Privacy policy

This Privacy policy sets out the rules for the collection, processing and use of personal data.

1. Data is collected by: Travel Manager Sp. z
o.o. with registered seat in, Swiety Marcin Street 29/8, registration number KRS 0000642186, e-mail: info@hotailor.com
2. Data processing is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection on natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR”.
3. You have the right to: require access to your personal data, rectification, erasure of personal data, or restriction of processing, to object to processing, as well as the right to data portability.
4. If the processing is based on your consent, you can withdraw it at any time by informing us without affecting the legality of the processing which was previously carried out.
5. You may lodge a complaint to Polish President of the Office for Personal Data Protection.

Personal data used to perform the contract (providing a tourist service or other services):
1. The processing takes place in order to perform the contract, in accordance with art. 6 par. 1 letter b of GDPR.
2. The following data are being processed: e-mail address, first and last name, telephone number, guest data, invoice issuing data, possibly other data.
3. Data can be stored on an external mail server. They may also be accessed by external IT companies in the field of software and IT hardware servicing. The data can be made available to electronic payment services, debt collection
companies and law firms (in the case of debt collection) and external tourism service providers, insurance companies and hotels. In addition, the data will not be disclosed to other entities, except as provided for in the applicable regulations.
4. Data may be transferred to third countries – only to external tourism service providers and hotels, for the purpose of contract performance. To this extent, Article 45 point 1, Article 46 point 2 c or d or art. 49 point 1 a, b or c of GDPR are applied. The data protection regulations applicable in these countries may be less restrictive than the EU ones.
5. The data will not be transferred to international organizations.
6. The data will be stored for a period of 7 years – due to tax regulations and time limits for claims.
7. Data are collected directly from data subjects or from persons who enter into a contract (for example from employers).

Personal data used for marketing purposes (newsletter):
1. The processing is carried out on the basis of the consent of the data subject or for the purposes of the legitimate interests pursued by the controller (marketing of own services for own clients), in accordance with art. 6 par. 1 letter a or f of GDPR.
2. The following data are being processed: e-mail address, first and last name, telephone number.
3. Data can be stored on an external mail server. They may also be accessed by external IT companies in the field of software and IT hardware servicing. In addition, the data will not be disclosed to other entities, except as provided for in the applicable regulations.
4. Data will not be transferred to third countries or international organizations.
5. The data will be stored for a period of 10 years.

Personal data in e-mail correspondence:
1. The processing is carried out in order to implement the legitimate interests of the controller – that is, keeping e-mail correspondence, in accordance with art. 6 par. 1 letter f GDPR.
2. The following data are processed: e-mail address, first and last name, and any other data that you provide to us in e- mail correspondence.
3. Data can be stored on an external mail server. External IT companies can also have access to them in the field of servicing and delivering software and IT equipment. Otherwise, the data will not be disclosed (made available) to other entities, except as provided for in the applicable regulations.
4. Data will not be transferred to third countries or international organizations.
5. The data will be stored for a period of 7 years – due to tax regulations and time limits for legal claims.

Personal data included in invoices and other accounting documents:
1. The processing is carried out in order to for compliance with a legal obligation to which the controller is subject (keeping the accounting documentation) and on grounds of the legitimate interests of a controller (possible exercise or defence of legal claims), in accordance with art. 6 par. 1 letter. c and f GDPR.
2. The following data are processed: name and address of the seller and buyer, NIP numbers, possible data of the signatory and other data placed on invoices and other accounting documents.
3. The controller may entrust the processing of your data to external accounting firms and law firms. Access
to them is also allowed for external IT companies, in the field of servicing and delivering software and IT equipment, as well as postal and courier companies, in the case of sending correspondence. Your payment details will be transferred to banks. In the remaining range, the data will not be disclosed (made available) to other entities, except for the cases provided for in the applicable regulations.
4. Data will not be transferred to third countries or international organizations.
5. The data will be stored for a period of 7 years – due to tax regulations and time limits for legal claims.
6. Data is obtained from you and from public registers.

Personal data included in recruitment processes (CVs, cover letters):
1. Processing is carried out on the basis of consent, in accordance with art. 6 par. 1 letter a of GDPR.
2. Providing data is voluntary, it is not required by any regulations, but refusal to provide data will prevent participation in the recruitment process.
3. We process the data provided by you in the application.
4. Data may be accessed by external IT companies in the scope of servicing and delivering software and IT equipment. In addition, the data will not be disclosed (disclosed) to other entities, except as provided for in the applicable regulations.
5. Data will not be transferred to third countries or international organizations.
6. The data will be stored during recruitment and up to six months later, unless the candidate withdraws the consent granted for the processing of data.

Cookies:
1. In order to ensure the greatest possible comfort of using our website, when browsing it, small files are saved on your device, so-called cookie. These files allow us to adjust the content of the website to your needs and interests. By saving them on your device it is possible, among others displaying the page in a way that is most appropriate for a particular user. Cookies enable us to collect statistical data, thanks to which we develop a website in accordance with the preferences of our users.
2. The User may at any time block or limit the option of saving cookies on his device, however, there is a risk that this operation will inhibit the use of the site.

Summary:
1. All personal data processed by us are secured in accordance with the requirements of the GDPR. We make every effort to protect your data and to guard them from the actions of third parties.
2. We reserve the right to update and change this privacy policy by publishing a new version on this site.
3. In case of any doubts or additional questions regarding the protection of privacy, please contact us.