This document contains general information related to the handling of information collected by entities who are customers of IdoBooking Sp. z.o.o. and who use the IdoBooking system. Detailed information regarding the processing of personal data can be found in the Privacy Policy of the IdoBooking Sp. z.o.o. websites and in the Terms of Service of IdoBooking.

IdoBooking Sp. z.o.o. with its registered office in Szczecin provides IdoBooking software for managing online bookings of accommodation facilities. We know that the information stored in our systems is the property of our customers, which is why we pay great attention and care to security and confidentiality. All customer data stored in the databases is considered confidential. Information collected through contact forms, orders for demonstration materials, etc. is used for marketing purposes and to prepare commercial offers.

All employees or persons cooperating with IdoBooking Sp. z.o.o., before gaining access to confidential data, sign personal Non-Disclosure of Confidential Information (NDA) agreements, which oblige them to keep the acquired information confidential forever, even after termination of cooperation. Under these agreements, it is prohibited for these persons to share confidential information themselves, under penalty of full legal and material liability for such acts. It is forbidden to duplicate data and to store it on the private media of employees and collaborators.

Selected employees of IdoBooking Sp. z.o.o. have access to IdoBooking administrative panels. Each access to a customer’s administrative panel is recorded in an event log. It is internal policy to visit the administrative panels of supported customers for the sole purpose of commercial or technical advice. Selected employees of IdoBooking Sp.z.o.o. also have access to backups that they can use to restore lost data or undo harmful changes. If a particular IdoBooking module provides a history of changes to be saved, then changes made by support staff are marked as ‘Support IdoBooking’.

The data of different customers is stored in databases and directories independent of each other. Different customers do not have access to data stored by another entity. When dedicated servers are used, they use independent physical servers or virtualised dedicated servers obtained by dividing the full computing power of the server into fixed, smaller parts.

IdoBooking Sp. z.o.o. collects the history of events (logs) of customers using IdoBooking. We do so only for the purpose of proper server administration and statistical research, in particular – analysing statistics and measuring traffic generated by individual customers. The web server logs after the statistics are generated are not further collected or processed.

IdoBooking has the SSL protocol enabled, the use of which is enforced when using the administration panel. If the customer does not order their own, additionally paid SSL certificate then an SSL certificate is used. This certificate must be up-to-date (with no expired period) and signed by the authorisation centre. If you suspect that someone is using a dummy to intercept your password (so-called phishing), please check your SSL certificate details.

Employees of IdoBooking Sp. z.o.o. contact a guest of an accommodation facility only at the express request of the owner and in situations when the information provided by the customer is inconsistent or does not allow us to determine the source of the problem. If the contact is made in a form other than IdoBooking messages, the staff may request additional identification data or refuse to carry out a request made by a person other than the owner, e.g. a request for additional rights made by an employee over the phone.

IdoBooking Sp. z.o.o. may use the data provided to the contact at the BOK for marketing purposes, to present new products and solutions which, in the opinion of IdoBooking Sp. z.o.o. employees, may contribute to an increase in sales or are beneficial to the customer.

It is forbidden and technically impossible to provide access to the customer’s administrative panel in such a way that the customer cannot see this in the log-in log and user database.

IdoBooking Sp. z.o.o. shall not be liable for the mistakes of persons using IdoBooking if, due to their fault, the rules of confidentiality of the collected information are not observed. In particular, we discourage the use of a single user account of the administrative panel, saving and giving the password to the public. We also do not recommend sending passwords via the Internet in the form of e-mails and using instant messengers.

The IdoBooking Sp. z.o.o. company may disclose the data of customers booking accommodation through IdoBooking only to duly authorised state authorities upon duly motivated request. Unless otherwise stipulated by the government authorities requesting information, the customer will be informed immediately upon receipt of the request.

IdoBooking Sp. z.o.o. is not responsible for the implementation and form of the privacy policy on third-party websites. In particular, we are not responsible for the collection of information by entities such as shopping arcades, price comparison engines, auction systems, payment intermediaries or offer aggregation systems. The use of third-party websites is based on the security policies of these companies and the owner’s voluntary adherence to these systems.

IdoBooking Sp. z.o.o. advises users who share a computer with others to use the logout option after booking a selected place of accommodation, so that others will not be able to view the account settings in any way or use them in a manner contrary to the owner’s will. In order to delete information stored in the browser’s cache, we recommend deleting the history of pages opened and deleting files stored in the cache.

§1. General information

1. This privacy and cookies policy governs the processing of personal data, collection and use of information about users of the IdoBooking sp. z o.o. websites. (hereinafter: “IdoBooking”), including customers, contractors and partners of IdoBooking sp. z o.o. using IdoBooking
   • This policy shall apply to all websites operated by IdoBooking z o.o. with its registered office in Szczecin, unless the terms and conditions of a given website provide otherwise.

§2. Personal data

1. The controller of the personal data is IdoBooking z o.o. with its seat in Szczecin, Piastów 30, 71-064 Szczecin, tel. +48 91 443 66 00, fax +48 91 443 66 01, sales@idobooking.com, hereinafter: “IdoBooking”.
2. The Data Protection Inspector of IdoBooking is Rafał Malujda, e-mail address: gdpr- inspector@idobooking.com.
3. Personal data collected by IdoBooking shall be processed in accordance with the principles set out in the personal data protection legislation, including Regulation (EU) 2016/679 of the European Parliament and ofthe Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) and in Polish regulations issued in connection with GDPR, including the Act of 10 May 2018 on personal data protection. IdoBooking shall keep personal data confidential and secure it from unauthorised access by third parties under the terms of the aforementioned legal acts.
4. IdoBooking offers the IdoBooking system dedicated to establishments wishing to conduct accommodation bookings and term rentals of various things (e.g. cars or boats). In order to manage the content published on the website, improve contact and understand the needs of our current and potential customers visiting our pages, access to some information requires prior registration and As part of its activities, IdoBookingcollects and processes personal data:
   • for the purpose of concluding and performing contracts concluded with IdoBooking Users, including the data of persons signing the Contract and indicated for its performance and also for the purpose of correct and full performance of the ordered service and fulfilment of legal obligations incumbent on IdoBooking, e.g. in order to comply with requests from control bodies, courts, public prosecutor’s office, for the purposes of proceedingsprovided for by law, and to fulfil other obligations imposed on the Controller under generally applicable provisions of law (legal basis: Article 6(1)(b) GDPR, Article 6(1)(f) GDPR, Article 6(1)(c) GDPR);
   • for the purpose of sending commercial information (newsletter) to the e-mail address provided by the User in the case of consent to receive commercial information by e-mail, as well as for other purposes related to directmarketing of products and services (legal basis 6(1)(f) GDPR);
   • for purposes arising from the legitimate interests pursued by IdoBooking: for analytical purposes, statisticalpurposes, for the purpose of answering a question contained in a contact form and for the purpose of ensuring the ICT security of related to the services administered by IdoBooking (legal basis Article 6(1)(f) GDPR);
   • for the purpose of improving the standards of service at IdoBooking and for the purpose of safeguarding the interests of callers (legal basis Article 6(1)(a) GDPR i.e. consent given by continuing the telephone call and remaining on the telephone line).

§2.1 Purpose of data collection – details for logged-in IdoBooking users

1. By logging in to the IdoBooking websites, the User gains access to all materials including, for example, technical specifications, documentation, demo systems, screenshots and videos, normally inaccessible to non-logged-in users. The User’s activity data is collected and used to contact the User again by email, throughmessages or by These contacts are made via Marketing Automation systems (sending advice on content in which the User was interested) or newsletters with updates on products in which the User was interested since logging in.
2. Personal data of IdoBooking Users is processed by IdoBooking in order to improve its services, to present the best possible offer, to conclude online transactions. This scope includes:
   • the creation of anonymised and aggregated reports and analyses aimed at increasing the usefulness of the services provided;
   • the analysis, over time, of the preferences regarding the range of services of interest to the User, in order to provide the best possible commercial support and in the use of IdoBooking;
   • providing users with optional offers for the use of IdoBooking;
   • promoting and selling IdoBooking systems and additional services, including educational services such as webinars or training courses; and
   • checking that Users do not infringe IdoBooking’s intellectual property in the
3. IdoBooking carries out processing of the User’s personal data in the form of profiling for User service and The Operator does not make automated decisions towards the User on the basis of profiling as referred to in Article 22(1) and (4) of the GDPR.

§2.2 Data subject rights

The processing of personal data is carried out on a voluntary basis; however, depending on the circumstances, arefusal to provide data or a request for deletion of data may prevent IdoBooking, for example, from correctly and fully performing the requested service. If you do not agree to the recording of conversations, please contact us via anothercommunication channel, e.g. email or letter. You have the right of access to your personal data; the right to rectification; erasure or restriction of processing; the right to data portability; the right to object if the processing isbased on Article 6(1)(f) of the GDPR, and the right to withdraw consent to the processing of personal data in the case of call recording.

§2.3 Right to lodge a complaint

You have the right to lodge a complaint relating to the Controller’s processing of your personal data with the President of the Data Protection Authority.

§2.4 Period of processing

The data shall be stored for the duration of the contract and after its termination for the period resulting from the provisions on archiving and limitation of claims, as well as until the relevant legitimate interests pursued by theController are realised (such as possible defence, investigation or establishment of claims, as well as for the purposes of marketing campaigns conducted). We will continue to send you newsletters and other similar information until you withdraw your consent to receive commercial information by electronic means / raise an objection in this respect.

§2.4.1 Details for logged-in IdoBooking users

Data relating to the User, including personal data, will be stored for no longer than necessary in connection with theUser’s use of the IdoBooking CRM or the performance of the service (e.g. complaints handling) – in any case for no longer than required by separate regulations. With regard to the User’s use ofthe messaging system, the personal data contained in the messages will be stored by IdoBooking indefinitely due toIdoBooking’s inability to interfere with the content of the messages, and due to the need to provide a secure and safe way of contacting Users. This constitutes the fulfilment of a legitimate interest for IdoBooking and is the legal basis for the processing of personal data in the messaging system (Art.6(1)(f) GDPR). Personal data of persons logging on toIdoBooking websites will also be stored by IdoBooking indefinitely due to the necessity to establish, assert or defend claims related to the protection of IdoBooking’s intellectual property for the period resulting from the regulations on archiving and limitation of claims, as well as for the time of realization of the relevant legitimate interests pursued by the Controller (such as possible defense, investigation or establishment of claims related to the protection ofIdoBooking’s intellectual property – in any case for no longer than required by separate regulations. This constitutes the exercise of a legitimate interest for IdoBooking and is the legal basis for the processing of personal data (Art. 6(1)(f) GDPR).

§2.5  Recipients of personal data

Recipients of the personal data processed by IdoBooking are IdoBooking’s business partners, hosting companies, software providers, marketing agencies, online and card payment operators, accounting firms, law firms and otherentities to whom IdoBooking entrusts personal data or makes it available on the basis of an appropriate contract for the purpose of providing services.

IdoBooking transfers personal data outside the European Economic Area – to the USA. The entity to which the data is transferred is a member of the EU-US Data Privacy Framework. By decision of the European Commission, personal data can be securely transferred from the EU to US companies participating in the aforementioned programme, without the need for additional data protection safeguards.

IdoBooking providers declare that they may transfer personal data outside the European Economic Area, such as to the USA. If a country has not been recognised by the European Commission as providing an adequate level of protection for personal data, the provider implements appropriate safeguards to ensure an adequate level of data protection. These include in particular standard contractual clauses approved by the European Commission and binding corporate rules approved by the competent supervisory authority.

§2.6 Voluntary data provision

The provision of personal data by the User is a contractual requirement and is voluntary, but necessary for the use of the IdoBooking websites. Failure to provide personal data will result in inability to use the IdoBooking websites.

§3 Cookies

1. In order to ensure the smooth functioning of the IdoBooking Websites, including the IdoBooking CRM, after the User’s use of this system, IdoBooking uses a commonly used mechanism based on so-called “cookies” to better identify the User.
2. The legal basis for the processing of personal data derived from cookies is the legitimate interests ofIdoBooking in ensuring high quality and secure services, the correct functioning of the website, the configuration of the website, security and reliability of the website, monitoring of session status or analysis, statistics, research and audit of website impressions and the display of personalised advertising.
3. There are two types of cookies:
   • Own cookies, e. those that are handled by IdoBooking,
   • and third-party cookies, operated by a third party on behalf of
4. The storage period of cookies on the User’s mobile device or mobile computer may vary depending on the cookie. Some cookies are session cookies, i.e. they exist while the User’s browser is open. They are deleted as soon as the browser is closed. There are also persistent cookies, i.e. cookies that are not deleted when the browser is closed, usually used to recognise the User’s computer or other device.

5. The cookies used by IdoBooking can be divided into:
   • Essential cookies – contribute to the usability of the website by enabling basic functions such as websitenavigation and access to secure areas of the The website cannot function properly without these cookies. This type of cookie will always be enabled.
   • Preference cookies allow the website to remember information that changes the look or function of the website, such as your preferred language or the region in which you are
   • Statistical cookies help website owners understand how different users behave on the site by collecting and reporting anonymous information.
   • Marketing cookies are used to track users on websites. The aim is to display advertisements that are relevant and interesting to individual users and thus more valuable to third-party publishers and advertisers.
6. The user of the IdoBooking websites has the option to:
   • Personalise the cookie settings, including rejecting all but essential cookies;
   • Accept all
7. The User may, independently and at any time, change the settings concerning “cookies” concerning preferences, statistical and marketing, including blocking them completely, specifying the conditions for storing and accessing by “cookies” to the User’s device. You can change these settings using your browser settingsand by clicking on the widget located in the bottom left-hand corner of the website. However, such a change may result in incorrect operation of IdoBooking including not allowing viewing of content available only to logged-in Users. These settings may be changed, in particular, in such a way as to block the automatic handling of “cookies” in the web browser settings or inform on their each time they are placed on the User’s Detailed information on the possibility and ways of handling “cookies” is available in the settings of yoursoftware (web browser) and in the widget located in the lower left corner of the website.
8. IdoBooking may use individual, invisible pixels embedded in the Website in order to recognise a returning and collect information about new preferences of the User.
9. Cookies and pixel calling are commonly used on the Internet and are completely safe for the User. The User isin no way at risk of his/her device becoming infected with a virus or installing unwanted or malicious software.
10. The Users’ personal data is stored in a database in which technical and organisational measures have beentaken to ensure the protection of the processed data in accordance with the requirements set out in the applicable legislation.

§4 Final provisions

1. For the purposes of the reports it prepares, IdoBooking shall have the right to use the User’s information only in an aggregated manner that does not allow for the identification of the
2. Any changes made to the Privacy Policy in the future will be published on the IdoBooking websites. You are advised to check the IdoBooking websites regularly for updates to this Privacy Policy and cookies. If you do not accept our Privacy Policy or changes to the Privacy Policy, you should stop using the IdoBooking websites.

1. The controller of the Candidate’s personal data is IdoBooking z o. o. (also referred to as the “Operator”) with its registered office at 30 Piastów Avenue, 71-064 Szczecin, entered in the Register of Entrepreneurs kept by the District Court Szczecin-Centrum in Szczecin, XIII Economic Division of the National Court Register under the number 00001118562 NIP: 8522710288; REGON: 529324888; with the share capital of PLN 200,000.00. IdoBooking may be contacted by e-mail: sales@idobooking.com and by phone: +48 91 443 66 00.
2. The Data Protection Inspector at IdoBooking is Rafał Malujda, e-mail address: gdpr- inspector@idobooking.com.
3. Personal data shall be processed for the purpose of establishing and performing cooperation on the basis of a civil law contract (natural person, individual conducting business activity). Personal data will be processed, in writing and in electronic systems, on the basis of:
   • Article 6(1)(b) GDPR – processing is necessary for the conclusion and performance of a contract to which the data subject is a party,
   • Article 6(1)(c) and Article 9(2)(b) GDPR, i.e. where the processing is necessary for the fulfillment of a legal obligation incumbent on the employer and the processing is necessary for the fulfillment of obligations and the exercise of specific rights by the controller or the data subject in the field of labour law, social security and social protection, including in connection with the performance of obligations imposed by:

1. Article 112 of the Value Added Tax Act, e. the obligation to keep records maintained for the purposes of accounting for value added tax and all documents related to such accounting,
2. Article 71 et seq. of the Accounting Act, i.e. the obligation to keep accounting records, in particular accounting evidence,
3. Article 22(1c)-22(1f) in connection with Article 22(1h) of the Labour Code, i.e. the performance of sobriety checks;

• Article 6(1)(a) of the GDPR, i.e. on the basis of the consent given for the purposes specified each time in the consent forms provided, in particular for the purposes of providing employee benefits and training declared by the cooperating person, processing of the image for promotional, advertising, information purposes, building the company’s image and brand,
• Article 6(1)(f) GDPR – processing is necessary for the purposes of the legitimate interests pursued by the controller, viz:
  1. conducting video surveillance at the Controller’s premises,
  2. conducting telephone call recording in order to increase security and improve the quality of services provided, safeguarding the legal interest of the person whose personal data has been recorded in the telephone call recording system and of the Controller in the event of a legal need to prove facts, for possible defence,
  3. to organise training courses,
  4. to control the performance of remote

4. Recipients of the personal data processed by IdoPayments are IdoPayments’ business partners, hosting companies, software providers, marketing agencies, Internet and card payment operators, accounting offices, law firms and other entities to which IdoPayments entrusts the personal data of the persons cooperating or makes them available on the basis of the relevant agreement for the purpose of provision for the period necessary for the performance of the agreement, and after its termination or expiration – for the obligatory period of archiving the documentation, established by separate regulations, taking into account the period of limitation of claims.
5. IdoPayments transfers personal data outside the European Economic Area – to the USA. The entity to which the data is transferred is a member of the EU-US Data Privacy Framework programme. By decision of the European Commission, personal data can be transferred securely from the EU to US companies participating in the aforementioned programme, without the need for additional data protection safeguards.
6. IdoPayments providers declare that they can transfer personal data outside the European Economic Area, such as to the USA. If a country has not been recognised by the European Commission as providing an adequate level of protection for personal data, the provider implements appropriate safeguards to ensure an adequate level of data protection. These include, in particular, standard contractual clauses approved by the European Commission and binding corporate rules approved by the competent supervisory authority.
7. The controller will keep the personal data of the co-operator until the expiry of the limitation period for claims arising from the concluded contract or for the period required by separate regulations on tax and accounting obligations – whichever period ends later. After the expiry of this period, the personal data of the Cooperating Person will be processed by the Operator on the basis of Article 6(1)(f) of the GDPR, i.e. for the purposes resulting from the legally justified interests pursued by the Operator, such as possible defence, investigation or establishment of claims, as well as for the purposes of marketing campaigns.
8. The Cooperating Person has the right to request from the Operator access to their personal data, rectification, erasure or restriction of processing, as well as the right to data portability and the right to withdraw consent at any time without affecting the lawfulness of the processing performed on the basis of consent before its withdrawal.
9. The right to data portability allows data subjects to have access to their personal data in a structured, commonly used and machine-readable format and to have it transferred to another controller without hindrance from the original controller. This right is available in situations where the legal basis for the processing is:
   • the consent of the data subject (Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR), or
   • the performance of a contract to which the data subject is a party (Article 6(1)(b) GDPR). Data covered by the right to portability must be processed by technical means, g. in IT systems. This right does not apply to data processed in paper form. This right only covers personal data that the person has provided to the controller, such as data entered during account registration, data in online forms or data collected during the use of services (e.g. purchase history, user preferences). The data subject may request that the data be transferred directly to another controller if this is technically possible. The right to data portability does not affect the rights and freedoms of others – if the rights of others could be affected by the data portability, the controller may limit the scope of the portability. The right to data portability does not extend to situations where the processing is based on a legal ground other than consent or contract, e.g. a legal obligation of the controller or a task carried out in the public interest.
10. The cooperating person has the right to lodge a complaint to the supervisory authority, which is the President of the Office for Personal Data Protection, if the cooperating person considers that the processing of his/her personal data by the Controller violates the provisions on personal data protection.
11. Provision of personal data is voluntary, however, failure to do so will result in the impossibility to conclude and perform the contract.

1. The controller of the Customers’ personal data is IdoBooking z o. o. (also referred to as the “Operator”) with its registered office at 30 Piastów Avenue, 71-064 Szczecin, entered in the register of entrepreneurs kept by the District Court Szczecin-Centrum in Szczecin, XIII Business Division of the National Court Register under the number 00001118562 NIP: 8522710288; REGON: 529324888; with a share capital of PLN 200,000.00. IdoBooking may be contacted by e-mail: sales@idobooking.com and by phone: +48 91 443 66 00.
2. The Data Protection Inspector of IdoBooking is Rafał Malujda, e-mail address: gdpr- inspector@idobooking.com.
3. The processing of the personal data provided by Customers during the activation of the Service, including the data of the persons signing the contract and indicated for its execution (regardless of whether the contact data of these persons such as e-mail or telephone number was obtained from these persons directly or through theCustomer) is carried out on the basis of Art. 6 (1) lit. b, c or f GDPR for the purposes of providing services by IdoBooking, including for the purpose of concluding and performing contracts concluded with IdoBooking Customers, as well as for the purpose of correct and full performance of the ordered service and fulfilment of legal obligations incumbent on IdoBooking, e.g. for the purpose of fulfilling demands of inspection authorities, courts, public prosecutor’s office, for the purposes of proceedings provided for by the law, as well as for the purpose of fulfilling other obligations imposed on the Controller by universally binding Legitimateinterests pursued by the Operator in relation to the processing of personal data on the basis of Article 6(1)(f) GDPR are also the conduct of correspondence, archiving of correspondence and documentation related to the services provided, and direct marketing of its own products and services.
4. On the basis of Article 6(1)(b) and (f) GDPR, the Operator processes the Customer’s personal data in the form of profiling of the Customer’s online shops and accommodation facilities for customer service and The profiling of personal data consists of its use to analyse or forecast the Customer’s needs and preferences and interests related to the Operator’s offer. Its purpose is to enable the Operator to offer the Customer services and products tailored to the Customer’s needs and preferences. As a consequence of profiling, the Customer may become acquainted with the Operator’s offer that fulfils his/her current needs and preferences. The Operator does not make automated decisions with regard to the Customer on the basis of profiling as referred to in Article 22(1) and (4) of the GDPR.
5. Recipients of the personal data processed by IdoBooking are IdoBooking’s business partners, hosting companies, software providers, marketing agencies, online and card payment operators, accounting firms, law firms and other entities to whom IdoBooking entrusts personal data or makes them available on the basis of an appropriate agreement for the purpose of providing services.
6. IdoBooking transfers personal data outside the European Economic Area – to the USA. The entity to which the data is transferred is a member of the EU-US Data Privacy Framework. By decision of the European Commission, personal data can be transferred securely from the EU to US companies participating in the aforementioned programme, without the need for additional data protection safeguards.

7. IdoBooking providers declare that they may transfer personal data outside the European Economic Area, e.g. to the USA. If a country has not been recognised by the European Commission as providing an adequate level of protection for personal data, the provider implements appropriate safeguards to ensure an adequate level of data protection. These include, in particular, standard contractual clauses approved by the European Commission and binding corporate rules approved by the competent supervisory authority.
8. Personal data will be stored until the expiry of the statute of limitations for claims arising from the contract/provided service or for the period required by separate regulations on tax and accounting obligations – whichever period ends later. After the expiry of this period, personal data will be processed by the Operator on the basis of Article 6(1)(f) GDPR, e. for the purposes resulting from the legitimate interests pursued by IdoBooking such as possible defence, investigation or establishment of claims, as well as for the purposes of marketing campaigns conducted.
9. The Customer has the right to request from IdoBooking access to their personal data, rectification, erasure or restriction of processing, as well as the right to data portability.
10. The right to data portability allows data subjects to access their personal data in a structured, commonly used and machine-readable format and to transmit it to another controller without hindrance from the original This right is available in situations where the legal basis for the processing is:
    • the consent of the data subject (Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR), or
    • the performance of a contract to which the data subject is party (Article 6(1)(b) GDPR). Data covered by the right to portability must be processed by technical means, g. in IT systems. This right does not apply to data processed in paper form. This right only covers personal data that the person has provided to the controller, such as data entered during account registration, data in online forms or data collected during the use of services (e.g. purchase history, user preferences). The data subject may request that the data be transferred directly to another controller if this is technically possible. The right to data portability does not affect the rights and freedoms of others – if the rights of others could be affected by the data portability, the controller may limit the scope of the portability. The right to data portability does not extend to situations where the processing is based on a legal ground other than consent or contract, e.g. a legal obligation of the controller or a task carried out in the public interest.
11. The Customer has the right to object at any time – on grounds relating to his/her particular situation – to the processing of personal data concerning him/her based on Article 6(1)(e) or (f), including profiling on the basis of these provisions. The Operator shall no longer be permitted to process such personal data unless the Operator demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims.
12. If the personal data are processed for direct marketing purposes, the Customer has the right to object at any time to the processing of personal data concerning him/her for such marketing, including profiling, to the extent that the processing is related to such direct
13. If the Operator’s processing of personal data is based on the consent given by the Customer, as referred to in Article 6(1)(a) of the GDPR, the Customer has the right to withdraw the consent at any time without affecting the lawfulness of the processing performed on the basis of the consent before its withdrawal.

14. The Customer has the right to lodge a complaint to the supervisory authority, which is the President of the Office for Personal Data Protection.
15. The provision of personal data by the Customer is a contractual requirement and is voluntary, but necessary for the performance of the Service. Failure to provide personal data will result in an inability to provide the Service.

1. The Controller of the personal data of Partners and Contractors is IdoBooking sp. z o. o. (also referred to as the “Operator”) with registered office at 30 Piastów Avenue, 71-064 Szczecin, entered into the Register of Entrepreneurs kept by the District Court Szczecin- Centrum in Szczecin, XIII Commercial Division of theNational Court Register under the number 00001118562 NIP: 8522710288; REGON: 529324888; with share capital of PLN 200,000.00. IdoBooking may be contacted by e-mail: sales@idobooking.com and by phone: +48 91 443 66 00.

2. The Data Protection Supervisor at IdoBooking is Rafał Malujda, e-mail address: gdpr- inspector@idobooking.com.
3. The processing of personal data provided by Partners and Contractors, including the data of persons signing the contract and indicated for its execution (regardless of whether the contact details of these persons such as e-mail or telephone number were obtained from these persons directly or through a Partner/Contractor), is carried out on the basis of:
   • Article 6(1)(b) of the GDPR, i.e. for the purposes of the performance of the cooperation on the basis of the contract concluded, the provision by IdoBooking of the services performed in accordance with the order granted, including for accounting purposes, contact purposes, making settlements, and other activities directly related to the subject matter of the contract,
   • Article 6(1)(c) of the GDPR for purposes relating to the performance of regulatory obligations. where processing is necessary for compliance with a legal obligation incumbent on the Controller,
   • Article 6(1)(f) GDPR, i.e. for the purposes of correspondence/contact with the Partner/Contractor (including potential ones), as well as for the purposes of archiving correspondence and documentation related to theservices provided and for the purposes of direct marketing of the Controller’s own products and services, e.g. sending a newsletter, which constitutes legitimate interests pursued by the Controller.
4. Recipients of personal data processed by IdoBooking are IdoBooking’s business partners, hosting companies, software providers, marketing agencies, Internet and card payment operators, accounting offices, law firms and other entities, to whom IdoBooking entrusts personal data or makes them available on the basis of an appropriate agreement for the purpose of providing services.
5. IdoBooking transfers personal data outside the European Economic Area – to the USA. The entity to which the data is transferred is a member of the EU-US Data Privacy Framework. By decision of the European Commission, personal data can be securely transferred from the EU to US companies participating in the aforementioned programme, without the need for additional data protection safeguards.
6. IdoBooking providers declare that they may transfer personal data outside the European Economic Area, such as to the USA. If a country has not been recognised by the European Commission as providing an adequate level of protection for personal data, the provider implements appropriate safeguards to ensure an adequate level of data protection. These include, in particular, standard contractual clauses approved by the European Commission and binding corporate rules approved by the competent supervisory authority.
7. Personal data will be stored until the expiry of the statute of limitations for claims arising from the contract/provided service or for the period required by separate regulations on tax and accounting obligations – whichever period ends later. After the expiry of this period, personal data will be processed by the Operator on the basis of Article 6(1)(f) GDPR, i.e. for the purposes resulting from the legitimate interests pursued by IdoBooking such as possible defence, investigation or establishment of claims, as well as for the purposes of marketing campaigns conducted.
8. Partners and Contractors have the right to request from IdoBooking access to their personal data, rectification, erasure or restriction of processing, as well as the right to data
9. The right to data portability allows Data Subjects to access their personal data in a structured, commonly used and machine-readable format and to transmit it to another controller without hindrance from the original This right is available in situations where the legal basis for the processing is:
   • the consent of the data subject (Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR), or
   • the performance of a contract to which the data subject is party (Article 6(1)(b) GDPR). Data covered by the right to portability must be processed by technical means, g. in IT systems. This right does not apply to data processed in paper form. This right only covers personal data that the person has provided to the controller, such as data entered during account registration, data in online forms or data collected during the use of services (e.g. purchase history, user preferences). The data subject may request that the data be transferred directly to another controller if this is technically possible. The right to data portability does not affect the rights and freedoms of others – if the rights of others could be affected by the data portability, the controller may limit the scope of the portability. The right to data portability does not extend to situations where the processing is based on a legal ground other than consent or contract, e.g. a legal obligation of the controller or a task carried out in the public interest.
10. The Partner and Contracting Party has the right to object at any time – on grounds relating to their particular situation – to the processing of personal data concerning them based on Article 6(1)(f) of the GDPR including profiling on the basis of these provisions. IdoBooking will no longer be allowed to process this personal data unless it demonstrates the existence of valid legitimate grounds for the processing, overriding the interests, rights and freedoms of the Partner or Contractor or grounds for establishing, asserting or defending claims.
11. If personal data is processed for the purposes of direct marketing, the Partner or Contractor has the right to object at any time to the processing of personal data concerning it for such marketing, including profiling, to the extent that the processing is related to such direct marketing. If an objection is raised, the personal data may no longer be processed for such purposes.

12. The Partner and Contractor has the right to lodge a complaint with the supervisory authority, which is the President of the Office for Personal Data Protection.
13. The provision of personal data by the Partner and Contractor is a contractual requirement and is voluntary, but necessary for the provision of the service. Failure to provide personal data will result in the inability to provide the Service.

1. The controller of Affiliate Partners’ personal data (hereinafter: “AP”) is IdoBooking z o.
2. (also referred to as the “Operator”) with its registered office at al. Piastów 30, 71-064 Szczecin, entered in the register of entrepreneurs kept by the District Court Szczecin-Centrum in Szczecin, XIII Commercial Division of the National Court Register under the number 00001118562 NIP: 8522710288; REGON: 529324888; with the share capital of PLN 200,000.00. IdoBooking may be contacted by e-mail: sales@idobooking.com and by phone: +48 91 443 66 00.

2. The Data Protection Inspector at IdoBooking is Rafał Malujda, e-mail address: gdpr- inspector@idobooking.com.
3. The processing of personal data provided by AP when joining the Affiliate Programme, including the data of persons signing the agreement and indicated for its execution (regardless of whether the data of such persons, such as first name, surname, position, e-mail or telephone number, was obtained from such persons directly or through AP) is based on 6 para. 1 lit. b, c or f GDPR for the purposes of fulfilling the contract concluded by AP with the Operator and issuing accounting evidence, for marketing purposes, as well as for the correct and full implementation of the ordered service and for the fulfillment of legal obligations incumbent on IdoBooking, e.g. for the purposes of fulfilling the demands of inspection authorities, courts, public prosecutor’s office, for the purposes of proceedings provided for by the law, as well as for the fulfillment of other obligations imposed on the Controller under universally applicable regulations. Legitimate interests pursued by the Operator in relation to the processing of personal data on the basis of Article 6(1)(f) of the GDPR are also the conduct of correspondence, archiving of correspondence and documentation related to the services provided, and direct marketing of its own products and services.
4. Recipients of personal data processed by the Operator are the Operator’s business partners, hosting companies, software providers, marketing agencies, Internet and card payment operators, accounting offices, law firms and other entities, to which the Operator entrusts AP personal data or makes them available on the basis of an appropriate agreement for the purpose of providing services.
5. IdoBooking transfers personal data outside the European Economic Area – to the USA. The entity to which the data is transferred is a member of the EU-US Data Privacy Framework. By decision of the European Commission, personal data can be securely transferred from the EU to US companies participating in the aforementioned programme, without the need for additional data protection safeguards.

6. IdoBooking providers declare that they may transfer personal data outside the European Economic Area, such as to the USA. If a country has not been recognised by the European Commission as providing an adequate level of protection for personal data, the provider implements appropriate safeguards to ensure an adequate level of data protection. These include, in particular, standard contractual clauses approved by the European Commission and binding corporate rules approved by the relevant supervisory authority.
7. The Operator will store AP’s personal data until the expiry of the statute of limitations for claims arising from the concluded contract or for the period required by separate regulations on tax and accounting obligations -whichever period ends After the expiry of this period, the Customer’s personal data will be processed by the Operator on the basis of Article 6(1)(f) of the GDPR, i.e. for the purposes resulting from the Operator’s legitimate interests, such as possible defence, investigation or establishment of claims, as well as for the purposes of marketing campaigns.
8. APs have the right to request from the Operator access to their personal data, rectification, erasure or restriction of processing, as well as the right to object to processing and the right to data portability.
9. The right to data portability allows data subjects to access their personal data in a structured, commonly used and machine-readable format and to transmit it to another controller without hindrance from the original This right is available in situations where the legal basis for the processing is:
   • the consent of the data subject (Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR), or
   • the performance of a contract to which the data subject is party (Article 6(1)(b) GDPR). Data covered by the right to portability must be processed by technical means, g. in IT systems. This right does not apply to data processed in paper form. This right only covers personal data that the person has provided to the controller, such as data entered during account registration, data in online forms or data collected during the use of services (e.g. purchase history, user preferences). The data subject may request that the data be transferred directly to another controller if this is technically possible. The right to data portability does not affect the rights and freedoms of others – if the rights of others could be affected by the data portability, the controller may limit the scope of the portability. The right to data portability does not extend to situations where the processing is based on a legal ground other than consent or contract, e.g. a legal obligation of the controller or a task carried out in the public interest.
10. AP has the right to lodge a complaint with the supervisory authority, which is the President of the Office for Personal Data Protection.
11. The provision of personal data by AP is a contractual requirement and is voluntary but necessary for the performance of the Service. Failure to provide personal data prevents AP from joining the Partner Programme.

1. The controller of the Candidate’s personal data is IdoBooking z o. o. (also referred to as “Operator”) with its registered office at 30 Piastów Avenue, 71-064 Szczecin, entered in the Register of Entrepreneurs kept by the District Court Szczecin-Centrum in Szczecin, XIII Economic Division of the National Court Register under the number 00001118562 NIP: 8522710288; REGON: 529324888; with the share capital of PLN 200,000.00.IdoBooking may be contacted by e-mail: sales@idobooking.com and by phone: +48 91 443 66 00.
2. The Data Protection Inspector at IdoBooking is Rafał Malujda, e-mail address: gdpr- inspector@idobooking.com.
3. Personal data shall be processed for the purpose of establishing and performing the relationship. Personaldata will be processed, in writing and in electronic systems, on the basis of:
   • Article 6(1)(c) and Article 9(2)(b) GDPR, i.e. where the processing is necessary for the fulfillment of a legal obligation incumbent on the employer and the processing is necessary for the fulfilment of obligations and the exercise of specific rights by the controller or the data subject in the field of labour law, social security and social protection, including in connection with the performance of obligations imposed:
     1. Article 22(1)(1) and (3) of the Labour Code, e. requiring an applicant for employment and an employee to provide certain personal data;
     2. Article 22(1c) et Labour Code, i.e. performing sobriety checks on employees;
     3. Articles 94(13) and 103(1) et Labour Code, i.e. to carry out training of employees necessary to perform a certain type of work or work on a certain position, as well as to improve professional qualifications of an employee;
     4. Articles 234 and 235 of the Labour Code in conjunction with 7 of the Regulation of the Council of Ministers of 1 July 2009 on establishing the circumstances and causes of accidents at work, i.e. the fulfillment of duties in connection with an accident at work, in particular establishing the circumstance sand causes of the accident, keeping a register of accidents at work, preparing and storing other post-accident documentation, as well as the fulfillment of the duty to recognise and report a suspected occupational disease of an employee;
     5. Articles 1, 6 and 6a of the Act of 13 October 1998 on the social insurance system, e. covering employees by compulsory pension and disability insurance;
   • Article 6(1)(b) of the GDPR – processing is necessary for the conclusion and performance of a contract to which the data subject is a party,
   • Article 6(1)(f) GDPR – processing is necessary for the purposes of the legitimate interests pursued by the controller, viz:
     1. carrying out specific surveillance of the premises of the workplace or of the area around the workplace in the form of technical measures enabling the recording of images (monitoring) based on Article 22(2) of the Labour Code,
     2. conducting telephone call recording in order to increase security and improve the quality of the services provided, safeguarding the legal interest of the person whose personal data has been recorded in the telephone call recording system and of the Controller in the event of a legal need to prove facts, for possible defence, investigation or establishment of claims based on 22(3) par. 4 of the Labour Code,
     3. to carry out checks on the performance of remote work by an employee, health and safety checks or checks on compliance with security and information protection requirements, including procedures for the protection of personal data in relation to an employee performing remote work based on Article 68(28) of the Labour Code;

• Article 6(1)(a) of the GDPR, i.e. on the basis of the consent given for the purposes specified each time in the consent forms provided, in particular for the purposes of realising employee benefits declared by the employee, processing the image for promotional, advertising, information purposes, building the company’s image and brand, as well as to enable the proper administration of the company’s employee

4. Recipients of the personal data processed by IdoBooking are IdoBooking’s business partners, hosting companies, software providers, marketing agencies, online and card payment operators, accounting firms, law firms and other entities to which IdoBooking entrusts the employee’s personal data or makes them available under an appropriate contract for the purpose of providing services.
5. IdoBooking transfers personal data outside the European Economic Area – to the USA. The entity to which thedata is transferred is a member of the EU-US Data Privacy Framework. By decision of the European Commission, personal data can be securely transferred from the EU to US companies participating in the aforementioned programme, without the need for additional data protection safeguards.
6. IdoBooking providers declare that they may transfer personal data outside the European Economic Area, such as to the USA. If a country has not been recognised by the European Commission as providing an adequate level of protection for personal data, the provider implements appropriate safeguards to ensure an adequate level of data protection. These include, in particular, standard contractual clauses approved by the EuropeanCommission and binding corporate rules approved by the competent supervisory authority.
7. The Employee’s personal data will be retained for 50 years from the termination of the employmentrelationship, or 10 years from the end of the calendar year in which the Employee terminates his or her employment, in the case of employment after 31 December 2018 or where an information report has been filedas referred to in Article 4(6a) of the Social Security Act of 13 October 1998.

Personal data processed in the form of surveillance recordings and telephone conversations will be stored for a period not exceeding 3 months from the date of recording. Where the recordings constitute evidence in proceedings under the law or the employer has become aware that the recordings may constitute evidence inthe proceedings, the term personal data will be stored until the proceedings are legally concluded.

Specific personal data (i.e. the Employee’s sobriety information) will be kept for a period not exceeding one year from the date of collection; and in the case of the application of a disciplinary sanction against anemployee, until the sanction is considered null and void. Where the Employee’s sobriety information may constitute or constitute evidence in a proceeding conducted by state authorities and the employer is a party to that proceeding or has become aware of the filing of a lawsuit or the commencement of a proceeding, the storage period of such data shall be extended until the proceeding is legally concluded.

8. The employee has the right to require the Controller to access, rectify, erase or restrict processing of his/her personal data, as well as the right to data portability and the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.
9. The right to data portability allows data subjects to have access to their personal data in a structured, commonly used and machine-readable format and to have it transferred to another controller without hindrance from the original controller. This right is available in situations where the legal basis for the processing is:

• the consent of the data subject (Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR), or
• the performance of a contract to which the data subject is party (Article 6(1)(b) GDPR). Data covered bythe right to portability must be processed by technical means, g. in IT systems. This right does notapply to data processed in paper form. This right only covers personal data that the person has providedto the controller, such as data entered during account registration, data in online forms or data collectedduring the use of services (e.g. purchase history, user preferences). The data subject may request that thedata be transferred directly to another controller if this is technically possible. The right to data portability does not affect the rights and freedoms of others – if the rights of others could be affected by the data portability, thecontroller may limit the scope of the portability. The right to data portability does not extend to situationswhere the processing is based on a legal ground other than consent or contract, e.g. a legal obligation of the controller or a task carried out in the public interest.

10. The Employee has the right to lodge a complaint with the supervisory authority, which is the President of theOffice for the Protection of Personal Data, if the Employee considers that the processing of his/her personal data by the Controller violates the provisions on personal data
11. The provision of personal data by the Employee, as specified in the applicable regulations, is a statutoryrequirement and is necessary for the conclusion of the employment Failure to provide the data will result in a refusal to establish an employment relationship.

1. The controller of the Candidate’s personal data is IdoBooking z o. o. (also referred to as the “Operator”) with its registered office at 30 Piastów Avenue, 71-064 Szczecin, entered in the register of entrepreneurs kept by the District Court Szczecin-Centrum in Szczecin, XIII Economic Division of the National Court Register under the number 00001118562 NIP: 8522710288; REGON: 529324888; with the share capital of PLN 200,000.00.IdoBooking may be contacted by e-mail: sales@idobooking.com and by phone: +48 91 443 66 00.
2. The Data Protection Supervisor at IdoBooking is Rafał Malujda, e-mail address: gdpr- inspector@idobooking.com.
3. The processing of the personal data provided by the Candidate is carried out in order to carry out the recruitment for an employee position/ establish cooperation on the basis of:

• Article 6(1)(c) of the GDPR, e. when the processing is necessary for the fulfillment of a legal obligation incumbent on the employer, including in connection with the performance of duties imposed by Article 22 (1) § 1 of the Labour Code,
• Article 6(1)(a) of the GDPR, e. on the basis of the consent given for the purposes set out each time in the consent forms provided,
• Article 6(1)(b) GDPR – taking action at the request of the data subject prior to entering into a contract.

4. The recipients of the personal data processed by IdoPayments are IdoPayments’ business partners, hosting companies, software providers, marketing agencies, online and card payment operators, accounting firms, law firms and other entities to which IdoPayments entrusts the Candidate’s personal data or makes them available under an appropriate agreement for the provision of services.
5. The Controller will keep the Candidate’s personal data until the end of the recruitment procedure in question, unless the Candidate has consented to the processing of his/her data also for future recruitment procedures.
6. The Candidate has the right to request from the Controller access to his/her personal data, rectification, erasure or restriction of processing, as well as the right to data portability.
7. The right to data portability allows data subjects to access their personal data in a structured, commonly used and machine-readable format and to transmit it to another controller without hindrance from the original This right is available in situations where the legal basis for the processing is:
   • the consent of the data subject (Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR), or
   • the performance of a contract to which the data subject is party (Article 6(1)(b) GDPR). Data covered by the right to portability must be processed by technical means, g. in IT systems. This right does not apply to data processed in paper form. This right only covers personal data that the person has provided to the controller, such as data entered during account registration, data in online forms or data collected during the use of services (e.g. purchase history, user preferences). The data subject may request that the data be transferred directly to another controller if this is technically possible. The right to data portability does not affect the rights and freedoms of others – if data portability would affect the rights of others, the controller may limit the scope of the portability. The right to data portability does not extend to situations where the processing is based on a legal ground other than consent or contract, e.g. a legal obligation of the controller or a task carried out in the public interest.
8. In the case of data processed on the basis of consent, the Candidate has the right to withdraw consent at anytime without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.
9. The Candidate has the right to lodge a complaint with the supervisory authority, which is the President of the Office for the Protection of Personal Data, if the Candidate considers that the processing of the Candidate’s personal data by the Controller violates the provisions on the protection of personal data.
10. The provision of personal data by the Candidate is partly a statutory requirement (recruitment under the Labour Code) and partly a contractual requirement and, as a rule, is voluntary, but may be necessary for the proper conduct of the recruitment procedure. Failure to provide personal data will result in the impossibility of conducting the procedure with the Candidate.

1. The controller of the personal data is IdoBooking sp. z o. o. (also referred to as the “Operator”) with its registered office at Piastów 30, 71-064 Szczecin, entered in the register of entrepreneurs kept by the DistrictCourt Szczecin-Centrum in Szczecin, XIII Business Division of the National Court Register under the number 00001118562 NIP: 8522710288; REGON: 529324888; with the share capital of PLN 200,000.00. IdoBookingmay be contacted by e-mail: sales@idobooking.com and by phone: +48 91 443 66 00.
2. The Data Protection Inspector at IdoBooking is Rafał Malujda, e-mail address: gdpr- inspector@idobooking.com.
3. The purpose of the processing of personal data is to receive reports of violations of the law and to take appropriate follow-up action.
4. The legal basis for the processing is:
   • for the processing of personal data of whistleblowers – Article 6(1)(c) and Article 9(2)(b) of the GDPR, e.the processing is necessary for the fulfillment of a legal obligation incumbent on the controller and the processing is necessary for the fulfillment of obligations and the exercise of specific rights by the controller or the data subject in the field of labour law, social security and social protection, including in relation to the performance of obligations imposed by the Law on the Protection of Whistleblowers, in particular accepting and documenting a report from a whistleblower (Article 26), conducting an investigation keeping a register of internal reports (Article 29);
   • in the case of the processing of personal data of reported persons (including, inter alia, witnesses to a breach of the law) – Article 6(1)(f) GDPR, e. the processing is necessary for the performance of a task carried out in the public interest.
5. Recipients of the data may be entities to whom personal data must be made available in order to comply with a legal obligation, g. public authorities, courts and trusted entities entrusted by the controller with data processing.
6. Personal data will be retained for a period of 3 years after the end of the calendar year in which the follow-up actions have been completed or the proceedings initiated by these actions have been concluded. Personal data that have been collected inadvertently and that are not relevant to the case will be deleted immediately and, at the latest, within 14 days from the date on which it is established that they are not relevant to the case.
7. You have the right to request the Controller to access, rectify, erase or restrict processing of your personal data, as well as the right to data portability.
8. The right to data portability allows data subjects to access their personal data in a structured, commonly used and machine-readable format and to transmit it to another controller without hindrance from the original This right is available in situations where the legal basis for the processing is:
   • the consent of the data subject (Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR), or
   • the performance of a contract to which the data subject is party (Article 6(1)(b) GDPR). Data covered by the right to portability must be processed by technical means, g. in IT systems. This right does not apply to data processed in paper form. This right only covers personal data that the person has provided to the controller, such as data entered during account registration, data in online forms or data collected during the use of services (e.g. purchase history, user preferences). The data subject may request that the data be transferred directly to another controller if this is technically possible.The right to data portability does not affect the rights and freedoms of others – if the rights of others could be affected by the data portability, the controller may limit the scope of the portability. The right to data portability does not extend to situations where the processing is based on a legal ground other than consent or contract, e.g. a legal obligation of the controller or a task carried out in the public interest.

9. You have the right to lodge a complaint to the supervisory authority, i.e. the President of the Office for Personal Data Protection, if you consider that the processing of your personal data by the Controller violates the provisions on personal data protection.
10. The provision of personal data is voluntary, however, it may be necessary in order to accept reported infringements of the law and take appropriate follow-up actions if the Controller decides not to accept anonymous reports.

1. The controller of the personal data is IdoBooking sp. z o. o. (also referred to as the “Operator”) with itsregistered office at Piastów 30, 71-064 Szczecin, entered in the register of entrepreneurs kept by the DistrictCourt Szczecin-Centrum in Szczecin, XIII Business Division of the National Court Register under the number 00001118562 NIP: 8522710288; REGON: 529324888; with the share capital of PLN 200,000.00. IdoBookingmay be contacted by e-mail: sales@idobooking.com and by phone: +48 91 443 66 00.
2. The Data Protection Inspector at IdoBooking is Rafał Malujda, e-mail address: gdpr- inspector@idobooking.com.
3. Your personal data will be processed if you subscribe to the IdoBooking channel or if you publish a commentunder any of the videos posted on the aforementioned Depending on the interaction you undertake within the aforementioned channel, the processing of your personal data of people using the YouTube website concerns:
   • data identifying you (name, surname, nickname);
   • your image and that of other persons for the purpose of publication;
   • information provided by you in messages and
4. Your personal data is processed on the basis of Article 6(1)(a) of the GDPR, e. on the basis of your consent given with your entry to YouTube, and may also be processed on the basis of consent given by you on a separate form.
5. The purpose of the processing of your data is to operate the IdoBooking information channel on the YouTubewebsite, to inform you through it about the activities of IdoBooking z o.o., to promote its services and for the purpose of communication through the available YouTube functionalities (messages, comments).
6. Recipients of your personal data are in particular: a person representing the Controller, authorised employees of the Controller, entities to whom personal data must be made available on the basis of legal provisions, and those to whom the data will be entrusted to fulfil the purposes of processing.
7. The recipient of your data is also the owner of the YouTube website (Google Ireland Limited) under the personal data rules available at (https://policies.google.com/privacy), which may process your data for its own purposes based on other legal grounds.
8. Your personal data will be processed for the period necessary to fulfil the aforementioned processing purposes, in particular for the duration of your activity on the IdoBooking channel or until you withdraw your consent to the processing. Data contained in messages or comments may be processed until they are deleted.
9. Your personal data, which is collected by Google Ireland Limited, is subject to retention under the terms set out at: https://policies.google.com/privacy (section “Retention of your data”.).
10. You have the right to request from the Controller access to your personal data, rectification, erasure or restriction of processing, as well as the right to data portability and the right to withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent before its withdrawal.
11. The right to data portability allows data subjects to have access to their personal data in a structured, commonly used and machine-readable format and to have it transferred to another controller without obstruction by the original controller. This right is available in situations where the legal basis for the processing is:
    • the consent of the data subject (Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR), or
    • the performance of a contract to which the data subject is party (Article 6(1)(b) GDPR). Data covered by the right to portability must be processed by technical means, g. in IT systems. This right does not apply to data processed in paper form. This right only covers personal data that the person has provided to the controller, such as data entered during account registration, data in online forms or data collected during the use of services (e.g. purchase history, user preferences). The data subject may request that the data be transferred directly to another controller if this is technically possible. The right to data portability does not affect the rights and freedoms of others – if the rights of others could be affected by the data portability, the controller may limit the scope of the portability. The right to data portability does not extend to situations where the processing is based on a legal ground other than consent or contract, e.g. a legal obligation of the controller or a task carried out in the public interest.
12. You have the right to lodge a complaint to the supervisory authority, i.e. the President of the Office for Personal Data Protection, if you consider that the processing of your personal data by the Controller violates the provisions on personal data protection.
13. Your personal data shall not be subject to
14. Provision of data is voluntary; however, failure to provide data may prevent you from using the YouTube website or some of its functionalities, e.g. the ability to post comments.

1. The controller of the personal data is IdoBooking sp. z o. o. (also referred to as the “Operator”) with its registered office at Piastów 30, 71-064 Szczecin, entered in the Register of Entrepreneurs kept by the District Court Szczecin-Centrum in Szczecin, XIII Commercial Division of the National Court Register under the number 00001118562 NIP: 8522710288; REGON: 529324888; with a share capital of PLN 200,000.00. IdoBooking may be contacted by e-mail: sales@idobooking.com and by phone: +48 91 443 66 00.
2. The Data Protection Inspector at IdoBooking is Rafał Malujda, e-mail address: gdpr- inspector@idobooking.com.
3. The processing of your personal data in the operation of the fanpage concerns:
   • data identifying your profile (usually including your name and surname);
   • your profile picture;
   • other images, in particular those related to the current activities of the Controller;
   • the content of your comments and the content of your conversations via
4. Your personal data is processed on the basis of Article 6(1)(a) of the GDPR, e. on the basis of your consent given with your entry to the fanpage, and may also be processed on the basis of consent given by you on a separate form.
5. The purpose of the processing of your data is to operate the IdoBooking fanpage on the social network Facebook, under the terms and conditions set out by Meta Platforms Ireland Limited, and to inform you through it about the activities of IdoBooking Sp. z o.o. and for the purpose of communication through the available functionalities of Facebook (comments, chat, messages).
6. Recipients of your personal data are in particular: a person representing the Controller, authorised employees of the Controller, entities to whom personal data must be made available on the basis of legal provisions, and those to whom data will be entrusted to fulfil the purposes of processing. The recipient of your data is also the owner of the social network Facebook (Meta Platforms Ireland Limited with its registered office in Dublin, Merrion Road, Dublin 4, D04 X2K5, Ireland) under the data rules available at (https://facebook.com/about/privacy).
7. Your personal data for statistical and analytical purposes is co-managed by Meta Platforms Ireland Limitedunder its data policy, available at (https://facebook.com/about/privacy).
8. Meta Ireland transfers your data to Meta Platforms, based in the USA and it may be further transferred to other Meta Sub-processors.
9. Meta Platforms, Inc. has certified its participation in the EU-US Data Protection Framework. Meta Ireland relies on the EU-US Data Protection Framework and the European Commission’s decision finding an adequate level of data protection for European data transfers to Meta Platforms, Inc. in the US, in accordance with Meta’s Data Protection Framework Statement. Meta Ireland reserves the right to use alternative methods of transfer as set out in the GDPR and other data protection legislation applicable in the EEA and Switzerland, such as Standard Contractual Clauses for transfers between processors or an Adequacy Decision. Onward transfers of data to Meta’s sub-processors are made in accordance with the requirements of the EU-US Data Protection Framework where applicable.
10. Personal data collected through communication with you is only processed for the purpose of responding to you, if necessary.
11. Your data that we hold in private messages is stored until you withdraw your consent to the processing of such data or until you delete your Facebook profile. In the case of information we hold as part of comments you have shared, this is available on our fan pages until the author deletes it.
12. Your personal data collected by Facebook, i.e. history of posts, history of activity in the Messenger app, history of activity via the Instagram app, are subject to retention under the terms of Facebook’s terms and conditions, available at: https://pl- facebook.com/legal/terms.
13. You have the right to request from the Controller access to your personal data, rectification, erasure or restriction of processing, as well as the right to data portability and the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.
14. The right to data portability allows data subjects to have access to their personal data in a structured, commonly used and machine-readable format and to have it transferred to another controller without hindrance from the original controller. This right is available in situations where the legal basis for the processing is:
    • the consent of the data subject (Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR), or
    • the performance of a contract to which the data subject is party (Article 6(1)(b) GDPR). Data covered by the right to portability must be processed by technical means, g. in IT systems. This right does not apply to data processed in paper form. This right only covers personal data that the person has provided to the controller, such as data entered during account registration, data in online forms or data collected during the use of services (e.g. purchase history, user preferences). The data subject may request that the data be transferred directly to another controller if this is technically possible. The right to data portability does not affect the rights and freedoms of others – if the rights of others could be affected by the data portability, the controller may limit the scope of the portability. The right to data portability does not extend to situations where the processing is based on a legal ground other than consent or contract, e.g. a legal obligation of the controller or a task carried out in the public interest.
15. You have the right to lodge a complaint to the supervisory authority, i.e. the President of the Office for Personal Data Protection, if you consider that the processing of your personal data by the Controller violates the provisions on personal data protection.
16. Your personal data shall not be subject to
17. Provision of data is voluntary, however, failure to provide such data may prevent you from using the Facebook social network or some of its functionalities, e.g. the possibility to view fanpages or leave comments.

1. The controller of the personal data is IdoBooking sp. z o. o. (also referred to as the “Operator”) with its registered office at Piastów 30, 71-064 Szczecin, entered in the register of entrepreneurs kept by the District Court Szczecin-Centrum in Szczecin, XIII Economic Division of the National Court Register under the number 00001118562 NIP: 8522710288; REGON: 529324888; with a share capital of PLN 200,000.00. IdoBookingmay be contacted by e-mail: sales@idobooking.com and by phone: +48 91 443 66 00.
2. The Data Protection Inspector at IdoBooking is Rafał Malujda, e-mail address: gdpr- inspector@idobooking.com.
3. Your personal data will be processed when you interact with the Controller through IdoBooking’s company profile on LinkedIn or publish or submit data through the services offered by LinkedIn (e.g. filling in a form, sending a CV). Depending on the action you take within the portal, the processing of your personal data concerns:
   • your profile identification data (usually including your first and last name);
   • contact data (e-mail address, telephone number),
   • data concerning your education, length of service, professional entitlements, employment
4. Your personal data is processed on the basis of Article 6(1)(a) of the GDPR, e. on the basis of your consent given with your entry into the company profile, and may also be processed on the basis of consent given by you on a separate form.
5. The purpose of the processing of your data is to administer and manage your IdoBooking company profile on LinkedIn, including responding to your posts and comments and informing you through it about the activities of IdoBooking Ltd. under the terms and conditions set by LinkedIn Ireland Unlimited Company.
6. In particular, the recipients of your personal data are: a person representing the Controller, authorised employees of the Controller, entities to whom the personal data must be made available on the basis of the law, as well as those to whom the data will be entrusted to fulfil the purposes of the processing.
7. The recipient of your data is also the owner of the portal, LinkedIn Ireland Unlimited Company under the non-modifiable data policy, available at (https://pl.linkedin.com/legal/privacy- policy).
8. LinkedIn’s services require data transfers from the European Union (EU), the European Economic Area (EEA), the United Kingdom (UK) and Switzerland to and from the United States (US). To ensure the protection of your personal data during such transfers, LinkedIn relies on certain lawful transfer mechanisms, e. LinkedInCorporation and its controlled US subsidiaries comply with the EU-U.S. Data Privacy Protection Framework(EU-U.S. DPF), and LinkedIn relies on the European Commission-approved standard contractual clauses as the legal mechanism for certain data transfers from the EU/EEA and Switzerland (designated countries).
9. Your personal data will be processed for the period of time necessary to fulfil the aforementioned processing purposes, in particular for the duration of your activity within your IdoBooking company profile or until you withdraw your consent to the processing. Data contained in messages or comments may be processed until they are deleted.
10. Your personal data collected by LinkedIn Ireland Unlimited Company is stored under the terms of: https://pl.linkedin.com/legal/privacy-policy (Section 4.1 Data Storage”).
11. You have the right to request from the Controller access to your personal data, rectification, erasure or restriction of processing, as well as the right to data portability and the right to withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.
12. The right to data portability allows data subjects to have access to their personal data in a structured, commonly used and machine-readable format and to have it transferred to another controller without hindrance from the original controller. This right is available in situations where the legal basis for the processing is:
    • the consent of the data subject (Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR), or
    • the performance of a contract to which the data subject is party (Article 6(1)(b) GDPR). Data covered by the right to portability must be processed by technical means, g. in IT systems. This right does not apply to data processed in paper form. This right only covers personal data that the person has provided to the controller, such as data entered during account registration, data in online forms or data collected during the use of services (e.g. purchase history, user preferences). The data subject may request that the data be transferred directly to another controller if this is technically possible. The right to data portability does not affect the rights and freedoms of others – if the rights of others could be affected by the data portability, the controller may limit the scope of the portability. The right to data portability does not extend to situations where the processing is based on a legal ground other than consent or contract, e.g. a legal obligation of the controller or a task carried out in the public interest.
13. You have the right to lodge a complaint to the supervisory authority, i.e. the President of the Office for Personal Data Protection, if you consider that the processing of your personal data by the Controller violates the provisions on personal data protection.
14. Your personal data shall not be subject to
15. The provision of data is voluntary; however, the consequence of not providing data will be that you will not be able to use the functionality of the LinkedIn portal.