PL

Privacy Policy

PRIVACY POLICY OF THE WEBSITE www.btf.travel

This Privacy Policy (hereinafter: “Policy”) contains information on the processing of your personal data in connection with the use of the “born to fly” Website, operating at the internet address https://borntoflytravel.com (hereinafter: “Website”).

 

Personal data Controller

The Controller of your personal data is company „BORN TO FLY” SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ established in Św. Katarzyna (registered office address: Główna 102a, 55-110 Św. Katarzyna entered in the register of entrepreneurs of the National Court Register kept by the District CourtIN WROCŁAW, Commercial Division of the National Court Register under KRS number: 0000770100 with a VAT number: 8961584265, REGON number: 382515515 with a share capital of 5000 zł ( five thousand PLN) paid in full (hereinafter: “Controller”).

 

Contact with the Controller

In all matters related to the processing of personal data, you can contact the Controller using:

  1. e-mail – at: hello@btf.travel

 

Data Protection Officer

With the Data Protection Officer appointed by the Controller. You can contact us using:

  1. e-mail – at: hello@btf.travel

 

Measures to protect personal data

The Controller uses modern organizational and technical safeguards to ensure the best possible protection of your personal data and guarantees that it processes them in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: “GDPR”), the Act of 10 May 2018 on the protection of personal data and other provisions on the protection of personal data.

 

Information about the processed personal data

Using the Website requires the processing of your personal data. Below you will find detailed information about the purposes and legal bases of processing, as well as the period of processing and the obligation or voluntariness to provide them.

 

Purpose of processing Personal data processed Legal basis
Handling customer inquiries (including inquiries submitted by e-mail or via provided forms)
  1. name and surname
  2. contact details provided by you (e-mail address; correspondence address; telephone number)/li>
 Article 6(1)(c) of the GDPR

(processing is necessary to fulfill the legal obligation incumbent on the Controller, in this case the obligations arising from the provisions on the protection of personal data)
Providing the above-mentioned personal data is voluntary, but necessary for the Controller to properly perform the obligations arising from the provisions on the protection of personal data, m.in. exercise the rights granted to you by the GDPR (the consequence of not providing the above-mentioned data will be the inability to properly implement the above-mentioned rights).

The Controller will process the above-mentioned personal data until the expiry of the limitation periods for claims for violation of the provisions on the protection of personal data.
Purpose of processing Personal data processed Legal basis
Sharing customer reviews
  1. Name and surname
  2. Company
  3. Optionally – other data included in the opinion
 art. 6 section 1 letter f GDPR

(processing is necessary to pursue the legitimate interest of the Administrator, in this case providing opinions for information and promotional purposes)
Providing the above personal data is voluntary, but necessary in order to add an opinion (the consequence of not providing them will be the inability to add an opinion).

The administrator will process the above. personal data until the objection is effectively raised or the purpose of processing is achieved (depending on which of the above-mentioned events occurs first).
Purpose of processing Personal data processed Legal basis
Establishing, pursuing or defending against claims
  1. name and surname/company
  2. e-mail address
  3. residential/registered address
  4. PESEL number
  5. Tax Identification Number
 art. 6 section 1 letter f GDPR

(processing is necessary to pursue the legitimate interest of the Administrator, in this case determining, pursuing or defending against claims that may arise in connection with the performance of contracts concluded with the Administrator)
Providing the above-mentioned personal data is voluntary, but necessary for the Controller to obtain
information about your activity in the Website (the consequence of not providing them will be the Controller’s inability to obtain the above-mentioned information).The Controller will process the above-mentioned personal data until the effective objection is raised or the purpose of processing is achieved.

 

Purpose of processing Personal data processed Legal basis
Analysis of your activity on the Website
  1. date and time of visit
  2. device IP number
  3. type of device operating system
  4. approximate location
  5. type of web browser
  6. time spent on the Website
  7. visited subpages and other activities undertaken within the Website
 art. 6 section 1 letter f GDPR

(processing is necessary to implement the legitimate interest of the Administrator, in this case obtaining information about your activity on the Website)
Providing the above personal data is voluntary, but necessary in order for the Administrator to obtain information about your activity on the Website (the consequence of not providing them will be the Administrator’s inability to obtain the above-mentioned information).

The administrator will process the above. personal data until an effective objection is raised or the purpose of processing is achieved.

 

Purpose of processing Personal data processed Legal basis
Administration of the Website
  1. IP address
  2. server date and time
  3. web browser information
  4. information about the operating system

The above data is saved automatically in the so-called server logs each time you use the Website (administrating it without the use of server logs and automatic saving would not be possible).

 art. 6 section 1 letter f GDPR

(processing is necessary to pursue the legitimate interest of the Administrator, in this case ensuring the proper operation of the Website)
Providing the above personal data is voluntary, but necessary to ensure the proper operation of the Website (the consequence of not providing them will be the inability to ensure proper operation of the Website).

The administrator will process the above. personal data until an effective objection is raised or the purpose of processing is achieved

 

Profiling

To create your profile for marketing purposes and direct marketing tailored to your preferences, the Controller will process your personal data in an automated manner, including profiling them – however, this will not cause any legal effects for you or similarly significantly affect your situation.

The scope of profiled personal data corresponds to the scope indicated above in relation to the analysis of your activity in the Website and the data you save on the Account.

The legal basis for the processing of personal data for the above purpose is art. 6 par. 1 lit. f GDPR, according to which the Controller may process personal data to implement his legitimate interest, in this case to conduct marketing activities tailored to the preferences of recipients. Providing the above-mentioned personal data is voluntary, but necessary to achieve the above-mentioned purpose (the consequence of not providing them will be the inability of the Controller to conduct marketing activities tailored to the preferences of recipients).

The Controller will process personal data for the purpose of profiling until an objection is effectively raised or the purpose of processing is achieved.

Recipients of personal data

The recipients of personal data will be the following external entities cooperating with the Controller:

  1. hosting company
  2. companies providing tools for analyzing activity in the Website and directing direct marketing to people using it (m.in. Google Analytics, Facebook);
  3. business partners and marketing agencies

In addition, personal data may also be transferred to public or private entities, if such an obligation results from generally applicable law, a final court judgment or a final administrative decision.

 

Transfer of personal data to a third country

In connection with the Administrator’s use of services provided by Google LLC, your personal data may be transferred to the following third countries: Great Britain, Canada, USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia and Australia. The basis for the transfer of data to the above-mentioned third countries are:

  • in the case of the United Kingdom, Canada, Israel, Japan and South Korea – decisions of the European Commission stating an adequate level of protection of personal data in each of the above-mentioned third countries;
  • in the case of the USA – Commission Implementing Decision EU 2023/1795 of 10 July 2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework;
  • in the case of the Chile, Brazil, Saudi Arabia, Qatar, India, China, Singapore, Taiwan (Republic of China), Indonesia and Australia – contractual clauses ensuring an adequate level of protection, in accordance with the standard contractual clauses set out in Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to a Regulation of the European Parliament and of the Council (EU) 2016/679.

You can obtain from the Administrator a copy of the data transferred to a third country.

 

Your rights

In connection with the processing of personal data, you have the following rights:

  1. the right to information about what personal data concerning you is processed by the Controller and to receive a copy of this data (the so-called right of access). Issuing the first copy of the data is free, for the next one the Controller may charge a fee;
  2. if the processed data becomes outdated or incomplete (or otherwise incorrect), you have the right to request its rectification;
  3. in certain situations, you can ask the Controller to delete your personal data, e.g. when:
    1. the data will no longer be needed by the Controller for the purposes of which he informed;
    2. you have effectively withdrawn your consent to the processing of data – unless the Controller has the right to process data on another legal basis;
    3. the processing is unlawful;
    4. the need to delete data results from the Controller’s legal obligation.
  4. if personal data are processed by the Controller on the basis of consent to processing or for the purpose of performing the Agreement concluded with him, you have the right to transfer your data to another Controller;
  5. if personal data is processed by the Controller on the basis of your consent to processing, you have the right to withdraw this consent at any time (withdrawal of consent does not affect the lawfulness of processing that was made on the basis of consent before its withdrawal);
  6. if you consider that the processed personal data is incorrect, their processing is unlawful, or the Controller no longer needs certain data, you can request that for a specific, necessary time (e.g. checking the correctness of data or pursuing claims) the Controller does not perform any operations on the data, but only Websites them;
  7. you have the right to object to the processing of personal data whose basis for processing is the legitimate interest of the Controller. In the event of an effective objection, the Controller will cease to process personal data for the above-mentioned purpose;
  8. you have the right to lodge a complaint with the President of the Office for Personal Data Protection if you believe that the processing of personal data violates the provisions of the GDPR.

 

Cookies

  1. The Controller informs that the Website uses “cookies” installed on your end device. These are small text files that can be read by the Controller’s system, as well as by systems belonging to other entities whose services are used by the Controller (e.g. Facebook, Google).
  2. The Controller uses cookies for the following purposes:
    1. ensuring the proper operation of the Website – thanks to cookies, it is possible to operate efficiently the Website, use its functions and conveniently move between individual subpages;
    2. increasing the comfort of browsing the Website – thanks to cookies, it is possible to detect errors on some subpages and their constant improvement;
    3. creating statistics – cookies are used to analyze how users use the Website. Thanks to this, it is possible to constantly improve the Website and adapt its operation to the preferences of users;
    4. conducting marketing activities – thanks to cookies, the Controller may direct advertisements tailored to users’ preferences.
  3. Your Controller can place both permanent and temporary (session) files on your device. Session files are usually deleted when you close the browser, but closing the browser does not delete persistent files.
  4. Information about cookies used by the Controller is displayed in the panel located at the bottom of the Website’s website. Depending on your decision, you can enable or disable cookies of individual categories (except for necessary cookies) and change these settings at any time.
  5. Data collected using cookies do not allow the Controller to identify you.
  6. Through most used browsers, you can check whether cookies have been installed on your end device, as well as delete installed cookies and block them from being installed by the Website in the future. Disabling or limiting the use of cookies may, however, cause quite serious difficulties in using the Website, e.g. in the form of the need to log in to each subpage, a longer loading period of the Website’s website, restrictions on the use of certain functionalities.
  7. The Controller uses the following cookies or tools using them:

Final provisions

To the extent not regulated by the Policy, generally applicable provisions on the protection of personal data shall apply.

This policy is effective from 28.08.2024