THE PRIVACY POLICY OF THE TRIPINVEST.COM WEBSITE

TABLE OF CONTENTS:

  1. GENERAL PROVISIONS
  2. THE BASIS OF DATA PROCESSING
  3. THE PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING ON A WEBSITE
  4. WEBSITE DATA RECIPIENTS
  5. PROFILING ON A WEBSITE
  6. THE RIGHTS OF THE DATA SUBJECT
  7. COOKIES ON A WEBSITE, PERFORMANCE DATA AND ANALYTICS
  8. FINAL PROVISIONS.

1) GENERAL PROVISIONS

  1. This Website privacy policy is informative, which means that it is not a source of obligations for the Website Recipients. The privacy policy includes primarily the principles regarding personal data processing by the Website Administrator. It also includes the basis, purposes and scope of processing personal data, the rights of the data subject, as well as information on the use of cookies and analytical tools on the Website.
  2. The Administrator of personal data collected through the Website is FRANCHISE MARKETING SYSTEMS SP. Z O.O., KRS 0000824038, NIP 5130264415, the address of the place: Rynek 10A, 32-065 Krzeszowice, Poland, e-mail address: office@tripinvest.com, telephone contact numbers: +48 882 686 909, + 34 652 884 967 and +34 625 662 755 - hereinafer referred to as ''The Administrator'' and being also the Service Provider on the Website.
  3. Personal data on the Website is processed by the Administrator in compliance with legislation in force, particularly with the Regulation of the European Parliament and of the Council (EU) 2016/679 as of April 27, 2016 on the protection of individuals with regard to the processing of personal data, on the free flow of such data and repeal of Directive 95/46 / EC (General Data Protection Regulation) - hereinafter referred to as "GDPR" or "GDPR Regulation". The official text of the GPDR: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
  4. The Website usage, including the conclusion of contracts is voluntary. Similarly, the providing of personal data by the Website Recipient is voluntary, subject to two exceptions: (1) concluding contracts with the Administrator - failure to provide personal data (in cases and in the scope indicated on the Website, in the Website Regulations and the privacy policy) necessary to conclude and perform a contract for the provision of Electronic Services with the Administrator results in the inability to conclude the contract. In this case, providing personal data is a contractual requirement and if the data subject wishes to conclude a specific contract with the Administrator, he/she is obliged to provide the required data. From time to time, the scope of data required to conclude the contract is indicated previously on the Website and in the Regulations of the Website; (2) statutory obligations of the Administrator – providing personal data is a statutory requirement stemming from generally applicable provisions imposing an obligation on the Administrator to process personal data. Failure to provide the data will prevent the Administrator from performing these obligations.
  5. The Administrator acts with particular diligence so as to protect the interests of the data subject, the Administrator is particularly responsible for the data and ensures that the data collected is (1) processed in compliance with law; (2) collected for specified, legitimate purposes and not subjected to further processing incompatible with those purposes; (3) factually correct and adequate to the purposes for which they are processed; (4) stored in a form that allows identification of data subjects, not longer than needed for achieving the goal of processing and (5) processing in a manner ensuring the safety of personal data, including the protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by applying appropriate technical or organisational measures.
  6. Having regard to the nature, scope, context and purposes of the processing, as well as the risk of infringing the laws or the freedom of individuals of a various probability and scale of threat, the Administrator shall implement proper technical and organisational measures to ensure that the processing takes place in compliance with this Regulation and shall be able to demonstrate it. When required, the measures are reviewed and upgraded. The Administrator shall use technical measures to prevent the acquisition and modification by unauthorised persons of personal data sent electronically.
  7. Any words, expressions, and acronyms occurring in this privacy policy and starting with a capital letter (e.g. Service Provider, Website, Electronic Service) should be interpreted in compliance with their definition contained in the Website Regulations available on the Website.

2) THE BASIS OF DATA PROCESSING

  1. The Administrator is entitled to process personal data in cases, when – and to the extent that – at least one of the following conditions is met: (1) the data subject has consented to the processing of its personal data for one or more specific purposes; (2) the processing is necessary to perform the contract to which the data subject is party or to take action at the request of the data subject before the conclusion of the contract; (3) processing is necessary to fulfill the legal obligation incumbent on the Administrator; or (4) processing is necessary for purposes stemming from legitimate interests implemented by the Administrator or by a third party, except for situations when the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, prevail over these interests, in particular when the person to whom the data apply, is a child.
  2. From time to time, the processing of personal data by the Administrator requires at least one of the grounds indicated in 2.1. of privacy policy to occur. Specific basis for the processing of personal data of Website Recipients by the Administrator are indicated in the following section of the privacy policy – in relation to the given purpose of processing personal data by the Administrator.

3) THE PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING ON A WEBSITE

  1. Each time the purpose, basis, period, and scope as well as the recipients of personal data processed by the Administrator stem from activities undertaken by the Website Recipient in question.
  2. The Administrator may process personal data on the Website for the following purposes, on the following basis, periods, and the following scope:
    The purpose of processing data The legal basis of processing and storage period of data The scope of the processed data
    Performance of the contract for the provision of services or contract for the provision of Electronic Services or taking actions at the request of the data subject before the conclusion of the listed above contracts. Article 6(1)(b) of GDPR Regulations (performance of the contract)

     

    The data is stored for the period necessary to perfom, cancel or terminate the concluded contract in any other way.
    The maximum scope:

     

    first name and last name; e-mail address; street, house number, apartment number, zip code, city, country, home address.
    Direct marketing Article 6(1)(b) of GDPR Regulations (the legitimate interest of the Administrator)

     

    The data is stored for the duration of the legitimate interest implemented by the Administrator, however, not longer than for the period of limitation of claims in respect of the data subject on account of the business activity conducted by the Administrator. The limitation period is determined by law, in particular by the Civil Code (the basic limitation period for claims related to conducting business activity amounts to three years, and for a sales contract - two years).

     

    The Administrator must not process data for direct marketing purposes if the data subject has successfully objected to it.
    E-mail address
    Marketing Article 6(1)(b) of GDPR Regulations (permission)

     

    The data is stored until the data subject withdraws his consent for further processing of his data for this purpose.
    Name, e-mail address
    Maintenance of the accounting books Article 6(1)(c) of GDPR Regulations in connection with Article 74(2) of the Accounting Act, i.e. of 30 January 2018 (Dz.U. of 2018, item 395)

     

    The data is stored for the period required by law, requiring the Administrator to keep accounting books (for 5 years from the beginning of the year following the financial year to which the data relates).
    First name and last name; address of residence / business / registered office, company name and tax identification number (NIP) of the Service Recipient or Customer
    Determining, investigating or defending claims that may be raised by the Administrator or which may be raised against the Administrator Article 6(1)(f) of GDPR Regulation

     

    The data is stored for the duration of the legitimate interest implemented by the Administrator, however, not longer than for limitation of claims in respect of the data subject on account of the business activity conducted by the Administrator. The limitation period is determined by law, in particular the Civil Code (the basic limitation period for claims related to conducting business activity amounts to three years, and for a sales contract - two years).
    Maximum scope: first name and last name; e-mail address; street, house number, apartment number, zip code, city, country, home address.

4) WEBSITE DATA RECIPIENTS

  1. It is necessary for the Administrator to rely on the use of external entities' services (such as e.g. a software supplier) for the proper functioning of the Website, including the implementation of concluded contracts for the provision of electronic services. The Administrator uses solely the services of those personal data processing entities, which provide sufficient guarantees of implementing proper technical and organisational measures, so that the processing meets the requirements of the GDPR Regulation and protects the rights of data subjects.
  2. Personal data may be transmitted by the Administrator to a third country, whereby the Administrator ensures that in this case it will take place in relation to the country providing an adequate level of protection - compatible with the GDPR. Furthermore, the data subject has the right to obtain a copy of his/her personal data. The Administrator transmits the collected personal data only if and to the extent necessary to implement a given purpose of data processing compatible with this privacy policy.
  3. Transmission of data by the Administrator does not occur in every case and not to all recipients or recipient categories indicated in the privacy policy – the Administrator transmits data only when it is necessary to implement a given purpose for processing personal data, and only to the extent necessary for its implementation.
  4. The personal data of Website Recipients may be transmitted to the following recipients or recipient categories:
    1. entities servicing electronic payments or payments by card – in case of a Client who uses an electronic payment or payment by card, the Administrator provides the Client's collected personal data to a selected entity servicing the above listed payments at the request of the Administrator, to the extent necessary for the service of payment made by the Client.
    2. creditors/lessors – in the case of a Client who chooses payment in instalments or lease payments as their preferred method of payment, the Administrator provides the Client's collected personal data to a selected creditor or lessor servicing the above listed payments at the request of the Administrator, to the extent necessary for the service of payment made by the Client.
    3. providers of accounting, legal and consultancy services providing the Administrator with accounting, legal or advisory support (in particular an accounting office, law firm or debt collection company).
    4. Service providers providing the Administrator with technical, IT and organisational solutions, enabling the Administrator to conduct a business activity, including the Website and Electronic Services provided through it (particularly, computer software suppliers for operating the Website, electronic mail and hosting providers as well as software providers to manage the company and provide technical support to the Administrator) - the Administrator provides the collected personal data of a recipient to a selected supplier working at the request of the Administrator only in case and to the extent necessary to implement a given purpose for transmitting data compatible with this privacy policy.

5) PROFILING ON A WEBSITE

  1. The GDPR imposes an obligation on the Administrator to provide information on automated decision-making, including profiling, which is referred to in Article 22 (1) and (4) of GDPR, and – at least in these cases – crucial information on the principles of making them, as well as the significance and anticipated consequences of such processing for the data subject. Taking it into consideration, the Administrator provides information concerning the possible profiling in this point of the privacy policy.
  2. The Administrator may use profiling on the Website for direct marketing purposes, but the decisions taken on the basis of it by the Administrator do not pertain to the conclusion or refusal to conclude a contract for the provision of electronic services or the possibility of using Electronic Services on the Website. The outcome of using profiling on the Website may be e.g. sending an offer, which may meet the interests or preferences of the individual or offering better conditions in comparison to the Website's standard offer. Despite profiling, a given person makes a free decision whether they want to use the discount received in this way, or better conditions and make a purchase on the Website.
  3. Website profiling consists of an automatic analysis or behaviour prognosis of an individual on the Website or by analysing the history of operations taken on the Website. The condition of such profiling is that the Administrator is in the possesion of personal data of an individual in order to be able to subsequently send to the individual, e.g. a rebate code.
  4. The data subject has the right not to be subject to a decision based solely on automatised processing, including profiling, and induces legal effects on the person or similarly considerably affects the person.

6) THE RIGHTS OF THE DATA SUBJECT

  1. Right of access, rectification, limitation, erasure or transfer - the data subject has the right to request the Administrator to access his personal data, rectify it, delete it ("the right to be forgotten") or limit processing, and has the right to object to the processing, as well as the right to transfer his data. Specific conditions of conducting the above listed laws are indicated in Articles 15 to 21 of GDPR.
  2. Right to revoke consent at any time – the data subject, whose data is processed by the Administrator on the basis of expressed consent (in compliance with Article 6(1)(a) or Article 9(2)(a) of GDPR), has the right to revoke his consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  3. Right to lodge a complaint with a supervisory authority – the data subject, whose data is processed by the Administrator, has the right to lodge a complaint with a supervisory authority according to the manner and modalities set out in the GDPR and Polish law provisions, particularly in the Personal Data Protection Act. The supervisory authority in Poland is the President of the Office for Personal Data Protection.
  4. Right to object - the data subject, whose data is processed by the Administrator, has the right to object at any time - for reasons related to their specific situation - towards the processing of their personal data based on Article 6(1)(e) (interest or public services) or (f) (the legitimate interest of the Administrator), including profiling on the basis of those regulations. The administrator in this case may no longer process this personal data, unless demonstrating the existence of valid legitimate grounds for processing, superior to the interests, rights and freedoms of the data subject, or grounds for establishing, investigating or defending claims.
  5. Right to object re: direct marketing - if personal data is processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning the data subject for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing.
  6. In order to exercise the rights referred to in this point of the privacy policy, you may contact the Administrator by sending a proper message, in writing or by e-mail, to the address indicated by the Administrator in the opening paragraph of the privacy policy, or by using the contact form available on the Website.

7) COOKIES ON A WEBSITE, PERFORMANCE DATA AND ANALYTICS

  1. Cookies are small bits of information, in the form of text files, sent by a web server and stored on the site visitor’s side (e.g. on a hard disk of a computer, laptop, or on a smartphone memory card – depending on what type of device is used by the site visitor). For detailed information on Cookie files and the history of their creation, refer to: http://pl.wikipedia.org/wiki/Ciasteczko.
  2. The Administrator may process the data included in Cookie files when visitors use the Website for the following purposes:
    1. identification of Recipients as logged in on the Website and showing that they are logged in;
    2. storing the data from completed forms or log on information for the Website
    3. to customise the content of the Website page for individual preferences of the Recipient (e.g. concerning colours, font size, page layout) and optimisation of using Website pages.
    4. conducting anonymous visit statistics showing how to use the Website;
  3. Conventionally, most of the web browsers available on the market accept Cookies by default. Every person has the right to lay down the conditions of using Cookies by using their own web browser settings. It means that you may e.g. partially limit (e.g. temporarily) or completely disable the option of saving Cookies – in the latter case, however, it may affect some functionalities of the Website.
  4. Cookie settings in your web browser are important, as they have an effect on whether you consent or not to our use of cookies – in compliance with the provisions, such consent may also be given trough the browsers' settings. In case of lack of such consent, the cookie setting in your browser should be changed accordingly.
  5. For detailed information on changing the settings of cookies and their removal in the most popular browsers, refer to the browser's help section and to the following pages (just click on the given link):
  6. On the Website, the Administrator may use the Google Analytics, Universal Analytics services, which are provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). These services help the Administrator to track user's movement on the Website. The collected data is processed as part of the above services in an anonymous manner (they are so-called performance data, which prevent identification of the person who uses the computer) to generate statistics helpful in administering the Website. These data are aggregate and anonymous, i.e. they do not contain the unique identifiers (personal data) of the visitors to the Website. The Administrator using the above services on the Website collects data such as sources and medium of acquiring visitors to the Website and how they are operating on the Website, information about the devices and browsers from which they visit the website, IP and domain, geographical data and demographic data (age, gender) and interests.
  7. It is possible for the data subject to easily block the Google Analytics access to information about the user's activity on the Website – in order to do that you may install the Google Analytics browser add-on provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
  8. The Administrator may use the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) on the Website. This service helps the Administrator to measure the efficiency of advertisements and learn what type of actions are taken by the Website visitors, as well as display targeted ads to the user. For detailed information on the Facebook Pixel, refer to: https://www.facebook.com/business/help/742478679120153?helpref=page_content
  9. Managing the action of the Facebook Pixel is possible through the settings of ads in your Facebook.com account: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

8) FINAL PROVISIONS

  1. 1. The Website may include links to other sites. The Administrator recommends to familiarise oneself with the privacy policy of these websites while approaching them. This privacy policy applies only to the Administrator's Website.

Do you have any questions?

Call us:

0044 203 807 9447

...or write us an e-mail:
office
We use cookies to facilitate the use of our websites, for statistical and advertising purposes. If you do not block these files, you agree to their use and saving them in your device's memory. Remember that you can change your browser settings yourself to block the saving of cookies. For more information, see our Privacy Policy.
facebook profile contact us