The Controller of personal data collected within the internet service www.goalpes.com shall be GOALPES LIMITED LIABILITY COMPANY, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Katowice-Wschód in Katowice, VIII Economic Division of the National Court Register under no. 0000505657, the tax identification number (NIP): 6312653206, the statistical number (REGON): 243530801, the value of initial capital: PLN 5,000, address of the place of trade activity and correspondence address: ul. Władysława Gomułki 7/6, 44-121 Gliwice, Poland, electronic mail address (e-mail): firstname.lastname@example.org, hereinafter referred to as the ‘Controller’, being also the Service Provider.
II. Purpose and scope of data collection
Personal data will be processed to contact the Customer, for informative and accounting purposes as well as for other actions related to Customer’s activity within the internet service www.goalpes.com, and for direct marketing with regard to own services conducted in a traditional way (on paper) which constitutes the so-called legitimate interest of the trader. Users who make their reservation using the internet service shall fill out the form, specifying their personal data, that are required by the Service Provider to carry out the tourist services and acting as an intermediary providing services which are offered within the internet service.
case of making a reservation, personal data may be made available to carriers only for the purposes of carrying out the tourist service. Transaction data, including personal data, may be transmitted to the operator of electronic payments (PayPal, DotPay), chosen by a Client during the ordering/reservation process, as it is necessary for handling payments for an order/reservation. Data for these purposes shall be processed on the basis of Article 6(1)(b) (c) and (f) of the Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR).
li Upon granting a separate consent on the basis of Article 6(1)(a) of GDPR, data may also be processed for the purposes of sending commercial information by electronic means or making phone calls for direct marketing purposes, in accordance with Article 10(2) of the Act of 18 July 2002 on providing services by electronic means or Article 172(1) of the Act of 16 July 2004 – the Telecommunication Law, including profiling, if a user has given an appropriate consent.
li Personal data processed for the purposes related to the implementation of services shall be processed for a period necessary for the implementation of services, after which the data subject to archiving shall be stored for a period relevant to the limitation period for claims i.e. 10 years. Personal data processed for the marketing purposes covered by a declaration of consent shall be processed until such consent has been withdrawn.
li Where it is found that the processing of personal data violates the provisions of GDPR, every data subject shall have the right to lodge a complaint with the General Inspector for Personal Data Protection (from 25 May 2018, the President of the Personal Data Protection Office).
li Providing personal data is voluntary, however, submitting your personal details marked as obligatory, is a condition of ordering a service. If no data are provided, it is impossible to order a service.
li Personal data shall also be processed by automated means in a form of profiling, if the user has given her or his consent on the basis of Article 6(1)(a) of GDPR. A result of profiling shall be applying a ‘profile’ to the person concerned in order to take decisions concerning her or his decisions or for analysing or predicting her or his personal preferences, behaviours and attitudes.
| The Controller shall protect the interests of data subjects with due care, and in particular shall ensure that:
| a) the data are processed lawfully,
| b) the data are collected for specified and legitimate purposes and no further processed in a way incompatible with the intended purposes, the data are relevant and adequate to the purposes for which they are processed, and the data are kept in a form which permits identification of the data subjects no longer than it is necessary for the purposes for which they are processed.
III. Right to control, to access his/her data and to correct them
The data subject shall have the right to access the content of her or his personal data and the right to rectify them, to erase, to restrict the processing, to transfer data, to object to processing, to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
In order to exercise the rights referred to in point 1 you can send an email to the following address: email@example.com.
The Service of Service Provider uses ‘cookies’. No changes by the Customer browser settings is equivalent to agreeing to their use.
The installation of cookies is necessary for the proper provision of services in the Service. Cookies contain information necessary for the proper functioning of the Service, in particular actions requiring authorization.
The Service uses three types of cookies files: ‘session’, ‘persistent’ and ‘analytical’. a) 'Session’ cookies are temporary files that are stored in the terminal equipment of the Customer until he/she logs off. b) ‘Persistent’ cookies are stored in the terminal equipment of a Customer for the time specified in the settings for cookies or until they are removed by the Customer. c) ‘Analytical’ cookies help us to learn more about how you interact with our content so that we can better shape our site. ‘Analytical’ cookies collect information about how visitors use the Service, which site the Customer has come from, the number of visits and how long he/she has stayed on the site. This information does not record individual Customer details, but it is used to create web statistics for the Service.
The Customer has the right to decide on cookies access through their browsers settings. Detailed information on the possibility and the ways of using cookies is available in your software’s settings section (the browser).
V. Final provisions
The Administrator uses technical and organizational measures which ensure protection of personal data processing relevant to threats and categories of protected data; in particular it secures data against sharing them with unauthorised persons, processing them in breach of binding regulations, as well as changing, losing, damaging or destroying them.
The Service Provider makes some appropriate technical measures available to prevent the acquisition and modification of personal data transmitted electronically by unauthorized persons.