Search
Privacy Policy

for users of dolnyslask.travel

§ 1 General provisions

  1. The controller of personal data processed under this privacy policy is the Lower Silesian Tourist Organisation Association (hereinafter referred to as the "Association" or "Administrator") with its registered office in Wrocław at ul. Świdnicka 44, 50-027 Wrocław, entered into the register of associations, other social and professional organisations, foundations and independent public healthcare facilities of the National Court Register under the KRS number: 0000062136, REGON number: 522521315, NIP number: 8971616995.
  2. This document defines the principles of processing personal data by the Association, the rights of data subjects in order to make them available on the publicly available tourist website dolnyslask.travel (hereinafter referred to as the "Privacy Policy") as well as regulates selected issues related to IT data – so-called "cookies" files.
  3. The privacy policy is communicated and made available by placing its electronic version on the website referred to in point 2 above.
  4. The terms used in the Privacy Policy mean:
  5. User (hereinafter referred to as the "User") – a person with full legal capacity and authorisation who submits a notification on his or her own behalf using the form available on the website at the address indicated in point 2 above.
  6. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
  7.  Website – website available at https://dolnyslask.travel
  8. Everyone using the Website is obliged to comply with the provisions of the Privacy Policy.

§ 2 Information clause

  1. The provision of personal data by the User is voluntary, but is a condition for including the data of the Event or Tourist Package in the list of Events and in the list of Tourist Packages.
  2. The Administrator processes Users’ personal data on the basis of:
  3. Article 6(1)(a) of the GDPR – "the data subject has consented to the processing of his or her personal data for one or more specific purposes";
  4. Article 6(1)(c) of the GDPR – “processing is necessary for compliance with a legal obligation to which the controller is subject”;
  5. The Controller may also process data pursuant to Article 9 of the GDPR when:
  6. the processing is carried out within the framework of legitimate activities carried out with appropriate safeguards by the Association, provided that the processing relates only to persons maintaining regular contact with it in connection with its purposes and that the personal data are not disclosed outside the Association without the consent of the data subjects;
  7. the processing relates to personal data that have been manifestly made public by the data subject;
  8. processing is necessary for the establishment, exercise or defence of legal claims or in the course of the administration of justice by courts;
  9. processing is necessary for reasons of important public interest, based on Union or Member State law, which is proportionate to the objective pursued, respects the essence of the right to data protection and provides for appropriate and specific measures to safeguard the fundamental rights and interests of the data subject;
  10. in accordance with Article 89(1), on the basis of Union or Member State law, which is proportionate to the objective pursued, respects the essence of the right to data protection and provides for appropriate and specific measures to safeguard the fundamental rights and the interests of the data subject.
  11. Users’ personal data will be stored for the duration of the consent, as well as for the time necessary for archiving purposes resulting from generally applicable provisions or the Administrator’s internal regulations.
  12. The data processing period may be extended if processing is necessary to establish and pursue possible claims, and after that time only when and to the extent required by law.
  13. The Administrator takes special care to protect the interests of data subjects, and in particular ensures that the data collected by him are processed in accordance with the law, collected for specified, lawful purposes and not subject to further processing incompatible with these purposes, are substantively correct and adequate in relation to the purposes for which they are processed, and stored in a form which enables identification of data subjects for no longer than is necessary to achieve the purpose of processing.
  14. Personal data may be transferred to entities authorized under the law, in particular courts, tribunals, law enforcement agencies, control authorities, as well as:
  15. the Marshal’s Office of the Lower Silesian Voivodeship for the purpose of verification of the entry in the register of tour operators;
  16. entities providing IT services to the Administrator and maintaining IT systems in which the User’s personal data are stored.
  17. In relation to personal data, decisions will not be made in an automated manner and will not be subject to profiling.
  18. Everyone whose personal data is processed by the Administrator has:
  19. pursuant to Article 15 of the GDPR, the right to access personal data
  20. under Article 16 of the GDPR, the right to rectify personal data;
  21. ;the right to delete data in the cases specified in Article 17 paragraph 1 of the GDPR
  22. the right to request the Controller to restrict the processing of personal data in the cases specified in Article 18 paragraph 1 of the GDPR;
  23. the right to lodge a complaint with the President of the Personal Data Protection Office if he/she considers that the processing of personal data violates the provisions on personal data protection (President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw);
  24. the right to withdraw consent to the processing of personal data at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  25. The Administrator applies technical and organisational measures to ensure the protection of processed personal data appropriate to the threats and categories of data subject to protection, and in particular protects data against disclosure to unauthorised persons, removal by an unauthorised person, processing in violation of applicable regulations and change, loss, damage or destruction.
  26. The Administrator ensures that all disclosed information is protected in accordance with the applicable regulations and security standards, in particular:
  27. Only authorized employees or associates of the Administrator have direct access to personal data collected by the Data Controller in accordance with Article 29 of the GDPR
  28. The Administrator declares that by commissioning other entities to provide services, it requires its partners, in accordance with the provisions of Article 28 of the GDPR, to ensure appropriately high standards of protection of the entrusted personal data, to sign appropriate entrustment agreements in which the partners confirm the application of standards and the right to control the compliance of these entities' activities with these standards;
  29. in order to ensure proper protection of services provided electronically, the Administrator applies a high level of security, including cryptographic protection of personal data transmission (SSL protocol), however, due to the public nature of the Internet, the use of services provided electronically may be associated with threats, regardless of the Administrator's due diligence.
  30. The Administrator will not transfer personal data to a third country or an international organisation.

§ 3 Cookie Policy

  1. Cookies (also called "cookies") are small text files placed by the Administrator and to which the Administrator has access.
  2. Cookies contain, among others, such data as: the name of the website from which they originate, the time of their storage on the user's end device and a unique number that was generated to identify the web browser used by the User to connect to the website. Cookies store information that is necessary for the website to function properly. Cookies may also store a unique number identifying the user's end device, with the proviso that it is not possible to determine the user's identity on this basis.
  3. The Administrator uses files (cookies) for the purpose of:
  4. Adapting the presentation of the website content to the devices on which it is displayed, such as: desktop computers, tablets, mobile phones;
  5. Protecting your website from hacker attacks that aim to take control of your website.
  6. If the User does not consent to the use of cookies or would like to limit the scope of use of cookies, he or she may refrain from using the website or change the settings of the web browser.
  7. Limiting or disabling cookies used by the Administrator may affect the functionalities available on the website.

§ 4 Changes to the Privacy Policy

  1. The privacy policy may be changed at any time, in whole or in part, with at least 7 days' notice.
  2. Any changes to the Privacy Policy are announced and made available by placing their electronic version on the Website, as well as by placing their paper version on the notice board at the Association's headquarters.

§ 5 Contact the Administrator

  1. Users can contact the Administrator via:
  2. message to the email address: [email protected];
  3. contact by phone: 71 793 97 24;
  4. .by mail to the following address: Lower Silesian Tourist Organisation, ul. Swidnicka 44, 50-027 Wrocław

§ 6 Final provisions

  1. In matters not regulated in the Privacy Policy, the provisions of generally applicable law in Poland shall apply, in particular the provisions of the GDPR, the Act of 10 May 2018 on the Protection of Personal Data (consolidated text: Journal of Laws of 2019, item 1781, as amended), the Act of 16 July 2004 - Telecommunications Law (consolidated text: Journal of Laws of 2022, item 1648, as amended).
  2. If any provision of the Privacy Policy proves to be invalid, ineffective or unable to produce legal effects on any basis, this shall not affect the validity and binding force of the remaining provisions, and the provision that is invalid, ineffective or unable to produce legal effects on any basis shall be replaced by the most similar provision of generally applicable law, if any.
  3. Any disputes related to the provisions of the Privacy Policy will be resolved by a Polish common court having jurisdiction in accordance with general principles.