Privacy Policy

The following Privacy Policy outlines Rules for Storing and Accessing Data on User Devices using the Service for the purposes of providing electronic services by the Administrator and the rules for collecting and processing User personal data, which were provided by them personally and voluntarily through the tools available on the Service.

The following Privacy Policy is an integral part of Terms of Service, which defines the rules, rights, and obligations of Users using the Service.

§1 Definitions

• Service – the internet service „100.pkp.pl” operating at https://100.pkp.pl
• External service – internet services of partners, service providers, or service recipients cooperating with the Administrator
• Administrator - The Administrator of the Site and the Data Administrator is the company „Polskie Koleje Państwowe S.A.”, conducting business at the address: Al. Jerozolimskie 142A, 02-305 Warsaw, with assigned tax identification number (NIP): 525-000-02-51, with assigned KRS number: 0000019193, providing services electronically through the Website
• User – natural person for whom the Administrator provides services electronically through the Service.
• Device – electronic device along with software, through which the User accesses the Service
• Cookies text data collected in the form of files stored on the User Device
• GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
• Personal data - means information about an identified or identifiable natural person („data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person
• Processing - means an operation or set of operations performed on personal data or sets of personal data in an automated or non-automated manner, such as collection, recording, organizing, structuring, storing, adapting or modifying, retrieving, viewing, using, disclosing by transmission, dissemination or otherwise making available, matching or linking, limiting, deleting or destroying;
• Processing limitation – means marking personal data for the purpose of restricting its future processing
• Profiling – means any form of automated processing of personal data which consists of using personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements
• Agreement – consent of the data subject means a voluntary, specific, informed, and unambiguous indication of the data subject's will, by means of a statement or a clear affirmative action, through which the data subject agrees to the processing of personal data concerning them
• Data breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored, or otherwise processed
• Pseudonymization – means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person
• Anonymization Data anonymization is an irreversible process of data operations that destroys/overwrites personally identifiable information, making it impossible to identify or link a given record to a specific user or individual.

§2 Data Protection Officer

The Administrator has appointed a Data Protection Officer. The Data Protection Officer can be contacted regarding all matters pertaining to the processing of personal data via email at: iod@pkp.pl or in writing to the address: Al. Jerozolimskie 142A, 02-305 Warsaw.

§3 Cookie Types

• Internal cookies – files uploaded and read from the User Device by the Service's IT system
• External cookies – files posted and read from the User's Device by the teleinformation systems of External Services. Scripts of External Services, which may place Cookies files on the User's Devices, have been deliberately placed in the Service through scripts and services provided and installed in the Service
• Session cookies – files uploaded to and read from the User Device by the Service during a given User Device session. After the session ends, the files are deleted from the User Device.
• Durable cookies – files uploaded to and read from the User Device by the Service until they are manually deleted. Files are not automatically deleted after the end of the User Device session unless the User Device configuration is set to delete cookies after the end of the User Device session.

§4 Data Storage Security

• Cookie Storage and Retrieval Mechanisms – The mechanisms for storing, reading, and exchanging data between the Cookies saved on the User's Device and the Service are implemented through the built-in mechanisms of web browsers and do not allow for the downloading of other data from the User's Device or data from other websites visited by the User, including personal data or confidential information. The transfer of viruses, Trojan horses, and other worms to the User's Device is also practically impossible.
• Internal cookies – The Cookies used by the Administrator are safe for User Devices and do not contain scripts, content, or information that could compromise the security of personal data or the security of the Device used by the User.
• External cookies – The Administrator takes all possible actions to verify and select service partners in the context of User safety. The Administrator selects well-known, large partners with global public trust for cooperation. However, the Administrator does not have full control over the content of cookies from external partners. For the security of cookies, their content, and their licensed use by scripts installed on the service originating from external services, the Administrator shall not be liable to the extent permitted by law. The list of partners is provided further in the Privacy Policy.
• Cookie Control
  • The user can change settings regarding the saving, deletion, and access to data from saved cookies by any website at any time, independently.
  • Information on how to disable cookies in the most popular desktop browsers is available at: How to disable cookies or from one of the indicated providers:
    • Cookie Management in Browser Chrome
    • Cookie Management in Browser Opera
    • Cookie Management in Browser Firefox
    • Cookie Management in Browser Edge
    • Cookie Management in Browser Safari
    • Cookie Management in Browser Internet Explorer 11
  • The User may at any time delete all previously saved Cookies using the tools of the User's Device, through which the User uses the Service's services.
• User-side threats - The Administrator uses all possible technical measures to ensure the security of the data placed in cookies. However, it should be noted that ensuring the security of this data depends on both parties including the activities of the User. The Administrator is not responsible for the interception of this data, impersonation of the User's session or its deletion, as a result of the User's conscious or unconscious activity, viruses, Trojan horses and other spyware with which the User's Device may be or has been infected. Users, in order to protect themselves from these threats, should comply with the following Terms of Use.
• Personal data storage The Administrator assures that they make every effort to ensure that personal data provided voluntarily by Users is secure, access to it is limited, and it is processed in accordance with its purpose and processing objectives. The Administrator also assures that they make every effort to protect the data they possess from loss by implementing appropriate physical and organizational security measures.

§5 Purposes for which cookies are used

• Improving and facilitating access to the Website
• Personalized Service for Users
• Marketing, Remarketing on External Services
• Statistics management (users, visits, device types, bandwidth, etc.)
• Serving multimedia services
• Social services

§6 Purposes of Personal Data Processing

Personal data voluntarily provided by Users are processed for one of the following purposes:

• Electronic service delivery:
  • Information sharing services for content posted on the Service on social networking sites or other websites.
• Administrator's communication with Users regarding the Service and data protection
• Realization of the Administrator's Legally Justified Interest

Data about Users collected anonymously and automatically is processed for one of the following purposes:

• Statistics Management
• Remarketing
• Realization of the Administrator's Legally Justified Interest

§7 Third-Party Website Cookies

The Administrator on the Service uses JavaScript scripts and web components from partners, who may place their own cookies on the User's Device. Please remember that you can decide for yourself in your browser settings which cookies are allowed to be used by individual websites. Below is a list of partners or their services implemented on the Service that may place cookies:

• Multimedia Services:
  • YouTube
  • Spotify
• Social/Connected Services:
  (Registration, Login, content sharing, communication, etc.)
  • X
  • Facebook
  • Instagram
• Maintaining statistics
  • Google Analytics

Services provided by third-party entities are beyond the Administrator's control. These entities may change their terms of service, privacy policies, data processing purposes, and cookie usage methods at any time.

§8 Types of Data Collected

The Service collects data about Users. Some data is collected automatically and anonymously, while some data is personal data voluntarily provided by Users during registration for the individual services offered by the Service.

Anonymous data collected automatically:

• IP address
• Browser type
• Screen resolution
• Approximate location
• Opened website subpages
• Time spent on the appropriate website subpage
• Operating system type
• Previous page address
• Referer URL
• Browser language
• Internet connection speed
• Internet service provider

Data collected during registration:

• Email address
• IP Address (Collected Automatically)

Data collected during newsletter signup

• Email address

Some data (without identifying data) may be stored in cookies. Some data (without identifying data) may be passed to a statistics service provider.

§9 Third-party access to personal data

The sole recipient of personal data provided by Users is the Administrator. Data collected as part of the provided services is not transferred or resold to third parties.

Access to data (most often based on a Data Processing Agreement) may be held by entities responsible for maintaining the infrastructure and services necessary to operate the website, such as:

• Hosting companies that provide hosting or related services to the Administrator

Entrusting the processing of personal data – Hosting, VPS, or Dedicated Server Services

The administrator uses the services of an external hosting provider, VPS, or Dedicated Servers to operate the service – PKP Informatyka LLC.