data in online forms or data collected during the use of services (e.g. purchase history, user preferences). The data subject may request that the data be transferred directly to another controller if this is technically possible. The right to data portability does not affect the rights and freedoms of others - if the rights of others could be affected by the data portability, the controller may limit the scope of the portability. The right to data portability does not extend to situations where the processing is based on a legal ground other than consent or contract, e.g. a legal obligation of the controller or a task carried out in the public interest.
The Customer has the right to object at any time - on grounds relating to his/her particular situation - to the processing of personal data concerning him/her based on Article 6(1)(e) or (f), including profiling on the basis of these provisions. # The Operator shall no longer be permitted to process such personal data unless the Operator demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims.

1. If the personal data are processed for direct marketing purposes, the Customer has the right to object at any time to the processing of personal data concerning him/her for such marketing, including profiling, to the extent that the processing is related to such direct marketing.
2. If the Operator's processing of personal data is based on the consent given by the Customer, as referred to in Article 6(1)(a) of the GDPR, the Customer has the right to withdraw the consent at any time without affecting the lawfulness of the processing performed on the basis of the consent before its withdrawal.
3. The Customer has the right to lodge a complaint to the supervisory authority, which is the President of the Office for Personal Data Protection.
4. The provision of personal data by the Customer is a contractual requirement and is voluntary, but necessary for the performance of the Service. Failure to provide personal data will result in an inability to provide the Service.