UPDATED ON 03.11.2020

Privacy Policy

Privacy Policy and Cookie Policy of the REDNET Property Group Website, i.e. www.rednetproperty.com (“Privacy Policy”)

I. Objectives of the Privacy Policy and use of cookies on the Website

The purpose of the Privacy Policy is to establish the rules of processing and protection of personal data of the Website Users.

Personal data include all information relating to an identified or identifiable natural person by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity, including the image, voice recording, location data, contact data, data contained in correspondence, information gathered using recording equipment or similar technologies.

The processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, making available, alignment or combination, restriction, erasure or destruction.

Any terms not defined in this Privacy Policy have the meaning assigned in the Rules and Regulations.

II. Data controller

REDNET PROPERTY GROUP Spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw (02-247) at ul. Marcina Flisa 4, registered under no. KRS 0000043992, whose registration files are kept by the District Court for the Capital City of Warsaw in Warsaw, Division XIII Commercial of the National Court Register, NIP 6321799435, REGON 276944454, share capital of PLN 39,000.00 (the “Data Controller” or “RPG”) is the controller of the personal data of the Website Users.

The Data Controller has appointed the Data Protection Officer. It is possible to contact the Data Controller in writing at the address provided above or via e-mail to the address of the Data Protection Officer: iod@redproperty.com

The personal data of the Website Users are processed in accordance with the legal regulations in effect, in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter “GDPR”), and the Act on Personal Data Protection of 10 May 2018.


III. Purpose of personal data processing and basis for processing

RPG processes the personal data of the Users in the following cases and for the following purposes:

1) Ongoing service of the Users

The personal data processing is required for the purposes of providing ongoing services to the Website Users, including in particular replying to questions concerning the offer of RPG. This occurs, in particular, when a User sends an e-mail or contacts RPG by phone, including in connection with complaints concerning the operation of the website.

Providing your personal data is voluntary, but necessary for the purposes of communication with RPG.
Personal data will be processed only in order to answer a question or perform a request submitted in the message. The legal basis for the data processing is the legitimate interest of the Data Controller [Article 6(1)(f) GDPR] consisting in services provided to customers or prospective customers.

In such case, the personal data are processed also for subsidiary purposes of the Data Controller, including:

 exercise, establishment or defence of legal claims which constitutes the legitimate interest of the Data Controller – [Article 6(1)(f) GDPR];

 archiving and evidence purposes arising from the legitimate interest to protect information in the case of a lawful need or obligation to demonstrate facts – [Article 6(1)(f) GDPR].

2) RPG Marketing

If a User using the contact form wishes to receive marketing information on the offer of RPG in the future, the User may provide consent to the processing of personal data by RPG for marketing purposes within the scope indicated in the wording of the consent.

In such case, the Data Controller processes the data on the basis of the consent [Article 6(1)(a) GDPR], and in the case of profiling, including automated processing, on the basis of a legitimate interest of the Data Controller [Article 6(1)(f) GDPR] consisting in supporting the sales of RPG services.

The provision of personal data and consent to the processing for marketing purposes is entirely voluntary, and does not affect the possibility of obtaining a reply to the question posed in the contact form, but necessary in order to receive marketing content. The consent may be withdrawn at any time, and it is possible to object to the profiling.

In order to enable the provision of marketing information via means and devices of electronic and telephone communication, the User must also provide their consent to the use of one or both such channels.  

Online marketing

The Data Controller processes the User’s personal data obtained in connection with the User’s use of our Website, in particular the data gathered using the cookies or similar tools in order to address advertisements to the Users once they leave the Website. The User’s personal data may be subject to profiling, including automated processing.

The provision of personal data and consent to the processing for marketing purposes is entirely voluntary.

In this case, the personal data are processed on the basis of a legitimate interest of the Data Controller [Article 6(1)(f) GDPR], i.e. the sales support and only subject to the User’s consent to the use of cookies in accordance with the cookie policy presented in Section XII of the Privacy Policy.

3) Ensuring security of the Website

The Data Controller also processes the Users’ data to ensure security of the Website operation.

In such case, the Data Controller processes the following data of the Users: data stored in the system logs such as computer IP, URL read.

The provision of data is necessary to use the Website.

In such case, the Data Controller processes the data on the basis of a legitimate interest of the Data Controller [Article 6(1)(f) GDPR], i.e. ensuring the security of the Website use.

4) Use of the Website

In order to provide the User with the possibility to use the Website, in particular with regard to making available to the User the option to view, reproduce and read information and materials made available via the Website as well as development of the Website functionalities, the Data Controller processes the data stored in the system logs, including the computer IP or URL read.

In such case, the data processing by the Data Controller is necessary to perform a contract on provision of electronic services to which the User is a party [Article 6(1)(b) GDPR].

5) Handling matters connected with exercise of the data subjects’ rights

The Data Controller also processes personal data in connection with handling matters with regard to exercise of the data subjects’ rights as provided for in GDPR. In such case, the Data Controller processes:

a) data that make it possible to identify the person submitting the request such as name and surname, e-mail address, telephone number, address;

b) identifier of the case in the internal system of the Data Controller and data describing the subject matter of the request or complaint;

c) data describing the manner of performance of the case, including correspondence with the data subject.

The provision of personal data is voluntary, but necessary for the purposes of exercising the rights.

The data are processed for the purposes of performance of legal obligations of the Data Controller as provided for in the personal data protection regulations, in particular Article 12-22 GDPR [Article 6(1)(c) GDPR].

In this case, personal data are also processed in order to achieve a subsidiary objective of the Data Controller, i.e. for archiving and evidence purposes arising from the legitimate interest to protect information in the case of a lawful need or obligation to demonstrate facts – [Article 6(1)(f) GDPR].


6) Analysis of the manner of using the Website and generation of statistics

The Data Controller also processes the Users’ data to analyse their manner of using the Website and to generate statistical data concerning the use of the Website.

In such case, the Data Controller processes the following data of the Users: location, preferences. The provision of personal data is voluntary.

In this case, the personal data are processed on the basis of a legitimate interest of the Data Controller [Article 6(1)(f) GDPR], i.e. the sales support and only subject to the User’s consent to the use of analytics cookies in accordance with the cookie policy presented in Section XII of the Privacy Policy.

In this case, personal data are also processed in order to achieve a subsidiary objective of the Data Controller, i.e. for archiving and evidence purposes arising from the legitimate interest to protect information in the case of a lawful need or obligation to demonstrate facts – [Article 6(1)(f) GDPR], for example if it is required to demonstrate that the User has provided consent to the use of cookies.


7) Recruitment

The Data Controller may process the data in connection with the recruitment processes for the specific positions and potential future recruitment, subject to the applicant’s consent.  

The recruitment via the Website may be carried out by other companies of the redNet group, i.e. redNet 24 Sp. z o.o. with its registered office in Warsaw, redNet Dom Sp. z o.o. with its registered office in Warsaw, Tabela Ofert Sp. z o.o. with its registered office in Warsaw, redNet Investment Sp. z o.o. with its registered office in Warsaw. In such case, the relevant information is included in the recruitment advertisement and the application form.

As part of the recruitment, the following data provided by the User in the application form are processed: first and last name, contact data and data included in the recruitment documents (e.g. CV).

The provision of personal data is voluntary, but necessary for the purposes of the recruitment process.

The Data Controller will process the personal data of candidates applying for employment on the basis of an employment agreement in order to carry out the recruitment for the position stated in the job advertisement, subject to a reservation that:

a) Basic Data, i.e. first name (names), surname, date of birth, contact data, education, professional skills, history of employment, are processed in accordance with Article 22¹ § 1 of the Labour Code in conjunction with Article 6(1)(c) of GDPR, i.e. the processing is performed as part of a legal obligation imposed on the data controller;

b) Additional Data, i.e. data other than those listed under letter (a) above and in the case of expression of intent to participate in any future recruitment within 3 years from the starting date of the present recruitment (posting the ad), are processed on the basis of consent [legal basis: Article 6(1)(a) GDPR].

The personal data of candidates for employment on a basis other than the employment agreement (e.g. B2B) will be processed to carry out the recruitment for the position stated in the job advertisement based on the consent expressed by way of submitting the application along with the additional documents [legal basis: Article 6(1)(a) GDPR]. The data may also be processed for the purposes of future recruitment, if the applicant provides a separate consent to the processing for the purposes of future recruitment within 3 years from the starting date of the present recruitment (posting the ad). In such case, the data will be processed on the basis of consent [legal basis: Article 6(1)(a) GDPR].

Furthermore, the data will be processed in order to establish, exercise or defend claims and for archiving or evidence purposes in case of a lawful need or obligation to establish facts, in particular to demonstrate compliance with the obligation provided for in Article 6(1)(f) GDPR, i.e. the processing is necessary for the purposes of the legitimate interests pursued by the Data Controller.

IV. Period of storage of personal data

RPG does not store the Users’ personal data for a period longer than necessary to achieve the objectives for which they have been collected. The period of processing depends on the purpose of processing, in particular:

1) In the case of data processing in order to answer

the Users’ enquiries submitted via e-mail, phone or other means of communication, the data will be processed for a period necessary to answer the given enquiry, and then:

a) in the case of execution of a contract or contracts with RPG, for a period stated in the information clause attached to such contract/contracts;

b) in the case of a lack of repeated contact, depending on the subject matter of the contract, the data will be erased 2 years after the last contact or at the end of the period of limitation of potential claims (in principle, after 2 years, at the end of a calendar year).

2) In the case of data processing for the purposes of ensuring security of the Website and fraud prevention, the data will be processed for 2 years following the date of gathering.

3) In the case of data processing for the purposes of executing and performing a contract for the provision of electronic services, the User’s data will be processed during the period of performance of the contract for the provision of electronic services.

4) In the case of data processing for the purposes of establishment, exercise or defence of claims, the data will be processed no longer than until expiry of the period of limitation of potential claims.

5) Personal data processed in order to demonstrate and perform the obligations of RPG, in particular those established pursuant to GDPR, will be processed solely to the extent and for a period necessary to perform such obligations and to demonstrate that the obligations of RPG have been complied with.

6) In the case of the data processing for analytical and statistical purposes, for a maximum period of 2 years following the date of submission of data.

7) In the case of data processing for the purposes of a recruitment process, the data will be processed:

a) data collected in order to perform the recruitment – until completion of the recruitment process and then for a maximum of 3 months following that date;

b) data processed on the basis of consent for the purposes of future recruitment – for a period of 3 years from the starting date of the present recruitment (posting the ad).

In the case of the consent withdrawal – if data are processed on the basis of consent – such data will be deleted immediately, unless there is another basis for the processing.

The data processed in order to establish, exercise or defend claims in connection with the recruitment process and for archiving or evidence purposes in case of a lawful need or obligation to establish facts, in particular to demonstrate compliance with the obligations provided for in GDPR, will be processed for a period no longer than 3 years following the completion of the recruitment process involving the User.

V. Recipients of your personal data

Subject to the legal restrictions, RPG may transfer the Users’ personal data

to the following entities:

a) bodies and entities authorised to receive the User’s data in accordance with the applicable laws;

b) entities providing services or making available IT systems to the Data Controller;

c) entities providing services of delivery and maintenance of software used to provide the Website;

d) entities providing mail or courier services;

e) entities providing to the Data Controller services in the area of personal data protection and security of IT systems;

f) entities providing legal services, entities providing accounting services, consulting companies, entities providing damage liquidation services cooperating with the Data Controller;

g) employees and associates of the Data Controller and employees and associates of the above-mentioned entities.

h) Rednet 24 Sp. z o.o. with its registered office in Warsaw, Rednet Dom Sp. z o.o. with its registered office in Warsaw, Tabela Ofert Sp. z o.o. with its registered office in Warsaw, Rednet Investment Sp. z o.o. with its registered office in Warsaw - if such entities carry out recruitment using the Website.

VI. Information on automated decision-making, including profiling

We inform that, unless otherwise stated in this Privacy Policy or information clause concerning specific processing, your personal data may be subject to automated processing, including profiling, only in connection with the use of cookies or similar tools of third parties.

VII. Data transfers to countries outside the EEA

In connection with the use of the Website, the User’s personal data may be transferred outside the EEA in relation to the use of Google’s tools, in particular to the United States.

When implementing specific tools on its website or using third party services, RPG always makes sure that a potential transfer of personal data to a third country or recipient in such country guarantees the necessary appropriate data protection, in particular by way of:

a) cooperation with personal data processors in the countries with respect to which the appropriate decision of the European Commission has been issued;

b) application of standard contractual clauses of the European Commission;

c) making use of binding corporate rules approved by the appropriate supervisory authority.

Such criteria are met with regard to the above-mentioned tools. The User may obtain a copy of such data.

VIII. Rights of the User

In accordance with GDPR, the User has the following rights:

1) right of access to data processed – the data subject has the right to obtain from the Data Controller information on personal data processing, including purposes of the processing, categories of personal data processed, legal basis of processing, planned period of processing and recipients to whom such data are disclosed as well as to obtain a copy of the personal data processed by the Data Controller;

2) right to rectification of data – the data subject has the right to request the Data Controller to rectify incorrect data or complete incomplete personal data of the data subject;

3) right to erasure – the data subject has the right to obtain from the Data Controller the erasure of his/her personal data without undue delay if such personal data are no longer necessary in relation to the purposes for which they were collected or the data subject withdraws consent on which the processing is based (which has no impact on lawfulness of the processing performed before such withdrawal of consent);

4) right to restriction of processing – the data subject has the right to request the Data Controller to restrict the processing in the following cases:

 probable inaccuracy of personal data (until verification of accuracy by the Data Controller);

 the processing is unlawful, and the data subject objects to the personal data erasure and requests the restriction of the use of such data;

 the purpose of the personal data processing by the Data Controller has ceased but the data subject needs such data for the purposes of establishment, exercise or defence of claims;

 the data subject has objected to the processing;

5) right to data portability – the data subject whose data are processed on an automated basis based on the data subject’s consent or a contract has the right to request the Data Controller to make available (in a commonly used readable format) the data provided by the data subject or to transmit the data to another data controller (if possible technically);

6) right to withdraw consent – if the processing is carried out based on consent, the data subject has the right to withdraw such consent at any time (which has no impact on lawfulness of the processing performed before such withdrawal of consent);

7) right to object – the data subject has the right to object to the processing of his/her data based on the legitimate purpose of the Data Controller (the objection should contain a rationale) unless the Data Controller demonstrates the existence of overriding bases for the processing, however, in the case when the objection pertains to the processing of personal data for the purposes of direct marketing, including profiling, it is not required to submit a rationale and the Data Controller is obliged to comply.

IX. Submission of requests to exercise the rights

A request concerning exercise of the rights of the data subject may be submitted to:

1) in writing to the address of the Data Controller: Marcina Flisa 4, 02-247 Warszawa, with a note “personal data”, or

2) via e-mail to the Data Protection Officer: iod@redproperty.com

X. Right to lodge a complaint to a supervisory authority

If the data subject believes that the personal data processing violates the GDPR or other generally applicable personal data protection regulations, the data subject may lodge a complaint with the President of the Personal Data Protection Office.

XI. Use of cookies and other similar technologies on the Website

General information on cookies and other similar technologies

The Website uses the so-called cookies to ensure the appropriate operation of the Website and to provide quality services.  

The cookies are small text files containing data which are saved while the Users visit a website and stored on the Users’ terminal devices (e.g. computers) intended for using websites.

Usually, a cookie contains the name of the website it comes from, the cookie life, unique number generated to identify the browser used to connect with the site, and other necessary data. The cookies do not provide direct data concerning the User’s identity.

Purposes and legal basis for using the cookies

The following cookies and other similar technologies are used in the RPG’s websites:

Strictly necessary cookies used to store information on whether the User has provided consent to the use of cookies and for what purposes.

Analytics cookies used to optimise and improve the Website and to carry out statistical analyses of the Website use.

Marketing (advertising) cookies used to adjust the content and form of advertisements displayed on the Website and partners’ advertising networks to the needs and preferences of the Users.

The strictly necessary cookies are used to pursue the legitimate interests of RPG, i.e. to store information on whether the User has provided consent to the use of cookies and for what purposes [legal basis: Article 6(1)(f) GDPR].

The Users are asked to provide consent to the use of analytics and marketing cookies prior to entering the Website.  In connection with the User’s consent to the use of cookies and other similar technologies (the so-called consent to store information or obtain access to information already stored on the terminal equipment), the Data Controller processes the User’s information on the basis of the legitimate interest of RPG or a third party resulting from the consent to the use of cookies and other similar technologies provided by the User before entering the Website [legal basis: Article 6(1)(f) GDPR].

What is the cookies’ life?

Every cookie is assigned a life after which it expires, unless the User removes it earlier. The cookie life depends on the cookie type and function. Some cookies remain active only when the User visits the website, others for a longer period (e.g. several days, months or even years). Detailed information on the cookie life is presented in the tables below.

Own cookies and third party cookies

The cookies may be set by our Website or third parties (the so-called third party cookies).

Third party cookies are generated by trusted external companies that we cooperate with.

Detailed information on the cookies used by the Website:

Cookie/tool name
Cookie type
Persistent or non-persistent and life
Purpose
Third party access to a cookie
_ga
Analytics
Persistent; 2 years
Google Analytics file
used to differentiate
users and sessions
Yes – Google Ireland Limited
___gclid
Analytics
Generated every time Google Ads is clicked
Google Ads: used to identify clicks in a campaign
Yes – Google Ireland Limited
_gid
Analytics
Persistent; 1 day
Google Analytics file used to differentiate users and sessions
Yes – Google Ireland Limited
_gcl_aw
Marketing
Persistent, 3 months
Used to track conversion & Google Ads remarketing
Yes – Google Ireland Limited
_gcl_dc
Marketing
Persistent, 3 months
Used to track conversion & Google Ads remarketing
Yes – Google Ireland Limited

Cookies and other similar technologies of third parties

The cookies and other similar technologies may be set by the Website or third parties (the so-called third party cookies), i.e. trusted external companies that we cooperate with, i.e.:

Google: Analytics and Google Ads

A. Google Analytics

The Website uses Google Analytics which is a service analysing the viewings of Google websites for analytical and statistical purposes. Statistically compiled data are deleted from Google Analytics after 50 months at maximum. Google Analytics stores the data concerning the users and actions in the website for a period of 50 months.

Google Analytics uses cookies that enable an analysis of the Website use. Information generated by the cookies and concerning the Users’ use of the Website is usually sent to and stored on the Google servers in the US. In the case of enabling IP anonymization on the given site, the User’s address will be first shortened in the area of the European Union Member States or other states of the EEA Agreement. Only in exceptional cases, the full IP address will be sent to the Google server in the US and then shortened. The IP address provided by Google Analytics as part of Google Analytics will not be integrated with other Google data. Google will use such information to evaluate the User’s use of the Website, to draft reports on the activity on the Website and to provide other services related to the activity on the Website.

More information on the use and protection of data is available at https://www.google.com/analytics/terms/pl.html or https://policies.google.com/?hl=pl.

If a User wishes to disable the possibility of their data being used by Google Analytics, it is possible to install a browser add-on to block Google Analytics in the sites that use the supported versions of Google Analytics JavaScript (analytics.js, gtag.js). The add-on may be downloaded at https://tools.google.com/dlpage/gaoptout.

B. Google Ads

Google Ads Remarketing

RPG uses also the remarketing function offered by Google which makes it possible to display the ads adjusted to the User’s interests in the Google advertising network. For this purpose, the users’ interactions with the Website content are analysed, for example which areas are of interest to them. In order to do so, Google’ cookies stored on the User’s device make it possible to identify the users whenever they enter the websites being part of the Google advertising network. The websites may then display the ads addressed to the visitors which refer to the content previously viewed by them on the sites using the Google remarketing function. RPG uses Google display and flexible display ads.

The Users can disable the Google remarketing by setting their preferences at https://adssettings.google.com. Another option is to disable the cookies for interest-based advertising via the Advertising Network Initiative, following the instructions at http://optout.networkadvertising.org/?c=1.

Function: Google Ads conversion tracking

RPG uses also the so-called conversion tracking made available as part of Google Ads. Once an ad displayed by Google is clicked on, a conversion tracking cookie is generated. Such cookie remains active for 30 days and is not used for identification of the User. If during those 30 days a User enters the relevant parts of the Website, Google and the Website receive information that the User has been directed after having clicked on an ad. Information received via a conversion cookie enable conversion statistics and registration of the total number of Users that have clicked on a given ad and have been directed to the site with the conversion tracking tag.

The Users who do not wish to be included in the conversion tracking may disable the Google conversion tracking cookie in their browser.  

More information on Google Ads is available in Google Privacy Policy at https://www.google.plpolicies/privacy/.

Cookies management

We do not use the analytics or advertising cookies, unless enabled (accepted) by the User. The Users may manage the access to the analytics or advertising cookies in a panel displayed directly after entering the Website.

The panel makes it possible to accept the analytics or advertising cookies, to reject them, or to apply specific setting by selecting the preferences concerning the cookies.

The User may modify their cookie preferences at any time by restarting the cookie management panel.

Browser setting management

The cookies settings may be controlled using the browser settings. Most browsers automatically accept the cookies. However, it is possible to modify the browser settings at any time and disable the cookies.

We inform that the methods of cookie disabling differ depending on the browser. It is possible to obtain comprehensive information on cookie disabling using the Help section of the relevant browser, such as

 Mozilla Firefox

 Internet Explorer

 Google Chrome

 Opera

 Safari

More information

In case of any questions concerning the cookies we use, other similar technologies or this Privacy Policy, please contact us at iod@redproperty.com.

If you wish to obtain more information on your personal data that we process, please consult the other sections of the Privacy Policy.

XII. Amendments to the Privacy Policy

This Privacy Policy is reviewed on an ongoing basis and updated, if needed, to make sure that it reflects any and all alterations to the manner of personal data processing or use of cookies.

The Data Controller has the right to amend this Privacy Policy in the future, for example in connection with:

a) amendments to the applicable regulations, in particular those concerning personal data protection, telecommunications law, electronic services or consumer rights, affecting the rights and obligations of the Data Controller or the rights and obligations of the data subjects;

b) development of electronic services due to Internet technology progress, including application and development of new solutions, e.g. with regard to functionalities.

Information on such amendments will be displayed on the Website or sent via e-mail to the Users holding an Account.