Cookies Policy
Personal Data Protection Policy
Pl. Jagielloński 8,
phone no.: +40 31 100 5000 - for mobile phone users and calls from abroad,
e-mail: iod@esky.com
Personal Data Protection Inspector: Grzegorz Gawin
e-mail: iod@esky.com
Purpose | Explanation | Legal basis | Processing length (when will your data be removed) |
Creating an account on the Website according to the terms and conditions (hereinafter referred to as the “Terms and Conditions”). | This relates to data processing that is necessary to create an account at www.esky.co.uk and use it, for example, to verify the correctness of the data or to review transactions. The process of creating the account is automated. If you experience any problems with creating the account, you can contact the Call Center. Every user is authorised to create the account. No initial verification is required. | Article 6 section 1 letter b) of the GDPR and Article 22 section 2 letter a) of the GDPR |
Throughout the period of the account service, however if the account is not created or removed, the data is archived and will not be used for purposes other than those related to determining, pursuing or defending counterclaims. |
Entering into an agreement on providing service according to the Terms and Conditions. | Regardless of whether you create the account at www.esky.co.uk or you are an unregistered user, you can use services according to the Terms and Conditions, e.g. book a ticket or make a hotel reservation. Personal data gathered in the process of ordering a service are processed (e.g. they will be shared with airlines or other service providers) to finalise the service. The agreement may also be concluded through the Data Administrator’s Call Center. The agreement is executed automatically. Every user is authorised to conclude the agreement. No initial verification is required. |
Article 6 section 1 letter b) of the GDPR and Article 22 section 2 letter a) of the GDPR | Throughout the period of the service and until the statute of limitations on the counterclaims expires, however if the agreement is not concluded and the service is not provided according to the Terms and Conditions or after the period of provision of the service expires, the data will be archived and will not be used for purposes other than those related to determining, pursuing or defending counterclaims. |
Performing the obligations under the agreement on providing service according to the Terms and Conditions. | Regardless of whether you create the account at www.esky.co.uk or you are an unregistered user, you can use services according to the Terms and Conditions, e.g. book a ticket or make a hotel reservation. Personal data gathered in the process of ordering a service are processed (e.g. they will be shared with airlines or other service providers) to perform the obligations under the agreement. You may also select additional options while ordering a service (according to the Terms and Conditions), if you select these options, your data will also be processed for the purposes of providing this additional service. The agreement is concluded automatically, unless the service is operated by Call Center. Every user is authorised to receive the service. No initial verification is required. |
Article 6 section 1 letter b) of the GDPR and Article 22 section 2 letter a) of the GDPR | Throughout the period of the service and until the statute of limitations on the counterclaims expires, however if the agreement is not concluded and the service is not provided according to the Terms and Conditions or after the period of provision of the service expires, the data will be archived and will not be used for purposes other than those related to determining, pursuing or defending counterclaims. |
For the eSky marketing purposes. | If marketing is done through emails - you will be asked to give additional permission - see details below. In such a case, the data accessed from the account or during the transaction process and while the service is being provided and for this period. The indicated purpose may be achieved through displaying personalised advertisement based on profiling. According to the GDPR, profiling is any form of automated personal data processing that involves the use of personal data for evaluation of personal aspects of a natural person, in particular for analysis or prognosis of the aspects related to this natural person’s performance at work, their financial situation, health, personal preferences, interests, credibility, behaviour, location and movement; | Article 6 section 1 letter f) of the GDPR | Until objection is made and after it is made only for the purposes of defence against claims (throughout the statute of limitations on the claims arising from infringement of personal interests). |
For the purposes of achieving public and legal (e.g. taxes) responsibilities related to the agreement on providing service according to the Terms and Conditions. | This refers to performance of obligations assigned to the Data Administrator under Polish law | Article 6 section 1 letter c) of the GDPR | Until the statute of limitations on the public and legal obligations (e.g. taxes) expires. |
For the purposes of keeping the Website safe. | This is about preventing unauthorised access to the electronic communication network and sharing malicious codes, stopping attacks, such as “service denial” and protecting computer systems and electronic communication network from damage. | Article 6 section 1 letter f) of the GDPR | Until an effective objection is made (see details below) or until the statute of limitations on counterclaims expires, e.g. those related to breach of safety rules on the Website -> whichever event occurs first. |
For the purposes of a statistical analysis, including a financial analysis, and using its results to improve the quality of the services offered by the Data Administrator. | The analysis is performed “manually”. The analysis aims to identify transactions that constitute a breach of the agreement (without the intention of payment) for the purpose of pursuing the rights by the Data Administrator. | Article 6 section 1 letter f) of the GDPR | Until an effective objection is made or until the statute of limitations on counterclaims expires, e.g. those related to breach of safety rules on the Website -> whichever event occurs first. |
For the purposes of sending the newsletter. | In such a case, you will be asked for additional permission and to provide your email address. In such a case, the data accessed from the account or during the transaction process and while the service is being provided and for this period. The indicated purpose may be achieved through displaying personalised advertisements based on profiling. According to the GDPR, profiling is any form of automated personal data processing that involves the use of personal data for evaluation of personal aspects of a natural person, in particular for analysis or prognosis of the aspects related to this natural person’s performance at work, their financial situation, health, personal preferences, interests, credibility, behaviour, location and movement; | Article 6 section 1 letter a) of the GDPR | Until the permission is withdrawn and after it is withdrawn only for the purposes of defence against claims (throughout the statute of limitations on the claims arising from infringement of personal interests). |
For the purposes of sending “price alerts”. | In such a case, you will be asked for additional permission and to provide your email address. In such a case, the data accessed from the account or during the transaction process and while the service is being provided and for this period. The indicated purpose may be achieved through displaying personalised advertisement based on profiling. According to the GDPR, profiling is any form of automated personal data processing that involves the use of personal data for evaluation of personal aspects of a natural person, in particular for analysis or prognosis of the aspects related to this natural person’s performance at work, their financial situation, health, personal preferences, interests, credibility, behaviour, location and movement; | Article 6 section 1 letter a) of the GDPR | Until the permission is withdrawn and after it is withdrawn only for the purposes of defence against claims (throughout the statute of limitations on the claims arising from infringement of personal interests). |
For the purposes of displaying the so-called web push. | In such a case, you will be asked for additional permission. Web push delivers a question to the User that will appear in the address bar and will ask the User for his permission to receive web push notifications. The User may accept or block the notifications. The content of notifications is created by the browser and interference is not permitted. | Article 6 section 1 letter a) of the GDPR | Until the permission is withdrawn and after it is withdrawn only for the purposes of defence against claims (throughout the statute of limitations on the claims arising from infringement of personal interests). |
For the purposes of geolocation that is used to display personalised advertisements. | In such a case, you will be asked for additional permission. | Article 6 section 1 letter a) of the GDPR | Until the permission is withdrawn and after it is withdrawn only for the purposes of defence against claims (throughout the statute of limitations on the claims arising from infringement of personal interests). |
For the purposes of performing the obligations related to the enforcement of the laws specified in the GDPR. | In such a case, the data are processed only within the scope that is necessary to identify and verify the identity of the person who makes the request. | Article 6 section 1 letter c) of the GDPR | For the purposes of defence against claims, throughout the statute of limitations on the claims arising from infringement of personal interests. |
For the purposes of determining, pursuing or defending against counterclaims related to: - providing services according to the Terms and Conditions (within this scope, processing complaints); - performing obligations arising from the GDPR (to adhere to the regulations). |
In such a case, the data is processed only within the scope necessary for the purposes of investigation, determining the claims or defending against the claims. | Article 6 section 1 letter f) of the GDPR | Throughout the statute of limitations on the claims, both the claims against the Data Administrator and those assigned to the Data Administrator. |
For a purpose of archiving and handling of queries at eSky Assistant Service | The processing of personal data is necessary in order to verify frequently asked questions as well as to provide service enhancements, including updated responses to queries, on the basis of demand. | Article 6, section 1, letter b) and Article 6 section, 1 letter f)(with regard to service quality improvement in accordance with information provided by customers). | Throughout the period of the service and until the statute of limitations expires. However, if the agreement has not been concluded and the service has not been provided according to the Terms and Conditions, or after the end of service provision, the data will be archived and will not be used for purposes other than those related to determining, pursuing or defending counterclaims. |