We will process your personal data as a data controller.
For the purposes of this Policy, the following term “Data Protection Legislation” means Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“DPA”), as well as any legislation and/or regulations implementing or created pursuant to the provisions of the DPA and the Online Privacy Legislation and any other applicable national legislation relating to the processing of personal data and privacy, in particular the Data Protection Act of 10 May 2018.
For the purposes of this policy, “controller”, “processor”, “third party”, “supervisory authority”, “personal data”, “processing”, “data subject” have the meanings set out in the applicable data protection legislation.
For what purpose do we process your personal data?
We collect and process the personal data received from you exclusively for the purpose of drawing up and subsequently concluding a contract for the provision of travel services, insurance, hotel accommodation bookings and accounting and tax operations. Your data will be stored with due care and in compliance with the security standards described in this Policy. Any use of data for marketing purposes requires a separate, explicit consent.
Who can receive your personal data?
In the context of providing the Service, in order to ensure that the services in the Rally Programme can be provided and to comply with legal requirements (such as local registration requirements in hotel facilities), your personal data will be shared with the service providers in the Rally Programme or the Rally Agreement, the Workshop Agreement and the insurance company to the extent necessary and appropriate.
Is your data used for direct marketing?
How long will your personal information be kept?
How is your information shared with third parties?
Your personal data will also be shared with government bodies or law enforcement officials if required by them and if required by law or if required for the legal protection of the data controller under applicable legislation.
What are your rights?
When you provide personal data, you have rights under the provisions of the Data Protection Legislation, which can be exercised free of charge, subject to statutory exceptions. In particular, you have the following rights:
- Right to withdraw consent: if your personal data are processed on the basis of your consent, you have the right to withdraw your consent at any time and on your own initiative. You can do so by any form, in particular by contacting us personally at the “Ignacia” head office, by telephone on +507 360 939 or by sending a message to the e+mail address: firstname.lastname@example.org. The withdrawal of consent will not affect the lawfulness of the previous collection and processing of your data based on your consent, until you withdraw your consent.
- Right to access, review and correct your data: you have the right to access, review and request correction of your personal data. You may ask us for a copy of your data in order to review or correct it; if you wish to review or correct any information, such as your name, email address, postal address and other details, you may do so by contacting us at the ‘Ignaccia’ premises or by sending an email to email@example.com.
- Right to erasure: you have the right to request the erasure of all personal data processed as described herein, where the personal data is no longer necessary for the purposes for which the personal data was originally collected or processed, in accordance with Data Protection Legislation.
- Right to object or restrict processing: under certain circumstances described in the Data Protection Legislation, you may request the restriction of processing or object to the processing of your personal data.
- Right to object to processing for direct marketing: if your personal data is processed for direct marketing purposes, you may object to processing for that purpose, in any form.
- Right to data portability: you have the right to receive your personal data processed in a format that is structured, commonly used and machine-readable and to transmit that data to another service provider.
These rights may be limited, for example, if complying with your request discloses personal data about another person, or if you ask us to delete information that is lawfully required to be retained or necessary for important legitimate interests. To exercise any of these rights, you may contact us as set out below.
If you have unresolved concerns, you have the right to lodge a complaint with the EU data protection authority where you live, work or where you think the infringement may have occurred. In Poland, such authority is the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw, tel. 22 531 03 00, fax. 22 531 03 01, e-mail: firstname.lastname@example.org.
What security measures have been introduced?
Appropriate technical and organisational measures are implemented to ensure an adequate level of personal data security, in particular: personal data are stored only in IT systems protected against unauthorised access by third parties (computer working on a full and secure version of the operating system, password protection, anti-virus and anti-malware software, automatic security updates, network protection by means of firewalls), and personal data recorded on paper are stored in a locked room to which access is limited to persons authorised by the Company.
If personal data is compromised as a result of a breach of security and if the breach is likely to cause a high risk to rights and freedoms, we will take the necessary notifications in accordance with the provisions of the Data Protection Legislation.
How are cookies used and do we use a customer profiling mechanism?
Cookies are understood to be IT data, in particular text files, stored on your terminal equipment such as computer, smartphone, tablet or similar device, transmitted by websites. Cookies make it possible, among other things, to recognise your device and display a website adapted to your individual preferences.
We share information about how you use our website with social media, advertising and analytics partners in an automated manner. These partners (i.e. Google, Facebook, Instagram and Youtube) may combine this information with other data received from you or obtained when you use their services. The Customer profiling mechanism used is fully automated and does not involve us collecting data about the identity of visitors to our Website.
Our website uses the storage and access to “cookies” on the basis of the consent given by the web user, expressed during the configuration of the web browser or the selected website. You have the ability to change your browser settings at any time and determine the conditions under which our Company stores or accesses this information.
How can you contact us?
To the following address:
Horse Riding and Creative Development Centre “Ignacowka”
507 360 939, e-mail address: email@example.com.