I. General information
- each of the above also hereinafter referred to as a ‘Website’ and other categories of persons presented in this ‘Policy’ by the companies of Murapol capital group (the full list of entities included in the group is available at: https:/www.murapol.pl/tabela-rodo, also each referred to separately as ‘Administrator’.
II. Information on processing of personal data
Who and for what reasons processes personal data?
1. The Administrator of your personal data is one of the companies of Murapol capital group (the full list of entities included in the group is available at: https:/www.murapol.pl/tabela-rodo being the service provider of the Website or processing personal data for other purposes and to the following extent:
|ADMINISTRATOR||PURPOSES AND LEGAL GROUNDS FOR DATA PROCESSING|
|Murapol S.A. with the registered seat in Bielsko-Biała (43-300) located at 4 Dworkowa Street, entered in the register of entrepreneurs kept by the District Court in Bielsko-Biała, 8th Commercial Division of the National Court Register, under the KRS number: 0000275523, REGON: 072695687, NIP: 5471932616|
|Murapol Real Estate with the registered seat in Bielsko-Biała (43-300) located at 4 Dworkowa Street, entered in the register of entrepreneurs kept by the District Court in Bielsko-Biała, 8th Commercial Division of the National Court Register, under the KRS number: 0000030723, REGON: 350757002, NIP: 6771007078|
|Home Credit Group Finanse i Nieruchomości Sp. z o.o. with the registered seat in Bielsko-Biała (43-300) located at 4 Dworkowa Street, entered in the register of entrepreneurs kept by the District Court in Bielsko-Biała, 8th Commercial Division of the National Court Register, under the KRS number: 0000370635, REGON: 241781309, NIP: 5472128336|
|Cross Bud S.A. with the registered seat in Bielsko-Biała (43-300) located at 4 Dworkowa Street, entered in the register of entrepreneurs kept by the District Court in Bielsko-Biała, 8th Commercial Division of the National Court Register, under the KRS number: 0000751068, NIP: 5472150465, REGON: 243558700|
|If you are a natural person running a sole proprietorship who has concluded a contract with the Administrator or actions have been taken towards you before concluding the contract at your request, the Administrator of your personal data is a company from the Murapol capital group who is a party to the contract concluded with you or who took action towards you before concluding the contract at your request.|
|If you are a person authorized to represent, a contact person or another person on the part of the entity that concluded an agreement with the Administrator or another person involved in the performance of the agreement with the Administrator, the Administrator of your personal data is a company from the capital group Murapol, which is a party to the contract concluded with the entity referred to above.|
|If you are participating in the recruitment process for one of the posts in Murapol Capital Group, regarding one of the presented job offers, the Administrator of your personal data shall be the company carrying out the recruitment process.|
|If you report any claims, as well as if you are the addressee of the company's claims; if you are a party to court or administrative proceedings with the participation of the company or in the case of contacts with the company in other matters, the administrator of your personal data is the relevant company from the Murapol capital group to which the case relates.|
In the case of:
Your personal data is processed on a jointly controlled basis by the following companies from Murapol Capital Group:
The co-administrators have determined that, on the basis of the coadministration agreement between
In the event of a decision to conclude a reservation contract or a sales contract, your personal data will be made available to a company from Murapol Capital Group with which the contract was concluded, for the purpose of its implementation pursuant to art. 6, par. 1, letter b) of GDPR.
How to contact us in matters related to the protection of personal data?
2. In matters related to the processing of personal data you may contact us by email, at firstname.lastname@example.org.
3. In companies of Murapol Capital Group a Personal Data Protection Inspector has been appointed, to contact them, send an email to email@example.com.
Who will the personal data be transferred to?
4. The recipients of your personal data may be – only in cases where it is necessary and to the required extent – entities cooperating with the Administrator in the scope of services provided to the Administrator and supporting the Administrator’s current business processes, especially entities providing IT services, HR, marketing , legal , courier , agencies, real estate agencies and intermediaries, architect’s offices, banks providing loans to Administrator’s customers, financial intermediaries and companies from Murapol Group (full list of entities included in the group is available at: https://www.murapol.pl/tabela-rodo).
5. Personal data will not be transferred to third countries or international organizations.
How long will we process your personal data?
6. If the processing of data is based on your voluntarily granted consent, your personal data will be stored until the consent to the processing of personal data is withdrawn for specific, explicit and legitimate purposes. The consent to the processing of personal data may be withdrawn at any time. The consent to the processing of data may be withdrawn by contacting firstname.lastname@example.org. Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of the consent before its withdrawal.
7. If data processing is necessary to perform the contract to which you are a party, or to take action at your request, before concluding the contract, your personal data will be processed for the duration of the contract, and after this period for the period of limitation of possible claims resulting from generally applicable provisions of law.
8. If data is processed for the purposes necessary to organize a competition, your personal data will be processed for the duration of the competition, and in the case of being awarded a prize - for the period resulting from the provisions of tax law in connection with the obligation to pay personal income tax from awards.
9. If the processing is necessary to fulfil the legal obligation incumbent on the Administrator, your personal data will be processed for the period of time resulting from the generally applicable provisions of law.
10. If processing is necessary for purposes resulting from legitimate interests pursued by the Administrator or by a third party, your personal data will be processed for a period not longer than it is necessary for the purposes for which the data is processed or until submission of an objection to the processing of personal data in the scope of personal data processing for these purposes, for reasons related to your particular situation, unless the Administrator demonstrates the existence of valid legally justified grounds for processing, overriding your interests, rights and freedoms, or grounds to establish, assert or defend claims.
11. If personal data is processed for direct marketing purposes, your personal data will be processed until you object to the processing of personal data for such marketing purposes, including profiling, to the extent that the processing is related to such direct marketing.
12. In the case of consent for personal data processing for recruitment purposes, the data will be processed throughout the recruitment period, and if the consent has been expressed for further recruitments, it will be valid throughout the following two years.
Is submitting of one’s personal data obligatory?
13. If personal data is processed on the basis of the consent of the data subject, the provision of personal data is voluntary. Failure to provide data will result in the inability to provide the service if consent is a condition for the provision of this service.
14. If personal data is processed for the purposes necessary to perform the contract to which the data subject is a party, or to take action at the request of the data subject, before concluding the contract, then submitting of one’s personal data is voluntary, but necessary to conclude contracts with the Administrator.
15. If the processing of personal data is necessary to fulfil the legal obligation incumbent on the Administrator, then submitting of personal data is a statutory requirement.
16. If personal data is processed for purposes resulting from legitimate interests pursued by the Administrator or by a third party, the provision of personal data is voluntary, but necessary to achieve these purposes.
What rights do you have regarding the processing of your personal data?
17. You have the right to:
17.1. Access your personal data, including the right to obtain confirmation as to whether your personal data is being processed, and if so, the right to access it, the information indicated in Chapter III point 8 of the Policy, and receive a copy of the personal data subject to processing,
17.2. Correct the personal data, including the right to request the Administrator to immediately rectify any incorrect personal data concerning yourself,
17.3. Delete your personal data,
17.3.1. The right to delete one’s personal data also applies if:
- i. personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
- ii. the data subject has withdrawn consent on which the processing is based, pursuant to art. 6, par. 1, letter a) of GDPR or art. 9 par. 2 letter a) of GDPR, and there is no other legal basis for the processing,
- iii. the data subject has objected to the processing of their personal data, pursuant to art. 6, par. 1, letter e) of GDPR, including profiling based on these provisions, and there are no overriding, legitimate grounds for the processing, or the subject objects to the processing of their personal data for direct marketing purposes,
- iv. the personal data has been processed in an unlawful manner,
- v. personal data must be deleted in order to comply with the legal obligation to which the Administrator is subject,
- vi. the personal data was collected with respect to offering of information-society services directly to a minor.
17.3.2. The right to delete personal data does not apply if the processing is necessary:
- i. to exercise the right to freedom of expression and information,
- ii. to fulfil a legal obligation requiring personal data processing to which the Administrator is subject, or to perform a task carried out in the public interest, or as part of the exercise of public authority entrusted to the Administrator;
- iii. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to art. 89, par. 1 of GDPR, insofar it is probable that the right referred to in par. 1 will prevent or seriously hinder the implementation of the purposes of such processing;
- iv. to establish, assert or defend claims.
17.4. Restrictions on the processing of personal data if:
- i. the data subject questions the correctness of personal data – for the period allowing the Administrator to check the correctness of this data,
- ii. the processing is unlawful and the data subject opposes the deletion of personal data, and requests the restriction of their use instead,
- iii. the Administrator no longer needs personal data for processing purposes, but it is needed by the data subject to establish, assert or defend claims,
- iv. the data subject has objected to the processing of their personal data pursuant to art. 6, par. 1, letter e) of GDPR, including profiling based on those provisions – until it is determined whether the legitimate grounds on the part of the Administrator override the grounds for data subject’s objection.
17.5. Data transfers, including the right to receive and send data to another Administrator or to request, if technically possible, to send the data directly to another Administrator – in the scope of data processing and based on your consent, and for purposes necessary to perform the contract, as well as process data in an automated manner,
17.6. Pledge an objection against the processing of personal data with respect to:
- i. data processing for purposes arising from the legitimate interests pursued by the Administrator, pursuant to art. 6, par. 1, letter f) of GDPR, unless the Administrator demonstrates the existence of important, legally valid grounds for processing, overriding the interests, rights and freedoms of the data subject, or grounds for establishing, investigating or defending claims,
- ii. data processing for direct marketing purposes, including profiling.
17.7. Submit a complaint to the supervisory body for the protection of personal data – the President of the Office of Personal Data Protection, if you believe that the processing of personal data is inconsistent with the provisions of law.
III. The procedure to exercise the rights of persons to whom personal data relates
1. Each natural person (hereinafter the ‘Applicant’) has the right to address the Administrator with the request to exercise the rights set out in Chapter III point 11 of this Policy.
2. The above requests will be implemented by the Administrator pursuant to applicable GDPR provisions. Which means that in the cases listed in the GDPR provisions, the rights indicated in Chapter 3 point 11 of this Policy may not apply to the data subject, or the application will be processed for a fee to cover the costs
of its implementation.
3. The application must be submitted by writing to email@example.com with a clear indication to which of the companies of Murapol Capital Group it refers (full list of groups entities can be found at: https://www.murapol.pl/tabela-rodo) dotyczy wniosek.
4. If the Administrator does not process the Applicant’s personal data (excluding the processing of personal data for the purposes of the application itself), the Applicant will be informed about this fact, and the Applicant’s data obtained as a result of submitting the application will be deleted immediately.
5. The Administration, immediately upon reception of the application, shall inform the Applicant about this fact, and place the information about the application in the register kept.
6. The Administrator is authorised to verify the Applicants identity. Failure to effectively verify the Applicant’s identity for reasons attributable solely to the Applicant, may result in the Administrator’s inability to process the submitted application, about which the Applicant will be immediately informed.
7. The Administrator shall provide the Applicant with a response to the application within 3 (three) weeks at the latest, counting from the date of its reception. In objectively complex cases (i.e. requiring a reasonable amount of work from the Administrator) the above-mentioned period may be extended to 2 (two) months, about which the Applicant shall be immediately informed.
8. As part of exercising the right to access data, the Applicant is provided with their data subject to processing, to the extent requested in the application, and containing the following:
- 8.1. the purpose of data processing;
- 8.2. the category of personal data subject to processing;
- 8.3. information about recipients or recipient categories, to whom the data has been or will be disclosed, in particular about the recipients in third countries or international organisations;
- 8.4. if possible, the planned period of personal data storage, and if this is not possible, the method of determining such a period;
- 8.5. information about the automated decision-making, including profiling, and other significant information about the decision-making rules, as well as the meaning and anticipated consequences of such processing for the data subject;
- 8.6. information about the right to request the Administrator to rectify, delete or limit the processing of personal data and to object to such processing (if such a right is applicable);
- 8.7. if the data has not been collected from the person it refers to – all available information and the source thereof;
- 8.8. the right to lodge a complaint with the supervisory authority.
9. In the event of exercising the right of access to data and the right to transfer it, a copy of the personal data concerning them in commonly known and available machine-readable formats shall be attached to the response provided to the Applicant.
10. All complaints related to the performance of this procedure should be submitted in writing to the following address: ul. Dworkowa 4, 43-300 Bielsko-Biała or in electronic form to the address firstname.lastname@example.org.
11. The complaint will be considered immediately, but not later than within 7 (seven) days from the date of its delivery, about which the Applicant will be immediately informed. The applicant is also informed of the receipt of the complaint. Information about the complaint is included in the records kept by the Data
IV. Direct Marketing
1. Direct marketing by companies from the Murapol Capital Group may be carried out by sending commercial information by means of electronic communication, in particular e-mail and by phone.
2. Companies from the Murapol Capital Group may send you information about their products and services on the basis of a legitimate interest, which constitutes a form of direct marketing of the Administrator or a third party, or in justified cases also on the basis of a voluntary consent to the processing of personal data for marketing purposes. The consent to the processing of personal data may be withdrawn at any time.
3. Sending information about products and services of companies from the Murapol Capital Group by means of electronic communication requires consent to the sending of commercial information by means of electronic communication, in particular e-mail, by means of telecommunications terminal devices and providing an e-mail address.
4. Presentation of information about products and services of companies from the Murapol Capital Group by telephone requires your consent to the use of telecommunications terminal equipment for direct marketing purposes and providing a telephone number.
5. If you no longer wish to receive information about the products and services of companies from the Murapol Capital Group, you may withdraw your consent to the processing of personal data for marketing purposes, or object to the processing of personal data for direct marketing purposes, including profiling,
to the extent that the processing is related to such direct marketing.
V. Cookies and System Logs
1. As soon as the User connects to the Website, information about the number (including IP) and type of the User's end device from which the User connects to the Website appears in the Website's system logs. The administrator who is the service provider of the Website will also process, in accordance with the provisions of applicable law, data regarding the number (including IP) and type of the User's end device, as well as the connection time of the above-mentioned people with the Website and other operational data regarding the User's activity. This data is processed, in particular, for technical purposes and to collect general statistical
3. The website uses the following types of cookies:
- 3.1. Necessary cookies – help to improve services and increase the comfort of using the Website and are used particularly in order to set up the Website.
- 3.2. Analytical cookies – collect information on how the Users use the Website. This type of cookies does not collect information that allows the identification of a natural person, but it may collect IP address of the User’s device. The information collected using cookies is used to improve the website, adjust its operation to the User’s preferences and create statistics on the use of the Website.
- 3.3. Advertising cookies – allow you to display advertisements that match the preferences of the Users.
Types of cookies according to origin
- 3.4. First party cookies – set by the Website’s servers.
- 3.5. Third-party cookies – set by websites other than the Website.
Types of cookies according to the time of placement on the User’s device
- 3.6. Session cookies – stored in User’s device and remaining there until the end of a browser session. The saved information is then permanently deleted from the device’s memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from the User's device.
- 3.7. Persistent cookies - they are stored on the User's device and remain there until they are deleted. Ending a browser session or turning off the device does not delete them from the User's device. The persistent-cookie mechanism does not allow the collection of any personal data or any confidential information from the User's device.
4. The purposes of saving cookies on the User’s device and the scope of collected information about the User:
|COOKIE NAME||PURPOSE OF SAVING||COLLECTED INFORMATION|
|Smuuid||Anonymous visit cookie. Assigned to each Website visitor||Unique identifier - The cookie itself does not|
contain any information enabling the identification
of the contact and learning, for example, the
personal data of the person entering the website - connection with the contact card takes place only inside SALESmanago.
|Smclient||Identification cookie. Assigned to identified, monitored contacts||The cookie itself does not contain any information enabling the identification of the contact and learning, for example, the personal data of the person entering the website - connection with the contact card takes place only inside SALESmanago.|
|smform||Popup and contact form cookie.||Information on the behaviour of forms and popups - number of visits, timestamp of the last visit, information on whether the popup has been closed / minimized|
|smg||User identification cookie.||Random identifier in UUID format|
|smvr||Visit information cookie (coded by base64)||Values coded by base64|
|smwp||WebPush form agreement information.||True/false values|
|Smuuid||User identification cookie – global identifier within the entire system||Random identifier in UUID format|
|Smclient||A cookie saving information about an identifier being saved in SALESmanago (deprecated)||True/false value|
|smform||Popup display capping cookie.||SM:X|, where X is replaced by a number|
5. The user may change the cookie settings at any time. For this purpose, the browser settings for cookies should be changed. These settings can be changed, in particular, in such a way, as to block the automatic handling of cookies in the web browser settings, or inform about their every posting on the User's device. Detailed information on the possibility and methods of changing cookie settings in the most popular web browsers can be obtained at:
- 5.1. Google Chrome https://support.google.com/chrome/answer/95647?hl=pl;
- 5.2. Firefox https://support.mozilla.org/pl/kb/ciasteczka?esab=a&s=ciasteczka&r=0&as=s;
- 5.3. Internet Explorer https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies;
- 5.4. Opera http://help.opera.com/Windows/12.10/pl/cookies.html;
- 5.5. Safari https://support.apple.com/pl-pl/guide/safari/sfri11471/mac.
VI. Web Push Notifications
1. If the User agrees, the Website may send them Web Push. Web Push notifications are messages sent via a web browser, containing marketing information, special offers, invitations to open-door days, information about new investments. Messages can be sent to Users of all types of browsers.
2. Notifications are sent only if the User expressly agrees to receive them. Consent to receive notifications is expressed by clicking the appropriate button on the Website (e.g. Yes / I want / I agree, etc.) expressing the willingness to receive notifications offered by the Administrator. The consent to receive notifications may be revoked at any time by changing the settings of the User's web browser.
3. Notifications are information displayed on a part of the browser screen containing a message addressed to the User. Clicking on the notification will take the User to the web page containing more information. Notifications will also be sent if the Website is not open in the browser.
4. While and by sending notifications, the Administrator does not process the User's personal data. Users are identified only on the basis of information stored by their web browsers, to which the Administrator has no access.
VII. Final Provisions
1. The Administrator as the provider of the Website will make every effort to ensure its Users a high level of security while using the Website. Any events affecting the security of data transmission should be reported to email@example.com.
2. The Administrator as the provider of the Website reserves the right to disclose selected information about a User to proper authorities or third parties, who submit a request for such information in accordance with appropriate legal basis and compliant with applicable law.
3. Apart from the cases indicated in this Policy, personal data will not be disclosed to any third party or body without the consent of the data subject.