Privacy Policy of BookitOne Panel

Protection and security of Clients' personal data (including data of the Client's Representatives and employees) is a high priority for the Service Provider. The Controller ensures that the personal data provided by Clients is kept secure and strictly complies with data protection regulations, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, "GDPR"). The Controller encourages you to read the general information clause regarding the processing of personal data by the Controller.
Any terms in the Privacy Policy written with a capital letter have the meaning assigned to them by the Parties in the BookitOne Panel Terms of Service.

General Information Clause

1. Personal Data Controller

The controller of all personal data collected through the bookit.one website, the Records software, or other communication channels with the Client, as well as data obtained based on the Client's online activity, is BOOKIT.ONE Sp. z o.o., with registered office in Wrocław, at ul. Kminkowa 35/12, 51-180 Wrocław, entered into the Register of Entrepreneurs of the National Court Register by the District Court for Wrocław – Fabryczna, 6th Commercial Division, under KRS number 0000908641, NIP 8982267179, REGON 389327573.

2. Purpose and Legal Basis for Data Processing

To ensure the proper provision of the Service to the Client, the Client should complete the form available at https://bookit.one/pl/start-with-us, providing information about themselves and/or their company, such as name, email address, client address, and other information necessary to conclude a cooperation agreement and use the BookitOne panel. During service provision, the Client may be asked to provide additional personal data.

Personal data of Clients may be processed:
  • For the performance of the agreement concluded between the Client and the Service Provider (Art. 6(1)(b) GDPR), in particular for:
    • a. use of the BookitOne Panel
    • b. generating and providing VAT invoices
    • c. ensuring access to the BookitOne Panel
    • d. generating records reports at the Client's request
    • e. preparing encrypted data sets after termination of the contract
    • f. handling complaints
    • g. managing reservations
  • For compliance with a legal obligation imposed on the Controller (Art. 6(1)(c) GDPR), particularly for bookkeeping, recording transactions, and tax settlement.
  • For purposes arising from the Controller's legitimate interests (Art. 6(1)(f) GDPR), including:
    • a. defending the Controller's rights
    • b. pursuing claims related to the Controller's business activities
    • c. marketing of the Controller's goods and services (with Client's consent to receive updates and promotions)
    • d. identifying Client preferences regarding BookitOne's development
    • e. planning, designing, updating, and improving BookitOne based on complaints, comments, or feedback

3. Data Recipients

Maintaining Client data confidentiality is a priority. Due to organizational and operational needs, personal data may be shared with:
  • 1. Authorized personnel of the Service Provider, including employees and individuals cooperating on non-employment contracts (e.g., IT support, service maintenance, customer service).
  • 2. Entities authorized by law, including public administration authorities or courts.
  • 3. Other cooperating entities, such as:
    • a. service providers entrusted with data processing (e.g., IT providers, logistics providers, marketing agencies, courier companies),
    • b. Google, for calendar synchronization necessary to manage reservations.
      Google API usage complies with Google API Services User Data Policy.
      We do not share your Google Calendar data with any external entities.
  • 4. Accounting, legal, and advisory service providers supporting bookkeeping, claims, or legal protection.

4. Data Retention Period

Data is stored for different durations depending on the purpose:

  • 1. For contract performance and claims defense – for the period required by law (including statutory limitation periods).
  • 2. For tax and accounting purposes – 5 years from the beginning of the year following the financial year concerned.
  • 3. For account management and marketing (if consent was provided) – as long as the Client uses the services or until the Client withdraws consent.
  • 4. After these periods expire, data is deleted or anonymized.

5. Client Rights

The Client may request at any time:
access to their data, rectification, deletion, restriction of processing, objection to processing based on legitimate interest, objection to direct marketing, data portability.

The Client may also file a complaint with the President of the Personal Data Protection Office (PUODO) if they believe their data is being processed unlawfully.

6. Voluntary Data Provision

Providing personal data is voluntary but necessary to conclude and perform the service agreement and, if consent is given, to receive promotional information.

7. Data Storage Outside the EEA

Your data will not be transferred outside the European Economic Area.

8. Profiling and Automation

Client data may be processed automatically, including profiling, but decisions affecting the Client will not be made solely based on automated processing.

9. Contact

Questions regarding this Privacy Policy may be sent:
by email: [email protected]
or by mail to the Controller's registered office.

The Privacy Policy is available on the website and at the Controller's headquarters.