Terms and policies

Section 1. Who controls the data

The controller of personal data within the scope described in this Privacy Policy is /k/systems Krzysztof Kaszkowiak, ul. Cedrowa 7, 62-090 Rokietnica, Poland, Tax ID (NIP): 787 192 48 11.

For matters relating to personal data, you may contact us at [email protected], and for general matters at [email protected]. User support is also available at [email protected] and through the form available at https://trevo.me/support.

Section 2. Scope of this Privacy Policy

This Privacy Policy describes how Trevo processes the personal data of persons visiting trevo.me, creating an account, making reservations or purchasing vouchers, contacting us, publishing reviews, and representatives of Partners using the Platform.

This Privacy Policy applies to data processed by Trevo on its own behalf. If you use the offer of a specific Partner, that Partner is a separate controller with respect to data related to performance of its service, handling complaints concerning that service, sales and fulfilment of its own legal obligations.

To the extent that a Partner uses Trevo as a tool for handling its activity, Trevo may also process certain data on the Partner’s behalf. In that case, the Partner is responsible for the content of its own data processing information addressed to its customers.

Section 3. What data we may process

Depending on how you use Trevo, we may process in particular your first and last name, e-mail address, phone number, account and settings data, reservation and voucher data, payment and settlement data, the content of correspondence, the content of reviews, business data and data of persons representing a Partner, technical data concerning use of the Service, and information stored in cookies or similar technologies.

If you purchase a voucher for another person or make a reservation for someone else, you should provide us only with the data necessary for that purpose and do so in accordance with the law.

Please do not provide special categories of data through Trevo, such as detailed health data, unless this is expressly required by a specific service and lawful under applicable regulations.

Section 4. Purposes, legal bases and retention periods

We process personal data mainly for the following purposes:

• maintaining the account and enabling use of the Service’s functions;

• handling reservations, voucher purchases and communication related to an order;

• settlements, accounting, financial documents and public-law obligations;

• handling support, complaints and user requests;

• ensuring security, preventing abuse and pursuing or defending claims;

• publishing and moderating reviews and other public content;

• concluding and performing the agreement with a Partner;

• marketing of Trevo’s own services, where carried out in accordance with law.

The legal basis for processing depends on the situation and may be necessity to conclude or perform a contract, a legal obligation binding on the controller, the controller’s legitimate interest, or the user’s consent where such consent is required.

We retain data for the period necessary to achieve the purpose for which it was collected, and afterwards for the period required by law or needed to establish, pursue or defend claims.

Billing data and accounting documents are retained, as a rule, for the period resulting from tax and accounting regulations. Data related to the account, reservations, vouchers, support and cooperation with Partners are retained for the duration of the relationship and for the limitation period for claims. Technical and security data are retained for the period justified by the need to protect the Service and detect abuse.

Section 5. Where we get data from

We obtain data primarily directly from you when you create an account, place a reservation, purchase a voucher, contact us or publish a review.

If you use a Partner’s offer, some data may be provided by the Partner or generated in connection with performance of the reservation, payment or after-sales handling.

In the case of Partners, we may also obtain data from publicly available registers or from documents provided to us during verification and settlements.

Information on payment or settlement status may also come from payment providers and financial institutions handling a transaction.

Section 6. To whom we may disclose data

We may disclose data only where this is necessary to achieve the purpose of processing, perform a contract, comply with legal obligations or protect our rights.

Recipients of data may include in particular:

• Partners with whom you make a reservation or purchase;

• payment providers, banks and entities handling settlements;

• providers of hosting, e-mail, user communication, technical support, security tools and entities maintaining IT infrastructure;

• entities supporting us in accounting, legal advice, claims handling and audit;

• competent public authorities, where disclosure is required by law.

Section 7. Transfers of data outside the European Economic Area

As a rule, we seek to ensure that data is processed within the European Economic Area.

However, if the use of certain providers’ services results in a transfer of data outside the European Economic Area, we apply the safeguards required by law, in particular adequacy decisions or standard contractual clauses approved by the European Commission.

Section 8. Your rights

Within the limits provided by law, you have the right to:

• access your data and obtain a copy of it;

• rectify data;

• erase data;

• restrict processing;

• data portability;

• object to processing based on our legitimate interest;

• withdraw consent at any time, where processing is based on consent;

• lodge a complaint with the President of the Personal Data Protection Office in Poland.

To exercise your rights, contact us at [email protected]. We may ask for additional information necessary to confirm your identity and safely handle the request.

Section 9. Cookies and similar technologies

Trevo uses cookies and similar technologies mainly to ensure proper operation of the Service, maintain the user session, remember selected settings, protect security, properly carry out the reservation and payment process, and measure basic technical performance parameters of the Service.

Cookies necessary for the operation of the Service are used on the basis of our legitimate interests and in connection with the necessity to provide the services requested by the user.

If we introduce additional analytical, marketing or functional cookies in the Service that require consent, they will be used only after such consent has been obtained through an appropriate privacy preference management tool.

You may also change cookie settings in your browser. Restricting the use of certain cookies may, however, affect the proper functioning of selected Service features.

Section 10. Automated decision-making

We do not make decisions concerning you based solely on automated processing that would produce legal effects concerning you or similarly significantly affect you.

We may use automated mechanisms for detecting abuse, protecting security, maintaining Service stability or directing system messages, but such mechanisms do not replace individual assessment where required by law.

Section 11. Data security

We apply appropriate organisational and technical measures intended to protect data against loss, unauthorised disclosure, destruction, modification or access by unauthorised persons.

Data is accessible only to persons and entities that need such access to perform their duties and are bound by confidentiality obligations.

Section 12. Amendments to the Privacy Policy

This Privacy Policy may be updated in the event of changes in law, development of the Service or changes in the way data is processed. The current version is always published in the Service.

If this Privacy Policy is also made available in other language versions, the Polish version of the document shall prevail.