Privacy Policy VacaoTrip Mobile Application

§ 1 General Provisions

  1. This Privacy Policy (hereinafter referred to as the "Privacy Policy") defines the method of collecting, processing and storing personal data necessary for the provision of services through the mobile application (hereinafter referred to as the "Application") by Vacaotrip Sp. z o.o.
  2. The User acknowledges that the Data Controller is Vacaotrip Sp. z o.o. with its registered office at ul. Aleja Najświętszej Maryi Panny 49/218, 42-217 Częstochowa, NIP: 5732961718, REGON: 541484849, KRS: 0001168232.
  3. A User is any natural person using the services provided through the Application.
  4. The User acknowledges that providing personal data is voluntary but necessary for the Application to function. The User's personal data will be provided to the Application Administrator after accepting the Terms of Service and Privacy Policy by clicking the appropriate checkbox.
  5. Data will not be processed in an automated manner.
  6. Additionally, the Administrator informs that this Privacy Policy is only supplementary to the privacy policies of Google Play Store and Apple App Store, through which the User downloads the Application.

§ 2 Purposes of Data Processing

  1. The User's personal data will be used by the Administrator to provide the service selected by the User. The Application is used to recommend travel destinations based on User preferences. The User can use the application without registration or optionally create an account. Data is processed to ensure proper functioning of the Application, technical and statistical analysis, diagnosing errors and improving quality, increasing stability and security, personalizing recommendations and handling reports.
  2. The Application uses artificial intelligence (AI) elements to analyze user responses and suggest travel destinations. The AI system (including Vertex AI) does not make decisions with legal effects concerning the User.
  3. The Application does not display advertisements and does not transfer data to advertisers.
  4. The Application does not process cookies.

§ 3 Scope of Collected Data

  1. As part of the Application's operation, the following data may be collected:
    • email address (optionally when logging in)
    • first and last name
    • travel preference data
    • location (with consent)
    • device identifier (model, operating system, Application version)
    • technical and analytical data
    • error and crash data
    • data related to complaint resolution
    • data related to establishing and pursuing claims or defense against claims
  2. Data may be processed using external service providers: Google LLC, Firebase, Google Analytics, Expo, Clerk, Sentry, Vertex AI – only to the extent necessary to provide services and analytics.
  3. The Application does not collect personal data for marketing purposes and does not process sensitive data.

§ 4 Legal Basis for Processing

The legal basis for data processing is:

  1. a) Article 6(1)(b) GDPR – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract,
  2. b) Article 6(1)(f) GDPR – legitimate interests pursued by the controller, consisting of data collection, maintaining Application functionality, ensuring Application security, error analysis and performance improvement, establishing and pursuing or defending against claims.

§ 5 Data Retention Period

Personal data will be processed for the period necessary to perform the contract, handle complaints, establish and pursue claims or defend against claims, and in cases where the basis for data processing is consent given by the User – until it is withdrawn.

§ 6 Rights and Obligations of the Administrator

  1. The Administrator undertakes to process the User's personal data in compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR) and the Act of 18 July 2002 on the provision of services by electronic means.
  2. The Administrator guarantees the provision of appropriate technical and organizational measures ensuring the security of processed personal data, in particular preventing access by unauthorized third parties, or processing in violation of generally applicable law, preventing loss, damage or destruction of personal data.
  3. The Administrator has the right to share the User's personal data with:
    • subsidiaries;
    • third parties in the event of selling all or part of its shares to them, or in the event of a merger of the Administrator with a third party, or acquisition of shares in the Administrator's Company by a third party;
    • other third parties that have accepted the Privacy Policy, provided the Administrator has concluded an agreement with them necessary for the Administrator to provide services through the Application;
    • competent authorities that request access to personal data based on appropriate grounds of generally applicable law.

§ 7 Rights and Obligations of the User

  1. The User has the right to access their data and the right to rectification, erasure, restriction of processing, and the right to object to processing.
  2. The User has the right to lodge a complaint with the supervisory authority, i.e., the President of the Personal Data Protection Office, when the processing of the User's personal data violates legal provisions.
  3. Where the basis for data processing is consent given by the User, the User also has the right to withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  4. In the event of permanent deletion by the User of personal data necessary for the Administrator to provide services through the Application, the User will lose the ability to use these services.
  5. The Administrator reserves the right to introduce changes to the Privacy Policy, about which the User will be informed through the Application or email. If the User does not agree to the introduced changes, they are obliged to permanently delete the Application from their mobile device.

§ 8 Data Protection Officer

The Administrator has appointed a Data Protection Officer who can be contacted on any matter related to the processing of personal data by sending a message to the email address: kontakt@vacaotrip.com, with the note: "Data Protection Officer".