PRIVACY POLICY

1. GENERAL INFORMATION

This Privacy Policy sets out the principles for the processing and protection of personal data provided by individuals in connection with their use of the services offered by HREIT Spółka Akcyjna with its registered office in Warsaw, including via the following websites:

• www.hreit.pl

• www.silverapartamenty.pl

• www.sikorskiego36.pl

• www.apartamentydabrowskiego.pl

• www.pachonskiegosky.pl

• www.tuwimagardens.pl

• www.apartamentysenatorska.pl

• www.tuwimasky.pl

• www.apartamentykilinskiego.pl

• www.apartamentylozowa.pl

• www.bdc-development.pl

• www.warszawskasky.pl

• www.apartamentyzlota.pl

• www.apartamentybarona.pl

• www.apartamentymlynowka.pl

• www.apartamentycisowa.pl

• www.apartamentyzietka.pl

• www.formeli17.pl

• www.apartamentykrogulskiego.pl

• www.skyresovia.pl

• www.apartamentydobrzanskiego.pl

• www.apartamentyostrogorska.pl

• www.apartamentybaczynskiego.pl

• www.apartamentyparkova.pl

• www.merliniegosuites.pl

• www.apartamentyskarbkazgor.pl

• www.apartamenty-kosciuszki.pl

• www.greencitywro.pl

• www.lakehousezegrze.pl

(hereinafter: „“Website””).  

2. WHO IS THE CONTROLLER OF MY PERSONAL DATA?

The Controller of your personal data is HREIT Spółka Akcyjna with its registered office in Warsaw, ul. Księdza Ignacego Jana Skorupki 5, 00-546 Warsaw, entered in the Register of Entrepreneurs of the National Court Register by the District Court of the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register, KRS number: 0000741906, NIP (Tax ID): 5252757857, REGON (National Business Registry Number): 380873593 or a company of the HREIT Capital Group which provides the Website service (hereinafter “Controller”).

3. WHAT IS PERSONAL DATA AND WHAT DOES PROCESSING ENTAIL?

Personal data means information about an identified or identifiable natural person. Processing personal data is basically any action on personal data, whether or not carried out by automated means, such as collection, storage, recording, organisation, modification, viewing, use, disclosure, restriction, erasure or destruction. The Controller processes personal data for various purposes, and depending on the purpose, there may be different means of collection, legal basis for processing, use, disclosure and applicable retention periods.

4. WHEN DOES THIS PRIVACY POLICY APPLY?

This Privacy Policy applies to all cases where Controller is the personal data controller and processes personal data. This applies both where the Controller processes personal data obtained directly from the data subject and where personal data have been obtained from other sources. The Controller fulfils its information obligations in both of the above cases, as set out in Article 13 and Article 14 GDPR respectively, in accordance with these provisions.

5. LEGAL BASIS

To ensure the security of the data entrusted to us, we have developed internal procedures and recommendations to prevent data from being made available to unauthorised persons. We monitor their implementation and continuously check their compliance with the relevant legislation. Personal data contained in forms and personal data collected automatically or obtained in connection with the provision or offering of services are processed in compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). We will only process your data for the purposes that you have agreed to by ticking the relevant boxes in the form provided on the Website or by other explicit means. The legal basis for processing your personal data is your consent to the processing or the requirement to provide the service you have requested from us (pursuant to Article 6(1)(a) and (b) GDPR). Depending on the purpose for which your data is processed, the Controller has appropriate legal bases for processing your data, for example:

• where the processing is necessary for the performance of a contract concluded with you or to take steps at your request prior to the conclusion of a contract - Article 6(1)(b) GDPR,

• where you are asked to consent to the processing of data for a specific purpose - Article 6(1)(a) GDPR,

• when we have so-called legitimate interests, e.g. to receive and respond to your enquiry - Article 6(1)(f) GDPR,

• when the processing is necessary for the fulfilment of a legal obligation incumbent on us, e.g. if we have to make personal data available to state authorities - Article 6(1)(c) GDPR.

Please be informed that the provision of personal data to the Controller is not a statutory requirement and that you are not obliged to provide such data. The provision of personal data for marketing and commercial purposes is voluntary and we do not make the provision of any services contingent on obtaining consent for the use of data for marketing and commercial purposes. If you have ordered a service from us then the provision of data is necessary for the performance of the contract or in order to provide the service in question.

6. CONSENT

Personal Data is processed on the basis of consent and in cases where the law authorises the Controller to process personal data on the basis of the provisions of the law or for the performance of a contract concluded between the parties.

In no case shall the Controller collect or process sensitive personal data: revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or genetic data, biometric data for the purpose of uniquely identifying a natural person or data concerning a person’s health, sexuality or sexual orientation.

Insofar as you have given the appropriate consent to the processing of your data for marketing and commercial purposes then your data will be processed permanently unless you withdraw your consent to their use. If you have not given this consent we will only process your data for the duration of our service provision (for example, the time you use our service). Nevertheless, we may retain your data after you have withdrawn your consent or after the provision of services to you has ended, if this processing is justified by law (e.g. for accounting and tax purposes) or if we anticipate that archiving your data is necessary to protect our rights.

7. AUTOMATIC COLLECTION OF INFORMATION

In some cases, the Controller and service providers use cookies, navigational tags and other technologies to automatically collect information of a certain type during visits to our website or via email addresses. Collecting this type of information will allow us to better understand and improve the operation, functionality and performance of the Website and determine the effectiveness of our marketing efforts.

Information collected in this way does not always constitute personal data, i.e. allow us to identify a specific user, but this may be the case, for example, if it is possible to link an IP address or location information to a specific e-mail address.

8. IP ADDRESSES

An IP address is an individual number assigned to a computer when it connects to the Internet, which allows communication between the computer and the server. IP addresses of website visitors may be recorded for information system security and diagnostic purposes. This information may also be used in aggregate form to analyse web trends and evaluate website performance.

9. COOKIES AND PROFILING

Please be informed that in order to adapt the content and services of our website hreit.pl to the individual interests and needs of our users, we use information stored by the servers on the user’s terminal equipment (computer, tablet, smartphone, etc.), which the servers can read each time the user connects using this equipment, i.e. the so-called “cookies”. These servers may also use other technologies with functions similar or identical to cookies.

Cookies are IT data, in particular text files, which, by being stored on the user’s terminal equipment, allow the user’s behaviour, interests and needs to be learned. Cookies provide, among others, statistical data about the use of the Website and its functions. Cookies do not, as a rule, identify the user’s personal data. Cookies always contain the domain name of the Website and the time of their storage on the end device.

Cookies can be saved on the end device of the user of the Website and then used by advertisers, research companies and suppliers of multimedia applications cooperating with the Controller. Below is a list of our trusted entities that we allow to use cookies on our websites.

10. COOKIES ARE USED FOR:

• adapting the content of the Website’s pages to the user’s preferences and optimising the use of the pages, as cookies allow the Website user’s device to be recognised and the page to be displayed appropriately, tailored to the user’s individual needs,

• creating statistics which help us to understand how users of the Website use our Websites, so that we can improve them (we check how many users we have, how long users use our website, what content they are particularly interested in)

• providing users with advertising content that is more tailored to their interests through what is known as profiling, i.e. verification of their interests and preferences resulting from the analysis of the used websites.

We may use the following types of cookies on the Website:

• "necessary" cookies to enable the use of services available on the Website, e.g. authentication cookies used for services that require authentication on the Website;

• cookies used for security purposes, e.g. used to detect misuse with regard to Website authorisations,

• cookies used for the collection of information about the use of the pages of the Website,

• so-called functional cookies, which allow for “remembering” the user’s selected settings and personalizing the user’s interface, e.g. with regard to the selected language or region of the user’s origin, the font size, the appearance of the website, etc.,

• advertising cookies, making it possible to provide users with advertising content more tailored to their interests.

In many cases, the web browsing software (web browser) allows cookies to be stored on the user's terminal equipment by default.

Each user has the option, at any time, to disable the use of cookies in their software. Detailed information about the possibility and methods of using cookies is available in the settings of your software (web browser).

Disabling cookies may make it difficult or even impossible to use certain services on the Website, but it will not prevent you from reading or viewing content on the Website, except for content which requires a login to access.

The user’s consent to receive cookies is given by changing the settings of the browser that allows the processing of cookies or by giving consent in the corresponding window on the Website.

11. LOCALISATION TOOLS

The Controller may collect and use data about the geographic location of the user’s computer or mobile device. Location data is collected to provide users with information about services that we think may be of interest to them because of their location. They are also collected in order to improve our products and services based on geolocation solutions.

12. WIDGETS AND SOCIAL NETWORKING APPS

The Website may include features that make it possible to share content via third-party social media applications, such as the Facebook “Like” button or Twitter widget. All of these social media applications may collect and use data on user activity on the Controller’s websites. Any personal information that you provide through these social media applications may be collected and used by other users of these social media applications, and interactions conducted through these applications are subject to the privacy policies of the companies that provide the applications. We have no influence on and accept no responsibility for the above companies and their use of the users’ personal data.

In addition, the Controller’s websites may include blogs, discussion forums, crowdsourcing sites and other applications or services (collectively, “social media features”). The purpose of the social media features is to facilitate the sharing of knowledge and content. Any personal information provided by users using any of the Controller’s social media features may be shared with other users of that feature (unless otherwise stated at the time of collection) over which we have limited or no control.

13. WHAT PURPOSES ARE MY PERSONAL DATA BEING PROCESSED FOR?

By using our website, your personal data is collected and further processed for the purposes set out in the data protection policy. Thus, depending on the website where you leave your data, we inform you of the relevant processing purposes in each case, but we can indicate the following known processing purposes:

• registration for a specific event or publication,

• subscribing to materials of interest to you,

• enrolment in a dedicated programme,

• submission of a request for quotation or presentation of the services provided,

• ordering commercial and promotional information (e.g. sending newsletters to the e-mail address provided, sending commercial information about our and our trusted partners’ various products and services, sending information about our and our trusted partners’ various competitions, promotional campaigns),

• submitting a contact enquiry,

• use of online applications or tools.

We use the information you provide for the following purposes:

• those inherent in the performance and provision of services via the Website, provision of Products to you and provision of Services;

• in order to verify the quality of the service provided, for keeping market statistics (we check how many users visit our Website, how long they stay on the Website and what content they are particularly interested in, so as to tailor the content of the Website to the needs of its users), and for user profiling purposes (cookies);

Personal data provided by persons and subsequently collected in the manner described above, as well as data within the scope of consent to data processing for commercial and promotional purposes, enable identification of persons only by the Controller. The data may be transferred to third parties only if necessary and to the extent necessary - to entities cooperating with the Controller within the scope of services provided to the Controller and supporting the Controller’s current business activity, i.e. entities providing legal services, courier services, agencies, offices and real estate agents, IT, HR or marketing entities, banks granting loans to the Controller’s customers or banks maintaining trust accounts for investments, and companies from the Capital Group of HREIT Spółka Akcyjna with its registered office in Warsaw. Information on users’ IP addresses may be passed on to authorised state authorities at their request for the purposes of their investigations or to third parties on the basis of decisions issued by state authorities. These entities are not data controllers and only use the entrusted data for the purposes indicated by us and resulting from the grounds described above. Data resulting from the collection of so-called cookies is processed by our trusted partners, a list of which is indicated below (see cookies).

14. ACCESS TO DATA AND PERMISSIONS

Personal data can be accessed by the individual concerned (data subject). The data subject also has the right to modify and stop the processing of their data at any time, they also have the following rights in relation to the processing of their personal data as referred to in the GDPR, i.e.:

• the right to request access to their own personal data (including to obtain confirmation as to whether or not it is being processed and to obtain information on, for example, the purposes, sources, categories of data processed or the duration of storage), which includes the right to receive a copy of their own data free of charge (for any further copies requested by the data subject, we may charge a reasonable fee based on administrative costs),

• the right to rectification of their personal data (where it is inaccurate), which includes requesting that incomplete personal data be completed, but for this purpose we may ask for an additional declaration to be provided,

• the right to erasure of personal data (the so-called “right to be forgotten”) when, for example, the data are no longer necessary for the purposes for which they were collected, consent to their processing has been withdrawn, or there are no other legal grounds for their processing,

• the right to restrict data processing when, for example, the data subject questions the accuracy of their personal data - for a period allowing us to check the accuracy of the data,

• the right to object to processing,

• the right to data portability, including to receive from us in a structured, commonly used machine-readable format the data subject’s personal data that they have provided to us,

• the right to withdraw consent given for the processing of data (whereby withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent before its withdrawal),

• the right to lodge a complaint with the President of the Personal Data Protection Authority if the data subject believes that the processing of personal data is in breach of GDPR,

15. DATA SECURITY AND INTEGRITY

The Controller has appropriate policies and procedures in place to safeguard personal data against unauthorised loss, misuse, alteration or destruction. However, even despite our best efforts, it is not possible to completely secure data against all threats. Every effort is made to ensure that access to personal data is limited to those who have a need to know the information. Those who have access to the data are obliged to maintain its confidentiality. In addition, one of the Controller’s policies in this regard is to keep personal information only for such a period of time as:

• the data are necessary for notification purposes,

• the data are necessary for the exercise of a right or obligation under generally applicable law or under the policies, regulations or other requirements applicable to the Controller, or

• until the data subject requests the deletion of such information.

The retention period for personal data depends on the specific nature and circumstances (and in particular the purpose) for which the personal data was collected.

16. CHANGES TO PRIVACY POLICY

The Controller reserves the right to change the Privacy Policy, which may be influenced by developments in Internet technology, possible changes in the law on the protection of personal data and the development of our Website and services. The Controller will communicate any changes in a visible and understandable way.

17. LINKS TO OTHER SITES

Links to other websites may appear on the Website. Such websites operate independently of the Website and are not supervised by the Controller in any way. These websites may have their own privacy policies and regulations, which we recommend you read carefully.

18. CONTACT

If you have any questions about any of the provisions of this Privacy Policy, we are happy to help - our details can be found in the CONTACT section.

For any issues regarding data protection, please use the following email address: rodo@hreit.pl