SECURITY POLICY OF PERSONAL DATA OF XPERIENCE SP. Z OO SP. K.

Ladies and Gentlemen, from May 25, 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing the Directive 95/46 / WE (GDPR). 

Due to the obligations imposed by the GDPR on entities processing personal data, we ensure that as part of the services provided by our company, your data is safe and processed only when necessary. We understand the importance of ensuring protection by properly managing your personal data. Our company uses appropriate security measures to protect personal data against accidental loss and unauthorized access, use, alteration and disclosure. 

Personal data controller 

The administrator of your personal data is Xperience Sp. z o. o. Sp. k. (hereinafter referred to as the “Administrator”). In all matters related to the protection of personal data, please contact us via the email address: friends@xperiencepoland.com. 

Collection of personal data 

When concluding any Agreements with the Administrator, you voluntarily provide the following categories of data:

  1. Your personal data, including name and surname, date of birth, address, e-mail address, telephone number, number and a series of identity cards (ID card or passport );
  2. Personal data of other persons in your group, including name and surname, date of birth, home address, email address, telephone number, number and series of proof of identity (ID card or passport);
  3. Personal data of minors of whom you are the Parents or legal guardians, including name and surname, date of birth, address, e-mail address, telephone number, number and a series of proof of identity (ID card or passport). 

When you provide other people’s personal data, you must be sure that they consent to it and that you are authorized to provide it. You should also make sure that, if necessary, these persons are aware of how the Administrator uses their personal data. It is your responsibility to provide these persons with the Personal Data Security Policy of Xperience Sp z oo Sp. k ..

Use of personal data The 

administrator uses your personal data for the following purposes: 

  1. Provision of tourist services The 

administrator must obtain your personal data in order to perform the contract in the field of tourist services. In addition, the processing of personal data is necessary for the purposes of managing your bookings, providing you with access to additional products and services, providing support for any services offered and possible reimbursement.

  1. Establishing contact with the Customer 

In order to provide better customer service, in the event of contact with the Administrator, for example via e-mail, traditional mail, telephone or social media, the Administrator may use your personal data to provide support or any clarification.

  1. Marketing communication 

From time to time, Xperience Sp. z o. o. Sp. k. may send you relevant offers and messages about services via e-mail, SMS or may contact you by phone. The administrator will only do so after giving your free prior consent to receive such marketing information. It should be emphasized that you can change your marketing preferences at any time by contacting the Administrator in this regard.

  1. Provision of personal data

In order to provide tourist services, the Administrator may provide personal data to entities co-implementing or continuing the provision of tourist services, as well as selected entities responsible for travel arrangements, including airlines, hotels, transport companies and local suppliers. In selected cases, the Administrator authorizes guides, tour leaders and other entities cooperating in the implementation of the tourist service to use your personal data, but only for the purpose and for the duration of the service. In addition, the Administrator provides personal data to insurers in order to provide you with adequate protection during the implementation of the tourist service. The administrator entrusts selected personal data as part of cooperation with an external accounting office.

  1. Disclosure of data to regulatory authorities 

In order to travel, it may be required (as required by government authorities at the point of departure / departure and / or destination) that the Administrator discloses and processes your personal data for immigration, border control, security and counter-terrorism purposes or any other purposes such authorities consider appropriate. Some countries allow entry on the condition of providing their personal data in advance (eg under the Caricom API Data agreements and the US “Secure Flight Data” program). In addition, the Administrator may disclose the necessary minimum scope of personal data to other public authorities, if required by law or legally permitted. 

Your personal data is not subject to automated decision making, including profiling.

Legal basis for the processing of personal datapersonal 

Yourdata will be collected and used by the Administrator provided that at least one of the following conditions is met:

  1. Obtaining your consent (example: marketing information); \
  2. When it is necessary to conclude a contract or take the desired actions prior to entering into a contract (example: provision of tourist services);
  3. When it is necessary to comply with a legal obligation (example: sharing personal data with regulatory / state authorities). 
  4. When it is necessary to protect the vital interests of you or others (example: emergency / emergency situation: your insurance company, its agents and medical staff may exchange with the Administrator relevant personal data and special categories of personal data in a situation where one of the parties must take action on behalf or in the interest of other clients or in emergencies / emergencies). 

Archiving of personal data The

administrator will store your personal data only as long as it is necessary for the purposes set out in this document and / or to meet legal and regulatory requirements. After this period, the Administrator will safely delete your personal data. 

Accessing and updating personal data; Complaints 

You have the right to request a copy of your personal data that is in the possession of the Administrator. In addition, you can ask for the correction or deletion of personal data, object to the processing of personal data and, if technically feasible, request the transfer of the personal data provided to another organization. 

The administrator will update or delete your data, unless it has a legal obligation to keep it for the purposes of conducting business or complying with the law. You can also contact the Administrator if you have any reservations about the method of collecting, storing or using your personal data. The controller endeavors to finally investigate the complaints, but if you are still dissatisfied with the response received, you can lodge a complaint with the data protection supervisory authority of the local data protection authority. 

Xperience Sp. z o. o. Sp. k.