+48 733 933 001
  • Password Recovery
    Get back or
  • Create new account
    Get back

VOLANTI PRIVACY POLICY

 

This privacy policy has been prepared to show that personal data is secured and processed in accordance with legal requirements regarding the processing and data protection principles, in particular in accordance with Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016  General Data Protection Regulation Privacy; and the repeal of Directive 95/46 / EC (hereinafter "GDRP").

 

DEFINITIONS

Administrator - a natural or legal person, public body, unit or other entity that independently or jointly with others sets the purposes and means of personal data processing, this privacy policy is determined by Volanti sp. Z o.o. with its registered office in Rzeszów at Plac Kilińskiego 2, 35-005 Rzeszów, registered in the Register of Entrepreneurs of the District Court in Rzeszów, 12th Commercial Department of the National Court Register under KRS number 0000584439, NIP 5170372217, REGON 362922510.

Personal data - information about an identified or identifiable natural person ("the person whose data on "); an identifiable natural person is a person who can be directly or indirectly identified, in particular on the basis of an identifier such as name, identification number, location data, internet identifier or one or more specific factors determining physical, physiological, genetic, psychological, economic, cultural or social identity of a natural person.

Processing - means an operation or set of operations performed on personal data or personal data sets in an automated or non-automated manner, such as collecting, recording, organizing, organizing, storing, adapting or modifying, downloading, browsing, using, disclosing by sending, distributing or otherwise type of sharing, matching or linking, limiting, deleting or destroying.

Profiling - means any form of automated processing of personal data, which involves the use of personal data to assess some of the personal person's personal factors, in particular to analyze or forecast aspects related to the effects of the work of that individual, its economic situation, health, personal preferences, interests, reliability , behavior, location or movement.

Limitation of processing - means the marking of stored personal data in order to limit their future processing.

Consent - the data subject means voluntary, specific, conscious and unambiguous representation of the will, which the data subject, in the form of a declaration or a clear confirmation action, allows for the processing of personal data concerning him.

Violation of personal data protection- means a breach of security leading to accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data sent, stored or otherwise processed.

Pseudonymisation  - means the processing of personal data in such a way that it can no longer be assigned to a specific data subject without the use of additional information, provided that such additional information is kept separately and is covered by technical and organizational measures that prevent them from being identified or identified an identifiable natural person.

GDRP - Regulation of European Parliament and Council (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free flow of such data and repealing Directive 95/46 of 27 April 2016 (OJ L 119 from May 4, 2016).

 

PRIVACY POLICY OBJECTIVES

The main purpose of implementing the privacy policy by the Administrator is the security of processing personal data. The actions taken are primarily aimed at safeguarding data against unauthorized access, unauthorized removal, processing in violation of the Act and change, loss, damage or destruction.

The processing of personal data in the structure of the Administrator takes place in accordance with the general principles of personal data processing specified in art. 5 RHODE. This means that personal data are processed:

  1. according to the law, based on at least one condition for the legality of personal data processing indicated in art. 6 or 9 GDRP (legality principle),
  2. in a reliable manner taking into account the interests and reasonable expectations of data subjects (reliability principle),
  3. in a transparent manner for data subjects (transparency principle),
  4. for specific, explicit and legitimate purposes (principle of purpose limitation),
  5. to the extent adequate, relevant and necessary for the purposes in which they are processed (principle of data minimization),
  6. taking into account their correctness and possible updating (principle of regularity),
  7. for no longer than necessary for purposes, in which they are processed (principle of storage restriction),
  8. in a manner ensuring adequate security (integrity and confidentiality).

The administrator includes in the processes of personal data processing taking place in his structure, procedures and rules facilitating the data subject to exercise his rights under the provisions of the GDPR, including in particular: the

  1.  right to withdraw his consent (Article 7 paragraph 3 of the GDPR) ), the
  2. right of access to the data subject (Article 15 of the GDPR), the
  3. right to rectify data (Article 16 of the GDPR), the
  4. right to delete data (right to be forgotten) (Article 17 of the GDPR), the
  5. right to limit processing ( Article 18 of the GDRP), the
  6. right to data transfer (Article 20 of the GDPR), the
  7. right to object (Article 21 of the GDPR), the
  8. right not to be subject to decisions based on automated processing (Article 22 of the RD0).
  9. the right to lodge a complaint with the supervisory authority

 

            In order to exercise the rights, the user should contact the administrator by e-mail, and then after verification of his identity and the possibility of implementing the right, it will be made within 7 days.

The said Privacy Policy has been accepted and implemented by the Administrator, in addition, each employee is familiarized with its content and obliged to perform its obligations.

 

PROCESSING ACTIVITIES Processing

 

activity

Purpose of processing and legal basis for processing

Description of the category of data subjects

Description of personal data

categories Categories of recipients to whom personal data have been or will be

disclosed

Planned date of data deletion

Order

processing Processing is necessary for the performance of the contract of sale

CUSTOMERS-persons and companies, which use the services

Name and surname.

Contact details.

Address data.

Entities authorized under the data sub-contract.

Entities and bodies to which the Administrator is obliged to share personal data on the basis of generally applicable laws.

After a period of 6 years, from the date of the contract (this is related to obligations regulated by law, eg Tax obligation)

Implementation of marketing policy

Implementation based on consent granted by the customer

Persons who agreed to process data for marketing purposes

. Contact details.

Address data.

Only persons responsible for company marketing, possibly an external marketing company

In case of withdrawal of consent, termination of suitability, request for data deletion

Execution of obligations under the Passenger Name Records Act

Implementation of the legal obligation

Persons transported

According to art. 4 of the Act

Entities and bodies to which the Administrator is obliged to disclose personal data pursuant to the Act.

Pursuant to art. 32 of the Act on

Managing correspondence and documenting incomingcorrespondence

and outgoingin a traditional form.

Data are processed on the basis of art.

6 sec. 1 lit. f GDRP

(processing is necessary for purposes arising from legitimate interests pursued by the

Administrator).

Persons responsible for correspondence with the Administrator.

Identification, contact and address data of the person responsible for correspondence with the Administrator.

Not applicable.

The data is stored for a period of 6 years.

Conducting correspondence and documenting electronic correspondence (e-mail) l

The data is processed on the basis of art.

6 sec. 1 lit. f GDRP

(processing is necessary for purposes arising from legitimate interests pursued by the

Administrator).

Persons responsible for correspondence with the Administrator.

Identification, contact and address data of the person responsible for correspondence with the Administratore. Data provided voluntarily attached to the e-mail.

Not applicable.

The data is stored for a period of 6 years.

Financial settlement of completed services (incoming and outgoing invoices).

Data are processed on the basis of art.

6 par.

1 lit. c GDRP (necessity to fulfill the legal obligation related to maintaining the documentation required by the tax law) and art. 6 par. 1 lit. f GDRP (indispensability to implement a legally legitimate interest as seeking claims for business activity).

Entity (natural person) being the other party to the contract with the Administrator (contractor)

Identifying, contact

and address data of the entity being the other party to the contract with the Administratore (contractor).

Entities

and bodies to which the Administrator is obliged to share personal data on the basis of generally applicable laws.

The data is stored for a period of

6 years.

 

COOKIES FILES

The following cookies are used on the Volanti website:

a) "necessary" cookies, enabling the use of services available as part of the website, e.g. authentication cookies used for services that require authentication on the website;

b) cookies used to ensure security, e.g. used to detect fraud in the field of authentication within the website;

c) "performance" cookies, enabling the collection of information on the use of website websites;

d) "functional" cookies, allowing "remembering" the settings selected by the user and personalizing the user interface, eg in terms of the language or region of the user's origin, size of the font, appearance of the website, etc .;

e) "advertising" cookies, enabling users to provide advertising content more tailored to their interests.

 

DATA TRANSFER

Customer data is stored in the European Union, more specifically the Republic of Poland. The administrator provides personal data if authorized state bodies apply - in particular the Police and organizational units of the prosecutor's office or the Presidents of UOPO, UKE, UOKiK.

 

The administrator transfers personal data to the following third companies:

a) entities based in the territory of the Republic of Poland

- accounting office

- cooperating lawyers - in the event of consent by the client

- insurer - if the policy is necessary

b) entities that process data in the European Union

- hosting -server

c) entities processing data outside of the European Union

- Google - using e-mail services, analytics to analyze website statistics, ads for displaying sponsored links

- Facebook - social plugins, commenting system, pixel to measure performance and optimize advertisements The

administrator declares that entities listed in point b) in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement such data and the repeal of Directive 95/46 / EC are obliged to comply with the same high privacy standards as those contained in the Policy.

The administrator informs that the entities listed in point c) are located outside the European Union, and therefore in the light of the provisions of the GDPR are treated as so-called third countries. The administrator shall ensure that, in accordance with the implementing decision of the European Commission of 12 July 2016 (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us -privacy-shield_pl) in such cases transfers data only to entities from the United States who joined Privacy Shield. Accession by entities listed in point 4 c) to Privacy Shield results from the following issues.

 

FINAL PROVISIONS:

  1. In case of updating the Privacy Policy, the next issue of the new version is given.
  2. The administrator informs that due to non-fulfillment of the mandatory requirements, he has not appointed the Data Protection Officer. The administrator is not a public body or entity and its main activity does not consist of processing operations which, due to their nature, scope or objectives, require regular and systematic monitoring of data subjects on a large scale. In addition, the main activity of the Administrator is not to process large categories of personal data on a large scale, and personal data regarding convictions and violations of law. The same contact method for personal data matters is the Administrator's e-mail address.
  3. In matters not covered in this document, the provisions on the security of personal data processing, in particular the Regulation of the Minister of Interior and Administration of 29 April 2004 on personal data processing documentation and technical and organizational conditions that should be met by devices and IT systems used for processing of personal data.
  4. The Privacy Policy comes into force on the day of signing.