Privacy policy

1. Data Controller and Contact

The Controller of personal data processed in connection with the use of the travi.pl website is
NetBrands, NIP (Tax ID): 7292657488, REGON: 100960211, ul. Piotrkowska 270, 90-361 Łódź (“Controller”).

Contact regarding data protection matters: kontakt@travi.pl.

2. Scope and Source of Data

The Controller may process personal data provided by the User (e.g., in the contact form or newsletter subscription) as well as technical data/online identifiers
related to the use of the website (e.g., IP address, cookie identifiers, advertising identifiers) – depending on the consents granted and browser/device settings.

The source of data is, in principle, the User and – in the case of advertising/analytical tools – the User’s device and browser (cookies and similar technologies),
provided the User has consented to this (except for necessary cookies).

3. Purposes and Legal Bases for Processing

A. Contact Form and Inquiries

  • Purpose: handling the inquiry, preparing an offer/valuation, providing feedback, conducting business correspondence.
  • Scope of data: data provided in the form (e.g., name, e-mail, phone number, message content).
  • Legal basis: Art. 6(1)(b) GDPR (steps taken prior to entering into a contract) and Art. 6(1)(f) GDPR (legitimate interest – communication and handling correspondence, defense of claims).
  • Important: data from the contact form is not automatically added to the newsletter database.

B. Newsletter and Lead Magnets (MailerLite)

  • Purpose: sending thematic newsletters, educational materials, offer updates, and marketing communication.
  • Scope of data: e-mail address, name (if provided), and information about interests (assignment to a thematic recipient list).
  • Legal basis: Art. 6(1)(a) GDPR (consent) and relevant electronic communication regulations regarding consent to receive commercial information/direct marketing via electronic means.
  • Withdrawal of consent: at any time via the “Unsubscribe” link in the footer of the message or by contacting: kontakt@travi.pl.

C. Analytics, Marketing, Ads, and Remarketing (Google / Meta)

  • Purpose: measuring traffic and effectiveness of actions, statistics, as well as conducting advertising campaigns and remarketing (displaying ads after visiting the website).
  • Legal basis (cookies/pixels): User consent for storage and/or access to information on the end device (cookies and similar technologies) – except for necessary cookies.
  • Legal basis (GDPR): Art. 6(1)(a) GDPR (consent) – regarding data obtained by analytical and marketing tools activated after consent is expressed.
  • Profiling: within Google/Meta advertising systems, profiling may occur to match ads. The Controller does not make decisions concerning the User based solely on automated processing that produce legal effects.

4. Is Providing Data Mandatory?

  • Providing data in the contact form is voluntary but necessary to receive a response and an offer.
  • Providing data for the newsletter is voluntary but necessary to receive messages.
  • Expressing consent for analytical/marketing cookies is voluntary. Lack of consent does not block the use of the website but may limit analytics and remarketing functions.

5. Data Recipients (Processors and Separate Controllers)

The Controller uses the services of external entities. Data may be transferred to:

  • Cyberfolks S.A. – hosting and email (infrastructure maintenance).
  • MailerLite (MailerLite Limited) – newsletter distribution and subscription management (applies to subscribed persons).
  • Google (e.g., Google Ireland Limited) – analytical and advertising tools (e.g., Google Analytics, Google Ads).
  • Meta (Meta Platforms Ireland Limited) – advertising and measurement tools (e.g., Meta Pixel).
  • L&G – accounting services.
  • IT entities/contractors – solely to the extent necessary to maintain the website and handle inquiries.

Tool providers (e.g., Google/Meta) may also act as separate independent Controllers for their own purposes (in accordance with their regulations and policies).
In the case of Meta tools (e.g., Pixel), the Controller may be a Joint Controller with Meta in the limited scope related to the collection and transmission of event data.

6. Data Transfer Outside the European Economic Area (EEA)

In connection with the use of Google/Meta/MailerLite tools, data may be transferred to third countries (e.g., USA).
The Controller applies mechanisms compliant with the GDPR, in particular Standard Contractual Clauses (SCC) and – in the case of providers listed on the certified entities list – the EU–US Data Privacy Framework.

7. Data Retention Period

  • Inquiries/Contact: for the duration of the correspondence, and subsequently until the expiration of claims limitation periods or until an effective objection is raised – depending on the basis of processing.
  • Newsletter: until consent is withdrawn (unsubscribing) or the newsletter service is terminated.
  • Accounting documents: for the period required by law (generally at least 5 years).
  • Cookies: in accordance with the periods indicated in the tool settings and until deleted by the User or consent is withdrawn (for optional cookies).

8. Rights of Data Subjects

The User has the following rights:

  • right of access to data,
  • right to rectification of data,
  • right to erasure of data (“right to be forgotten”),
  • right to restriction of processing,
  • right to data portability,
  • right to object to processing based on Art. 6(1)(f) GDPR (including objection to direct marketing),
  • right to withdraw consent at any time (where processing is based on consent) without affecting the lawfulness of processing based on consent before its withdrawal,
  • right to lodge a complaint with the President of the Personal Data Protection Office (UODO).

9. Cookies, Pixels, Consent Settings

The website uses cookies and similar technologies. Necessary cookies are used for the proper functioning of the website.
Analytical and marketing cookies (including Google Analytics, Google Ads, Meta Pixel) are activated only after the User expresses consent (except for necessary/technical modes, if applied).

The User may change consent settings at any time.
The User may also delete cookies in browser settings. Limiting cookies may affect some website functions.

10. Data Security

The Controller applies technical and organizational measures appropriate to the risks, including connection encryption (SSL) and limiting access to data to authorized persons.

11. Policy Changes

The Policy may be updated, particularly in the event of changes to website functionality or tools used. The current version is always published on the website.

Request a quote

E-mail us
info@travi.agency
Language
PLEN
Follow us