Data protection statement
GENERAL GDPR POLICY SUMMARY
- Data Controller - Panattoni Development Europe sp .z o.o. with its registered seat in Warsaw (00-844), Plac Europejski 1, entered into the register of entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register, under the KRS number: 0000310363, NIP number: 5252437526.
- Personal Data - information about a natural person identified or identifiable by one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, internet identifier and information collected via cookies and/or other similar technology.
- GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC.
Service - website run by the Data Controller at the address http://www.panattonieurope.com
- User – any natural person visiting the Website or using one or more services or functionalities described in the Policy.
DATA PROCESSING IN CONNECTION WITH THE USE OF THE WEBSITE
In connection with the User's use of the Website, the Data Controller collects data to the extent necessary to provide individual services offered, as well as information about the User's activity on the Website. The detailed rules and purposes of processing Personal Data collected during the use of the Website by the User are described below.
PURPOSES AND LEGAL BASIS FOR DATA PROCESSING ON THE WEBSITE
USING THE SERVICE
Personal data of all persons using the Website (including IP address or other identifiers and information collected via cookies or other similar technologies) are processed by the Data Controller:
- in order to provide electronic services in the scope of making the content collected on the Website available to Users - then the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR);
- for analytical and statistical purposes - then the legal basis for processing is the legitimate interest of the Data Controller (Article 6 (1) (f) of the GDPR), consisting in conducting analyzes of Users' activity, as well as their preferences in order to improve the functionalities used and the services provided;
- in order to possibly establish and pursue claims or defend against claims - the legal basis for processing is the Data Controller's legitimate interest (Article 6 (1) (f) of the GDPR), consisting in the protection of its rights;
- The User's activity on the Website, including his Personal Data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities related to the IT system used to provide services by the Data Controller). The information collected in the logs is processed primarily for purposes related to the provision of services. The Data Controller also processes them for technical and administrative purposes, for the purposes of ensuring the security of the IT system and managing this system, as well as for analytical and statistical purposes - in this respect, the legal basis for processing is the Data Controller's legitimate interest (Article 6 (1) (f) GDPR).
If the User publishes any Personal Data of other people on the Website (including their name, address, telephone number or e-mail address), they may do so only if they do not violate the law and personal rights of these people.
The Data Controller provides the possibility of contacting it by means of electronic contact forms. Using the form requires providing Personal Data necessary to contact the User and answer the inquiry. The User may also provide other data to facilitate contact or service of the inquiry. Providing data marked as mandatory is required in order to accept and handle the inquiry, and failure to do so results in the inability to process it. Providing other data is voluntary.
Personal data is processed:
- in order to identify the sender and handle his inquiry sent via the provided form - the legal basis for processing is the necessity of processing to perform the contract for the provision of the service (Article 6 (1) (b) of the GDPR); in the scope of optional data, the legal basis for processing is consent (Article 6 (1) (a) of the GDPR);
- for analytical and statistical purposes - the legal basis for processing is the legitimate interest of the Data Controller (Article 6 (1) (f) of the GDPR), consisting in keeping statistics of inquiries submitted by Users via the Website in order to improve its functionality.
The Data Controller provides the newsletter service to people who have provided their e-mail address for this purpose. Providing data is required to provide the newsletter service, and failure to do so results in the inability of the provision of service of the newsletter.
Personal data is processed:
- in order to provide the newsletter sending service - the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR);
- in the case of sending marketing content to the User as part of the newsletter - the legal basis for processing, including the use of profiling, is the legitimate interest of the Data Controller (Article 6 (1) (f) of the GDPR) in connection with the consent expressed to receive the newsletter;
- for analytical and statistical purposes - the legal basis for processing is the legitimate interest of the Data Controller (Article 6 (1) (f) of the GDPR), consisting in conducting analyzes of Users' activity on the Website in order to improve the functionalities used;
- in order to possibly establish and pursue claims or defend against claims - the legal basis for processing is the legitimate interest of the Data Controller (Article 6 (1) (f) of the GDPR), consisting in the protection of its rights.
- The User's personal data may also be used by the Data Controller to direct marketing content to him or her through various channels, i.e. via e-mail, MMS / SMS or by phone. Such actions are taken by the Data Controller only if the User has given their consent, which may be withdrawn at any time.
- The Data Controller may, in some cases, also carry out direct marketing via traditional mail. The User will be informed separately about the intention to conduct this type of marketing. The User has the right to object to this type of marketing.
The Data Controller processes the Personal Data of Users visiting the Data Controller's profiles in social media (YouTube, Linkedin). These data are processed only in connection with keeping the profile, including to inform Users about the Data Controller's activity and to promote various types of events, services and products. The legal basis for the processing of Personal Data by the Data Controller for this purpose is its legitimate interest (Article 6 (1) (f) of the GDPR), consisting in promoting its own brand.
SOCIAL MEDIA PLUGINS
The Website uses plugins from social media platforms (Linkedin, YouTube). The use of plugins on the Website results in receiving information about the use of the Website by the User (even if the user does not have a profile on a given social network) by given social media platform. The Data Controller has no knowledge of the purpose and scope of data collection by social media platforms. Detailed information on this can be found at the following links:
COOKIES AND SIMILAR TECHNOLOGY
Cookies are small text files installed on the device of the User browsing the Website. Cookies collect information that facilitates the use of the website - e.g. by remembering the User's visits to the Website and the activities performed by the User.
Cookies used for this purpose include:
- cookies with data entered by the User (session ID) for the duration of the session (user input cookies);
- authentication cookies used for services that require authentication for the duration of the session (authentication cookies);
- cookies used to ensure security, e.g. used to detect fraud in the field of authentication (user centric security cookies);
- persistent cookies used to personalize the User's interface for the duration of the session or a little longer (user interface customization cookies).
ANALYTICAL AND MARKETING TOOLS USED BY THE DATA CONTROLLER'S PARTNERS
GOOGLE ANALYTICS AND LEADFEEDER
- Google Analytics cookies are files used by Google company to analyze how the User uses the Website, to create statistics and reports on the functioning of the Website. Google does not use the collected data to identify the User and does not combine this information to enable identification. Detailed information on the scope and principles of data collection in connection with this service can be found here.
- LeadFeeder cookies are files used by LeadFeeder company to determine where the Website Users come from. Based on the collected data in the form of an IP address (only IP addresses assigned to business entities are collected, while IP addresses assigned to other entities are automatically rejected), data about the pages visited, the User's origin and the time spent on the Website - LeadFeeder determines where it comes from an entity visiting the Website. The file is called _lfa and is stored for 2 years from the time it is placed on the User's device.
COOKIES SETTINGS MANAGEMENT
The consent is not required only for cookies, the use of which is necessary to provide a telecommunication service (data transmission to display the content).
- Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet- explorer-delete-manage-cookies
- Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
- Google Chrome:
- Opera: http://help.opera.com/Windows/12.10/pl/cookies.html
- Safari: https://support.apple.com/kb/PH5042?locale=en-GB
The User may at any time verify the status of his current privacy settings for the browser used, using the tools available at the following links:
RETENTION OF PERSONAL DATA
The retention period of data processed by the Data Controller depends on the type of service provided and the purpose of processing. As a rule, the data is processed for the duration of the service or the performance of the order, until the consent is withdrawn or an effective objection to data processing is raised in cases where the legal basis for data processing is the legitimate interest of the Data Controller.
The data processing period may be extended if the processing is necessary to establish and pursue any claims or defend against claims, and after that time only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.
To the extent that the User's data is processed on the basis of consent, this consent may be withdrawn at any time by contacting the Data Controller or using the functionalities available on the Website.
The User has the right to access the data and request rectification, deletion, processing restrictions, the right to transfer data and the right to object to data processing, as well as the right to lodge a complaint with the supervisory body dealing with the protection of personal data.
The User has the right to object to the processing of data for marketing purposes, if the processing takes place in connection with the legitimate interest of the Data Controller, and - for reasons related to the specific situation of the User - in other cases where the legal basis for data processing is the legitimate interest of the Data Controller ( e.g. in connection with the implementation of analytical and statistical purposes).
For more information on the rights resulting from the GDPR, see here.
In connection with the provision of services, Personal data will be disclosed to external entities, including in particular suppliers responsible for the operation of IT systems, entities such as banks and payment operators, entities providing accounting services, couriers (in connection with the implementation of the order), marketing agencies (in the scope of marketing services) and entities related to the Data Controller, including companies from its capital group.
If the User's consent is obtained, his or her data may also be made available to other entities for their own purposes, including marketing purposes.
The Data Controller reserves the right to disclose selected information about the User to the competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.
TRANSFER OF DATA OUTSIDE EEA
The level of protection of Personal Data outside the European Economic Area (EEA) differs from the one provided by European law. For this reason, the Data Controller transfers Personal Data outside the EEA only when it is necessary and with an adequate level of protection, primarily through:
- cooperation with entities processing Personal Data in countries for which an appropriate decision of the European Commission has been issued regarding the assurance of an adequate level of protection of Personal Data;
- use of standard contractual clauses issued by the European Commission;
- application of binding corporate rules approved by the competent supervisory authority;
- in the case of data transfer to the USA - cooperation with entities which apply measures recommended by the European Commission with reference to data transfers.
- The Data Controller always informs about the intention to transfer Personal Data outside the EEA at the stage of collecting them.
SECURITY OF PERSONAL DATA
The Data Controller conducts a risk analysis on an ongoing basis to ensure that personal data is processed in a safe manner - ensuring, above all, that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks they perform. The Data Controller makes sure that all operations on Personal Data are recorded and performed only by authorized employees and associates.
The Data Controller takes all necessary steps to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures in each case when they process Personal Data on behalf of the Data Controller.
Contact with the Data Controller is possible via the e-mail address firstname.lastname@example.org, or the correspondence address: Panattoni Development Europe sp.z o.o., Plac Europejski 1, 00-844 Warsaw.
The Data Controller has appointed a Data Protection Officer, who can be contacted by e-mail email@example.com in any matter regarding the processing of Personal Data.
The policy is verified on an ongoing basis and updated if necessary.
The current version of the Policy has been adopted and has been in force since 30 September, 2021.