Privacy Policy

Privacy Policy of VoxTravel.pl

Definitions

Controller (We) – Kyber, Żołnierska 10/11, 10-559 Olsztyn, Poland, NIP: 7392500237, REGON: 368795112

Personal Data – all information relating to an identified or identifiable natural person by reference to one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of that person, including device IP, location data, online identifiers, and information collected through cookies or similar technologies.

Policy – this Privacy Policy.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Service – the website operated by us at the address voxtravel.pl

User (You) – any natural person visiting the Service or using one or more of the services or functionalities described in the Policy.

Processing of Data in Connection with Use of the Service

When you use the Service, we collect data necessary to provide the available services, as well as information about your activity within the Service. The rules and purposes of processing personal data collected during your use of the Service are detailed below.

Purposes and Legal Basis for Data Processing

Use of the Service

We process personal data of all users of the Service (including IP addresses and other identifiers, as well as data collected via cookies or similar technologies), including those who are not registered (i.e., do not have a profile), for the following purposes:

• to provide digital content via the Service – based on the necessity of processing to perform a contract (Art. 6(1)(b) GDPR);

• for analytical and statistical purposes – based on our legitimate interest (Art. 6(1)(f) GDPR), which involves analyzing User activity and preferences to improve the functionality and quality of services;

• for the establishment, exercise, or defense of legal claims – based on our legitimate interest (Art. 6(1)(f) GDPR);

• for marketing purposes (our own and our partners’), especially in presenting personalized ads – as described in the “Marketing” section.

Your activity in the Service, including personal data, is recorded in system logs. This information is processed primarily for the purpose of providing services, as well as for technical and administrative needs, ensuring IT system security, and for analytics and statistics – based on our legitimate interest (Art. 6(1)(f) GDPR).

Use of Paid Services

If you place an order (purchase a product or service) through the Service, we will process your data for:

• order fulfillment – based on contract performance (Art. 6(1)(b) GDPR); where additional data is provided voluntarily, the basis is your consent (Art. 6(1)(a) GDPR);

• compliance with legal obligations, especially tax and accounting laws – based on a legal obligation (Art. 6(1)(c) GDPR);

• analytical and statistical purposes – based on our legitimate interest (Art. 6(1)(f) GDPR);

• legal claims – based on our legitimate interest (Art. 6(1)(f) GDPR).

Contact Forms

We provide contact forms to reach us. Using a form requires providing personal data necessary for responding to your inquiry. You may also provide additional data to facilitate communication. Required fields must be completed; otherwise, we may not be able to respond.

Data provided via the form is processed for:

• identifying you as the sender and handling your inquiry – based on contract performance (Art. 6(1)(b) GDPR);

• statistical and analytical purposes – based on our legitimate interest (Art. 6(1)(f) GDPR).

Marketing

We process your personal data for marketing purposes, including:

• displaying generic ads (contextual advertising);

• displaying personalized ads based on your interests (behavioral advertising);

• sending email notifications with offers or content (newsletter service);

• direct marketing (e.g., emails, SMS, or telemarketing), based on your consent.

We may use profiling (with your consent) to assess behaviors or forecast future actions using automated data processing.

Direct Marketing

We may send marketing content via email, SMS/MMS, or phone—but only with your explicit consent, which you can withdraw at any time.

Social Media

We process your data when you visit our profiles on platforms such as Facebook, YouTube, Instagram, and Twitter. This data is processed to manage our profiles and promote our activity, events, services, and products. The legal basis is our legitimate interest (Art. 6(1)(f) GDPR).

Cookies and Similar Technologies

Cookies are small text files saved on your device when using the Service. We use:

Service Cookies – essential for delivering online services and improving quality. These include:

• session cookies (user input)

• authentication cookies

• security cookies

• multimedia session cookies

• user interface customization cookies

• Google Analytics cookies (for statistics; no personal identification)

See Google’s privacy policy: https://www.google.com/intl/en/policies/privacy/partners

Marketing Cookies – used by us and trusted partners for behavioral advertising. Consent is required and may be withdrawn at any time.

Managing Cookies

You can change your browser settings to disable cookies. However, disabling essential cookies may affect the Service’s functionality. Instructions are available for:

Edge, Internet Explorer, Chrome, Safari, Firefox, Opera, Android, iOS, and Windows Phone.

Remarketing and User Behavior Analytics

We may use remarketing and session recording tools (heatmaps, behavior recordings). These tools anonymize data before it’s processed. Passwords and sensitive information are not recorded.

Data Retention

Data retention depends on the type of service and purpose of processing. Generally, data is kept for the duration of service provision or until consent is withdrawn. We may retain data longer to establish or defend against legal claims or as required by law.

Once the retention period ends, data is irreversibly deleted or anonymized.

Your Rights

You have the right to:

• information about data processing;

• access and receive a copy of your data;

• rectification of inaccurate or incomplete data;

• deletion of data no longer needed;

• restriction of processing;

• data portability (in cases based on consent or contract);

• object to processing for marketing purposes or based on our legitimate interests;

• withdraw consent at any time (without affecting previous processing);

• lodge a complaint with the data protection authority (in Poland: the President of the Personal Data Protection Office).

Data Sharing

We may share your personal data with trusted partners, such as IT providers, payment processors, accountants, couriers, marketing agencies, and affiliated entities.

We share data with third parties for their own marketing purposes only with your consent.

Orders and Payments

Order processing is handled by Easytools (easy.tools/pl/cart), and payments are processed via Stripe. Easytools may process personal data like name, email, delivery address, and payment details for order fulfillment. You may need to create an account and accept their terms: tools/pl/regulamin-kupujacych.

Their privacy policy is available at: tools/pl/polityka-prywatnosci

Data Transfers Outside the EEA

If we transfer your data outside the European Economic Area, we do so only when necessary and with appropriate safeguards in place. You will always be informed about such transfers.

Data Security

We take all necessary steps to ensure your data is processed securely and accessed only by authorized individuals. Our contractors and partners are required to maintain high security standards when processing personal data on our behalf.

Contact Information

For any questions related to this policy or your personal data, contact us at:

rafal@voxtravel.pl

Kyber, Żołnierska 10/11, 10-559 Olsztyn, Poland

NIP: 7392500237 | REGON: 368795112