Lokalizacja Kontakt

Privacy Policy

I. GENERAL PROVISIONS

  1. The controller of personal data obtained through the website under https://osiedleozon.pl (hereinafter: Website) is Megapolis Sp. z o.o. with its registered office in Kraków at ul. Rzemieślnicza 26, 30-403 Kraków, hereinafter referred to as the “Controller”.
  2. Personal data are processes by the Controller in accordance with the currently applicable Act on personal data protection of 29 August 1997, Act on the provision of services by electronic means of 18 July 2002, as well as the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), i.e. the “GDPR”.
  3. The Controller exercises utmost care to protect interests of data subjects, in particular, ensures that personal data collected by them are:
    1. processed lawfully, fairly and in a manner transparent to the data subject;
    2. collected for specific, express and legitimate purposes and not further processed in a way contrary to those purposes;
    3. adequate, relevant and limited to what is necessary for the purposes for which they are processed;
    4. correct and updated as necessary;
    5. stored in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed;
    6. processed in a manner ensuring appropriate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical and organisational measures.

II. PURPOSE AND SCOPE OF DATA COLLECTION

  1. Personal data obtained by the Controller through the contact form on the Website are used by the Controller in order to answer questions asked by the Website User, and in particular questions concerning the Controller’s offer, as well as to take actions aimed at concluding a reservation contract or a property development contract with the User.
  2. The Controller processes the following personal data for the aforementioned purpose:
    1. First and last name;
    2. Telephone number;
    3. E-mail address;
  3. The Controller also processes personal data in the form of e-mail address to send to interested persons a Newsletter containing information on the development project implemented by the Controller and presented on the website.
  4. The Controller has the right to entrust personal data to entities used by the Controller to achieve the purposes of personal data processing set out in this policy, in particular employees, contractors, as well as other entities with whom the Controller cooperates, including in particular a website host and a marketing agency. The Controller ensures that the protection of personal data entrusted to these entities is maintained in accordance with the principles set out in this policy and in the provisions of applicable law.

III. DATA PROCESSING GROUNDS

  1. The Controller processes personal data obtained by the Controller through the Website (contact form) based on the consent of the data subject expressed freely and voluntarily. Providing data is fully voluntary, but necessary for the Controller to answer the question asked in the contact form and take action to conclude a reservation/property development contract. In case of refusal to grant consent for the processing of personal data, these actions will not be possible.
  2. The e-mail address processing to send the Newsletter is performed on the basis of consent of the data subject and is fully voluntary. In case of no consent to the processing of personal data to send the Newsletter, it will not be sent.
  3. The Controller also has the right to process personal data, regardless of the consent granted, if:
    1. the processing is necessary to perform a contract, a party to which is the data subject, or to take action at the request of the data subject before the contract is concluded;
    2. the processing is necessary to fulfil the legal obligation of the Controller;
    3. the processing is necessary to protect vital interests of the data subject or other natural person;
    4. the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
    5. the processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
  4. The Controller stores personal data obtained by means of the contact form for the period of time necessary to answer the questions raised in the contact form and possibly to take steps to conclude a reservation/property development contract.
  5. The data, in the form of an e-mail address, for the purposes of the newsletter, are used for the duration of the consent given, which can be revoked at any time, but no longer than until the completion of the development project and the sale of all apartments.
  6. The data subject has the right, at any moment, to revoke the consent given to the processing of personal data. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of consent prior to its revocation. The revocation of the consent may take place in writing to the Controller’s address or by e-mail to mailbiuro@megapolis.pl.
  7. In case of revoking the consent, there may be a situation that the Controller will have the right to further process personal data under provisions of applicable law. In such a situation, the Controller will process personal data only for the purposes and in the scope permitted by the provisions of law, despite the lack of consent of the data subject.

IV. RIGHTS OF DATA SUBJECTS

A. ACCESS TO DATA

  1. The data subject has the right to obtain from the Controller confirmation whether their personal data are processed, and if this is the case, they have the right to access their data and the following information:
    1. purposes of personal data processing;
    2. categories of personal data processed;
    3. information on recipients or categories of recipients, to whom personal data have been or will be disclosed, in particular on recipients in third countries or international organisations, as well as used safety measures related to the transfer of personal data to recipients in third countries or international organisations.
    4. as far as possible, the planned personal data retention period, and when it is not possible, the criteria for determining this period;
    5. information on the right to request from the controller the rectification, erasure or restricting of the processing of personal data of the data subject and to object to such processing;
    6. information on the right to lodge a complaint with the supervisory body;
    7. if personal data were not collected from the data subject – all available information on their source;
    8. information on the automated decision-making, including profiling;
  2. The Controller provides the data subject with a copy of personal data subject to processing upon request. The Controller may charge a reasonable fee resulting from administrative costs from the data subject for any subsequent copies requested by the data subject. If the data subject requests a copy by electronic means and does not indicate otherwise, information will be provided electronically, if possible.

B. RECTIFICATION

  1. The data subject has the right to request from the Controller the immediate rectification of personal data concerning them which are incorrect. With regard to the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by providing an additional statement.

C. ERASURE OF DATA

  1. The data subject has the right to request from the controller the immediate erasure of personal data concerning them, and the controller is obliged to erase the personal data without undue delay if one of the following circumstances applies:
    1. personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
    2. the data subject has revoked the consent on which the processing is based and there is no other legal basis for the processing;
    3. the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
    4. the data subject objects to the processing for direct marketing purposes;
    5. personal data were processed unlawfully;
    6. personal data must be erased in order to fulfil a legal obligation under Union or Member State law to which the Controller is subject;
    7. personal data were collected in connection with the offering of information society services.

D. DATA PROCESSING RESTRICTION

  1. The data subject has the right to request the controller to restrict the processing of the data in the following cases:
    1. the data subject questions the correctness of personal data – for the time allowing the Controller to check the correctness of the data;
    2. the processing is unlawful and the data subject objects to the erasure of the personal data, requesting instead the restriction of its use;
    3. the controller no longer needs personal data for the processing purposes, but they are needed by the data subject to establish, assert or defend claims;
    4. the data subject objects to the processing – until it is established whether the legitimate grounds of the Controller override the basis for the objection of the data subject.
  2. The restriction of the processing of personal data is understood as the retention of personal data for the purpose of restricting their further processing.
  3. Where processing is restricted under the above-mentioned request, such personal data may only be processed, with the exception of retention, with the consent of the data subject, or for the establishment, assertion or defence of claims, or for the protection of the rights of another natural or legal person, or for important reasons of public interest of the Union or of a Member State. Before lifting a restriction on the processing, the controller informs the data subject who requested the restriction.

E. DATA PORTABILITY

  1. The data subject has the right to obtain their personal data, which they provided to the controller in a structured, commonly used, machine-readable format and has the right to transfer the data to another controller without obstacles from the controller, to whom the personal data were provided, if the processing takes place based on consent or under a contract, and if the processing takes place in an automated manner.
  2. When exercising the data portability right specified above, the data subject has the right to request that the personal data be transferred by the Controller directly yo another controller, if technically possible.
  3. The data subject has the right to not be subject to a decision that is based only on automated processing, including profiling, and triggers towards that person legal effect or affects them in a similar way.

F. OBJECTION

  1. The data subject has the right to object, at any time, on grounds relating to their particular situation, to the processing of personal data concerning them based on the provision of Article 6(1)(e), (f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, including profiling on the basis of these provisions.
  2. Once an objection has been raised, the Controller is no longer allowed to process the personal data, unless the Controller can demonstrate the existence of important legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, assertion or defence of claims.
  3. If personal data are processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing, including profiling, to the extent that the processing is related to such direct marketing. If the data subject objects to the processing for direct marketing purposes, the personal data may no longer be processed for such purposes.

G. EXERCISE OF RIGHTS

  1. The exercise of the rights set out above takes place upon request made to the Controller in writing or electronically to the e-mail address biuro@megapolis.pl. The same e-mail address may be used to send any queries regarding the rights of the data subject. The Controller makes every effort to explain the rights available to the data subject in a clear and accessible manner and to enable the data subject to exercise them.

H. COMPLAINT

  1. The data subject has the right to lodge a complaint with the supervisory authority, in particular in a Member State of their habitual residence, their workplace or place of the supposed violation if they claim that the processing of their personal data violates this regulation. As at 24 May 2018, the complaint may be lodged to the General Personal Data Protection Officer to the address: Office of the General Personal Data Protection Officer, ul. Stawki 2, 00-193 Warsaw.

V. COOKIE FILES

  1. The Controller also processes data characterising the way the User uses the Website (usage data), including:
    1. Designations identifying the telecommunications network terminal or the ICT system used by the User (e.g. IP address, browser type and language, operating system);
    2. Information about the start, end and scope of each use of the Website by the User;
    3. Information on data stored in users’ terminal equipment (cookies).
  2. “Cookies” used on the Website originate from the Controller as well as from third parties – in particular the provider of website usage analytics services (Analytics).
  3. If the user does not change their browser settings, this is tantamount to consenting to their use.
  4. The installation of cookies may be necessary for the proper provision of certain services on the Website, in particular those requiring authorisation.
  5. Three types of cookies are used within the Website: session, permanent and analytical cookies:
  1. Session cookies are temporary files that are stored on the recipient’s terminal equipment until they log off (leave the Website).
  2. Permanent cookies are stored on the recipient’s terminal equipment for the period of time specified in the parameters of the cookies or until they are deleted by the User.
  3. Analytical cookies make it possible to better understand how the recipient interacts with the content of the Website, in particular to better organise its layout. Analytical cookies collect information about the use of the Website by recipients, the type of page from which the recipient was redirected, and the number of visits and duration of the recipient’s visit to the Website.
  1. The usage data collected by the Controller, as defined above, do not record the specific personal data of the recipient, but are used by the Controller to develop statistics on the use of the Website.
  2. Cookies stored on the user’s device may be used by parties other than the Controller for the purpose of profiling the user, in particular to display personalised advertising or other content on other websites.
  3. The User has the right to decide on the access of cookies to their computer by selecting them in advance in their browser window. Detailed information on the possibility and handling of cookies is available in the settings of your software (web browser). If the User does not want files to be stored on their device, they should disable this option in their browser window.

VI. FINAL PROVISIONS

  1. The Controller does not make decisions solely by automated means and does not use personal data for profiling.
  2. The Controller does not appoint a Data Protection Officer.
  3. The rights of the data subject, as detailed in this Privacy Policy, arise from generally applicable provisions of law, and the provisions of this Privacy Policy do not limit these rights in any way.
  4. The extent to which it will be possible to exercise the data subject’s rights may be limited by law, in particular for reasons of the rights and freedoms of others or for reasons of public interest.
  5. In order to ensure a high level of personal data protection, the Controller regularly reviews and revises this Privacy Policy when the scope of personal data processing changes, when the technology of personal data processing changes, or when there are changes in the applicable provisions of law or guidelines for their application.