Gdańsk
Loading...
-6°C
+48 801 066 808
Public Information Bulletin
Public Information Bulletin
Gdansk Lech Walesa Airport

Privacy policy

We make every effort to protect the personal data we collect in accordance with national regulations and with the Regulation of the European Parliament and the EU Council 2016/679 of 27th April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (O.J. EU L 119 of 04.05.2016, p. 1, with the amendment announced in the O.J. EU L 127 of 23.05.2018, p. 2), called hereinafter: “GDPR”.

We provide you with this Privacy Policy so that every person with whom we enter into a relationship is aware of:

  • who the administrator of his or her personal data is,
  • to what extent, for what purposes and on what legal grounds we process the data and to whom we share it,
  • what rights you have in relation to data processing in accordance with Art. 13 and 14 GDPR.

The detailed subject of the Privacy Policy may be the information provided at the time of collecting personal data or within a reasonable time – no later than a month – in the case of collecting data from indirect sources, i.e. not from the persons concerned.

1. Personal Data Administrator
The administrator of your personal data is Port Lotniczy Gdańsk sp. z o.o., [Gdansk Airport Ltd.] ul. Słowackiego 200, 80-298 Gdansk (hereinafter: “the Airport,” “Administrator” or “we”). When purchasing Fast Track or Executive Lounge services via the Port website or at Tourist and Airport Information points, the administrator of the buyers' personal data is the Gdansk Tourism Organization, based in Gdansk, ul. Niterów 3/Hala 31B, 80-864 Gdansk. The Port is not a party to this agreement and processes only the information necessary to complete the transaction (voucher validation) as a separate administrator.

2. Data Protection Controller
To supervise the matters related to the protection of personal data and provide you with detailed information, we have appointed a data protection officer. The duties are performed by Marek Cirkowski. You can contact the officer by e-mail or by phone: iod@airport.gdansk.pl, +48 58 348 11 54. For all matters relating to data processing by the Gdansk Tourism Organization (Fast Track/Executive Lounge purchase), please contact the GTO Data Protection Officer: iod@jestemzgdanska.pl.

3. Data processing for specific purposes

3.1. The persons staying on the premises of the Airport (passengers, guests, others) - if you belong to the passengers we serve or guests staying at our airport, then:

  • We process your data for the purposes of ensuring the safety of persons and protection of property by means of a video monitoring system (Art. 6, Par. 1, Letter f, GDPR). In certain cases, we may also process your data for other purposes resulting from legitimate interests (Art. 6, Art. 1, Letter f, GDPR). We describe the cases of our legitimate interests in Point 4.
  • The categories of personal data processed may include the image.
  • The recipients of the data may be persons or entities who demonstrate a factual or legal interest justifying making the recordings made via the video monitoring system available.
  • The data recorded by the video monitoring system will be stored for no longer than one month from the moment of recording or until overwriting the recording. The data may, however be stored for a longer period if they constitute evidence in proceedings conducted pursuant to legal provisions or when the Airport has learned that they may constitute evidence in such proceedings. Then, the data may be stored until such a procedure is legally terminated. After this period, the data shall be destroyed, unless the applicable regulations provide otherwise. The cases of a longer period of data processing are described in Point 4.
  • In connection with the processing, you have the right to access and rectify the data, the right to limit the processing, the right to object to the processing, the right to lodge a complaint with the Director of the Data Protection Office (ul. Stanisława Moniuszki 1A, 00-014 Warsaw). Detailed information on individual rights can be found in Point 5.

3.2. Clients and Contractors – if you belong to the group of our clients or contractors, both individual and business, you use the services we offer, including premium services such as VIP Services, Executive Lounge, Fast Track, rental of conference, commercial and service rooms, then:

  • We process your data in order to conclude or perform a contract (Art. 6, Par. 1, Letter b, GDPR), and in certain cases to achieve the purposes of legitimate interests (Art. 6, Par. 1, Letter f, GDPR). We describe the cases of our legitimate interests in Point 4.
  • If the purchase of Fast Track/Executive Lounge is made via the Airport's website or at GTO points of sale, the data controller is GTO (Art. 6 Par. 1 Letter b of the GDPR – performance of the contract). The Airport does not receive customer data for its own purposes; it only receives information about the validity of the voucher for the purpose of processing the passage as a separate controller (without combining it with other data).
  • In the cases of individual clients, the categories of personal data processed may include: identification data, address details, contact details.
  • In the case of business clients, the categories of personal data processed may include: identification data, address details, contact details, data of a financial nature, data related to professional, business or economic activity.
  • The recipients of data may be entities providing courier, postal, legal, IT, payment services and financial institutions. Detailed information on data recipients can be found in Point 7.
  • The data will be stored for a period of at least 5 years from the end of the calendar year in which the tax payment deadline in connection with the concluded contract expired, however, the law may provide for a longer period of data storage, in particular in the field of pursuing or defending claims. Cases of a longer period of data processing are described in Point 4.
  • In connection with the processing, you have the right to access and rectify data, the right to limit the processing, the right to object to the processing, the right to lodge a complaint with the Director of the Personal Data Protection Office (ul. Stanisława Moniuszki 1A, 00-014 Warsaw). Detailed information on individual rights can be found in Point 5.
  • Your personal data may be processed in the form of analytical, sales and marketing profiling in order to make measurements that will allow us to improve our services.
  • Providing data is a contractual requirement, and refusal to provide it may prevent from the conclusion or performance of the contract.
  • The source of data may be employers, co-workers, principals, persons who make reservations.

3.3. Suppliers - if you provide us with goods or services, then:

  • We process your data in order to conclude or perform a contract (Art. 6, Par. 1, Letter f, GDPR), and in certain cases to achieve the purposes of legitimate interests (Art. 6, Par. 1, Letter f, GDPR). We describe the cases of our legitimate interests in Point 4.
  • The categories of personal data processed may include: identification data, address data, contact details, data of a financial nature, data related to professional, business or economic activity.
  • The recipients of data may be entities providing courier, postal, legal, IT services. Detailed information on data recipients can be found in Point 7.
  • The data will be stored for a period of at least 5 years from the end of the calendar year in which the tax payment deadline in connection with the concluded contract expired - however, the law may provide for a longer period of data storage, in particular in the field of pursuing or defending claims. Cases of a longer period of data processing are described in Point 4.
  • In connection with the processing, you have the right to access and rectify data, the right to limit processing, the right to object to the processing, the right to lodge a complaint with the Director of the Personal Data Protection Office (ul. Stanisława Moniuszki 1A, 00-014 Warsaw). Detailed information on individual rights can be found in point 5.
  • Providing data is a contractual requirement, and refusal to provide it may prevent the conclusion or performance of the contract.
  • The source of data may be employers, co-workers, principals, persons who make reservations.

3.4. Representatives and Contact Persons – if you are a representative or a contact person, then:

  • We process your data to achieve the goal of legitimate interest, which is the communication between us and you (Art. 6, Par. 1, Letter f, GDPR). We describe other cases of our legitimate interests in Point 4.
  • The categories of personal data processed may include: identification data, address data, contact details, data related to professional activity.
  • The recipients of data may be entities providing courier, postal, legal, IT services. Detailed information on data recipients can be found in Point 7.
  • The data will be stored for the period necessary to meet the needs related to maintaining the contact between us and you.
  • In connection with the processing, you have the right to access and rectify data, the right to limit processing, the right to object to the processing, the right to lodge a complaint with the Director of the Personal Data Protection Office (ul. Stanisława Moniuszki 1A, 00-014 Warsaw). Detailed information on individual rights can be found in Point 5.

3.5. Candidates - if you are interested in our job offers or cooperation, then:

  • We process your data in order to conclude an employment contract on the basis and to the extent specified in Art. 22(1) §1 of the Act of 26 June 1974, Labor Code (Art. 6, Par. 1, Letter b, GDPR), or the conclusion of a civil law contract  (Art. 6, Par. 1, Letter f, GDPR). We also process your personal data for the purposes arising from legitimate interests (Art. 6, Par. 1, letter f, GDPR) in accordance with Point 4.
  • If you wish to participate in further recruitments or if the application documents contain information that may be considered sensitive data, they will be processed on the basis of your voluntary consent (Art. 6, Par. 1, Letter a or Art. 9, Par. 2, Letter a, GDPR).
  • The categories of data processed include: given name(s) and surname, date of birth, contact details provided by you, education, professional qualifications, previous employment history, company (in the case of self-employment), as well as any other data that you provided in the application documents.
  • The recipients of the data may be the entities providing IT services. Detailed information on data recipients can be found in Point 7.
  • The data will be stored for the duration of a given recruitment, unless you consent to its further storage for the purposes of future recruitment. The cases of a longer period of data processing are described in Point 4.
  • In connection with the processing, you have the right to access and rectify your data, the right to limit the processing, the right to withdraw your consent at any time (without affecting the lawfulness of processing that was carried out before its withdrawal), the right to object to the processing, the right to delete data, the right to lodge a complaint to the Director of the Personal Data Protection Office (ul. Stanisława Moniuszki 1A, 00-014 Warsaw).
  • Providing the data results from the scope specified by the Labor Code or is a contractual requirement (in the case of employment based on a civil law contract) and the refusal to provide it may make it impossible to establish an employment relationship or conclude a contract.

3.6. Website Users - if you contact us via our website, then:

  • We process your data to achieve the purpose resulting from legitimate interests, which is the communication between us and you, for the purposes of compiling, analyzes and statistics based on legitimate interests involving the improvement of our offer and services and adapting them to your preferences (Art. 6, Par. 1, letter f, GDPR). We describe the cases of our legitimate interests in Point 4.
  • The categories of personal data processed may include identification data, contact details.
  • The recipients of the data may be the entities providing IT and marketing services. Detailed information on data recipients can be found in Point 7.
  • The data will be kept for the period necessary to respond to the sent inquiries. The cases of longer period of data processing are described in Point 4.
  • In connection with the processing you have the right to access and rectify the data, the right to limit the processing, the right to object to processing, the right to withdraw your consent at any time (without affecting the lawfulness of the processing that was carried out before its withdrawal), the right to delete data, the right to lodge a complaint to the Director of the Personal Data Protection Office (ul. Stanisława Moniuszki 1A, 00-014 Warsaw).
  • We can also process information that allows us to remember your preferences in the use of the website - we use “cookies” to collect this type of data (for more information, see Point 9).
  • Your personal data may be processed in the form of analytical, sales and marketing profiling in order to adapt our materials to your needs and interests and to make measurements that will allow us to improve our services. Binding decisions are not automated, i.e. they are never taken without human intervention. The data on the use of our website may be used for internal statistical purposes and to develop and improve our products, services, communication methods and functionality of our website, as well as to ensure IT security. In this case, we only use aggregated data and we do not use names, e-mail addresses or other information that allows you to be directly identified.

4. Other grounds for processing

Apart from to the situations indicated in Point 3, in particular cases we may also process your data for other purposes. This may involve an extension of the storage period of your data.

4.1. For the purposes necessary to fulfill our legal obligations (Art. 6, Par. 1, Letter c, GDPR) we will process you data:

  • for the duration of our performance of the legal obligations imposed on us by applicable regulations, including tax law regulations,
  • for the period in which certain legal provisions require us to store the data (these provisions may provide for a different period of data storage).

4.2. Furthermore, we may also process your data for other purposes resulting from our legitimate interests (Art. 6, Par. 1, Letter f, GDPR), such as:

  • ensuring the safety of people and protection of property by conducting video monitoring,
  • providing access to the restricted areas of the airport,
  • providing access to the restricted use area,
  • establishing, defending and pursuing claims, including selling our receivables to another entity,
  • promotion of the company and our services,
  • creating statements, analyzes and statistics,
  • archiving.

5. Rights

In connection with the processing of personal data carried out by us, in certain cases you may exercise the following rights:

5.1. The right to access the personal data and to obtain a copy of them – upon your request, we will provide information as to whether we process your personal data. We are also obliged, upon a separate request, to provide more detailed information on: the purposes of processing, categories of personal data, data recipients or their categories, the period of data storage or the criteria for its determination, the source of data acquisition, the automated processing of personal data and the consequences of such processing. In the case of transfer of your personal data to a third country, we will also inform you about the security measures used for the transfer. At your request, we will also make a copy of your personal data. It will be made available to you in the popular IT file format. The first copy will be made available free of charge, but for each subsequent copy, we may charge a fee in the amount the we will determine in accordance with the principles set out in GDPR.

5.2. The right to have your data rectified – – if it turns out that your personal data is incorrect, we will remove the incompliance. We will do this on our own initiative - or, if you bring it to our attention - upon your request.

5.3. The right to delete your data, including the “right to be forgotten” – if you do not wish your personal data to be processed and we find that there are no other legal grounds which enable us to process your personal data – your data will be deleted from our databases. Please note, however, that the deletion of some data may prevent us from providing services to you – this refers to the services which imply the processing of personal data. For example, we will not be able to respond to your enquiry and present our offer if you demand us to delete your email address. In spite of such demand, however, we may be able to process certain personal data on the basis of GPDR.

5.4. The right to restrict the processing – in the cases provided for by the GDPR, we will limit the processing of your personal data at your request. Simply put, restricting the processing of personal data prevents their use outside of storage. In this case, any other activities on the data subject to processing restrictions may only be performed with your consent.

5.5. The right to transfer your data – on the terms provided for in the GDPR, you may request the transfer of your personal data saved in a standard machine-readable file format. If your purpose is to transfer them to another administrator, we will send the file containing your personal data directly to them.

5.6. The right to object to processing – in some cases, even if we process the personal data in accordance with the law, without your consent, you may request us to stop processing your personal data by raising an objection. It will be justified if you can show that our lawful actions still infringe your interests, rights or freedoms.

5.7. The right not to be subject to automated decisions in individual cases, including profiling – you have the right no to be subject to decisions that would be based solely on automated processing, including profiling, if they have legal effects on you or significantly affect you in the same way.

5.8. The right to withdraw consent at any time – in the event when we have asked for your consent, you can withdraw this consent at any time. If we do not have a separate basis for processing, we will stop using your personal data for the purpose for which the consent was given. However, please note that withdrawing your consent may sometimes prevent us from providing you with interesting content or information.

5.9. The right to lodge a complaint to the supervisory body – if you believe that our activities related to the processing of personal data have violated your rights, you can lodge a complaint to the Director of the Personal Data Protection Office (ul. Stanisława Moniuszki 1A, 00-014 Warsaw).

The above rights may be limited in certain situations, for example when we can demonstrate that we are legally obliged to process your data. If you wish to exercise any of your rights, all you need to do is submit a relevant request using the contact details provided in Point 1 or Point 2.

6. Sources of Personal Data

As a rule, most of the data we process is information that you have provided to us on voluntary basis. However, we may also come into possession of your data through other persons who provide it to us, e.g. through your employers, associates, principals. In some rare case, we may process your personal data that we are able to deduce from you based on other information which you provide to us and which we obtain in the course of our relationship. This data will not be processed longer than necessary due to the purpose for which it was collected or it will be deleted immediately.

7. Personal Data Recipients

The recipients of your personal data may be courier companies or postal operators, financial institutions and providers of payment, marketing, IT, hosting, telecommunications services, law offices and law firms, entities related to the administrator, buyers of receivables, providers of accounting and financial services, control, advisory, audit and debt collection services. In certain cases, if we outsource some operations to another entity, the essence of which is the processing of personal data, it will be performed in accordance with Art. 28 and Art. 32 of GDPR, i.e. as a part of entrusting personal data for processing. Entrusting your personal data will only apply to the operations performed within the framework of which data processing is the main, primary activity, and not the result of other, side processes. The recipients of personal data may also include entities cooperating in the sale of Fast Track / Executive Lounge services. These services are sold by the Gdansk Tourism Organization (GTO), which in this case is not a recipient of the Airport's data, but a separate administrator of the data of customers of these services.

8. International Transfer of Personal Data

As a rule, your personal data will not be transferred to countries outside the European Economic Area, where the law may not provide the same level of protection for your data. However, if your personal data, as part of the processing, will be transferred to some recipients in third countries (outside the European Economic Area), e.g. in the United States, such data transfer may take place:

  • when the European Commission finds that the country in question ensures an adequate level of protection of personal data
    or
  • based on standard contractual clauses,
    or
  • based on biding corporate rules,
    or
  • subject to exceptions in specific situations.

9. “Cookies”

Our website uses „cookies.” This information is in the form of small text files that are saved on your computers by the server. They are important because they allow the server to read information every time when connected to a specific computer.

The information collected using “cookies” does not constitute personal data, but may be used to provide you with specific functions. Such data is encrypted in a way that prevents unauthorized access to it.  The software used to browse websites allows by default the cookies to be placed on your computers - you have given your consent using the web browser settings (Art. 6, Par. 1, Letter a, GDPR). You can properly configure your browser to block the automatic acceptance of “cookies” or to obtain information each time that a file is sent to the device. More information on the use of cookies and possible configurations can be found in the settings of your browser.

The level of restrictions on the use of “cookies” may affect the availability and functionality offered by our website, including the possibility of blocking its full operation. We use “cookies” for the correct configuration, and in particular for:
 

  • adapting the content of the website to your preferences,
  • providing correct configuration, which enables, in particular, the verification of the authenticity of the browser session,
  • recognizing devices and proper display of the website, tailored to your individual needs,
  • remembering your settings and personalizing the interface, e.g. in terms of the selected language or region,
  • remembering the history of the visited pages on the website in order to recommend contents, font size, appearance, etc.

10. Final Remarks

10.1. We reserve the right to make changes to this Privacy Policy for important reasons. Important reasons are understood as:

  • the requirement to adapt the provisions of the Privacy Policy to applicable law and/ or decisions of authorized public authorities,
  • a change in the interpretation of generally applicable provisions (affecting the contents of the privacy policy) as a result of court judgments, decisions, recommendations or instructions of authorities or bodies competent in a given field,
  • improving customer service,
  • introducing new services and/ or changing the terms of providing services,
  • the need to remove errors and/ or typographical errors contained in the privacy policy
  • change of the Airport data (including, for example, contact details, names or updating the links contained in the Privacy Policy).

10.2. This Privacy Policy comes into force on November 13th, 2025. We keep our policy updated and we will inform you of any changes by publishing the updated Policy on our website.

More information

Cyber security

Regulations