Privacy Policy

The administrator of your personal data is VOAS spółka z ograniczoną odpowiedzialnością
with its registered office in Warsaw (02-454), entered into the register of entrepreneurs of the National Court Register by the District Court for the capital city of Warsaw in Warsaw under KRS number 0000794477, with a share capital of PLN 5,000.00, REGON: 383864407, NIP: 5223163919 (hereinafter referred to as hereinafter referred to as the Administrator or Service Provider).

Your personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 /EC (General Data Protection Regulation) – hereinafter: GDPR. Detailed information about the processing of your personal data and your rights in connection with it can be found in this Privacy Policy.

I. Personal data of customers or potential customers

1. All personal data provided by Customers or potential Customers, in particular via the online portal www.vo-as.com operated by the Service Provider or via the Administrator’s hotline, will be processed and used by the Administrator solely for the purposes of:
   1. performing activities preceding the conclusion of the contract, concluding and implementing the contract,
   2. fulfillment of legal obligations imposed on the Service Provider, in particular processing for the purpose of issuing an invoice, bill or conducting financial reporting,
   3. if the Customer consents, informing about new products, services and promotions offered by the Service Provider within the meaning of the Act of July 18, 2002 on the provision of electronic services,
   4. if the Customer consents, transfering the Customer’s contact details to entities cooperating with the Service Provider to enable them to inform the Customer about the products and services they offer,
   5. contained in Cookies depending on the choice made when entering the website www.vo-as.com for the purpose of:

      • performing the necessary basic operations when using the website www.vo-sa.com. Data shared with third parties only to ensure the security of the website and operation on the Customer’s device. Access to data in this case may include the name and version of the web browser and the authorization key.

      • content personalization and website optimization. Data shared with third parties may be used to track the Customer’s activity on the Service Provider’s website and store website preferences. Access to data in this case may include the type of device, model and type of operating system, browsing preferences on the Service Provider’s website, IP address and location.

      • of increasing the relevance of advertising and media. In this case, the data may be shared with third parties and may be used to track the Customer’s activity on the Service Provider’s website and other sites visited. In this case, access to data may include the address of the previously viewed website (HTTP link), activity identifiers on the Service Provider’s website, browsing, search or order history on the website. Advertisements, age, gender, demographic information.

   6. responding to inquiries contained in messages sent to the Administrator,
   7. implementation of the Administrator’s legitimate interests in the form of ensuring the possibility of pursuing claims and defending against claims.
2. Personal data provided by Customers or potential Customers of the Service Provider may be made available only to the extent necessary to other entities for advertising and information purposes.
3. Legal basis for the processing of personal data:
   • in the case referred to in section 1 letter a, f – data processing is necessary in order to perform activities preceding the conclusion of the contract, conclusion and implementation of the contract to which the Customer to whom the data relates is a party – Art. 6 section 1 letter b GDPR
   • in the case referred to in section 1 letter b – fulfillment of legal obligations imposed on the Service Provider – art. 6 section 1 letter c GDPR.
   • in the case referred to in section 1 letter c, d – consent to processing – art. 6 section 1 letter a GDPR.
   • in the case referred to in section 1 letter e – consent to processing – art. 6 section 1 letter a GDPR and implementation of the legally justified interests of the Service Provider in the form of ensuring optimization of using the website and in the form of marketing of services and products – Art. 6 section 1 letter f GDPR.
   • in the case referred to in section 1 letter g – implementation of the legally justified interests of the Service Provider in the form of ensuring the possibility of pursuing claims and defending against claims – art. 6 section 1 letter f GDPR.
4. Personal data:
   • to achieve the purpose specified in section 1 letter a. it will be processed for the duration of the limitation periods for claims that may be due to the Administrator or may be filed against the Administrator.
   • to achieve the purpose specified in section 1 letter b. it will be processed for the period required by generally applicable law,
   • to achieve the purpose specified in section 1 letter c., d. it will be processed for the period of the Administrator’s business activity, unless the data subject withdraws consent to their processing earlier,
   • to achieve the purpose specified in section 1 letter e. it will be processed for the period specified by the Customer when selecting cookie preferences by selecting one of the following periods: one month, six months, twelve months, unless the Customer withdraws consent to their processing earlier or objects to their processing,
   • to achieve the purpose specified in section 1 letter f. it will be processed for the duration of the limitation periods for claims that may be due to the Administrator or may be filed against the Administrator.

II. Personal data of Representatives of companies and institutions and Collaborators

5. All personal data provided by Representatives of companies and institutions and Collaborators, in particular via e-mail correspondence with the Administrator or via the Administrator’s hotline, will be processed and used by the Administrator solely for the purposes of:
   1. performing the contract with the entity on behalf of which the Representative of companies and institutions acts towards the Administrator, and therefore, among others fulfillment of accounting and tax obligations by the Administrator,
   2. enabling establishment of cooperation in the future with the entity on behalf of which the Representative of companies and institutions acts as part of cooperation with the Administrator,
   3. conclusion and performance of an agreement with the Collaborator,
   4. fulfilling the legal obligation imposed on the Administrator, in particular data processing for the purpose of issuing an invoice, bill or conducting financial reporting.
6. Legal basis for the processing of personal data:
   • in the case referred to in section 5 lletter a., b. – processing is necessary to fulfill the legal obligation imposed on the administrator; processing is necessary for the purposes of legally justified interests pursued by the Administrator (the legally justified interests include the need to ensure the possibility of future cooperation between the Administrator and the entity represented by the Representative of companies and institutions) – Art. 6 section 1 letter c, f GDPR,
   • in the case referred to in section 5 letter c – data processing is necessary in order to perform activities preceding the conclusion of the contract, conclusion and implementation of the contract to which the Representative of companies and institutions and the Collaborator to whom the data relates are parties – Art. 6 section 1 letter b GDPR,
   • in the case referred to in section 5 letter d – fulfillment of legal obligations imposed on the Administrator – art. 6 section 1 letter c GDPR.
7. Personal data:
   • to achieve the purpose specified in section 5 letter a., b. for the duration of the contract with the entity on behalf of which the Representative of companies and institutions acts against the Administrator and for the period of limitation of possible claims of the entity on behalf of which the Representative of companies and institutions acts against the Administrator, and also for the period of the Administrator’s business in the field of people transport,
   • to achieve the purpose specified in section 5 letter c., d. for the duration of the contract and the limitation period for possible claims against the Administrator and for the limitation period for the Administrator’s public law obligations in connection with the contract.
8. Personal data of Representatives of companies and institutions obtained from a person to whom the data does not concern were obtained by the Administrator from the entity on behalf of which the Representative of companies and institutions acts towards the Administrator.
9. Personal data will be processed by the Administrator and on his behalf by staff and entities providing various types of services to the Administrator, in particular accounting, legal and IT services.
10. Personal data will not be transferred to countries outside the European Union or to international organizations.
11. The person whose personal data is processed has the right to:
    1. request from the Administrator access to her personal data being processed, supplement, update, rectify, delete or limit processing, as well as the right to transfer data,
    2. withdraw consent to the processing of personal data at any time, without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal, if the processing of personal data is based on consent to the processing of personal data – Art. 6 section 1 letter a GDPR,
    3. object to data processing if it is based on the legitimate interests of the Administrator – Art. 6 section 1 letter f GDPR,
    4. submit a complaint to the President of the Personal Data Protection Office.
12. Transfer of personal data:
    • is done voluntarily in the case referred to in section 1 letter a, b by the Customer or potential Customer to the Administrator. Refusal to provide personal data makes it impossible to conclude a contract.
    • is done voluntarily in the case referred to in section 1 letter c by the Customer or potential Customer to the Administrator. Refusal to provide personal data does not prevent the conclusion of a contract.
    • is done voluntarily in the case referred to in section 1 letter e by the Customer or potential Customer to the Administrator. Refusal to provide personal data resulting from the lack of consent to the use of cookies will prevent optimization of the use of the website, but will not prevent the use of this website.
    • is done voluntarily in the case referred to in section 1 letter f by the Customer or potential Customer to the Administrator. Refusal to provide personal data may make it impossible to respond to the Customer’s inquiry.
    • is done voluntarily in the case referred to in section 5 lit. a, b by the Customer or potential Customer to the Administrator. Refusal to provide personal data may prevent the performance of the contract and the establishment of future cooperation between the Administrator and the entity on behalf of which the Representative of companies and institutions acts towards the Administrator.
    • is done voluntarily in the case referred to in section 5 letter c, d by the Associate to the Administrator. Refusal to provide personal data makes it impossible to conclude and perform the contract.