Definitions:
- Data Administrator – a natural or legal person, public authority, unit or other entity that, alone or jointly with others, determines the purposes and methods of processing personal data,
- Personal data – any information relating to an identified or identifiable natural person,
- Data set – any ordered set of personal data, available according to specific criteria,
- Data processing – any operations performed on personal data, such as collecting, recording, storing, processing, changing, sharing and deleting in traditional form and in IT systems.
Information on the processing of personal data
It is carried out in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as : „ GDPR’’”).
Personal Data Administrator:
VINCI Immobilier Polska sp. z o.o. with its headquaters in Warsaw, at Domaniewska 32 Street, entered into the Register of Entrepreneurs of the National Court Register under the KRS number: 0000682823 in the District Court for the Capital City of Warsaw in Warsaw, XIII Commercial Division of the National Court Register, NIP: 5213785217, REGON: 36755339300000
I. General provisions
- The Policy applies to Personal Data processed at VINCI Immobilier Polska Sp. z o. o., regardless of the form of their processing (traditionally processed records, IT systems) and whether the data is or can be processed in data files.
- We receive your Personal Data:
- by using the contact form available on our website,
- by e-mail,
- by phone to contact VINCI Immobilier Polska sp. z o.o.,
- when concluding an appropriate contract with the company,
- by consenting to electronic contact for marketing purposes.
- The Data Administrator ensures that the activities performed in connection with the processing and securing personal data are consistent with this policy and applicable legal provisions.
II. Purposes of data processing, legal basis and period of storage of personal data
- In the case of an inquiry submitted via the contact form on the website or via e-mail, the data will be processed for the purposes of:
- answering the question, considering and processing the application. The legal basis for data processing is the legitimate interest of the data controller, which is to provide reliable information to people contacting us and to redirect the matter to the appropriate department in our company (legal basis: Article 6(1)(f) of the GDPR),
- documenting the completed case for evidentiary purposes in connection with defense against possible claims (legal basis: Article 6(1)(f) of the GDPR).
The data will be stored for a period of 1 year, and in some cases until the claims expire, i.e. for 6 years.
- In connection with leaving data for the conclusion of a reservation or development contract, the data will be processed for the purposes of:
- signing and implementing the contract (legal basis: Article 6(1)(b) of the GDPR),
- keeping accounting and tax documentation (legal basis: Article 6(1)(c) of the GDPR),
- conducting possible disputes and pursuing claims under the signed contract and conducting fraud investigations – which constitutes the legitimate interest of the Administrator (legal basis: Article 6(1)(f) of the GDPR),
- fulfillment of legal obligations incumbent on the Administrator, in particular resulting from the Act of September 16, 2011 on the protection of the rights of the purchaser of residential premises or a single-family house and the Act of June 24, 1994 on the ownership of premises (legal basis: Article 6, section .1(c) GDPR),
- carrying out activities resulting from the warranty for proper performance of the development contract. The legal basis for data processing is a legal provision, i.e. the Civil Code. The data will be processed for a period of 6 years,
- providing data to credit advisors cooperating with us. The legal basis for data processing is the consent of the person,
- providing contact details to designers and subcontractors in order to determine tenant changes at the stage of finishing the premises. The legal basis for data processing is the necessity to provide data in order to perform the contract with the buyer of the premises,
- debt collection resulting from the signed contract. The legal basis is the legitimate interest of the data controller, which is to pursue financial claims in connection with the contract. The data will be processed for the duration of the limitation period for claims, and in the case of a court case, until the end of the proceedings.
The data will be stored for the period resulting from legal provisions, in particular accounting provisions, and additionally until the limitation period for claims in connection with the signed contract expires. In the event of a possible legal dispute, personal data will be stored at least until the final conclusion of the proceedings in this case.
- Marketing purposes:
Due to the fact that you leave your personal data to us, our legitimate interest is the possibility of processing data for direct marketing purposes. The data will be processed until you object.
If a person expresses a desire to receive information about our investments and services electronically or by telephone, using telecommunications terminal devices and the so-called automatic calling systems, we will send information about our offer by e-mail or by telephone contact with our consultant, depending on the consent granted. The legal basis for data processing is voluntary consent expressed by checking the appropriate checkbox on the form or leaving us an e-mail address or telephone number for this purpose.
In some cases, it will be possible to leave contact details solely for the purpose of receiving information regarding a specific construction investment. In such a case, the form will precisely specify what the consents concern.
If you contact us by phone to obtain information about the offer, we will save your telephone number in the database in order to provide further information regarding your inquiry in the future. In such a situation, we will ask you whether you consent to this.
The data will be processed until the consent is withdrawn.
- In connection with cooperation with contractors and suppliers, we process data of representatives of entities and employees designated for cooperation for the purposes of:
- negotiating and implementing the contract, which is the legal basis for data processing in the case of persons representing the entity. The data will be processed for the period resulting from legal provisions, in particular accounting regulations,
- negotiating contracts,
- evidence in connection with claims, which is the legitimate interest of the data controller. The data will be processed until the claims expire.
- Video monitoring in the office and construction site for the safety of people staying on the premises and property, which is the legitimate interest of the data controller. The data will be processed for a period of 1 month, and in the case of ongoing court proceedings, until the proceedings are completed.
III. Data recipients:
- employees and collaborators of the Data Administrator authorized to process data,
- entities processing personal data on behalf of the administrator and solely on the basis of a data entrustment agreement, including: in the field of IT services, debt collection, consulting services, marketing services, property management and administration services,
- in the case of a decision to conclude a development contract, the data will also be made available to a notary office in order to prepare the contract,
- credit advisors in connection with concluded credit agreements,
- banks maintaining housing trust accounts in connection with the account maintained.
IV. Rules for collecting personal data
Providing data to the extent necessary to conclude a contract is voluntary, but failure to provide it results in the inability to conclude a contract. Providing data for marketing purposes is voluntary.
V. Rights related to the processing of personal data
The data subject may exercise the following rights against the Administrator:
- the right to request access to your personal data and obtain information on their processing, and if they are incorrect, you have the right to request their rectification (in accordance with Articles 15 and 16 of the GDPR),
- the right to request restriction of the processing of his data in the situations and on the terms specified in Art. 18 GDPR (The data subject may request that the processing of his or her personal data be restricted for the period of verification of their accuracy or until his or her objection to data processing is considered. This right also applies if, in the opinion of the data subject, the processing of his or her data is unlawful, but he or she does not want to for the data to be deleted immediately or if the data is needed longer than the assumed processing period due to the establishment or defense of claims),
- the right to request the deletion of data in accordance with Art. 17 GDPR (“right to be forgotten”),
- the right to transfer personal data in accordance with Art. 20 of the GDPR, i.e. to receive your personal data from the Administrator in a structured, commonly used, machine-readable format (by computer), and to request their transfer to another data administrator; This right applies only to data provided to the Administrator by the data subject, which is processed in connection with the performance of the contract and is in electronic form,
- the right to withdraw at any time the previously granted consent to the processing of her personal data, which, however, will not affect the legality of the processing of personal data that was based on this premise and took place before exercising the right to withdraw consent,
- the right to object at any time to the processing of her personal data for reasons related to her particular situation, if the data are processed by the Administrator as part of the implementation of its legitimate interests (in accordance with Article 21(1) of the GDPR),
- the right to object at any time to the processing of her personal data for direct marketing purposes (in accordance with Article 21(2) of the GDPR).
To exercise the above rights, please contact the Data Administrator
In addition, a person has the right to lodge a complaint about the processing of his or her personal data to the President of the Personal Data Protection Office (address: Stawki 2 Street, 00-193 Warsaw).
VI. Safety management
- All personal data are processed in compliance with the processing principles provided for by law:
- whenever there is at least one of the legal grounds for data processing,
- the data is processed reliably and transparently,
- personal data are collected for specific and explicit purposes and not further processed in a manner incompatible with these purposes,
- personal data are processed only to the extent necessary to achieve the purpose of data processing,
- personal data is correct and updated, if necessary,
- the data storage period is limited to the period necessary to achieve the purposes for which they were collected, and after this period they are anonymized or deleted,
- the information obligation is fulfilled towards the data subject in accordance with Art. 13 and 14 of the GDPR, depending on the source of data acquisition.
- Data is protected against violations of data protection rules.
- VINCI Immobilier Polska sp. z o.o. implements appropriate technical and organizational measures to ensure a level of security during the processing of personal data corresponding to the possible risk of violating the rights and freedoms of natural persons with varying probability of occurrence and threat severity.
- VINCI Immobilier Polska sp. z o.o. takes the necessary actions to ensure that its employees and cooperating persons guarantee the use of appropriate security measures whenever they process personal data for the Administrator.
VII. Violations of personal data protection rules
- In the event of a breach of personal data protection, the Administrator assesses whether the breach may have resulted in a risk of violating the rights and freedoms of natural persons.
- In each situation in which the breach could result in a risk of violating the rights and freedoms of natural persons, the Administrator shall report the fact of breach of data protection principles to the supervisory authority without undue delay – if possible, no later than 72 hours after discovering the breach.
- If the risk of violating rights and freedoms is high, the Administrator also notifies the data subject about the incident.
- Administrator, in accordance with Article 33 section 5 GDPR, documents all personal data protection violations.
VIII. Violations of personal data protection rules
- The data administrator may entrust the processing of personal data to another entity only by way of a contract concluded in writing, in accordance with the requirements specified for such contracts in Art. 28 GDPR.
- Before entrusting the processing of personal data, the Administrator, whenever possible, obtains information about the processor’s current practices regarding the security of personal data.
Cookies and Google Analytics
- The website uses cookies. These are small text files sent by the web server and stored by the computer’s browser software; they are saved on the disk of the end-user’s device to facilitate navigation and adapt the website to the user’s preferences. Thanks to them, your individual settings are remembered and thanks to them you can log in, for example, to your e-mail. Blocking the storage of cookies on the end device or deleting them is possible after properly configuring the web browser settings, but this may result in difficulties or inability of some website functions. Failure to change your web browser settings to block cookies is tantamount to consenting to their storage.
- This website uses two types of Cookies:
- session cookies, which are permanently deleted when the User’s browser session ends,
- permanent, which remain after the end of the browser session on the User’s device until they are deleted.
- It is not possible to determine the User’s identity based on cookies, both session and persistent. The Cookie mechanism does not allow the collection of any personal data.
- Files generated directly by the Website cannot be read by other websites. External Cookies (i.e. Cookies placed by entities cooperating with VINCI Immobilier Polska sp. z o. o.) can be read by an external server.
- Users can change their cookie settings at any time by specifying the conditions for their storage, through the web browser settings or by configuring the service. Users can also delete Cookies stored on their device at any time, in accordance with the instructions of the browser manufacturer.
- The User may disable cookies on his device, in accordance with the browser manufacturer’s instructions, but this may result in the unavailability of some or all of the Website’s functions.
- Detailed information about cookies is available in the settings of the web browser used by the User.
- The website may store http queries, therefore some information may be saved in the server log files, including the IP address from which the query came, the name of the User’s station – identification carried out by the http protocol, if possible, date and time system registration and query arrival, information about errors that occurred during the http transaction. Logs may be collected as material for the proper administration of the Application. Only persons authorized to administer the IT system have access to the information. Log files may be analyzed to prepare statistics on traffic on the Website and errors. The summary of such information does not identify the User.
- The website uses Google Analytics tools. More information about the use of Google Analytics tools can be found at: http://www.google.com/analytics/learn/privacy.html. To give users of our website more choices about how their data collected through Google Analytics tools is used, Google has developed a Google Analytics blocking browser add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) protocol to communicate that site visit data should not be sent to Google Analytics. The Google Analytics blocking browser add-on does not block the transmission of data to the website itself or other web analytics services.
X. Correspondence
You can contact us via:
- traditional way – by post to the following address: Domaniewska 32 Street, 02-672 Warsaw
- e-mail – [email protected]
- telephone number 22 202 60 02
Valid from January 7, 2020.
Last updated: January 2, 2024.