1. Data is collected by: Travel Manager Sp. z o.o. with its registered office in Poznań, ul. Święty Marcin 29/8, KRS 0000642186, e- mail: firstname.lastname@example.org.
2. Data processing is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “the GDPR”.
3. You have the right: to request access to your personal data, rectify, erase, restrict its processing, to object to its processing, and the right to data portability.
4. If the processing is based on your consent – you can withdraw it at any time by informing us, without affecting the lawfulness of the processing carried out prior to such withdrawal.
5. You have the right to lodge a complaint with the President of the Personal Data Protection Office.
Which personal data do we collect?
In order to provide you with the services of organising business trips, we require personal data which is necessary for making a reservation and providing additional services of your choice. For this purpose, we process the following personal data: your e-mail address, name and surname, telephone number, guest’s data, invoicing data, possibly other data required by providers of accommodation, transport and other travel services.
We are also keen to develop our business and inform you about our offers that might interest you. In this way we conduct marketing activities (a company newsletter) when we use basic personal information such as: an e-mail address, name and surname and a telephone number.
In order to properly maintain business communications, perform contracts and offer our services, we contact our customers mainly by e-mail. Then we process your personal data to contact you, i.e. your e-mail address, name and surname and any other data in your e-mail correspondence.
In order to conduct our business of providing business travel and other related services, we need to keep accounting records. To ensure their transparency and compliance with applicable laws, we are required to obtain the following personal data from you: name and address of the seller and the buyer, NIP (tax identification) numbers, data of the signatory, if any, and other data included in invoices and other accounting documents.
Our company is still developing; hence we constantly recruit candidates willing to join our team and bring in their knowledge, skills and innovative ideas. If you want to start working for our company, you have to provide us with personal data necessary to conduct the recruitment process and help us decide about the potential cooperation. You can provide us with your personal data in your application, i.e. your CV or cover letter.
How do we process your personal data?
Your data is processed in a way that ensures the highest standard of protection. We collect your personal data in particular to:
1. provide you with services such as business travel arrangements or other related services.
2. provide access to our hotailors.com IT tool in order to make bookings through it.
3. verify the accuracy and completeness of the information you provide.
4. personalise offers, send marketing and promotional messages via email inbox.
5. provide you and your employer (payer) with the details of your travel.
6. ensure ongoing contact with you, inform you of booking changes, alerts and updates.
7. improve our service quality and carry out risk assessments.
8. prevent and detect cyber fraud and other crimes that could compromise the security of your data.
9. counteract any and all discriminatory actions.
10. enable us to seek redress or protect against claims arising from contracts we enter into.
11. perform our record-keeping obligations and other obligations imposed by law.
12. enable us to decide whether to start working with a candidate who has sent us their job application.
Any actions we undertake involving your personal data are intended to develop our hotailors.com IT tool, improve the services we provide and ensure the highest standard of security of the personal data we process.
On what grounds do we process your personal data?
The principal basis for our processing of your personal data is the performance of contracts entered into, in particular contracts for the provision of business travel arrangements and other related services. If you do not provide us with the data, we will not be able to render these services.
We often need your consent to process your data. Please note, however, that if you do not grant it, it will prevent us from rendering services to you. We may need your consent to conduct marketing activities. This includes sending you promotional messages, personalised offers and invitations to use our services.
If you want to participate in our recruitment process, as a candidate you also have to give your consent to our processing of your personal data – otherwise you cannot participate in the recruitment process.
Please note that where the only basis for your personal data processing is consent, you may withdraw it at any time by contacting us.
However, your consent is not the only basis on which we process your personal data. When sending you e-mails or marketing our own services, we also process personal data on the basis of our legitimate interests. In the case of personal data in invoices or other accounting documents, processing takes place in order to fulfil our legal obligations (keeping accounting records) and to pursue our legitimate interests (potential remedy seeking or protection against claims).
When processing personal data having a legitimate interest, we ensure that the scope of the data you provide is adequate and limited only to the data that is relevant to our interest.
How do we obtain personal information?
We obtain your personal information in the following ways:
1. You provide us with your personal data
It is always your decision to provide your personal data. This may include personal data we need to provide services to you or to start cooperation with you. You may also provide us with additional personal data which makes contacting you easier or which contribute to the purposes of our processing as described above. Please note that although your provision of personal data is voluntary, if you decide not to, it will prevent us from entering into a contract with you or organising a business trip for you.
2. We receive personal information from others
We also receive your personal information from people who contract with us to provide services. These are employers or other parties who contract us to arrange business travel for you.
We may also receive your data from business partners and other independent third parties. The data they provide may then be linked to the data we receive from you.
3. We collect your personal data automatically
The automatic collection of personal data involves collecting it from the device you use when accessing our system. This includes the following data: your IP address and website URL, browser, and device information, sometimes your location information, cookies and similar technologies, payment information.
4. Extraction of data from public registers
When we process personal data in invoices and other accounting documents, we also obtain data from public registers of entrepreneurs.
How long do we store your personal data?
We process personal data for as long as necessary. The storage period for personal data depends on the purpose and basis of processing, and so:
1. Under applicable tax laws and statutes of limitation, we will process for a period of 7 years:
– personal data necessary for the performance of a contract,
– personal data in email correspondence,
– personal data in invoices and other accounting documents,
2. We will process personal data necessary for marketing activities for a period of 10 years.
3. Personal data from the recruitment processes (CVs, cover letters) will be stored during the recruitment process and up to six months thereafter.
However, please note that where your consent is the sole basis for processing your personal data, you may withdraw your consent at any time and ask us to delete your personal data.
At the end of the processing period, we delete the personal data or have it anonymised.
Where do we keep your personal information?
We store your personal data on external servers that provide a high level of security. We make sure that all external servers on which your data is stored operate in accordance with legal regulations and our binding guidelines.
Who do we share your personal information with?
Your personal data may be transferred to third parties only if this is necessary for processing and if such an obligation is imposed on us by legal authorities.
Depending on the purpose of processing, your data may be accessed by:
– external IT companies in the course of provision and maintenance of IT services, software and hardware,
– electronic payment services,
– in case of payment processing, data will be transferred to banks,
– external accounting firms, debt collection agencies and law firms (when seeing redress),
– postal and courier companies (when sending correspondence).
– external suppliers of travel services, insurers, airlines and hotels.
We will make your personal data available to third parties also when you give us your consent to do so, e.g. when we need to share it because of our cooperation with another entity. Apart from that, your data will not be disclosed (made available) to other entities, except as provided for by relevant regulations.
We may also be requested or required by competent authorities to provide your personal data, for example, to prevent or detect crime, to prevent discrimination or other illegal activities, and to pursue a claim or protect ourselves against claims.
Do we transfer your data to third countries?
Due to the global scope of our company’s operations and the booking of business trips in various countries (including outside the European Union), it may be necessary to transfer your personal data needed for the provision of services to third countries – exclusively to external travel services providers and hotels, for the purpose of performing the contract. To this extent, Article 45 (1), Article 46 (2) (c or d) or Article 49 (1) (a, b, or c) of the GDPR shall apply. The data protection laws applicable in these countries may be less stringent than the EU data protection laws. However, we make every effort to transfer your data to suppliers that provide a standard of data protection at least equivalent to our standard of protection.
Your personal data will not be transferred to international organisations.
In order to provide you with the greatest possible comfort while browsing our website, small files, so-called cookies, are stored on your device. These files make it possible to adapt the content of the website to your needs and interests. By storing them on your device it is possible, among others, to display the website in the most appropriate manner. Cookies allow us to collect statistical data so that we can develop the website according to our users’ preferences.
You can block or restrict the cookies on your device at any time, but there is a risk that this may hinder your use of the website.
Erasure of data
Please note that you can request data erasure if your consent to processing is the only basis for its processing. Otherwise, we may store your data for the following purposes, for example:
– where it is necessary in view of our legitimate interests (e.g. seeking redress and defence against claims),
– if we are required by law to store personal data (e.g. for tax and reporting purposes).