BUY POLAND
2021

1. Polska Organizacja Turystyczna [Polish Tourism Organisation], with a registered office in Warsaw, 8 Chałubińskiego Street, NIP [Taxpayer Identification Number]: 525 21 50 196 (hereinafter referred to as POT or Controller) is the personal data controller.
2. Zagraniczne Ośrodki Polskiej Organizacji Turystycznej [Polish Tourism Organisation International Offices] (hereinafter referred to as ZOPOT) have the status of joint controllers. Provisions arising from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as GDPR) are binding regardless of ZOPOT seats. 
3. Due to the organizational structure of POT (14 ZOPOTs located in the European Union and beyond) your personal data, when implementing joint promotional activities, can be transferred outside the European Union. We guarantee that in such cases the data transfer will be based on appropriate data protection policy or on a contract between POT or ZOPOT and an external party. Such contract will contain standard data protection clauses adopted by the European Commission.
4. In all cases related to the processing of your personal data by POT and ZOPOT you can contact a designated data protection officer in Polish and English
   
   
   • by e-mail: dpo@pot.gov.pl or
   • by sending a letter to the controller’s address for correspondence: Polska Organizacja Turystyczna, ul. Chałubińskiego 8, XIX piętro, 00-613 Warszawa
     [Polish Tourism Organisation, 8 Chałubińskiego Street, 19th floor, 00-613 Warsaw].
5. For reasons connected with the safety of entrusted personal data the Controller acts on the basis of internal procedures and recommendations, following appropriate legal acts in the field of personal data protection, and especially Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, and the Act of 10 May 2018 on the protection of personal data.
6. The Controller takes utmost care to protect the interests of concerned individuals, and in particular ensures that the personal data are:

6. • lawfully processed,
   • collected for specified, lawful purposes and not subject to further processing that would contradict these purposes,
   • true, complete and up to date with regard to the purpose for which they are intended,
   • processed no longer than it is necessary for achieving the purpose,
   • secured by means of appropriate technical and organizational measures that ensure adequate personal data security, including protection against unauthorized or illegal processing, as well as their accidental loss, damage or erasure.
7. The Controller guarantees you a right to access data; you can also correct them, request their removal or reduce their processing. In addition, you can also exercise your right to object the processing of your data and the right to transfer data to another controller.
8. Please note that you have the right to lodge a complaint against data processing to the President of Urząd Ochrony Danych Osobowych
   [Personal Data Protection Office], ul. Stawki 2, 00-193 Warszawa, tel. 22 5310300, fax. 22 5310301, kancelaria@uodo.gov.pl.

PRIVACY POLICY

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to
the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (also known as “GDPR”, “General Data Protection
Regulation”) came into force on 25 May 2018. Consequently, we would like to inform you about the processing of your data and the conditions it adopted after 25 May 2018. Please find below fundamental information about this subject.

PURPOSE OF COLLECTING DATA

1. Personal data in POT are processed:
   
   
   1. on the basis of consent granted under Article 6 (1) (a) of GDPR for the purposes of:
      
      
      1. sending information about the activity of POT and ZOPOT, including a newsletter, to the e-mail address submitted in the contact form or on a business card; 
      2. replying to inquiries sent to POT and ZOPOT through contact forms available on websites administered by Polska Organizacja Turystyczna;
      3. planning trips in the Planer application on the National Tourism Portal at https://polska.travel;
      4. entering data into the Tourist Information Repository;
      5. cooperation with bloggers;
      6. facilitation of ongoing partnership;
      7. conducting e-learning training sessions;
      8. facilitation of future recruitment for positions with POT and ZOPOT;
      9. and in the case of POT and ZOPOT staff – to provide HR services and fringe benefits, including additional health care and awarded lump sums.

          

          

   2. under Article 6 (1) (b) of GDPR for the purposes of:
      
      
      1. performing a contract or taking steps prior to entering into a contract, including sending requests for proposal in a bidding process to publicly available addresses and sending inquiries about price estimates;
      2. placing an order for services performed as part of contracts related to POT’s statutory activity;
      3. performing contracts connected with the implementation of Measure 6.4 of Operational Programme “Innovative Economy”
         and Sub-Measure 3.3.2 of Operational Programme “Smart Growth”;
      4. performing contracts for the management of POT online portals and applications;
      5. performing contracts for the management of the Tourist Information Repository;
      6. performing contracts, to which POT and ZOPOT staff are parties, including contracts of employment and contracts for fringe benefits,
         or taking steps prior to entering into a contract of employment or a civil law contract.

          

          

   3. under Article 6 (1) (c) of GDPR for the purposes of:
      
      
      1. fulfilling contractual obligations;
      2. implementing statutory objectives of POT defined in the Act of 25 June 1999 on Polska Organizacja Turystyczna (Journal of Laws 2018, item 563), including:
         promotion of Poland as an attractive tourist destination; ensuring that the Polish tourist information system is functioning and developing both at home and abroad; initiating, evaluating and supporting the plans of developing and modernizing tourist infrastructure; inspiring the establishment of regional and local tourism organizations;
      3. performing tasks specified in the Act, including:

          

         i.  in the field of promoting Poland – handling applications for promotional initiatives conducted by POT and ZOPOT, including the “Poland see more – Weekend at half price” action; the Eden competition;competition for Certified Tourist Products, and granting patronages of POT and President of POT plus activities of Poland Convention Bureau (PCB) responsible for the promotion of Poland as an attractive destination for staging business meetings and events;
         ii. in the field of ensuring that the Polish tourist information system is functioning and developing both at home and abroad – staging competition for the best Tourist Information Centre in Poland; certifying Tourist Information Stands and managing the Tourist Information Repository;
         iii. in the field of inspiring the establishment of regional and local tourism organizations – making partnership arrangements and implementing promotional actions with regional and local tourism organisations;

          

          

      4. maintaining relations with the press and industry in the field of POT’s statutory activity
         
      5. planning activities and reporting on their implementation;
      6. fulfilling the obligation of a controller of a job applicant data, in line with the Labour Code;

          

          

   4. under Article 6 (1) (f) of GDPR for the purposes of:
      
      
      1. handling your applications, which constitutes our legitimate interest;
      2. handling applications for sending promotional materials, which constitutes our legitimate interest;
      3. contacting you for the purposes of handling applications for participating in trade fairs, promotional events and events, which constitutes our legitimate interest; 
      4. contacting you to organize fam and press trips, which constitutes our legitimate interest;
      5. ensuring contact with candidates applying for a position with POT and defending oneself against claims resulting from employment;
      6. carrying out archival (evidential) functions to secure information in the event of a legal necessity to demonstrate facts to a customer, a contracting party or a supervisory unit, which constitutes our legitimate interest;
      7. eventual arrangements, investigations or defence against claims, which constitutes our legitimate interest;

          

          

2. Providing data:
   
   
   1. essential for answering inquiries submitted by a contact form available on websites administered by POT, especially https://www.pot.gov.pl and all of its language versions, https://www.polska.travel and all of its language versions, https://aktualnosciturystyczne.pl; https://www.pieknywschod.pl and all its language versions; https://zarabiajnaturystyce.pl; https://polskapodajdalej.pl/pl/;
   2. essential for filling out an application form for promotional events staged by POT, including:

       

2. 2. 1. trade fairs, workshops, events, fam and press trips;
      2. competitions, especially “Poland see more – Weekend at half price”; the Eden
         competition, competition for Certified Tourist Products, competition for
         the best Tourist Information Centre in Poland; certification of Tourist
         Information Stands and others not listed above and
      3. granting patronages of POT and President of POT,

          

          

   3. essential for posting information in the Tourist Information Repository;
   4. for the purposes of sending requested promotional materials;
   5. for the purposes of signing contracts and performing services; is obligatory, and voluntary in other cases.
      
      

If data essential to perform services discussed in points b to e is not submitted,
you will not be able to benefit from the servicesin question or we can refuse to sign a contract.

3. If you agree to receive information about POT and ZOPOT activities, invitations, newsletters to a submitted e-mail address, submitting data is voluntary and you have the right to withdraw the consent at any time without affecting the lawfulness of data processing conducted prior to the withdrawal.
4. If no consent is given to process data for informational-promotional purposes we will not be able to send information to your e-mail address or call you to provide the information.
5. We will stop processing your data for these purposes, unless we will be able to prove that in regards to your data there are essential and legitimate reasons that override your interests, rights and freedoms or your data will be essential for us for the purposes of eventual arrangements, investigations or defence against claims.
6. At any time you have the right to object the data processing described above and the right to withdraw the consent at any time without affecting the lawfulness of data processing conducted prior to the withdrawal.

SCOPE OF DATA

1. The scope of personal data processed by the Controller depends on the defined purpose of processing.
2. We guarantee access to your personal data and full information about the scope of processed data depending on the defined purpose. The information is provided by a designated data protection inspector that can be contacted by sending an e-mail to dpo@pot.gov.pl or a letter to the Controller’s address for correspondence: Polska Organizacja Turystyczna, ul. Chałubińskiego 8, XIX piętro, 00-613 Warszawa [Polish Tourism Organisation, 8 Chałubińskiego Street, 19th floor, 00-613 Warsaw].
3. For data processed under Article 6 (a) of GDPR:
   
   1. in case of agreeing to receiving a newsletter, processing refers to the e-mail address submitted when registering;
   2. in case of applications made through contact forms available on websites administered by POT, processing refers to the e-mail address and name and surname;
   3. in case of data submitted in applications available on websites administered by POT, processing refers to the scope required by an application to correctly register (Planer, Tourist Information Repository);
   4. in case of e-learning training sessions, processing refers to name and surname and e-mail address;
   5. in case of a recruitment process, processing refers to data specified in the job advertisement.
4. For data processed under Article 6 (b) (c) of GDPR:
   
   1. data essential for properly concluding, performing and settling a contract, commissioning a service, requests for proposals and inquiries about cost estimates, fulfilling contractual obligations and implementing statutory objectives of Polska Organizacja Turystyczna, processing mostly refers to name and surname, e-mail address, phone number, company data, NIP and REGON number;
   2. data essential for ongoing cooperation with journalists, bloggers and partners of promotional actions and events, processing refers to name and surname, phone number, e-mail address and additionally name of editorial office, positions, represented organisations.
5. For data processed under Article 6 (f) of GDPR:
   
   1.  data required in application forms: name and surname, e-mail address;
   2. data required to send promotional materials: name and surname, address, phone number, e-mail address;
   3. in case of handling applications for trade fairs, promotional events and events: data specified in separate regulations;
   4. for the purposes of staging fam and press trips: name and surname, e-mail address, phone number, correspondence address, name of editorial office or travel agency as well as data required by subcontractors, i.a. providing accommodation (hotels) and transportation services (particularly airlines).
      
      

DURATION OF DATA RETENTION

1. Your data will be retained for the period specified below:
   
   1. data obtained in connection with the conclusion of a contract will be retained within the period of limitation on the validity of potential claims, in compliance with periods arising from taxation and accounting regulations and other binding legal acts;
   2. data obtained on the basis of consent will be retained until the consent is withdrawn. Withdrawal of consent does not affect the lawfulness of data processing prior to the withdrawal.
   3. data obtained in the recruitment process are retained for a maximum period of limitation on the validity of claims potentially arising from the recruitment procedure or in the case of entering into an employment contract, as part of employee documentation, following labour law rules regulating the period of retaining such documentation; 
   4. data processed as part of the Tourist Information Repository will be retained for 2 years after the cooperation’s termination or after a review of the latest venue infrastructure, when venues are no longer relevant;
   5. data processed to perform tasks specified in the Act on POT will be retained until the completion of a promotional action, programmes, in the case of data becoming outdated: when requested, or subject to other conditions specified in the regulations of actions and programmes.
2. In case of submitting an objection, data will be retained until the objection is reviewed, but data will not be processed during this period.

    

RIGHTS IN THE FIELD OF PERSONAL DATA PROCESSING

1. You will be entitled to rights specified in articles 15-22 of GDPR, that is to:
   
   
   1. right of access,
   2. right to rectification,
   3. right to erasure (‘right to be forgotten’),
   4. right to restriction of processing,
   5. right to data portability
      
   6. right to object,
   7. and right to obtain information
2. The listed rights can be exercised in the following cases:
   
   
   1. right to rectification – if data are incorrect or incomplete;
   2. right to erasure – when data are no longer necessary for the purposes for which they were originally collected; when you withdraw your consent for data processing; when you object to your data being processed; when your data are unlawfully processed; when data should be deleted as a result of binding legal provisions;
   3. right to restriction of processing – when your data are incorrect, for a period of time making it possible to verify their correctness; when your data are unlawfully processed but you will not be requesting their erasure; when your data are no longer necessary but might be useful for your defence or pursuing claims; when you object to your data being processed – until it will be verified if the objection is legitimate;
   4. right to data portability – when your data are being processed on the basis of your consent or
      a contract you entered into and the processing is being conducted automatically.
3. You have the right to object to personal data processing when:
   
   
   1. personal data processing is being conducted on the basis of a legitimate interest or for statistical purposes, and the objection is justified by your specific situation,
   2. personal data are processed for the purposes of direct marketing.
4. Please note that you have the right to lodge a complaint against data processing to the President of Urząd Ochrony Danych Osobowych [Personal Data Protection Office], ul. Stawki 2, 00-193 Warszawa, tel. 22 5310300, fax. 22 5310301, kancelaria@uodo.gov.pl.
   
   

CHANGES IN THE PRIVACY POLICY

The Controller reserves the right to make changes in the website’s privacy policy, which might result from the development of online technology, eventual changes of legal regulations in the field of personal data protection and the development of websites administered by POT. We will inform users about all changes in a visible and comprehensible manner.