PRIVACY POLICY AND COOKIE POLICY

  1. Glossary of terms
    1. Controller or Website Operator/Administrator – TravelTECH sp. z o.o. [limited liability company] with its registered office in Kraków, entered into the Register of Entrepreneurs kept by the District Court for Kraków-Śródmieście, 11th Commercial Department of the National Court Register, under KRS number 0000258229, NIP [Tax ID] 6751345369, REGON [Business Registration Number]: 120268474, with share capital of PLN 51,100.00, which can be contacted by telephone at 12 345 16 61 (call charges according to the operator's tariff), e-mail address: iod@traveltech.pl or mailing address: TravelTECH sp. z o.o. ul. Prof. Michała Życzkowskiego 20, 31-864 Kraków
    2. Customer Service Centre or CSC – a service provided as part of the PolishTrains.eu Website using individual means of communication, enabling the purchase of a Ticket from selected Carriers at the User's request, together with payment, delivery, refund or exchange of the Ticket, as well as obtaining other support and service in relation to the services provided by the PolishTrains.eu Website.
    3. Customer Account – a service within the PolishTrains.eu Website, available after registration and acceptance of the Terms of Service, enabling the tracking of order history, defining Passengers, entering contact details, as well as invoice details.
    4. Passenger – a person for whom transport services are provided and in whose name the tickets were purchased.
    5. Privacy Policy – this privacy and cookie policy applicable to the PolishTrains.eu Website available at https://www.polishtrains.eu/privacy-policy.
    6. Terms of Service – the terms of service of the PolishTrains.eu Website available at https://www.polishtrains.eu/terms.
    7. GDPR provisions – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC and the Act of 10 May 2018 on the protection of personal data.
    8. PolishTrains.eu Website – a website operated at https://www.polishtrains.eu/ together with the application and other domains owned by the Administrator, as well as the Customer Service Centre, providing services and information on collective rail transport, as well as enabling the placement of orders, purchases, payments and delivery of Tickets, as well as their refund, exchange or lodging complaints.
    9. User – a person using the PolishTrains.eu Website. The User may also be referred to as the 'Customer'.
  2. General information
    1. This Privacy Policy sets out the rights and rules related to the processing of personal data in the provision of services through the PolishTrains.eu Website.
    2. The basic rights and obligations regarding the protection of personal data, including the information obligation, are implemented on the basis of this Privacy Policy and the provisions of the GDPR.
    3. The legal principles and rules for using the PolishTrains.eu Website, including the provision of services by electronic means, are set out in the Terms of Service.
  3. Personal data Controller
    1. The Controller of personal data processed in connection with the provision of services via the PolishTrains.eu Website is the Website Operator.
  4. Categories of data subjects
    1. Personal data processed within the PolishTrains.eu Website is obtained directly from persons visiting the PolishTrains.eu Website or contacting the Customer Service Centre.
    2. The Controller, as part of the services provided through the PolishTrains.eu Website, referred to in the Terms of Service, processes the personal data of Users and/or Passengers.
    3. When a User acting on behalf of a Passenger uses the PolishTrains.eu Website services, the Controller processes the Passenger’s data in addition to the User’s data. By providing the Controller with the Passenger’s data, the User declares that they are authorised to do so and that they have informed the Passenger that their data is being processed by the Controller. The User is also obliged to provide the Passenger with the content of this privacy policy so that they can familiarise themselves with it at the latest at the time of providing their personal data to the PolishTrains.eu Website. The Controller has the right to request additional data from the User or Passenger confirming the above authorisation.
  5. Purpose, scope, basis and period of personal data processing

    The purpose, scope, basis and period of processing of Users’ and/or Passengers’ personal data are presented in the table below:


    Purpose of processing Categories and types of data being processed Basis for processing Period of processing
    Creation of a Customer Account on the PolishTrains.eu Website e-mail address Article 6(1)(b) of the GDPR in connection with the acceptance of the Terms of Service. Until the Customer Account is deleted by the User
    Use of the Customer Account on the PolishTrains.eu Website first name, surname, e-mail address, telephone number, address, business details such as: name, address, NIP [Tax ID]; Passenger details: first name, surname, gender, date of birth. Article 6(1)(b) of the GDPR in connection with the acceptance of the Terms of Service and in order to take action at the User\’s request prior to the conclusion of a contract, as well as for the purpose of performing the contract. Until the expiry of the limitation period for claims relating to the performance of the contract
    Enabling the process of placing an order for the purchase of a ticket, as well as the purchase, refund, exchange or complaint of this ticket and other after-sales services within the PolishTrains.eu Website first name, surname, gender, telephone number, e-mail address, correspondence (mailing) address, business details such as: name, address, NIP (Tax ID); in the case of group ticket purchases, additional data is collected regarding the identity document number and the issuing authority of the person making the purchase Article 6(1)(b) of the GDPR in connection with the performance of a contract to which the user is a party and Article 6(1)(c) of the GDPR Until the expiry of the limitation period for claims relating to the performance of the contract
    Provision of commercial information first name, surname, e-mail address and telephone number Article 6(1)(a) of the GDPR in connection with the consent given Until the data subject withdraws their consent to the processing of their data
    Fulfilment of legal obligations, including tax and accounting obligations, imposed on the Controller. first name, surname, company name, address, telephone number, NIP (tax ID], REGON [business registration number], bank account number, payment card number Article 6(1)(c) of the GDPR in conjunction with Article 88(1) and (2) of the Act of 29 August 1997 – Tax Ordinance (consolidated text: Journal of Laws of 2005, No. 8, item 60, as amended) Until the expiry of the legal obligations incumbent on the Controller
    User or Passenger satisfaction surveys and determining service quality. first name, surname, e-mail address, telephone number Article 6(1)(f) of the GDPR, in connection with the Controller\’s legitimate interest in improving the quality of customer service and conducting Customer satisfaction surveys. Until the data subject objects to the processing of their data
    Adding opinions to the website www.polishtrains.eu e-mail address, first name, surname Article 6(1)(f) of the GDPR, in connection with the Controller\’s legitimate interest in presenting opinions on the services it provides. Until the data subject objects to the processing of their data
    Determination, investigation, enforcement of claims, as well as protection against claims in administrative, judicial and extrajudicial proceedings first name, surname, company name, address, telephone number, IP address, NIP [tax ID], REGON [business registration number], bank account number, payment card number Article 6(1)(f) of the GDPR, in connection with the legitimate interest of the Controller, consisting in the determination, investigation and enforcement of claims and protection against claims. Until the expiry of the deadlines for the fulfilment of public law obligations and until the expiry of the limitation periods for claims.
    Conducting analytical processes, e.g. website traffic, selection of services tailored to the needs of the Controller’s customers; optimisation of our products based on comments about them, interests, technical application logs. first name, address of residence or IP address, browser data Article 6(1)(f) of the GDPR, in connection with the Controller\’s legitimate interest in analysing website traffic, improving the quality of services and own marketing. Until the data subject objects to the processing of their data.
    Use of the contact form. first name, surname, e-mail address Article 6(1)(f) of the GDPR, in connection with the legitimate interest of the Controller, consisting in communicating with the Customer Until the data subject objects to the processing of their data
    Direct marketing of own goods and services, including remarketing. first name, surname, e-mail address, telephone number Article 6(1)(f) of the GDPR, in connection with the legitimate interest of the Controller, consisting in the direct marketing of own services, including remarketing Until the data subject objects to the processing of their data
  6. Cookies
    1. The PolishTrains.eu Website uses cookies to collect information related to the use of the PolishTrains.eu Website by Users. Cookies enable, among other things:
      1. adaptation of the content presented, including advertising content, to the individual preferences and needs of Users, thus facilitating the use of the PolishTrains.eu Website;
      2. collection and analysis of the statistical data on Users’ internet traffic, which makes it possible to improve the functioning of the PolishTrains.eu Website and the quality of the content presented;
      3. ensuring the proper functioning of the PolishTrains.eu Website on the end device used by the User, in particular to maintain the website session and the data entered.
    2. The PolishTrains.eu Website uses the following types of cookies:
      1. essential cookies – enabling the use of the PolishTrains.eu Website, e.g. used for services requiring authentication, including ticket purchases;
      2. security cookies – e.g. used to detect authentication fraud;
      3. performance cookies – enabling the collection of information on how the PolishTrains.eu Website is used;
      4. functional cookies – enabling the ‘remembering’ of settings selected by the User and the personalisation of their interface, e.g. in terms of the selected language or region of origin, font size, website appearance, etc.
    3. Cookies stored locally on the end device (e.g. the User’s computer) can be deleted by the User at any time.
    4. The User may independently manage the scope of cookie creation, in particular, they may block the placement of cookies on the end device, as well as modify the scope of their use, e.g. by requiring the User to be informed each time cookies are placed on the device.
    5. Deleting or blocking the creation of cookies on the User’s end device may result in significant restrictions and limitations in the use of the PolishTrains.eu Website or even make it impossible to use.
  7. Automated data processing and profiling
    1. When using the PolishTrains.eu Website, tools are used to send personalised marketing content to the User (profiling). As a result of analysing the User’s activities on the PolishTrains.eu Website, in particular the selection of content and the time spent on its subpages, profiled marketing content is directed to the User, which allows for the limitation of marketing content.
  8. Voluntary provision of personal data. Consequences of not providing personal data
    1. The provision of personal data by the User is voluntary, but it is necessary in particular for the provision of services in accordance with the Terms of Service, such as placing an order for a ticket, purchasing, exchanging, refunding or complaining about a ticket, creating and maintaining a Customer Account or subscribing to a newsletter, and failure to provide such data shall prevent the performance of these services. In the case of data processed on the basis of consent, its provision is voluntary, and consent may be withdrawn at any time without affecting the lawfulness of the processing that was carried out on the basis of consent before its withdrawal. To withdraw consent, please send a message to the following e-mail address: iod@traveltech.pl.
  9. Data recipients
    1. carriers that provide transport services and other additional services purchased as part of the ticket; such transfer shall take place only to the extent necessary to achieve the purposes of personal data processing indicated above, including in particular for the proper performance of the contract of carriage and other services purchased from carriers, including ensuring the possibility of ticket inspection;
    2. payment operators whose services are used by the Controller in the provision of services;
    3. subcontractors and business partners, i.e. entities used by the Controller in the processing of personal data and for the performance of the contract, in particular accounting firms, law firms, IT companies, marketing agencies, technical service providers, payment processors, sales agents and call centres.
  10. Data transfer to a third country/international organisation
    1. In connection with the provision of services including the possibility of purchasing tickets, as well as after-sales service for journeys provided by foreign carriers, the User’s and Passenger’s data may be transferred to a third country. The transfer may take place to countries outside the EEA, depending on the travel route selected by the User and the carrier providing the service. The transfer shall take place on the basis of Article 49(1)(b) of the GDPR, i.e. where the transfer is necessary for the performance of a contract between the data subject and the Controller in the form of purchasing tickets from the carrier, and Article 49(1)(c) of the GDPR, i.e. the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject.
    2. In the case of countries that may not provide the same level of personal data protection as in the EEA, the transfer shall only take place if it is necessary for the performance of the service. The Controller shall take appropriate measures to ensure data protection by applying appropriate and suitable safeguards.
  11. Rights of persons whose data is processed
    1. In connection with the processing of personal data, Users and Passengers have the right to:
      1. Request access to their personal data.
      2. Request rectification (correction) of their personal data.
      3. Request the erasure of their personal data or restriction of its processing, as well as object to its processing, but only if further processing is not necessary for the Controller to fulfil a legal obligation and there are no other overriding legal grounds for processing.
      4. Lodge a complaint with the President of the Personal Data Protection Office in Warsaw if, in the opinion of the User or Passenger, the Controller has committed irregularities in the processing of their personal data.
      5. The right to withdraw consent to the processing of personal data – it is possible at any time to withdraw consent to the processing of personal data that we process on the basis of prior consent. Withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.
    2. In the event of one of the above requests being submitted to the Controller, the Controller shall inform the User or Passenger without undue delay, but no later than within one month (in justified cases – extended by a maximum of two consecutive months after prior notification of the person concerned) about the actions taken (or the lack thereof and the reason for the lack of action).
  12. Contact regarding matters related to personal data processing
    1. For matters related to personal data processing within the PolishTrains.eu Website, please contact us at the dedicated e-mail address: iod@traveltech.pl or by regular mail at the following address: TravelTECH sp. z o.o., ul. prof. M. Życzkowskiego 20, 31-864 Kraków.
  13. Additional information
    1. The Administrator reserves the right to make changes to the Privacy Policy by publishing the current version on the PolishTrains.eu Website.

Searching connections...
please wait...