Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as "GDPR"), we inform you that:

Data Controller The data controller is InnoBaltica Sp. z o.o., ul. Lastadia 2, 80-880 Gdańsk, email: innobaltica@innobaltica.pl.

Data Protection Officer In all matters regarding the protection of personal data, you have the right to contact our Data Protection Officer at the following e-mail address: iod@innobaltica.pl.

Purposes and Legal Basis for Processing Your personal data is processed for the following purposes:

1. To use the services available in the FALA Application, including creating a User profile, customizing, analyzing, and improving services, providing information about them, and ensuring the security of their provision. The legal basis is Art. 6(1)(b) GDPR (performance of a contract via acceptance of the Terms and Conditions).

2. To conduct marketing and sales activities and enable contact regarding the services provided. The legal basis is Art. 6(1)(f) GDPR (legitimate interest of the Controller).

3. To handle complaints, archive documentation, and perform financial and tax settlements. The legal basis is Art. 6(1)(c) GDPR in conjunction with the Transport Law, the Commercial Companies Code, the Tax Ordinance, and other legal provisions.

4. To process personal data regarding encoded discount entitlements for travel. The legal basis is Art. 6(1)(a) and Art. 9(2)(a) GDPR (Passenger's consent).

Obligation to Provide Data Providing data resulting from legal provisions is mandatory. In the case of voluntary provision of data other than those required by the aforementioned acts, the basis for processing is Art. 6(1)(a) GDPR (Passenger's informed consent).

Data Retention Period Your personal data will be processed for the duration of your use of the FALA Application services (term of the contract). If you decide to stop using the FALA Application, your data will be stored for a period of 5 years from the end of the calendar year in which the contract was terminated, to the extent necessary to fulfill legal obligations and in connection with potential claims or defense against claims.

Data Recipients

1. Recipients of your data include entities authorized by law, including the following ticket issuers:

   • ZTM Gdańsk, ZKM Gdynia, ZIM Słupsk, MZK Chojnice, ZKM Lębork, MZK Wejherowo, P.A. Gryf, PKS Gdynia, POLREGIO S.A., PKP SKM w Trójmieście.

2. Data will be shared with the Controller's employees who are authorized and trained in data protection to ensure proper service.

3. Data may also be shared with authorized persons, IT service providers, postal/courier operators, card manufacturers, and other entities providing services under the transport agreement or for the Controller.

4. Passenger data is also co-administered during joint complaint processes. Co-administration agreements exist between the Controller and: POLREGIO S.A., PKP SKM w Trójmieście, and ZKM Gdynia.

Rights of Individuals

1. You have the right to request access to your personal data, obtain a copy, rectify, erase, or restrict processing, the right to data portability, the right to object, and the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO).

2. You have the right to withdraw consent at any time (regarding marketing or discount entitlements). Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

3. Some of these rights may be limited by the provisions of Chapter III of the GDPR.