Cookies Policy
Personal Data Protection Policy
The administrator of your personal data - processed for the purposes specified below - is lucky2go Sp. z.o.o., with its registered office at Katowice, 40-085, Mickiewicza 8 street, entered into the National Court Register kept by the District Court Katowice-West in Katowice, 13th Commercial Division under KRS no.: 0000383663, REGON 380073970 and holding NIP no.: 634-29-28-642, with a share capital of PLN 5.000,0 As a part of the User’s use of hotel booking services and assistance in insurance reservation (acting as an Insurer’s agent), the Administrator of the customer's data is eSky.pl S.A. with its registered office in Radom,26-600, Pl. Jagielloński 8, contact address: Murckowska 14a, 40-265 Katowice, and those personal data are processed according to rules defined in Privacy Policy. Lucky2go Sp.z.o.o. remains the independent administrator of data of the service Users for the purposes related to the use of the website and the services provided through it, regardless of the external Partners, and in this scope, the Administrator may process the personal data also obtained for the Partners.
Personal Data Protection Inspector: Grzegorz Gawin
e-mail: dpo@it.lucky2go.com
Purpose | Explanation | Legal basis | Processing length (when will your data be removed) |
Creating an account on the Website according to the terms and conditions (hereinafter referred to as the “Terms and Conditions”). | This relates to data processing that is necessary to create an account at it.lucky2go.com and use it, for example, to verify the correctness of the data or to review transactions. The process of creating the account is automated. If you experience any problems with creating the account, you can contact the Call Center. Every user is authorized to create the account. No initial verification is required. | Article 6 section 1 letter b) of the GDPR and Article 22 section 2 letter a) of the GDPR |
Throughout the period of the account service, however, if the account is not created or removed, the data is archived and will not be used for purposes other than those related to determining, pursuing or defending counterclaims. |
Entering into an agreement on providing service according to the Terms and Conditions. | Regardless of whether you create the account at it.lucky2go.com or you are an unregistered user, you can use services according to the Terms and Conditions, e.g. book a ticket or make a hotel reservation. Personal data gathered in the process of ordering a service are processed (e.g. they will be shared with airlines or other service providers, e.g. eSky.pl SA) to finalize the service. The agreement may also be concluded through the Call Center. The agreement is executed automatically. Every user is authorized to conclude the agreement. No initial verification is required. |
Article 6 section 1 letter b) of the GDPR and Article 22 section 2 letter a) of the GDPR | Throughout the period of the service and until the statute of limitations on the counterclaims expires, however if the agreement is not concluded and the service is not provided according to the Terms and Conditions or after the period of provision of the service expires, the data will be archived and will not be used for purposes other than those related to determining, pursuing or defending counterclaims. |
Performing the obligations under the agreement on providing service according to the Terms and Conditions. | Regardless of whether you create the account at it.lucky2go.com or you are an unregistered user, you can use services according to the Terms and Conditions, e.g. book a ticket or make a hotel reservation. Personal data gathered in the process of ordering a service are processed (e.g. they will be shared with airlines or other service providers, e.g. eSky.pl SA) to perform the obligations under the agreement. You may also select additional options while ordering a service (according to the Terms and Conditions), if you select these options, your data will also be processed for the purposes of providing this additional service. The agreement is concluded automatically unless the service is operated by Call Center. Every user is authorized to receive the service. No initial verification is required. |
Article 6 section 1 letter b) of the GDPR and Article 22 section 2 letter a) of the GDPR | Throughout the period of the service and until the statute of limitations on the counterclaims expires, however if the agreement is not concluded and the service is not provided according to the Terms and Conditions or after the period of provision of the service expires, the data will be archived and will not be used for purposes other than those related to determining, pursuing or defending counterclaims. |
For the eSky marketing purposes. | If marketing is done through emails - you will be asked to give additional permission - see details below. In such a case, the data accessed from the account or during the transaction process and while the service is being provided and for this period. The indicated purpose may be achieved by displaying a personalized advertisement based on profiling. According to the GDPR, profiling is any form of automated personal data processing that involves the use of personal data for evaluation of personal aspects of a natural person, in particular for analysis or prognosis of the aspects related to this natural person’s performance at work, their financial situation, health, personal preferences, interests, credibility, behaviour, location and movement; | Article 6 section 1 letter f) of the GDPR | Until objection is made and after it is made only for the purposes of defence against claims (throughout the statute of limitations on the claims arising from infringement of personal interests). |
For the purposes of achieving public and legal (e.g. taxes) responsibilities related to the agreement on providing service according to the Terms and Conditions. | This refers to the performance of obligations assigned to the Data Administrator under Polish law | Article 6 section 1 letter c) of the GDPR | Until the statute of limitations on the public and legal obligations (e.g. taxes) expires. |
For the purposes of keeping the Website safe. | This is about preventing unauthorized access to the electronic communication network and sharing malicious codes, stopping attacks, such as “service denial” and protecting computer systems and electronic communication network from damage. | Article 6 section 1 letter f) of the GDPR | Until an effective objection is made (see details below) or until the statute of limitations on counterclaims expires, e.g. those related to breach of safety rules on the Website -> whichever event occurs first. |
For the purposes of a statistical analysis, including a financial analysis, and using its results to improve the quality of the services offered by the Data Administrator. | The analysis is performed “manually”. The analysis aims to identify transactions that constitute a breach of the agreement (without the intention of payment) for the purpose of pursuing the rights by the Data Administrator. | Article 6 section 1 letter f) of the GDPR | Until an effective objection is made or until the statute of limitations on counterclaims expires, e.g. those related to breach of safety rules on the Website -> whichever event occurs first. |
For the purposes of sending the newsletter. | In such a case, you will be asked for additional permission and to provide your email address. In such a case, the data accessed from the account or during the transaction process and while the service is being provided and for this period. The indicated purpose may be achieved by displaying personalized advertisements based on profiling. According to the GDPR, profiling is any form of automated personal data processing that involves the use of personal data for evaluation of personal aspects of a natural person, in particular for analysis or prognosis of the aspects related to this natural person’s performance at work, their financial situation, health, personal preferences, interests, credibility, behaviour, location and movement; | Article 6 section 1 letter a) of the GDPR | Until the permission is withdrawn and after it is withdrawn only for the purposes of defence against claims (throughout the statute of limitations on the claims arising from infringement of personal interests). |
For the purposes of sending “price alerts”. | In such a case, you will be asked for additional permission and to provide your email address. In such a case, the data accessed from the account or during the transaction process and while the service is being provided and for this period. The indicated purpose may be achieved by displaying a personalized advertisement based on profiling. According to the GDPR, profiling is any form of automated personal data processing that involves the use of personal data for evaluation of personal aspects of a natural person, in particular for analysis or prognosis of the aspects related to this natural person’s performance at work, their financial situation, health, personal preferences, interests, credibility, behaviour, location and movement; | Article 6 section 1 letter a) of the GDPR | Until the permission is withdrawn and after it is withdrawn only for the purposes of defence against claims (throughout the statute of limitations on the claims arising from infringement of personal interests). |
For the purposes of displaying the so-called web push. | In such a case, you will be asked for additional permission. Web push delivers a question to the User that will appear in the address bar and will ask the User for his permission to receive web push notifications. The User may accept or block the notifications. The content of notifications is created by the browser and interference is not permitted. | Article 6 section 1 letter a) of the GDPR | Until the permission is withdrawn and after it is withdrawn only for the purposes of defense against claims (throughout the statute of limitations on the claims arising from infringement of personal interests). |
For the purposes of geolocation that is used to display personalized advertisements. | In such a case, you will be asked for additional permission. | Article 6 section 1 letter a) of the GDPR | Until the permission is withdrawn and after it is withdrawn only for the purposes of defense against claims (throughout the statute of limitations on the claims arising from infringement of personal interests). |
For the purposes of performing the obligations related to the enforcement of the laws specified in the GDPR. | In such a case, the data are processed only within the scope that is necessary to identify and verify the identity of the person who makes the request. | Article 6 section 1 letter c) of the GDPR | For the purposes of defense against claims, throughout the statute of limitations on the claims arising from infringement of personal interests. |
For the purposes of determining, pursuing or defending against counterclaims related to: - providing services according to the Terms and Conditions (within this scope, processing complaints); - performing obligations arising from the GDPR (to adhere to the regulations). |
In such a case, the data is processed only within the scope necessary for the purposes of investigation, determining the claims or defending against the claims. | Article 6 section 1 letter f) of the GDPR | Throughout the statute of limitations on the claims, both the claims against the Data Administrator and those assigned to the Data Administrator. |