- The Customer acknowledges that his/her personal data will be processed by Vastint Poland spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw, ul. Żwirki i Wigury 16B, 02-092 Warszawa, hereinafter referred to as the “Controller”, pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as the “GDPR”). You may contact the Controller by e-mail at the following e-mail address: email@example.com, and by regular mail at the following address: Vastint Poland sp. z o.o., ul. Żwirki i Wigury 16B, 02-092 Warszawa, and by telephone at the following number: tel. +48 22 820 91 51.
- The Customer’s personal data consisting of the name and surname, e-mail address and telephone number shall be processed in order to:
a) provide marketing and promotion communications and offers concerning the Controller’s projects by e-mail or telephone, based on the Customer’s consent, if such consent has been given (legal basis: Article 6 sec. 1 letter a of the GDPR) – until the consent is withdrawn or until the sale of apartments is completed at the latest,
b) conduct direct marketing activities with respect to products and services (legal basis: Article 6 sec. 1 letter f GDPR) – until the purpose of processing ceases to exist,
c) to take steps at the request of the Customer prior to entering into a contract, if such request has been expressed by the Customer (legal basis: Article 6 sec. 1 letter b of the GDPR) – for as long as steps intended to enter into a contract are taken,
d) schedule a meeting with the Customer concerning the services provided by the Controller and products offered by the Controller, which constitutes one of the legitimate interests pursued by the Controller (legal basis: Article 6 sec. 1 letter f of the GDPR) – until objection against processing is raised or the purpose of processing ceases to exist, whichever is earlier,
e) carry out activity analysis which will make it possible to offer personalized content, based on the Customer’s consent, if such consent has been given (legal basis: Article 6 sec. 1 letter a of the GDPR) – until such consent is withdrawn,
a) establish, pursue or defend claims, if any (legal basis: Article 6 sec. 1 letter f of the GDPR) – no longer than it is necessary, until the expiry of the relevant limitation period for claims provided for by the Civil Code, i.e. for up to 6 years.
f) comply with legal obligations to which the Controller is subject (legal basis: Article 6 sec. 1 letter c of the GDPR) – for the period consistent with the applicable provisions of law.
- Recipients of the Customer’s personal data may be as follows:
a) entities processing data on behalf of the Controller, participating in the performance of specified activities by the Controller: providers of information systems and IT services; entities providing the Controller with advisory, consulting, marketing, audit and organizational services, legal, tax and accounting assistance, property managers, whereas such entities will process data on the basis of an agreement with the Controller and only in accordance with the Controller’s instructions;
b) entities from the INTEROGO HOLDING AG group,
c) authorities entitled to receive the Customer’s data on the basis of the provisions of law.
- Personal data may also be transferred to some subcontractors of the information system providers which are located in countries outside the European Economic Area, with respect to which the European Commission has not ascertained an adequate level of protection. If any personal data is transferred outside the EEA, the Controller shall introduce appropriate safeguards in order to ensure that such transfers are carried out in accordance with the applicable data protection regulations.
- The provision of data is voluntary. As a consequence of the failure to provide data, it will be impossible to process the Customer’s personal data for the purposes of direct marketing of products and services, or to take steps at the request of the Customer prior to entering into a contract, or to schedule a meeting with the Customer concerning the services provided by the Controller and products offered by the Controller.
- Each person has the right to request from the Controller access to its data and its rectification, erasure and restriction of processing, the right of data portability, the right to object to processing and the right to withdraw consent at any time without affecting the lawfulness of processing. A notice of withdrawal of the consent for personal data processing must be made in written or electronic form to the following e-mail address: firstname.lastname@example.org .
- Each person has the right to lodge a complaint to the President of the Personal Data Protection Office if he/she considers that the processing of his/her personal data violates the provisions of the GDPR.
- The Customer’s personal data will be processed in an automated manner, including in the form of profiling. The automated decision-making process will be carried out on the terms including the use of data left in contact forms and information on the Customer’s activity on the website (identification of interest in specific units, contents and manner of use of the website). As a consequence of such processing, personalized marketing communication will be created (personalized communications will be displayed) and data will be transferred to the Controller’s sales department.
- Profiling means personal data processing consisting of the use of the Customer’s personal data to evaluate certain features of the Customer, in particular to identify his/her interest in specific units, contents and manner of use of the website. Automated decision-making for the purposes of creating personalized marketing communication is carried out on the basis of the Customer’s consent.