From the text below ("Privacy Policy," hereinafter "Policy"), you will learn, inter alia, for what purposes and for how long Velvetretreat.com (hereinafter: Data Administrator) will process your personal data. You will learn which categories of entities may have access to your personal data and what rights you can exercise in processing your personal data. The prepared Policy is closely related to the need to apply new requirements for data processing.
The Policy applies to data collected via the website and mobile application, as well as through contact with the Call Center.
The administrator of your personal data - processed for the purposes presented below - is Velvetretreat.com
The data controller has assigned the Data Protection Officer (hereinafter: the Inspector). You can reach the Inspector in all matters related to processing your personal data and in case of doubts about your rights. The Inspector is obliged to maintain secrecy or confidentiality regarding the performance of his tasks - under appropriate law.
The Inspector has the following tasks:
informing the Data Administrator and employees who process personal data about their obligations under data protection regulations and advising them on this matter;
providing, upon request, recommendations as to the data protection impact assessment and monitoring its implementation;
cooperation and work with the supervisory authority;
acting in a role of a contact point for the supervisory authority in matters related to processing, including the primary consultation referred to in art. 36 and, where appropriate, to consult on any other matter.
The data controller ensures that it will process your personal data only for specific, explicit, and legitimate aims and will not further process them in a way inconsistent with these purposes. The purpose of data processing is the reason why we process your personal data. If the Data Administrator wants to process your personal info for other goals - not indicated below - you will be informed separately about this new purpose. The table below presents the purposes of data processing.
If your personal data are processed based on consent, you can withdraw it at any time. You can withdraw your consent at the headquarters of the Data Administrator or via the appropriate form on the website Velvetretreat.com.
Withdrawal of agreement does not affect the lawfulness of the processing made until the consent is withdrawn. In the event of withdrawal of approval, the Data Administrator will assess whether it still has grounds for data processing. In such a case, further data processing will be possible to defend against claims (e.g., by showing that the right to revoke consent has been exercised) and only to the extent required for this purpose.
Remember that each time personal data will be processed, i.e., in the case of the so-called legitimate interest of the Data Administrator, you can object at any time - for reasons related to a special situation - to the processing of personal data. After the objection is raised, the data controller will no longer be able to process personal data unless it indicates the existence of valid, legally valid grounds for processing that override the interests, rights, and privileges of the data subject or the grounds for establishing, investigating or defending claims.
Importantly, in cases of personal data processing for the purpose of marketing Velvetretreat.com services, regardless of the reasons for the objection - after the objection is raised, the data controller will no longer be able to process personal data for the marketing of Velvetretreat.com services, to the extent that this data was processed for this purpose.
The objection may be submitted in the following way: at the headquarters of the Data Administrator or via the appropriate form on the website Velvetretreat.com.
In addition to the right to withdraw consent and object, you have the right to access data, including receiving a copy of the data, the right to data portability, the right to rectify and delete data, processing restrictions and the right not to be subject to a decision which is solely based on automated processing, including profiling, and has legal effects or similarly significantly affects it.
The indicated rights can be exercised in the following way: at the headquarters of the Data Administrator or via the appropriate form on the website Velvetretreat.com.
You can also straighten your details by going to your account.
You can also delete your proper account at any time after logging in to your account in accordance with the Regulations or by submitting an application at the headquarters of the Data Administrator or via the appropriate form on the website Velvetretreat.com.
We will obtain personal data directly from you (through an account, in the transaction process, etc.). Data may be obtained from other sources only to provide the service. It is about information from entities providing the service you ordered (airlines, hotels, etc.). The scope of data will include only the information necessary to confirm the order payment.
Providing personal data is consistently voluntary, but necessary to implement those mentioned above In the case of the process of creating an account and concluding a service contract, it can be used by any adult user with full legal capacity.
Personal data processed in order to provide the service in accordance with the Regulations are disclosed to entities providing the user with the service selected by him (including their subcontractors), e.g. airlines, hotels, insurers, payment intermediaries, GDS (Global Distribution System) etc. Regardless of the purpose of data processing, access to your personal data may only be granted to authorized employees and subcontractors (including IT companies) of the Data Administrator with whom it has concluded appropriate data entrustment agreements (for details, please contact the Data Protection Officer). Personal data may be shared with other entities providing the service of your choice (e.g. airlines) only for the purpose of providing this service in accordance with the Regulations and with appropriate security, e.g. encryption.
You can present a complaint to the supervisory body.
To Top