Home / Privacy Policy

Privacy Policy

Data controller and definitions
1. Data controller The personal data of the Visitors/Users of the Service is: AXIN Group sp z o.o., +48536111333, NIP 7543352793
2. The Data Controller can be contacted:
  1. at the following correspondence address: ul. Ozimska 77B/110, 45-370, Opole
  2. at the following e-mail address: info@OnHoliday.com.pl
3. Service User - a natural person accessing the website(s) presenting the Offer and enabling the conclusion of a contract of accommodation or using the services or functionalities described in this Privacy and Cookies Policy;
4. Service provider - AXIN Group sp z o.o., NIP 7543352793, ul. Ozimska 77B/110, 45-370, Opole;
5. Offer - accommodation offered by the Service Provider for the purpose of concluding a contract for the rental of accommodation through the Site.
6. Guest - a natural person with full legal capacity, a legal person or an organisational entity referred to in Article 33.¹ Civil Code, entering into a contract for overnight accommodation with the Service Provider;
7. Service - the presentation of the Service Provider's Offer on the Internet, enabling the conclusion of an Accommodation Contract online;
8. Newsletter - information, including commercial information within the meaning of the Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws of 2020, item 344) originating from the Service Provider sent to the Guest/User by electronic means; its receipt is voluntary and requires the Guest/User's consent.
9. Account - a set of data stored on the Site and in the Service Provider's ICT system relating to a given Visitor/User and the bookings he/she makes and contracts he/she concludes, using which the Visitor/User of the Site may place orders and conclude contracts.
10. RODO - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
Aims, legal basis and duration of data processing
1. For the purpose of fulfilling the Remote Accommodation Contract, the Service Provider processes:
  1. information relating to the User's device in order to ensure the correct operation of the services: IP address of the computer, information contained in cookies or other similar technologies, session data, browser data, device data, data relating to activity on the Site, including on individual pages;
  2. geolocation information if the Visitor/User has consented to the service provider's access to geolocation. Geolocation information is used to provide more tailored offers of products and services.
  3. Users' personal data: name, surname, registered office address, correspondence address, e-mail address, telephone number, VAT ID, bank account number or other personal data which is necessary to complete the purchase and which the Administrator requires to be provided during the booking process.
2. This information does not contain the identity of Guests/Users, but in combination with other information may constitute personal data and therefore the Administrator covers it with the full protection afforded under the DPA.
3. The data is processed in accordance with Article 6(1)(b) of the RODO, for the purpose of performing the service, i.e. the contract for the provision of electronic services in accordance with the Terms and Conditions, and in accordance with Article 6(1)(a) of the RODO, in connection with the consent to the use of certain cookies or other similar technologies, expressed through the relevant settings of the Internet browser in accordance with the Telecommunications Law, or in connection with the consent to geolocalisation. The data is processed until the Visitor/User's use of the Website is terminated.
4. The Administrator undertakes to take all measures required under Article 32 of the RODO, i.e., taking into account the state of the art, the cost of implementation and the nature, scope and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and seriousness, the Administrator implements appropriate technical and organisational measures to ensure a degree of security appropriate to that risk.
Marketing activities of the controllerThe Data Controller may display marketing information about its products or services on the Website. The display of this content is carried out by the Data Controller in accordance with Article 6(1)(f) of the RODO, i.e. in accordance with the legitimate interest of the Data Controller to publish content related to the services provided and promotional content of campaigns in which the Data Controller is involved. At the same time, this action does not infringe on the rights and freedoms of the Visitors/Users, the Visitors/Users expect to receive content of similar content, or even expect to do so, or it is their direct purpose for visiting the website(s) of the Service.
Recipients of user dataThe Data Controller shall only disclose the Users' personal data to processors under contracts concluded for the entrustment of the processing of personal data in order to perform services for the Data Controller, e.g. hosting and maintenance of the Site, IT services, marketing and PR services.
Transmission of personal data to third countriesPersonal data will not be processed in third countries.
Rights of data subjects
1. Every data subject has the right:
  1. access (Article 15 RODO) - to obtain confirmation from the Data Controller as to whether his/her personal data are being processed. If data about a person are processed, he or she is entitled to access them and to obtain the following information: the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the data have been or will be disclosed, the period for which the data are stored or the criteria for determining them, the data subject's right to request rectification, erasure or restriction of the processing of personal data and to object to such processing;
  2. to receive a copy of the data (Article 15(3) RODO) - obtain a copy of the data being processed, the first copy being free of charge, and for subsequent copies the Data Controller may charge a reasonable fee based on administrative costs;
  3. to rectify (Article 16 RODO) - request the rectification of personal data concerning him/her which is inaccurate or the completion of incomplete data;
  4. to delete data (Article 17 RODO) - request the erasure of his/her personal data if the Controller no longer has a legal basis for the processing or the data are no longer necessary for the purposes of the processing;
  5. to restrict processing (Article 18 RODO) - request the restriction of the processing of personal data when:
    1. the data subject questions the accuracy of the personal data - for a period allowing the Controller to verify the accuracy of the data,
    2. the processing is unlawful and the data subject objects to the erasure by requesting a restriction of use,
    3. The controller no longer needs the data, but it is needed by the data subject to establish, assert or defend a claim,
    4. the data subject has objected to the processing - until it is established whether the legitimate grounds on the part of the controller override the grounds of the data subject's objection;
  6. to data portability (Article 20 RODO) - to receive in a structured, commonly used, machine-readable format the personal data concerning him or her which he or she has provided to the Controller, and to request the transfer of such data to another Controller where the data are processed on the basis of the data subject's consent or a contract with him or her and where the data are processed by automated means;
  7. to object (Article 21 RODO) - to object to the processing of his or her personal data for the legitimate purposes of the Controller on grounds relating to his or her particular situation, including profiling. The Controller shall then assess the existence of valid legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims. If, according to the assessment, the interests of the data subject outweigh the interests of the controller, the Controller shall be obliged to cease processing for these purposes;
  8. to withdraw consent at any time and without giving any reason, but the processing of personal data carried out prior to the withdrawal of consent will continue to be lawful. Withdrawal of consent will result in the Administrator ceasing to process the personal data for the purpose for which the consent was given.
2. In order to exercise the aforementioned rights, the data subject should contact, using the contact details provided, the Data Controller and inform him/her of which right and to what extent he/she wishes to exercise it.
President of the Office for the Protection of Personal DataThe data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Office for the Protection of Personal Data with its seat in Warsaw, ul. Stawki 2, who can be contacted as follows:
1. by post: ul. Stawki 2, 00-193 Warsaw;
2. via the electronic mailbox available at: https://www.uodo.gov.pl/pl/p/kontakt ;
3. helpline: 606-950-0000.
Data Protection OfficerIn any case, the data subject may also directly contact the Controller's Data Protection Officer by email or in writing to the Controller's address as set out in Section I, point 2 of this Privacy and Cookies Policy.
Changes to the Privacy PolicyThe Privacy and Cookies Policy may be supplemented or updated according to the Administrator's current needs in order to provide up-to-date and reliable information to Guests/Users.
Cookies
1. The Service performs the functions of obtaining information about Guests, Service Users and their behaviour in the following ways:
  1. through the information voluntarily entered in the forms for purposes arising from the function of the specific form;
  2. by storing cookies ("cookies") on terminal equipment.cookies");
  3. by the collection of web server logs by the webshop's hosting operator (necessary for the correct operation of the website).
2. Cookies are IT data, in particular text files, which are stored on the Website Visitor/User's terminal equipment and are intended for the use of the Website. Cookies usually contain the name of the website they come from, the length of time they are stored on the end device and a unique number.
3. The Website uses cookies only after the Visitor/User of the Website has given his/her prior consent in this respect. Consent to the Service's use of all cookies is given by clicking on the button: "I agree, I wish to proceed to the site" when the message about the Service's use of cookies is displayed or by closing the message.
4. The consent referred to in the preceding paragraph may include only selected cookies. In this case, the Visitor/User of the Website should use the option: "Cookie settings", available in the notice on the use of cookies by the Online Shop. At the same time, the Data Controller stipulates that disabling cookies necessary for authentication processes, security, maintenance of the Service Visitor/User's preferences may hinder, and in extreme cases may make it impossible to use the Service.
5. If the Visitor/User of the Website does not agree to the Website's use of cookies, he/she can use the option: "I do not give my consent", which is also available in the message about the use of cookies by the Online Shop, or make changes in the settings of the Internet browser he/she is currently using (this may, however, result in incorrect operation of the Website).
6. To manage your cookie settings, please select your browser/system from the list below and follow the instructions:
  1. Internet Explorer
  2. Chrome
  3. Safari
  4. Firefox
  5. Opera
  6. Android
  7. Safari (iOS)
  8. Windows Phone
7. The legal basis for the processing of personal data derived from cookies is the legitimate interests of the Data Controller to provide high quality services, to ensure the security of the services.
8. The Website uses two main types of cookies: "session" cookies and "permanent" cookies (persistent cookies). "Session" cookies are temporary files that are stored in the Service User's terminal equipment until they log off, leave the Service or switch off the software (web browser). "Persistent" cookies are stored on the Service Visitor/User's terminal equipment for the time specified in the parameters of the cookies or until they are deleted by the Service Visitor/User.
9. Cookies are used for the following purposes:
  1. to create statistics which help us to understand how the Visitor(s) to the Website use(s) the websites, so that we can improve their structure and content;
  2. maintaining a session of the Visitor/User of the Website (after logging in), thanks to which the Visitor/User of the Website does not have to re-enter his/her login and password on each sub-page of the Website;
  3. to define the profile of the Service Visitor/User in order to display product recommendations and tailored material to him/her on advertising networks, in particular the Google network.
10. The web browsing software (web browser) usually allows cookies to be stored on the Visitor/User's terminal device by default. Visitors/Users may change their settings in this respect. The web browser allows you to delete cookies. It is also possible to block cookies automatically.
11. Restrictions on the use of cookies may affect some of the functionality available on the web pages of the Online Shop.
12. Cookies are placed on a Website visitor's/user's terminal equipment and may also be used by advertisers and Website partners cooperating with the Website.
13. Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to the Visitor/User's use of the Website. For this purpose, they may retain information about the Visitor/User's navigation path or the length of time spent on a particular page.
14. We recommend that the Visitor/User reads the privacy policies of these companies to understand the use of cookies used in statistics: Google Analytics Privacy Policy.
15. Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to the way the Visitor/User uses the Website. For this purpose, they may retain information about the user's navigation path or the length of time they stayed on a particular page.
16. With regard to the information about the Visitor/User's preferences collected by the Google advertising network, the Visitor/User can view and edit the information resulting from the cookies using the tool: https://www.google.com/ads/preferences/.
17. There are plug-ins on the Website that may transmit Guest/User data to Administrators such as:
  1. Facebook
  2. Google
18. In order to properly perform the Remote Accommodation Rental Agreement, the Administrator may share the data of Guests/Users with online payment systems. Currently available payment methods in the form of prepayments on the Website are https://www.idobooking.com/pl/integracja-z-innymi-systemami/systemy-platnosci-zintegrowane-z-idobooking/.
Newsletter
1. The Visitor/User may agree to receive commercial information by e-mail by ticking the appropriate option in the registration form or later in the relevant tab. If such consent is given, the Visitor/User will receive information (Newsletter) of the Website, as well as other commercial information sent by the Vendor to the email address provided by him/her.
2. The Visitor/User may unsubscribe from the Newsletter at any time by unchecking the box on his/her Account page or by going to the formby clicking on the relevant link in the body of each Newsletter or via the Customer Service.
Account
1. The Visitor/User may not post on the Website or provide the Service Provider with content, including opinions and other data of an unlawful nature.
2. The Visitor/User gains access to the Account after registration.
3. As part of the registration, the Visitor/User provides the account type or gender, first name, surname, company name, TIN, details for the sales document, e-mail address and selects a password. The Visitor/User ensures that the data provided by him/her in the registration form, are correct. Registration requires that the Visitor/User has carefully read the Terms and Conditions and indicates on the registration form that the Visitor/User has read the Terms and Conditions and fully accepts all their provisions.
4. Upon granting access to the Account, an agreement for the provision of electronic services concerning the Account is concluded between the Service Provider and the Visitor/User for an indefinite period of time.
5. Registration of an Account on one of the pages of the Website shall simultaneously constitute registration allowing access to the other pages under which the Website is available.
6. The Visitor/User may terminate the contract for the provision of services by electronic means at any time with immediate effect by informing the Service Provider by email or in writing to the Data Controller's address as set out in Section I, item 2 of this Privacy and Cookies Policy.
7. The Service Provider is entitled to terminate the contract for the provision of services concerning the Account in the event of discontinuation of the provision or transfer of the Service to a third party, violation of the law or the provisions of the Terms of Use by the Visitor/User, as well as in the event of inactivity of the Visitor/User for a period of 6 months. The agreement is terminated by giving seven days' notice. The Service Provider may stipulate that re-registration of the Account will require the Service Provider's permission.