Personal data include all information relating to an identified or identifiable natural person by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity, including the image, voice recording, location data, contact data, data contained in correspondence, information gathered using recording equipment or similar technologies.
The processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, making available, alignment or combination, restriction, erasure or destruction.
REDNET INVESTMENT Spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw (02-247) at ul. Marcina Flisa 4, registered under no. KRS 379407, whose registration files are kept by the District Court for the Capital City of Warsaw in Warsaw, Division XIV Commercial of the National Court Register, REGON 142838049, NIP 5222973208, share capital of PLN 40,800.00 (the “Data Controller” or “RI”) is the controller of the personal data of the Website Users.
The Data Controller has appointed the Data Protection Officer. It is possible to contact the Data Controller in writing at the address provided above or via e-mail to the address of the Data Protection Officer: RODO@rednetinvestment.pl
The personal data of the Website Users are processed in accordance with the legal regulations in effect, in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter “GDPR”), and the Act on Personal Data Protection of 10 May 2018.
RI processes the personal data of the Users in the following cases and for the following purposes:
1) Ongoing service of the Users.
The personal data processing is required for the purposes of providing ongoing services to the Website Users, including in particular replying to questions concerning the products and services of RI.
This occurs, in particular, when:
Providing your personal data is voluntary, but necessary for the purposes of communication with RI.
Personal data will be processed only in order to answer a question or perform a request submitted in the message. The legal basis for the data processing is the legitimate interest of the Data Controller [Article 6(1)(f) GDPR] consisting in services provided to customers or prospective customers.
In such case, the personal data are processed also for subsidiary purposes of the Data Controller, including:
unless the information clause on personal data processing, in particular the clause included in the form, specifies other purposes and bases of the data processing.
2) RI Marketing.
In the case of certain functionalities of the Website, e.g. certain contact forms, the Website User may express their willingness to obtain commercial and marketing information in the future, within the scope specified in the wording of the consent.
In such case, the Data Controller processes the data on the basis of the consent [Article 6(1)(a) GDPR], and in the case of profiling, including automated processing, on the basis of a legitimate interest of the Data Controller [Article 6(1)(f) GDPR] consisting in supporting the sales of RI services.
The provision of personal data and consent to the processing for marketing purposes is entirely voluntary, and does not affect the possibility of obtaining a reply to the question posed in the contact form, but necessary in order to receive marketing content. The consent may be withdrawn at any time, and it is possible to object to the profiling.
In order to enable the provision of marketing information via means and devices of electronic and telephone communication, the User must also provide their consent to the use of one or both such channels.
Certain functionalities enable the User to provide his/her consent to provision of data to other entities and to be provided with commercial and marketing information on the products and services of such entities in the future. In such case, the controller’s data, rules of provision and processing of personal data are included in the wording of the consent to the processing and information clauses provided in the connection with the relevant functionalities.
The Data Controller processes the User’s personal data obtained in connection with the User’s use of our Website, in particular the data gathered using the cookies or similar tools in order to address advertisements to the Users once they leave the Website. The User’s personal data may be subject to profiling, including automated processing.
The provision of personal data and consent to the processing for marketing purposes is entirely voluntary.
3) Ensuring security of the Website.
The Data Controller also processes the Users’ data to ensure security of the Website operation.
In such case, the Data Controller processes the following data of the Users: data stored in the system logs such as computer IP, URL read.
The provision of data is necessary to use the Website.
In such case, the Data Controller processes the data on the basis of a legitimate interest of the Data Controller [Article 6(1)(f) GDPR], i.e. ensuring the security of the Website use.
4) Use of the Website.
In order to provide the User with the possibility to use the Website, in particular with regard to making available to the User the option to view, reproduce and read information and materials made available via the Website as well as development of the Website functionalities, the Data Controller processes the data stored in the system logs, including the computer IP or URL read.
In such case, the data processing by the Data Controller is necessary to perform a contract on provision of electronic services to which the User is a party [Article 6(1)(b) GDPR].
5) Handling matters connected with exercise of the data subjects’ rights.
The Data Controller also processes personal data in connection with handling matters with regard to exercise of the data subjects’ rights as provided for in GDPR. In such case, the Data Controller processes:
a) data that make it possible to identify the person submitting the request such as name and surname, e-mail address, telephone number, address;
b) identifier of the case in the internal system of the Data Controller and data describing the subject matter of the request or complaint;
c) data describing the manner of performance of the case, including correspondence with the data subject.
The provision of personal data is voluntary, but necessary for the purposes of exercising the rights.
The data are processed for the purposes of performance of legal obligations of the Data Controller as provided for in the personal data protection regulations, in particular Article 12-22 GDPR [Article 6(1)(c) GDPR].
In this case, personal data are also processed in order to achieve a subsidiary objective of the Data Controller, i.e. for archiving and evidence purposes arising from the legitimate interest to protect information in the case of a lawful need or obligation to demonstrate facts – [Article 6(1)(f) GDPR].
6) Analysis of the manner of using the Website and generation of statistics.
The Data Controller also processes the Users’ data to analyse their manner of using the Website and to generate statistical data concerning the use of the Website.
In such case, the Data Controller processes the following data of the Users: location, preferences. The provision of personal data is voluntary.
The Data Controller may process the data in connection with the recruitment processes for the specific positions and potential future recruitment, subject to the applicant’s consent.
As part of the recruitment, the following data provided by the User in the application form are processed: first and last name, contact data and data included in the recruitment documents (e.g. CV).
The provision of personal data is voluntary, but necessary for the purposes of the recruitment process.
The Data Controller will process the personal data of candidates applying for employment on the basis of an employment agreement in order to carry out the recruitment for the position stated in the job advertisement, subject to a reservation that:
a) Basic Data, i.e. first name (names), surname, date of birth, contact data, education, professional skills, history of employment, are processed in accordance with Article 22¹ § 1 of the Labour Code in conjunction with Article 6(1)(c) of GDPR, i.e. the processing is performed as part of a legal obligation imposed on the data controller;
b) Additional Data, i.e. data other than those listed under letter (a) above and in the case of expression of intent to participate in any future recruitment within 3 years from the starting date of the present recruitment (posting the ad), are processed on the basis of consent [legal basis: Article 6(1)(a) GDPR].
The personal data of candidates for employment on a basis other than the employment agreement (e.g. B2B) will be processed to carry out the recruitment for the position stated in the job advertisement based on the consent expressed by way of submitting the application along with the additional documents [legal basis: Article 6(1)(a) GDPR]. The data may also be processed for the purposes of future recruitment, if the applicant provides a separate consent to the processing for the purposes of future recruitment within 3 years from the starting date of the present recruitment (posting the ad). In such case, the data will be processed on the basis of consent [legal basis: Article 6(1)(a) GDPR].
Furthermore, the data will be processed in order to establish, exercise or defend claims and for archiving or evidence purposes in case of a lawful need or obligation to establish facts, in particular to demonstrate compliance with the obligation provided for in Article 6(1)(f) GDPR, i.e. the processing is necessary for the purposes of the legitimate interests pursued by the Data Controller.
8) Customer Service forms available under the “Customer Service” tab.
The Website offers the possibility to send enquiries concerning development projects serviced by RI using electronic forms, concerning in particular Payments and Settlements/ Tenant Changes/Apartment Acceptance/Transfer of Ownership - Final Agreement/Guarantee and fault repairs.
In the case of such forms and enquiries, the company performing a given development project is the data controller with regard to the data processed in connection with the submission, while RI is the entity that has been entrusted with the data by the data controller. Information on the controller of personal data processed in connection with an enquiry or the principles of data processing by such entity are each time displayed under the form, once a User selects the relevant project.
RI does not store the Users’ personal data for a period longer than necessary to achieve the objectives for which they have been collected. The period of processing depends on the purpose of processing, in particular:
1) In the case of data processing in order to answer the Users’ enquiries
submitted via e-mail, phone or other means of communication, the data will be processed for a period necessary to answer the given enquiry, and then:
a) in the case of execution of a contract or contracts with RI, for a period stated in the information clause attached to such contract/contracts;
b) in the case of a lack of repeated contact, depending on the subject matter of the contract, the data will be erased 2 years after the last contact or at the end of the period of limitation of potential claims (in principle, after 2 years, at the end of a calendar year).
2) In the case of data processing for the purposes of ensuring security of the Website and fraud prevention, the data will be processed for 2 years following the date of gathering.
3) In the case of data processing for the purposes of executing and performing a contract for the provision of electronic services, the User’s data will be processed during the period of performance of the contract for the provision of electronic services.
4) In the case of data processing for the purposes of establishment, exercise or defence of claims, the data will be processed no longer than until expiry of the period of limitation of potential claims.
5) Personal data processed in order to demonstrate and perform the obligations of RI, in particular those established pursuant to GDPR, will be processed solely to the extent and for a period necessary to perform such obligations and to demonstrate that the obligations of RI have been complied with.
6) In the case of the data processing for analytical and statistical purposes, for a maximum period of 2 years following the date of submission of data.
7) In the case of data processing for the purposes of a recruitment process, the data will be processed:
a) data collected in order to perform the recruitment – until completion of the recruitment process and then for a maximum of 3 months following that date;
b) data processed on the basis of consent for the purposes of future recruitment – for a period of 3 years from the starting date of the present recruitment (posting the ad).
In the case of the consent withdrawal – if data are processed on the basis of consent – such data will be deleted immediately, unless there is another basis for the processing.
The data processed in order to establish, exercise or defend claims in connection with the recruitment process and for archiving or evidence purposes in case of a lawful need or obligation to establish facts, in particular to demonstrate compliance with the obligations provided for in GDPR, will be processed for a period no longer than 3 years following the completion of the recruitment process involving the User.
Subject to the legal restrictions, RI may transfer the Users’ personal data to the following entities:
a) bodies and entities authorised to receive the User’s data in accordance with the applicable laws;
b) entities providing services or making available IT systems to the Data Controller;
c) entities providing services of delivery and maintenance of software used to provide the Website;
d) entities providing mail or courier services;
e) entities providing to the Data Controller services in the area of personal data protection and security of IT systems;
f) entities providing legal services, entities providing accounting services, consulting companies, entities providing damage liquidation services cooperating with the Data Controller;
g) employees and associates of the Data Controller and employees and associates of the above-mentioned entities.
i) Premium Properties 1 sp. z o.o. with its registered office in Warsaw, Premium Properties 2 sp. z o.o. with its registered office in Warsaw, Premium Properties 3 sp. z o.o. with its registered office in Warsaw – in cases when for the purposes of taking any actions required by the User, i.e. providing a reply to an enquiry, the relevant data controller is the company performing the specific development project;
j) redNet Dom sp. z o.o. with its registered office in Warsaw, if the User provides his/her consent to the provision of data and their processing for marketing purposes.
In connection with the use of the Website,
the User’s personal data may be transferred outside the EEA in relation to the use of Google’s tools, in particular to the United States.
When implementing specific tools on its website or using third party services, RI always makes sure that a potential transfer of personal data to a third country or recipient in such country guarantees the necessary appropriate data protection, in particular by way of:
a) cooperation with personal data processors in the countries with respect to which the appropriate decision of the European Commission has been issued;
b) application of standard contractual clauses of the European Commission;
c) making use of binding corporate rules approved by the appropriate supervisory authority.
Such criteria are met with regard to the above-mentioned tools. The User may obtain a copy of such data.
In accordance with GDPR, the User has the following rights:
1) right of access to data processed – the data subject has the right to obtain from the Data Controller information on personal data processing, including purposes of the processing, categories of personal data processed, legal basis of processing, planned period of processing and recipients to whom such data are disclosed as well as to obtain a copy of the personal data processed by the Data Controller;
2) right to rectification of data – the data subject has the right to request the Data Controller to rectify incorrect data or complete incomplete personal data of the data subject;
3) right to erasure – the data subject has the right to obtain from the Data Controller the erasure of his/her personal data without undue delay if such personal data are no longer necessary in relation to the purposes for which they were collected or the data subject withdraws consent on which the processing is based (which has no impact on lawfulness of the processing performed before such withdrawal of consent);
4) right to restriction of processing – the data subject has the right to request the Data Controller to restrict the processing in the following cases:
− probable inaccuracy of personal data (until verification of accuracy by the Data Controller);
− the processing is unlawful, and the data subject objects to the personal data erasure and requests the restriction of the use of such data;
− the purpose of the personal data processing by the Data Controller has ceased but the data subject needs such data for the purposes of establishment, exercise or defence of claims;
− the data subject has objected to the processing;
5) right to data portability – the data subject whose data are processed on an automated basis based on the data subject’s consent or a contract has the right to request the Data Controller to make available (in a commonly used readable format) the data provided by the data subject or to transmit the data to another data controller (if possible technically);
6) right to withdraw consent – if the processing is carried out based on consent, the data subject has the right to withdraw such consent at any time (which has no impact on lawfulness of the processing performed before such withdrawal of consent);
7) right to object – the data subject has the right to object to the processing of his/her data based on the legitimate purpose of the Data Controller (the objection should contain a rationale) unless the Data Controller demonstrates the existence of overriding bases for the processing, however, in the case when the objection pertains to the processing of personal data for the purposes of direct marketing, including profiling, it is not required to submit a rationale and the Data Controller is obliged to comply.
A request concerning exercise of the rights of the data subject may be submitted to:
1) in writing to the address of the Data Controller: Marcina Flisa 4, 02-247 Warszawa, with a note “personal data”, or
2) via e-mail to the Data Protection Officer: RODO@rednetinvestment.pl
If the data subject believes that the personal data processing violates the GDPR or other generally applicable personal data protection regulations, the data subject may lodge a complaint with the President of the Personal Data Protection Office.
General information on cookies and other similar technologies
The Website uses the so-called cookies to ensure the appropriate operation of the Website and to provide quality services.
The cookies are small text files containing data which are saved while the Users visit a website and stored on the Users’ terminal devices (e.g. computers) intended for using websites.
Usually, a cookie contains the name of the website it comes from, the cookie life, unique number generated to identify the browser used to connect with the site, and other necessary data. The cookies do not provide direct data concerning the User’s identity.
Purposes and legal basis for using the cookies.
The following cookies and other similar technologies are used in the RI’s websites:
Analytics cookies used to optimise and improve the Website and to carry out statistical analyses of the Website use.
Marketing (advertising) cookies used to adjust the content and form of advertisements displayed on the Website and partners’ advertising networks to the needs and preferences of the Users.
What is the cookies’ life?
Every cookie is assigned a life after which it expires, unless the User removes it earlier. The cookie life depends on the cookie type and function. Some cookies remain active only when the User visits the website, others for a longer period (e.g. several days, months or even years). Detailed information on the cookie life is presented in the tables below.
Own cookies and third party cookies
The cookies may be set by our Website or third parties (the so-called third party cookies). Third party cookies are generated by trusted external companies that we cooperate with.
Detailed information on the cookies used by the Website:
Cookies and other similar technologies of third parties.
The cookies and other similar technologies may be set by the Website or third parties (the so-called third party cookies), i.e. trusted external companies that we cooperate with, i.e.:
Google: Analytics and Google Ads
A. Google Analytics
The Website uses Google Analytics which is a service analysing the viewings of Google websites for analytical and statistical purposes. Statistically compiled data are deleted from Google Analytics after 50 months at maximum. Google Analytics stores the data concerning the users and actions in the website for a period of 50 months.
B. Google Ads.
Google Ads Remarketing.
RI uses also the remarketing function offered by Google which makes it possible to display the ads adjusted to the User’s interests in the Google advertising network. For this purpose, the users’ interactions with the Website content are analysed, for example which areas are of interest to them. In order to do so, Google’ cookies stored on the User’s device make it possible to identify the users whenever they enter the websites being part of the Google advertising network. The websites may then display the ads addressed to the visitors which refer to the content previously viewed by them on the sites using the Google remarketing function. RI uses Google display and flexible display ads.
The Users can disable the Google remarketing by setting their preferences at https://adssettings.google.com. Another option is to disable the cookies for interest-based advertising via the Advertising Network Initiative, following the instructions at http://optout.networkadvertising.org/?c=1.
Function: Google Ads conversion tracking.
RI uses also the so-called conversion tracking made available as part of Google Ads. Once an ad displayed by Google is clicked on, a conversion tracking cookie is generated. Such cookie remains active for 30 days and is not used for identification of the User. If during those 30 days a User enters the relevant parts of the Website, Google and the Website receive information that the User has been directed after having clicked on an ad. Information received via a conversion cookie enable conversion statistics and registration of the total number of Users that have clicked on a given ad and have been directed to the site with the conversion tracking tag.
The Users who do not wish to be included in the conversion tracking may disable the Google conversion tracking cookie in their browser.
We do not use the analytics or advertising cookies, unless enabled (accepted) by the User. The Users may manage the access to the analytics or advertising cookies in a panel displayed directly after entering the Website.
The panel makes it possible to accept the analytics or advertising cookies, to reject them, or to apply specific setting by selecting the preferences concerning the cookies.
The User may modify their cookie preferences at any time by restarting the cookie management panel.
Browser setting management
The cookies settings may be controlled using the browser settings. Most browsers automatically accept the cookies. However, it is possible to modify the browser settings at any time and disable the cookies.
We inform that the methods of cookie disabling differ depending on the browser. It is possible to obtain comprehensive information on cookie disabling using the Help section of the relevant browser, such as
a) amendments to the applicable regulations, in particular those concerning personal data protection, telecommunications law, electronic services or consumer rights, affecting the rights and obligations of the Data Controller or the rights and obligations of the data subjects;
b) development of electronic services due to Internet technology progress, including application and development of new solutions, e.g. with regard to functionalities.
Information on such amendments will be displayed on the Website.