§1

General provisions

  1. This Privacy Policy sets out the principles for the processing and protection of personal data of Users using the Website available at the Internet address: gtvbus.pl, hereinafter referred to as the “Website”. This document also defines the rules for the use of cookies.
  2. The Privacy Policy of the Website is for information purposes only.
  3. The Joint Controllers of personal data of the Website Users, pursuant to the Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and the repeal of Directive 95/46/W (General Data Protection Regulation – GDPR) of 27 April 2016 (Dz. Urz. UE. L No. 119, p. 1), hereinafter referred to as the “GDPR”, are:
    1. GTV Office Sp. z o.o., ul. Hutnicza 5, 46-040 Ozimek, NIP: 9910514597, KRS (National Court Register No.) 0000696080,info@gtvbus.pl
    2. International Transport Company Sp. z o.o. ul. Hutnicza 5, 46-040 Ozimek, NIP: 9910546249, National Court Register No. (KRS): 0000992407, info@gtvbus.pl
    3. Green Bus Logistics Sp. z o.o. ul. Hutnicza 5, 46-040 Ozimek, NIP: 9910546255 KRS: 0000992870, info@gtvbus.pl

                                                              hereinafter referred to as the “Joint Controllers”, and who are also Service Providers of the Website.

  1. Contact details of the Joint Controllers: contact is possible at the following address: ul. Hutnicza 5, 46-040 Ozimek, or by e-mail info@gtvbus.pl.
  2. Ms Barbara Sośnicka has been appointed the Data Protection Officer, contact is possible at: ul. Hutnicza 5, 46-040 Ozimek, or by e-mail: iod@gtvbus.pl.
  3. The User’s personal data are processed in accordance with the provisions on the protection of personal data and the Act of 18 July 2002 on the provision of electronic services (Dz. U. No. 144, item 1204 with later amendments.)
  4. The Joint Controllers shall co-manage personal data in accordance with the concluded co-management agreement, the material provisions of which are set out further in this Privacy Policy.
  5. The Joint Controllers shall make every effort to protect the interests of the data subjects, and, in particular, shall ensure that the data are processed in accordance with the law. Personal data are collected by the Joint Controllers for defined, lawful purposes and not subjected to further processing inconsistent with these purposes. The Joint Controllers declare that the data they collect are stored in a form that allows the identification of the persons they concern, no longer than it is necessary to achieve a given purpose of processing.
  6. The objective of the Privacy Policy is to define the actions taken by the Joint Controllers in the field of personal data collected via the Website, as well as services and tools related to the Website, used by Users to perform activities such as booking transport, contacting Service Providers, or performing other types of activities within the Website.
  7. The User who uses the services and tools made available on the Website confirms that s/he has read the provisions of the Privacy Policy of the Website, and also consents, if necessary, to the use of his/her personal data in accordance with the Privacy Policy (for this purpose, s/he selects the appropriate checkboxes following the messages appearing on the Website).
  8. All data collected by the Joint Controllers, in order to protect them against unauthorized access or unauthorized use, are protected with the use of reasonable technical and organisational measures and security procedures.
  9. The Joint Controllers of the Website, on the terms set out in the Privacy Policy, have exclusive access to the data. Access to the User’s personal data may also be entrusted to other entities, which collect, process and store personal data in accordance with their own regulations and privacy policies. Access to the User’s personal data is granted to the entities in question to the extent necessary, and only to the extent that will ensure the proper execution of services. External entities process entrusted data only on the basis of relevant entrustment agreements.
  10. As part of the Website’s services, the Joint Controllers enable the function of applying for job offers placed on the Website. The application is possible by redirecting to the ES-Candidate Website, the data controller of which is ES sp. z o.o. with its registered office in Warsaw at ul. Złotej 7/18, 00-019 Warszawa KRS (NCR) 0000575902. All rules related to the processing of personal data and regulations can be found on the Website, i.e. https://es-candidate.com/pl/terms/.

§2

Storage, acquisition, scope and objective of collecting personal data

  1. The Joint Controllers obtain information about Users, e.g. by collecting server logs through the hosting operator.
  2. The data stored in the server logs are not associated with specific people using the Website, and are not used to identify people who use the Website.
  3. Server logs are only auxiliary material used to manage the Website, and their content is not disclosed to anyone except persons authorised to administer the server.
  4. As part of the Website, the Joint Controllers may collect personal data of Users and potential Users contacting the Joint Controllers as part of customer service, and which personal data are necessary to fulfil a given User’s request and contact him/her in order to provide a response. The basis for data processing is Art. 6 sec. 1 letter a of the GDPR – the consent to processing. The legal basis for processing, after the possible end of contact, will be the justified purpose of archiving correspondence for the purpose of demonstrating its course in the future (pursuant to Art.6 sec. 1 letter f of the GDPR). If a contract is concluded after contact, the data will be processed on the basis of Art. 6 sec. 1 letter b of the GDPR.
  5. The data provided in connection with the subscription to the Newsletter are used only to send the Newsletter, and based on the consent granted (pursuant to Art. 6 sec. 1 letter a of the GDPR).
  6. The Joint Controllers process Users’ personal data necessary for the proper implementation of the services available on the Website, and are entitled to use the data collected and stored on the Website for the following purposes:
    1. direct marketing of own services (pursuant to Art. 6 sec. 1 letter f of the GDPR),
    2. providing full User service, including booking transport, solving technical problems and providing appropriate functions (pursuant to Art. 6 sec. 1 letter b and f of the GDPR),
    3. fulfilment of legal obligations incumbent on the Joint Controllers on the basis of generally applicable provisions of law, i.e. issuing a VAT invoice, and for accounting purposes (pursuant to Art. 6 sec. 1 letter c of the GDPR),
    4. adjusting the User’s offer and experience in the properties of the Website (pursuant to Art. 6 sec. 1 letter b and f of the GDPR),
    5. contacting Users, in particular for purposes related to the provision of services, servicing Users, permitted marketing and advertising activities (pursuant to Art. 6 sec. 1 letter a, b, and f of the GDPR),
    6. conducting research and analysis to improve the operation of available services (pursuant to Art.6 sec. 1 letter b, and f of the GDPR),
    7. monitoring the activity of all and specific Users (pursuant to Art. 6 sec. 1 letter f of the GDPR),
    8. sending the Newsletter (pursuant to Art. 6 sec. 1 letter a, and f of the GDPR),
    9. enforcing compliance with the Regulations of the Website (pursuant to Art. 6 sec. 1 letter b, and f of the GDPR),
    10. evaluating some of the User’s personal factors (pursuant to Art. 6 sec. 1 letter f of the GDPR).
  7. The Joint Controllers are entitled to store the data collected and tracked on the Website only to the extent of the above-mentioned objectives.
  8. The Joint Controllers reserve the right to filter and block messages sent via the internal messaging system, in particular if they are spam, contain prohibited content, or otherwise threaten the safety of the Website Users.
  9. The Joint Controllers are entitled to automatically obtain and record data transferred to the server by web browsers or Users’ devices, e.g. IP address, software and hardware parameters, pages viewed, mobile device identification number, and other data regarding devices and the use of systems. The collection of the above information will take place when the Website is used.
  10. The Joint Controllers collect, process and store the following User data:
  11. e-mail address,
  12. name and surname,
  13. phone number,
  14. the address of the destination, and the address provided for the VAT invoice, i.e. country, street, postal code and city,
  15. other personal data provided by the User as part of contact with the Service Provider,
  16. The Service Providers declare that providing data by the User in the above-mentioned scope is voluntary. Nevertheless, providing them may be necessary to conclude and implement the Agreement for the provision of Services offered by the Website. The scope of data required to conclude the Agreement is previously indicated on the Website and in the Regulations of the Website.
  17. The Joint Controllers may share anonymised data with other entities, including Website partners, in order to recognize the attractiveness of advertisements and services for the Users, improve the quality and effectiveness of services provided by the Website, or these entities, or participate in scientific research.
  18. The Joint Controllers inform the Users that they entrust the processing of personal data to the following entities:
  19. DigitalOcean, LLC 101 6th Ave, New York, NY 10013, United States – to store personal data on the server on which the Website is installed,
  20. GetResponse – to use the system for sending the Newsletter,
  21. PayU S.A. with its registered office in Poznań at ul. Grunwaldzka 186, 60-166 Poznań, KRS (NCR): 0000274399; NIP (tax ID No.): 7792308495; REGON (business registry No.): 30052344400000 – to make electronic payments and by means of a payment card for the ordered Service,
  22. Stripe, Inc. 510 Townsend Street San Francisco, CA 94103, USA – to enable electronic payments for the booked Service via Apple Pay, Google Pay, Microsoft Wallet,
  23. The Joint Controllers inform that they use technology that tracks the actions taken by the User within the Website:
  24. Google Analytics tracking code – to analyse the statistics of the Website; information related to Google Analytics can be found on the following page: https://support.google.com/analytics/answer/6004245,
  25. Facebook conversion pixel – to monitor events on the Website, and manage Facebook ads; information related to the use of data collected by the pixel by Facebook can be found here: https://www.facebook.com/privacy/explanation,
  26. Hotjar tracking code – to analyse the behaviour and use of the Website by the Users; information related to Hotjar can be found at: https://www.hotjar.com/legal/policies/privacy/.

The information collected as part of the Google Analytics tracking code, Facebook pixel and Hotjar tracking code is anonymous – it does not allow the Joint Controllers to identify a given person.

§3

Cookies policy and operating data

  1. The Joint Controllers automatically collect information contained in cookies to gather data related to the use of the Website by the User. Cookies are files with a small fragment of text that the Website sends to the User’s browser, and which the browser sends back at the next visit to the Website. They are mainly used to maintain the session, e.g. by generating and sending back a temporary identifier after logging in.
  2. The Joint Controllers use “session” cookies stored on the User’s end device until the Website is turned off, or the web browser is turned off by the User, as well as “permanent” cookies stored on the User’s end device for the time specified in the cookie file parameters, or until they are deleted by the User.
  3. The Joint Controllers use the following types of cookies on the Website:
  4. “essential” cookies – necessary for the proper functioning of a web page, enable the use of the Services available on the Website,
  5. cookies used to ensure security,
  6. “performance”/“analytical” cookies – used to obtain information on how the Users use the Website,
  7. “functional” cookies – enable ‘remembering’ the settings selected by the User and adapting the Website to the User,
  8. “advertising” cookies – enable the provision of advertising content to the Users more tailored to their interests.
  9. The Joint Controllers use external cookies for the following purposes:
  10. collecting general and anonymous statistical data through analytical tools: Google Analytics (the cookie controller is Google LLC based in the USA, or Google Ireland Limited based in Ireland),
  11. popularising the Website using the social networking site Facebook.com (controller of external cookies: Facebook Inc based in the USA, or Facebook Ireland based in Ireland),
  12. collecting general and anonymous statistical data through analytical tools: Hotjar (the controller of cookies is Hotjar Ltd based in Malta).
  13. Google LLC and Facebook Inc are entities from a third country – the United States, and use appropriate compliance mechanisms such as standard contractual clauses to ensure an adequate level of protection of personal data required by the GDPR.
  14. The Joint Controllers provide the possibility of using the social function, i.e. subscribing to a social profile. Moreover, the Joint Controllers enable contact via the chat displayed on the Website. The use of these functions may involve the use of cookies of website administrators such as Facebook, Instagram, Skype, YouTube, Messenger, Google Play, or Apple Store.
  15. The Joint Controllers provide the possibility of using the function of applying for job offers selected by the User. Using this function may involve the use of cookies of the ES-Candidate website administrator, i.e. ES sp. z o.o. with its registered office in Warsaw.
  16. Cookies adapt and optimise the Website and its offer for the needs of the Users through activities such as creating statistics of Website views and ensuring the safety of its Users.
  17. The User can change the settings for cookies at any time using his/her web browser, including blocking the possibility of collecting cookies.
  18. Blocking the possibility of collecting cookies, or making other changes to the cookie settings on the User’s device, may make it difficult or impossible to use the services and tools of the Website.
  19. A User who does not want to use cookies for the purposes described above may delete them manually at any time. To read the detailed instructions on how to proceed, visit the website of the manufacturer of the web browser currently used by the User. More information on cookies is available in the help menu of any web browser. Examples of web browsers that support these cookies are Internet Explorer, Mozilla Firefox, Google Chrome, Opera.
  20. The Joint Controllers may enable third parties, e.g. advertising providers or providers of analytical solutions, to collect information using the above technologies directly on the Website. Data collected in this way are subject to the provisions of privacy policies developed by these entities.
  21. Some third parties operating on the Website allow the Users to withdraw consent to the collection and use of data by them for the purposes of advertising based on the User’s activity. More information on this subject and the possibility to make a choice can be found, for example, on the following website: youronlinechoices.com.

§4

Rights and obligations of the Joint Controllers and the Users

  1. The Joint Controllers have the right, as well as the statutory obligation to provide selected or all information regarding the Users of the Website to public authorities or third parties that submit such a request for information on the basis of applicable provisions of Polish law.
  2. The Joint Controllers do not entrust the processing of data and do not share the collected personal data with unrelated entities without the consent of the interested parties, unless the following circumstances occur:
  3. The Joint Controllers may use the support of external entities to provide the services they offer, however, these entities are not authorised to independently use personal data processed on behalf of the Joint Controllers, and all their activities are subject to the provisions of the Website’s Privacy Policy.
  4. The Joint Controllers retain the right to disclose data to public authorities in the conduct of proceedings for possible violations of the law, or in combating possible violations.
  5. The User has the right to access their personal data collected by the Joint Controllers at any time. This right includes the possibility of verification, modification, supplementation, deletion, limitation of data processing, objection to processing, data transfer, cessation of processing of the User’s personal data, as well as the right to withdraw consent to the processing of data for a specific purpose, if the User has previously granted such consent, and the right to lodge a complaint with the supervisory authority. These rights are vested without providing a reason.
  6. By accepting the statements proposed by the Joint Controllers contained in the interactive forms available on the website, the User consents to the processing of personal data for the purposes of providing services.
  7. The User, by accepting the optional statements proposed in the forms, may consent to additional purposes for the processing of his/her personal data.
  8. Voluntarily granted consents to receive commercial information and to send the Newsletter may be withdrawn at any time at the User’s request submitted via the link appearing in each Newsletter. Removal of the subscriber’s e-mail address is carried out automatically by clicking on the link. Immediately, no later than within 48 hours of receipt of the consent withdrawal declaration, the Joint Controllers remove the User’s data from the contact database used to provide commercial information by electronic means. At any time, the data provided in connection with the Newsletter subscription can be rectified, the User may request their deletion by unsubscribing from the Newsletter, as well as request the data transfer.
  9. To exercise their rights, the User, at any time, may send an appropriate declaration of will to the address indicated by the Joint Controllers, or via e-mail.
  10. The removal of personal data, or cessation of their processing by the Joint Controllers, may result in the inability to provide services provided via the Website, or limit the possibility of using the Website’s functionalities.
  11. Personal data collected as part of the objectives set out in the Privacy Policy will be stored for the duration of performing the services (including electronic services) provided by the Joint Controllers, and for the time resulting from the limitation periods for claims, consumer rights, tax law or other rights in this regard (e.g. the time of withdrawal of consent to the sending of the Newsletter or commercial information).
  12.  

§5

Amendments to the Privacy Policy

  1. The offer of the Website will be expanded in the future. This means that the Joint Controllers will be obliged or entitled to make changes to the Privacy Policy.
  2. New versions of the Privacy Policy will appear on the Website along with an appropriate message.
  3. Any amendment to the Privacy Policy shall be effective from the date of the change notification by posting it on the Website. Any changes will be properly highlighted for a period of one month from the date of introducing any changes to the Privacy Policy.

Should you have any additional questions regarding the Privacy Policy of the Website, please contact us at the e-mail address provided by the Joint Controllers.