Data Protection Notice
To comply with the obligations arising from the Regulation (EU) 2016/679 (GDPR), IVS Limited Liability Company Limited Partnership informs about the processing of the client's personal data and the rights the client is entitled to. The following rules are applicable as of May 25th, 2018.
1 The Controller of Personal Data
Who is responsible for your data
Legal Entity
IVS sp. z o.o. sp.k.
ul. Graniczna 29 (29 Graniczna St.)
40-017 Katowice, Poland
NIP: 9542766476 · REGON: 364718356
KRS: 0000623079
Katowice-Wschód District Court, 8th Commercial Division
2 Data Protection Officer
Your DPO contact
3 Purpose and Legal Basis of Data Processing
Why we process your data
IVS processes personal data for the purpose of executing a contract to which the person whose data are processed is a party, or to take actions at the request of the data subject before concluding the contract (Article 6 par. 1 letter b of the GDPR).
In certain situations, IVS may process personal data based on legitimate interests (Article 6 par. 1 letter f of the GDPR), in particular for:
- 1) Marketing of IVS products and services;
- 2) Monitoring and improvement of the quality of services provided by IVS, including monitoring of telephone conversations and meetings, carrying out customer satisfaction surveys;
- 3) If applicable, the conduct of disputable proceedings, as well as proceedings before public authorities and other proceedings, including carrying on enquiry and defence against claims.
Consent-based processing: In all other situations, personal data are processed solely on the basis of the consent granted for the purpose specified in its content (Article 6 par. 1 letter a of the GDPR). In all situations, sensitive personal data are processed solely on the basis of consent (Article 9 par. 2 letter a of the GDPR).
4 Recipients of Data
Who may receive your data
Payment processors
Entities that participate in the processes necessary to perform contracts concluded with clients, including banks, credit card operators, electronic and online payment agents.
Business support entities
Entities which support IVS in business processes — hosting companies, legal and accounting services, and external entities carrying out activities necessary to conclude the contract.
5 Time of Data Processing
How long we keep your data
Contract data
Until contract concluded
+ up to 10 years max
Legitimate interest data
Up to 10 years
From collection date
Consent-based data
Until withdrawn
Withdraw anytime
The client's personal data, including sensitive data provided on the basis of consent, are processed by IVS for the time necessary to achieve the objectives indicated in point 3, that is, until the contract is concluded. After that period, IVS may process the client's data for a period of time and to the extent specified by law, however, no longer than 10 years. Insensitive data processed on the basis of separate consent shall be kept until the consent is withdrawn.
6 Your Rights as a Data Subject
GDPR rights guaranteed to all clients
Right to Access
You have the right to access your personal data held by IVS.
Right to Rectification
Request correction of incorrect data or supplementing of incomplete data.
Right to Erasure
"Right to be forgotten" — you can request deletion of your data in specific circumstances.
Right to Restriction
Request restriction of processing in certain situations (e.g. while a dispute is resolved).
Right to Data Portability
Receive your data in a structured, commonly used, machine-readable format when processing is automated.
Right to Object
Object to processing based on legitimate interests due to your particular situation.
7 Withdrawal of Consent
How to withdraw your consent
To the extent of the client's consent to processing of their personal data, the client is entitled to withdraw the consent at any time. The withdrawal takes place without affecting the legality of the processing which was carried out on the basis of the consent prior to its withdrawal.
To withdraw your consent, contact us at: support@comfortpass.travel
8 Right to Lodge a Complaint with the Supervisory Authority
How to escalate concerns
In any situation, when the client considers that IVS processes personal data contrary to the provisions of the GDPR, the client has the right to lodge a complaint with the appropriate supervisory authority. In Poland, the supervisory authority is the President of the Personal Data Protection Office (UODO).
9 Transfer of Personal Data to Countries Outside the EEA
International data flows
IVS transfers personal data to countries outside the European Economic Area:
Canada
The transfer is necessary for carrying out the contract of the service agency. The Commission decision of 20th December 2001 stated that the regulations in force in Canada ensure an adequate level of protection of personal data.
Other third countries (including the US)
The transfer of data takes place on the basis of standard contractual clauses agreed with the recipient, the content of which has been adopted by the European Commission and ensures the highest standards of personal data protection applied on the market.
The client has the right to obtain a copy of the data transferred by IVS.
10 Obligation to Provide Personal Data
Is providing data mandatory?
Providing personal data is entirely voluntary. However, providing data is a condition for concluding a service contract with IVS or it is necessary to achieve the objectives arising from the legitimate interests of IVS. Failure to provide all the data will prevent conclusion and execution of the indicated contract.
Questions about your data?
Contact our Data Protection Officer or support team: