I. Definitions
Controller - means PKP Polskie Linie Kolejowe S.A. with its registered office in Warsaw ul. Targowa 74, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw, 8th Commercial Division of the National Court Register under number KRS 0000037568, NIP (Tax Identification Number): 113-23-16-427, REGON (Business Registry Number): 017319027, which provides services by electronic means and which stores and gains access to information on the User′s devices.
Mobile application - means a computer programme created and updated by the Controller, operating on a mobile device.
Device - means an electronic device through which the User gains access to the Mobile Application.
User - means an entity for the benefit of which, in accordance with the Regulations for the use of the Portal Pasażera mobile application and the provisions of law, the services may be performed by electronic means.
II. Information on data collected automatically
- The Controller does not collect personal data without the User′s consent, but only data without such status, in particular IP address, device type, operating system type, demographic data and data concerning the use of the Mobile Application. The collection of the data described in the previous sentence is carried out automatically by means of:
- the Google Analytics analytical tool [controller: Google INC with its registered office in the USA]
- the controller′s tool for verifying the correctness of the application′s operation (scope: IP address).
- Data collected automatically do not allow for unambiguous identification of the User.
- Data collected automatically may be used by the Controller to improve the quality of services performed, in particular in the event of an error in the Mobile Application. In the situation described above, the data collected automatically shall relate to the Application error, including the status of the User′s mobile device at the time of the error, identification of the User′s mobile device.
- It is impossible to change or delete data collected automatically.
III. Data collected for contact purposes
- In the Mobile Application, the Controller provides the User with an e-mail address to which the User may send an e-mail. Sending an e-mail message is tantamount to giving consent to the processing of the User′s personal data by PKP Polskie Linie Kolejowe Spółka Akcyjna with its registered office at the following address: 03-734 Warsaw, ul. Targowa 74, hereinafter referred to as the Company, for the purpose of contacting the Controller.
- In accordance with Art. 13 of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119 of 2016, pp. 1-88), hereinafter referred to as the GDPR, the User, by reading this privacy policy, is informed that:
- the Controller of the data is PKP Polskie Linie Kolejowe Spółka Akcyjna, with its registered office at the following address: 03-734, Warsaw, ul. Targowa 74;
- the following e-mail address: iod.plk@plk-sa.pl of the Data Protection Inspector in PKP Polskie Linie Kolejowe S.A. is available to people whose personal data are processed by the Company;
- the legal basis for the processing of personal data by the Company is Art. 6 sec. 1 letter a of the GDPR, i.e. the consent given by the User;
- the personal data shall not be made available to other recipients unless a specific provision of law provides otherwise;
- the personal data will not be transferred to a non-European Economic Area member state (third country) as well as an international organisation within the meaning of the GDPR;
- personal data shall be stored in accordance with the provisions of law until their archiving;
- the User shall have the right to request access to the personal data relating to it, to rectification, erasure or restriction of their processing, the right to object to processing, and the right to data portability;
- the User shall have the right to withdraw its consent at any time and the withdrawal of its consent shall not have retroactive effect, i.e. it shall not affect the legality of the processing of personal data which the Company does before the withdrawal of consent;
- providing personal data is voluntary, however, without providing them, it is impossible to obtain any feedback on the question;
- the User shall have the right to file a complaint with a supervisory authority i.e. the President of the Office for Personal Data Protection;
- the Company shall not make automated decisions, including profiling on the basis of the personal data provided by the User.
- The Controller declares that it uses technical and organisational measures to protect the processing of personal data appropriately to risks and data categories and, in particular, it protects User′s personal data against loss, misuse, unauthorised processing or modification. Access to personal data is only granted to persons who are authorised to process them and obliged to keep them confidential.