Skip to content Skip to footer
My account

Privacy Policy

Close

Privacy Policy of the Internet Service Fonia.Travel

  1. The Personal Data Administrator of the Internet Service available at: fonia.travel, hereinafter referred to as the Internet Service, is FONIA TELECOM Sp. z o.o. with its registered office at: ul. Twarda 18, Warsaw 00-105, entered into the register of entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw, XIV Economic Department of the National Court Register, under KRS number: 0000890861, NIP: 1133031081, REGON: 38864550300000 hereinafter referred to as the Personal Data Administrator.

     

  2. The Administrator has appointed a Data Protection Officer, who is Jakub Szajdziński. Any inquiries, requests, complaints regarding the processing of personal data by the Personal Data Administrator, hereinafter referred to as Notifications, should be addressed to the following email address of the Data Protection Officer: dpo@fonia.app or in writing to the address Twarda 18, 00-105, Warsaw. The notification should clearly indicate:

    a) the data of the person or persons covered by the Notification,

    b) the event that is the reason for the Notification
    c) present your requests and the legal basis for these requests
    d) indicate the expected way of handling the matter.

  3. In our Internet Service, we collect the following personal data:

    a) name and surname, and PESEL number or name, series and number of the document confirming identity – the data is processed when as a user of our service you provide it via the order form in order to use the telecommunications services provided by the Administrator. The above data may also be processed by the Personal Data Administrator for the purpose of verifying the identity of the authorized person
    b) phone number – processed when as a user of our service you want to use the eSIM service. The phone number is also processed by the Administrator for communication purposes related to the performance of the contract and for the purpose of delivering marketing content. The Administrator delivers commercial and marketing content via SMS messages, in connection with the client’s use of free telecommunications services
    c) bank account number – processed for the purpose of providing services under the cashback account
    d) residential/correspondence address – processed for tax purposes
    e) email address – processed for the purpose of performing the contract, in particular for: delivering confirmation of ordering an eSIM card, for sending confirmation of conclusion of a telecommunications services agreement, and also for delivering correspondence related to the concluded agreement (including sending settlement documents). The email address is also processed for the delivery of commercial and marketing content by the Administrator. The Administrator delivers marketing and commercial content in exchange for free use of telecommunications services. Your email address is also processed for the activation of the mobile application. Additionally, the email address may be processed when you voluntarily register a cashback account in the application
    f) device IP address and potential personal data contained in Cookies files – information resulting from general principles of connections made on the Internet, such as IP address (and other information contained in system logs), are used for technical and statistical purposes, including in particular for collecting general demographic information (e.g. about the region from which the connection is made). This type of data is also used for marketing and analytical purposes, if consent is given pursuant to Article 173(1) of the Telecommunications Law
    g) Transmission data and location data – data showing the way and frequency of using telecommunications services, primarily data showing the number of incoming and outgoing calls, their duration, the numbers you contact, and the number of incoming and outgoing SMS messages, the Administrator processes such data in connection with the performance of a telecommunications services agreement (including for billing for telecommunications services), for managing traffic in the telecommunications network and settlements with other operators, and also for ensuring network security (including detecting abuses)
    h) optionally, other data may be collected in the course of conducting specific matters or may be provided by users of our Internet Service via email, a contact form available on the Internet Service, traditional mail or by phone.

  4. Every person using our Internet Service has the possibility to choose whether and to what extent they want to use our services and provide information and data about themselves, to the extent specified by the content of this Privacy Policy.
  5. As part of providing telecommunications services, the Administrator displays marketing content in the form of advertising banners of its business partners through the Application (in the form of push/pop-up notifications), in accordance with the Terms and Conditions of telecommunications services provision and the application regulations.
  6. We process personal data for the purpose of:

    a) concluding and performing contracts related to the services offered by us (Art. 6(1)(b) GDPR) – in this respect, the data will cease to be processed when a given contract is fulfilled
    b) conducting an individual user account (Art. 6(1)(b) GDPR) – in this respect, personal data will cease to be processed when the user’s account is deleted
    c) performing legal obligations incumbent on the Personal Data Administrator, in particular documentation, issuing invoices, etc. (Art. 6(1)(c) GDPR) – in this respect, personal data will be deleted after fulfilling specified legal obligation
    d) directing marketing content concerning the Administrator and conducting website analytics in connection with the use of cookies (Art. 6(1)(a) GDPR) – in this respect, personal data is processed until the end of the session or deletion of cookies by the user, withdrawal of consent or until effective objection to processing for this purpose is made
    e) running a website (Art. 6(1)(f) GDPR in conjunction with Art. 173(1) of the Telecommunications Law) – in this respect, personal data will cease to be processed in the event of expiration of the Cookie file, deletion of cookies or, accordingly, at the end of a given session
    f) ongoing communication related to the functioning of the Internet Service (Art. 6(1)(f) GDPR, i.e. the legitimate interest of the Personal Data Administrator) – in this respect, your personal data will cease to be processed upon answering the given question or questions, g) determining and pursuing claims or defending against such claims (Art. 6(1)(f) GDPR, i.e. the legitimate interest of the Personal Data Administrator) – in this respect, personal data will be deleted upon expiration of the claims, but as a rule after the expiration of the 3-year limitation period for claims.

  7. The source of the personal data processed by the Personal Data Administrator are the persons to whom the data relates. Personal data is obtained through:

    a) entering the data provided by you into the forms available on the Service or Application website – in order to conclude an agreement for the provision of telecommunications services, including eSIM services
    b) entering data by you in the Application, in order to purchase additional services, goods or use new functionalities
    c) entering data by you in the Application (including via chat) or providing it via email correspondence, in order to respond to your question and consider the reported matter
    d) storing cookie files (so-called “cookies”) on end devices
    e) collecting device logs, www server logs and other information arising in connection or as a result of the functioning and use of the Application.

  8. In the case of the presence of a button or function that is a link to an external website, application, or social media, there is a co-administration relationship between the Administrator of this Internet Service and the administrator of the external website. Co-administration is limited exclusively to data necessary for operations related to the functioning of a given button or function. The Administrator is not responsible for the policies regarding the further processing of personal data by other entities and organizations or social media service providers. Our Co-administrator within this Internet Service is Meta Platforms Ireland Ltd. (Facebook Pixel, Facebook) with its registered office at: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
  9. The Administrator uses tools from Google Ireland Ltd (Google Ads, Google Tag Manager, Google Analytics, Google Doubleclick), OneSignal, Inc. (Onesignal). As a rule, data within the use of these tools is processed on servers located within the EEA. However, entities providing these tools may be obliged to transfer data to third countries if such obligation is imposed on them by law or is necessary due to the nature of the services provided (SaaS, hosting, etc.). The scope of personal data transferred in this respect relates exclusively to potential personal data contained in Cookies files. The legal bases for processing personal data indicated in the preceding sentence have been indicated in point 6 lit. d) and e) of this Policy. The transfer of personal data to the United States is based on the Decision of the European Commission of 10.07.2023 on ensuring an adequate level of protection by the EU-US Data Protection Framework (Article 45(1) GDPR). Our data importer entities, namely Google LLC, Meta Platforms, Inc., and OneSignal, Inc., meeting the criteria of the decision and participating in the Data Protection Framework program, are listed at the following address: https://www.dataprivacyframework.gov/s/participant-search. Google Ireland ltd, and Meta Platforms Ireland Ltd., may transfer data to third countries – on the basis of Standard Contractual Clauses adopted by these entities.
  10. We do not provide any personal data to third parties without the explicit consent of the person to whom the data relates. Personal data without the consent of the person to whom the data relates may only be provided to public authorities, i.e. authorities and administrations (e.g. tax authorities, law enforcement authorities, and other entities authorized by generally applicable law). Personal data is also provided to other entities in connection with the provision of services by the Administrator, in cases where the basis for transferring personal data is not the entrustment of data. The Administrator, solely with the prior consent of the person to whom the data relates, provides personal data to Tik Tok Technology Ltd. (Tik Tok Pixel tool).
  11. Personal data may be entrusted for processing to entities processing such data on our behalf as the Personal Data Administrator. In such a situation, as the Personal Data Administrator, we conclude a data processing entrustment agreement with the data processing entity. The data processing entity processes the entrusted personal data only for the purposes, to the extent and for the purposes specified in the entrustment agreement referred to in the preceding sentence. Without entrusting personal data for processing, we could not conduct our activities within the Internet Service. As the Personal Data Administrator, we entrust personal data for processing, in particular, to the following entities:

    a) providing hosting services for the website on which our Internet Service operates
    b) provider of analytical tools
    c) provider of marketing tools
    d) cooperating telecommunications operators
    e) CRM service providers.

  12. We do not subject personal data to profiling as the Personal Data Administrator within the meaning of the GDPR provisions.
  13. In accordance with the GDPR provisions, each person whose personal data we process as the Personal Data Administrator has the right to:
    a) access to their personal data, as referred to in Article 15 GDPR
    b) be informed about the processing of personal data, as referred to in Article 12 GDPR
    c) rectify, complete, update, correct personal data, as referred to in Article 16 GDPR
    d) withdraw consent at any time, as referred to in Article 7(3) GDPR
    e) delete data (right to be forgotten), as referred to in Article 17 GDPR
    f) restriction of processing, as referred to in Article 18 GDPR
    g) data portability, as referred to in Article 20 GDPR
    h) object to the processing of personal data, as referred to in Article 21 GDPR
    i) in the case of a legal basis in the form of consent – the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal
    j) not to be subject to profiling, as referred to in Article 22 in conjunction with Article 4 point 4 GDPR, k) lodge a complaint with the supervisory authority (i.e. the President of the Office for Personal Data Protection), as referred to in Article 77 GDPR.
  14. If you want to exercise your rights referred to in the preceding point, please send a message by email to the email address or in writing to the correspondence address mentioned in point 2 above.
  15. Each identified case of security breach is documented, and in the event of one of the situations specified in the GDPR or the Act, individuals whose data has been breached are informed about such breaches of personal data protection regulations, and – if applicable – the President of the Office for Personal Data Protection.
  16. The Cookies Policy is a separate document located at: https://fonia.travel/en/cookies-policy/
  17. In matters not regulated by this Privacy Policy, the relevant provisions of the generally applicable law apply. In the event of discrepancies between the provisions of this Privacy Policy and the above provisions, the latter shall prevail.