Information obligation under RODO
The following information is a concise, understandable and clear summary of the information provided in the Privacy Policy regarding the Data Controller, the purpose and manner of the processing of personal data and your rights in relation to that processing, in the form required to comply with the information obligation of the DPA. Details of the manner of processing and the entities involved are available in the indicated policy.
Who is the data controller?
The administrator of the Personal Data (hereinafter referred to as Administrator) is the company "Sebastian Snopkowski Abc City Tours", conducting business at: ul. Nullo 16 lok. 46, 31-543 Kraków Grzegórzki, with assigned tax identification number (NIP): 9451806000, with assigned KRS number: 121459970, providing services electronically via the Website
How can the data controller be contacted?
The Administrator can be contacted in one of the following ways
Postal address - Sebastian Snopkowski Abc City Tours, ul. Nullo 16 lok. 46, 31-543 Kraków Grzegórzki
E-mail address - info@abc-citytours.eu
Telephone connection – +48 535 799 188
Contact form - available at: /contact
Has the Administrator appointed a Data Protection Officer?
Pursuant to Article 37 RODO, the Administrator has not appointed a Data Protection Officer.
For matters concerning data processing, including personal data, please contact the Controller directly.
Where do we obtain personal data from and what are its sources?
Data is obtained from the following sources:
- from data subjects
- in the case of registration via social networking sites, with the informed consent of those persons, from those social networking sites
What is the scope of the personal data we process?
The service processes ordinary personal datagiven voluntarily by the persons to whom they relate
(e.g. name, login, e-mail address, telephone, IP address, etc.).
The detailed scope of the data processed is available in Privacy Policy.
What are the purposes of our data processing?
Personal data voluntarily provided by Users are processed for one of the following purposes:
- Implementation of electronic services:
- Services for the registration and maintenance of your account on the Website and the functionalities associated with it
- Newsletter services (including the sending of advertising content with consent)
- Services for commenting on / liking posts on the Website without registering
- Communication of the Administrator with the Users on matters relating to the Service and data protection
- To ensure the legitimate interest of the Administrator
What are the legal bases for data processing?
The Service collects and processes Users' data on the basis of:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)
- Article 6(1)(a)
the data subject has given his or her consent to the processing of his or her personal data for one or more specified purposes - Article 6(1)(b)
the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract - Article 6(1)(f)
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
- Article 6(1)(a)
- Act of 10 May 2018 on the protection of personal data (Journal of Laws 2018, item 1000)
- Act of 16 July 2004. Telecommunications Law (Journal of Laws 2004 No. 171 item 1800)
- Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994 No. 24, item 83)
What is the legitimate interest pursued by the Administrator?
- For the purpose of possibly establishing, investigating or defending against claims - the legal basis for the processing is our legitimate interest (Article 6(1)(f) RODO) in protecting our rights, including but not limited to;
- In order to assess the risk of potential customers
- In order to evaluate the planned marketing campaigns
- For direct marketing
For how long do we process personal data?
As a general rule, the personal data indicated are kept only for the duration of the service provided within the framework of the service provided by the Administrator. They are deleted or anonymised in the period up to 30 days after termination of services (e.g. deletion of a registered user account, unsubscribing from the Newsletter list, etc.).
In exceptional situations, in order to secure the legitimate interest pursued by the Administrator, this period may be extended. In such a situation, the Administrator shall store the data indicated, from the time of the request for deletion by the User, no longer than for a period of 3 years in the case of violation or suspected violation of the provisions of the regulations of the website by the data subject.
Who is the recipient of the data including personal data?
As a general rule, the only recipient of data is the Administrator.
However, data processing may be entrusted to other entities providing services to the Administrator in order to maintain the activity of the Website.
Such entities may include, but are not limited to:- Hosting companies providing hosting or related services to the Administrator
- Companies through which the Newsletter service is provided
- IT service and support companies performing maintenance or responsible for the maintenance of IT infrastructure
- Companies intermediating online payment for goods or services offered on the Website (in the event of a purchase transaction on the Website)
Will your personal data be transferred outside the European Union?
Personal data will not be transferred outside the European Unionunless they have been published as a result of an individual action by the User (e.g. entering a comment or entry), which will make the data available to any visitor to the website.
Will personal data be the basis for automated decision-making?
Personal data will not be used for automated decision-making (profiling).
What rights do you have in relation to the processing of your personal data?
Right of access to personal data
Users have the right to access their personal data, exercised upon request made to the AdministratorRight to rectification of personal data
Users have the right to request from the Administrator the immediate rectification of personal data that is inaccurate and/or the completion of incomplete personal data, exercised through the user panel available after logging in and the account access tools in the event of a forgotten password.Right to erasure of personal data
Users have the right to request from the Administrator the immediate deletion of their personal data, exercised through the user panel available after logging in and the account access tools in the event of a forgotten password.
In the case of user accounts, the deletion of data consists of the anonymisation of the User's identifiable data.
In the case of the Newsletter service, the User has the option of deleting his/her personal data himself/herself using the link provided in each email sent.Right to restrict processing of personal data
Users have the right to restrict the processing of their personal data in the cases indicated in Article 18 of the RODO, including questioning the correctness of their personal data, exercised through the user panel available after logging in and the account access tools in the event of a forgotten password.Right to data portability
Users have the right to obtain from the Administrator, personal data concerning the User in a structured, commonly used format suitable for machine reading, implemented through the user panel available after logging in and tools allowing access to the account in case of forgotten password.Right to object to the processing of personal data
Users have the right to object to the processing of their personal data in the cases set out in Article 21 of the RODO, exercised upon request made to the AdministratorRight of action
Users have the right to lodge a complaint with the data protection supervisory authority.