Privacy Policy—Polrail Service
We, Polrail Service Jeffrey Dobek (hereinafter referred to as Polrail), use your personal data to provide our travel booking services to you. We have described how we collect, store and use your data in this Privacy Policy. We take seriously our responsibilities to look after your data and we are committed to protecting your privacy. There are steps you can take to control what we do with your data and we have explained those steps in this Privacy Policy.
When we talk about data and personal data in this Privacy Policy, we mean personal data which identify you or which could be used to identify you such as your name and contact details, your travel arrangements and booking reference. It may also include information about how you use our websites and mobile applications.
What you need to know:
1. Who is responsible for your data
Polrail Service Jeffrey Dobek is responsible for your data. Our registered address is ul. Kr. Jadwigi 1/3, 85-231 Bydgoszcz, Poland. We are registered as a company in Poland under company number 96619 (registered: 01.02.2006). We are the data controller of the data which we collect from you, and as such we control the ways your personal data are collected and the purposes for which your personal data are used.
2. Personal data we collect about you
Type of data | When data is collected |
---|---|
Your name and contact details (email address, telephone number, address, age, sex) |
When you create an account with us When you book to travel with us When you enter a competition When you fill in forms on our website |
Your passport/ID card number and/or date of birth |
When you book a ticket for which this information is required by the rail carrier for ticket issuance |
Information about your travel with us |
When you book to travel with us or manage your booking |
Information about other services you have bought from us |
When you book a city transit pass, for example |
Information about your purchases of our partners’ products and services which are related to your travel with us |
When you purchase those products and services |
Information about other passengers travelling with you, including the age range of any children travelling with you |
When you book to travel with other passengers |
More sensitive information about you and about your health (see information below about ‘Sensitive personal data’) |
When you book to travel in a wheelchair seat If you ask for special assistance at the station |
Communication we have with you (emails, letters, telephone calls, messages to our online chat service, messages sent to us through our social media platforms, feedback) |
When you get in touch with us When you respond to our requests for feedback |
Information about you, your device, your location and how you use our website, mobile application, information about your interests and preferences See more information below under the heading ‘How we use your data to personalise the service we offer you’ |
When you use our digital systems and services When you accept our cookies placed on your device When you update your account information When you open our marketing emails When you click on our banner adverts When you fill in forms on our website When you get in touch with us When you respond to our requests for feedback When you opt in to receiving messages from us |
Certain kinds of personal data, such as data about your racial or ethnic origin, your physical or mental health, your religious beliefs or alleged commission or conviction of criminal offences, are special categories of personal data which by law require additional protection. We try to limit the circumstances in which we collect sensitive personal data of this kind, but we do collect and process it when for example:
- You have booked a wheelchair seat to travel
-
You have requested special assistance at the station
By providing any sensitive personal data, you explicitly agree that we may collect it and use it to provide services to you.
3. How we use your personal data
We can only use your personal data if we have a proper reason for doing so. According to the law, we can only use your data for one or more of these reasons:
-
To fulfil a contract we have with you, or
-
If we have a legal duty to use your data for a particular reason, or
-
When you consent to it, or
-
When it is in our legitimate interests.
Legitimate interests are our business or commercial reasons for using your data, but even so, we will not unfairly put our legitimate interests above what is best for you.
In the table below, we have set out the different ways in which we use your personal data and the reasons we rely on for using that data. If we rely on our legitimate interests for using your personal data, we will explain that to you.
What we use your personal data for | Legal grounds for using it | Our legitimate interests |
---|---|---|
|
|
|
To communicate with you and manage our relationship with you
(See more detail below under the heading ‘How we use your data to personalise the service we offer you’) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4. How we use your data to personalise the service we offer you
We use the data we collect about you from different sources and touch points to try to understand more about you and your preferences, so that we can personalise the service we offer to you. We use information collected from the bookings you have made and from cookies. Cookies are small pieces of information stored on your device by the web browser of your device. We use cookies placed on your devices to collect data about your use of our websites. Sometimes we can use the personal data you provide to us to identify you when you visit our website using different devices. We also use data from third parties (see ‘Sharing your data’ below). We use the information from these different sources in the following ways:
-
to help us communicate with you. We use information about where you are, for example, to provide content in the most appropriate language
-
to identify you when you access our websites from different devices
-
to identify your likes and dislike. We look at which of our website pages you visit most or which destinations you visit most frequently to understand what you are most interested in
-
to understand more about your preferences and your purchasing habits - our data analytics tools and segmentation tools allow us to match data we collect from cookies with data we have about bookings you have made for travel with Polrail (both directly and through third parties).Sometimes we include data and/or systems provided by third parties as part of this process. We know that similar customers are interested in similar products and services, so we group similar customers together in ‘segments’. We use segment information to improve our communications with you and recommend to you those services we think will be most interesting to you, including new products and services offered by our partners. We also use it to make sure that we show you adverts which we think will be of most interest to you when you visit through our online advertising space
-
to help you complete a booking. If you are in the process of making a booking but you leave the booking path before your booking is finalised, we may with your consent contact you to help you to finalise your booking.
For more information about cookies and how you can manage cookies and remove them, please refer to our Cookies Policy.
5. Marketing: How to manage the marketing messages you receive
We may send you marketing communications by email if you have indicated that you are happy to receive such emails [or if you have made a booking with us and you have not told us that you no longer wish to receive marketing emails]. Our marketing communications include information about our new and existing services, special offers we think you might like and other travel services and products which we think might be useful to you when planning your travel.
If you have previously opted-in to receiving emails from us, you can log in to our web site to opt out of receiving marketing emails from us at all. You can update your preferences at any time. You can also opt out of receiving marketing emails by clicking on the unsubscribe link which we include in all our marketing emails.
Please note that if you tell us that you do not wish to receive marketing emails, you will still receive service emails which are necessary for example to confirm your booking or to update you on the status of your booking. We will use the contact details you give us when you are collecting your tickets (either your mobile telephone number, your email address or both) to contact you with any problems or updates regarding your booking. This is so that we can perform the contract we have with you.
Please note that if you ask us to stop sending marketing emails, we will keep a note of your personal information and your request so that we can make sure you are excluded from the emails when they are sent out.
6. How long we keep your data
We keep your data only for as long as we need it. How long we need data depends on what we are using it for, whether that is to provide services to you, for our own legitimate interests (described above) or so that we can comply with the law.
We will actively review the information we hold and when there is no longer a customer, legal or business need for us to hold it, we will either delete it securely or in some cases anonymise it.
7. How we protect your data
We protect your personal data against unauthorised access, unlawful use, accidental loss, corruption or destruction.
We use technical measures such as encryption and password protection to protect your data and the systems they are held in. We also use operational measures to protect the data, for example by limiting the number of people who have access to the databases in which our booking information is held. We keep these security measures under review and refer to industry security standards to keep up to date with current best practice.
8. Sharing your data
We share some of your personal data with, or obtain personal data from, the following categories of third parties:
-
Government authorities such as border control authorities and law enforcement authorities: We sometimes have to provide your personal data to government authorities to ensure that you can travel to your destination or to meet our legal and regulatory obligations.
-
Other transport companies: We sell through fares which are train tickets for travel on trains operated by more than one train company. For example, if we sold you a ticket to travel from Krakow to Berlin, you might travel on a PKP InterCity service to Szczecin and then take a DB train for the rest of your journey. We may have to send details of your booking to DB so that you could travel from Szczecin to Berlin.
-
Tour operators or companies through which you booked your Polrail tickets: Tickets for travel on our services are sold through many different channels. They have to share your booking information with us so that we can allow you to travel. We may also use the booking information they provide to build up what we know about you and your preferences, as described above under the heading ‘How we use your data to personalise the service we offer you’.
-
Suppliers who provide services to us: We will need to share your data with one or more train operating companies when you book an e-ticket. We may share your data with the companies who we use to approach you for market research and feedback on our services. We will make sure that our suppliers respect your personal data and comply with data protection laws.
-
Data analytics companies and advertisers: Depending on the cookies settings you have selected, we may use your data in our data management platform. This platform helps us to understand more about you and your interests. We may use such data to make the connection between you and the devices you use to ensure relevance across these devices. We may add to your data other information which we have received from third party advertisers. For more information about this process, please see our Cookies Policy.
9. Sending data outside of the European Economic Area
We will only send data outside of the European Economic Area (‘EEA’) to work with our agents and advisers who we use to deliver services to you or to comply with a legal duty. If we do transfer data outside the EEA, we will make sure that it is protected in the same way as if it were being used in the EEA. We will use one of the following safeguards to ensure that it is protected:
-
Transfer the data to a non-EEA country which has privacy laws at least as protective as those within the EEA
-
Put in place a contract with the recipient of the data which means the recipient must protect the data to the same standards as required within the EEA, or
-
Transfer it to organisations which are part of the Privacy Shield. The Privacy Shield is a framework which sets out the standards for data to be sent between the United States and European countries. The Privacy Shield ensures that data is protected to the same standards as used within the EEA.
10. Your rights
You are entitled to see copies of all personal data held by us and to amend, correct or delete such data. You can also limit, restrict or object to the processing of your data. You can also log in to your Polrail account to update the details held there.
If you gave us your consent to use your data, e.g. so that we can send you marketing emails, you can withdraw your consent. Please note that even if you withdraw your consent, we can still rely on the consent you gave as the lawful basis for processing your data before you withdrew your consent.
You can object to our use of your data where we rely on our legitimate interests to do so. We explained the legitimate interests we rely in the table above under the heading ‘How we use your personal data’.
To raise any objections or to exercise any of your rights, you can send an email to us at data.protection@polrail.com or you can write to us at Data Protection, Polrail Service, ul. Kr. Jadwigi 1/3, 85-231 Bydgoszcz, Poland.
When you get in touch, we will come back to you as soon as possible and where possible within one month. If your request is more complicated, it may take a little longer to come back to you but we will come back to you within two months of your request. There is no charge for most requests, but if you ask us to provide a significant about of data for example we may ask you to pay a reasonable admin fee. We may also ask you to verify your identity before we provide any information to you.
If Polrail decides to change this privacy policy, the changes will be posted on this page.
11. Complaints
If you have any complaints concerning Polrail's processing of your personal data please email us at data.protection@polrail.com or write to us at Data Protection, Polrail Service, ul. Kr. Jadwigi 1/3, 85-231 Bydgoszcz, Poland.
Please note that you have the right to lodge a complaint with the supervisory authority which is responsible for the protection of personal data in the country where you live or work, or in which you think a breach of data protection laws might have taken place.
Customers can contact the Bureau of the Inspector General for Personal Data Protection by telephone at (+48 22) 531 03 88, or via the Inspector General's web site www.giodo.gov.pl.
12. Contact Us
You can write to us at Data Protection, Polrail Service, ul. Kr. Jadwigi 1/3, 85-231 Bydgoszcz, Poland or you can send an email to us at data.protection@polrail.com.
Last revised 18.07.2018