Cookies are used on homestify.com to improve the quality and experience of navigation More information cookies accepted OK

PRIVACY POLICY OF THE WEBSITE HOMESTIFY.COM

TABLE OF CONTENTS:

  1. GENERAL PROVISIONS
  2. GOUNDS FOR DATA PROCESSING
  3. PURPOSE, BASIS, AND PERIOD OF PROCESSING INFORMATION ON THE WEBSITE
  4. RECIPIENTS OF PERSONAL DATA ON THE WEBSITE
  5. PROFILING ON THE WEBSITE
  6. DATA SUBJECT’S RGHTS
  7. COOKIES ON THE WEBSITE AND ANALYTICS
  8. FINAL PROVISIONS

GENERAL PROVISIONS

  1. This privacy policy of the Website is provided for information only, which means, that it shall not be considered to be the source of obligations for the Users of the Website. The privacy policy contains, above all, the rules for personal data processing by the Controller of the Website, including grounds, purposes and period of personal data processing, and data subject’s rights, as well as information on using Cookies and analytical tools on the Website.
  2. The Controller of personal data collected via the Website is the company Homestify Ltd. with the registered office in London (registered and mailing address: 71-75 Shelton Street, Covent Garden, WC2H 9JQ, London, England), entered in the register of companies for the United Kingdom, including England and Wales, Northern Ireland and Scotland, held by the Companies House under no. 12168629, having electronic mail address: [email protected] – hereinafter referred to as „the Controller,” at the same time being the Service Provider of the Website.
  3. Personal data on the Website are processed by the Controller according to the binding legal regulations, in particular, in accordance with the regulation of the European Parliament and of the Council (EU) 2016/679 dated 27th of April, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as ‘GDPR’ or ‘GDPR Regulation’. The official text of the GDPR regulation: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679
  4. Using of the Website, including concluding of contracts is voluntary. Similarly, providing by the User of the Website, of personal data related to using of the Website is voluntary, with the following two exceptions: (1) concluding of contracts with the Controller – non-providing of personal data which is necessary for concluding and fulfilling of the contract for Electronic Services or any other contract with the Controller, in the cases and to the extent specified on the Website and the Website’s Regulations and this privacy policy shall exclude the possibility of concluding of such a contract. In such a case, providing of personal data is the contractual requirement and if the data subject wants to conclude a contract with the Controller, it commits himself/herself to provide required information. Each time, the scope of information required for concluding of the contract is presented in advance on the Website and in the Website’s Regulations; (2) the Controller’s statutory obligations – providing personal data is a statutory obligation resulting from the general legal regulations, imposing on the Controller the obligation to process personal data (e.g. processing of data in order to keep tax records or accounting books) and non-providing of such information would make it impossible to perform such obligations by the Controller.
  5. The Controller takes the utmost care to protect interests of data subjects, especially, the Controller is responsible, and it assures, that data collected by the Controller are (1) processed in concordance with the law; (2) collected for specific, legitimate purposes and they don’t undergo further processing, which is not concordant with those purposes; (3) substantively correct and adequate for the purposes, which they are processed for; (4) kept in a form enabling to identify data subjects, no longer, than for the period necessary to achieve the purpose, which they are processed for, and (5) processed in a way, that provides adequate safety of personal data, including protection against unauthorized or illegal processing or accidental loss, destruction or damage, with the use of appropriate technical and organisational tools.
  6. Bearing in mind the character, extent, context and purposes of processing and the risk of infringing of the rights of freedom of natural persons, with various probability and significance of threats, the Controller shall implement the relevant technical and organisational tools to perform such processing in compliance with this regulation and in such a way, that it could prove it. If necessary, these tools are inspected and updated. The Controller applies technical tools, which prevent from unauthorized obtaining and modifying of electronically transferred personal data.
  7. All words, expressions and acronyms appearing in this privacy policy and starting with a capital letter (such as Service Provider, Website, and Electronic Service) shall be interpreted according to their definition specified in the Website’s Regulations, available on the Website’s pages.

2) GROUNDS FOR DATA PROCESSING

  1. The Controller is authorised to process personal information in the cases, if – and in to such extent, in which – at least one of the following conditions is met: (1) data subject gave the consent to processing of his/her personal data for one or more specific purposes; (2) processing is necessary for performance of a contract, the party of which is a data subject, or for taking up activities on the request of a data subject, before concluding of a contract; (3) processing is necessary for fulfilling of legal obligation imposed on the Controller, or (4) processing is necessary for purposes resulting from legitimate interests realised by the Controller or any third party, except from situations, in which interest or fundamental rights and freedoms of a data subject, requiring protection of personal data, especially when a data subject is a child, prevail over the aforementioned interests.
  2. Processing of personal data by the Controller requires existence of at least one of the grounds presented in point 2.1 of this privacy policy. Specific grounds for processing of personal data of the Website’s Users by the Controller are presented in the next paragraph of the privacy policy – in reference to a given purpose of data processing by the Controller.

3) PURPOSE, BASIS, AND PERIOD OF PROCESSING INFORMATION ON THE WEBSITE

  1. Each time, the purposes, grounds and period, as well as recipients of personal data processed by the Controller derive from activities taken up by a given User on the Website or by the Controller.
  2. The Controller can process personal data within the Website for the following purposes, on such grounds an in such periods, as those presented in the following figure.
Purpose of personal data processing Legal grounds for the processing Data retention period
Performance of a contract for Electronic Service or taking up activities on the explicit data subject’s request before concluding of the aforementioned contracts Art. 6 section 1 letter b) of GDPR Regulation (performance of a contract) – processing is necessary for performance of a contract, the party of which is a data subject or taking up activities on the request of a data subject, before concluding of the contract Data shall be retained only for such period as may be required for performance of the contract for Electronic Service, or till its termination or expiration.
Direct marketing Article 6 section 1 letter f) of GDPR Regulation (legitimate interest of the Controller) – processing is necessary for the purposes resulting from taking care of interests and good image of the Controller, its Website and tending for providing of Electronic Services Data is retained for the period of existence of legitimate interest realised by the Controller, but not longer, than till the expiration date of rights of the Controller to claim for remuneration against a data subject, in relation to business activity carried on by the Controller. The Controller may not process data for direct marketing purposes in the case of expression of effective objection on that issue by the data subject.
Marketing Article 6 section 1 letter a) of GDPR Regulation (consent) – the data subject gave the consent for processing of his/her personal data by the Controller for marketing purposes. Data is retained till the moment of a data subject’s withdrawal of the consent for further processing of his/her personal data for marketing purposes.
Keeping accounting books and tax records Article 6 section 1 letter c) of GDPR Regulation (legal obligation) – processing is necessary for fulfilment of legal obligations imposed on the Controller. Data is retained for the period required by legal regulations, which impose on the Controller the obligation to retain documentation, within the time-limits of expiry of tax obligation, unless tax regulations or other provisions state otherwise.
Determination, redress and protection of claims raised by the Controller or against the Controller Article 6 section 1 letter f) of GDPR Regulation (legitimate interest of the Controller) – processing is necessary for the purposes resulting from legitimate interests of the Controller – determination, redress and protection of claims raised by the Controller or against the Controller Data is retained for the period of existence of legitimate interest of the Controller, but not longer, than till the expiry of the period for which claims may be raised against the Controller.
Making use of the Website and providing its proper functioning Article 6 section 1 letter f) of GDPR Regulation (legitimate interest of the Controller) – processing is necessary for the purposes resulting from legitimate interests of the Controller – hosting and maintaining of the Website Data is retained for the period of existence of legitimate interest of the Controller, but not longer, than till the expiry of the period for which claims may be raised by the Controller against a data subject, in relation to business activity carried on by the Controller.
Keeping statistics and analysis of the movement on the Website Article 6 section 1 letter f) of GDPR Regulation (legitimate interest of the Controller) – processing is necessary for the purposes resulting from legitimate interests of the Controller – keeping statistics and analysing of the movement on the Website in order to improve functioning of the Website and extension of Electronic Services rendered by the Controller Data is retained for the period of existence of legitimate interest of the Controller, but not longer, than till the expiry of the period for which claims may be raised by the Controller against a data subject, in relation to business activity carried on by the Controller.

4) RECIPIENTS OF PERSONAL DATA ON THE WEBSITE

  1. For the proper functioning of the Website, including performance of Electronic Services, it is necessary for the Controller to use some outsourced services (such as a software supplier). The Controller shall use services rendered only by such processors, who provide sufficient guaranties of implementation of the relevant technical and organisational tools in order to make such processing concordant with the requirements of GDPR Regulation and to protect data subjects.
  2. Personal data may be exported by the Controller to a third country, while the Controller assures, that in such a case, it shall be done to a country providing the necessary degree of protection – compliant with GDPR Regulation, and the data subject may obtain a copy of such data. The Controller exports personal data only in the case and to the extent necessary for realisation of a specific purpose of data processing, which is compliant with this privacy policy.
  3. Transferring of personal data by the Controller is not made in all cases, and to all recipients or categories of recipients presented in this privacy policy – the Controller shall transfer such data only, when it is necessary for realisation of a specific purpose of personal data processing and only to the extend, which is necessary for realisation of that purpose.
  4. Personal data of the Website’s Users may be transferred to the following recipients or categories of recipients:
    1. Providers of services which supply the Controller with technical, information and organisational solutions, that enable the Controller to run the economic activity, including the Website and Electronic Services offered through it (in particular, suppliers of computer software for hosting of the Website, provider of electronic mail and hosting services, as well as providers of a business management and technical assistance software) – the Controller may provide collected personal data of the User to a specific supplier being the Controller’s Contractor only in the case and to the extent necessary for realisation of a specific purpose of data processing, which is compliant with this privacy policy.
    2. Providers of accounting, legal, and counselling services, who provide accounting, legal or counselling services to the Controller (in particular, accounting office, legal office, or vindicating company) – the Controller may provide collected personal data of the User to a specific supplier being the Controller’s Contractor only in the case and to the extent necessary for realisation of a specific purpose of data processing, which is compliant with this privacy policy.
    3. Providers of social plugins placed on the Websites, scripts and other similar tools, which enable the browser of the Website’s visitor to download contents from providers of aforementioned plugins (e.g. logging in with the use of login information for a specific social network) and for that purpose, transferring the visitor’s personal data to such providers, including:
      1. Facebook Ireland Ltd. – the Controller uses on the Website the plugins from Facebook social network (e.g. button Like!, Share, or logging in with the use of login information for Facebook) and therefore, it collects and provides personal data of the Website’s User to Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) to the extent and in compliance with the privacy policy available at: https://www.facebook.com/about/privacy/ (data includes information on activity on the Website – including information on the device, visited sites, displayed ads, and methods of using of the services - independent of the fact, that the User has the Facebook account or if he/she is has been logged in to Facebook).
      2. Google Ireland Ltd. – the Controller uses on the Website the plugins from Google social network (logging in with the use of login information for Google) and therefore, it collects and provides personal data of the Website’s User to Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland) to the extent and in compliance with the privacy policy available at: https://policies.google.com/privacy.
      3. Twitter Inc. – the Controller uses on the Website the plugins from Twitter social network (e.g. providing the contents of the Website on the Controller’s profile on Twitter) and therefore, it collects and provides personal data of the Website’s User to Twitter Inc. (1355 Market Street, Suite 900, San Francisco, CA 94103 USA) to the extent and in compliance with the privacy policy available at: https://twitter.com/privacy.

5) PROFILING ON THE WEBSITE

  1. GDPR Regulation imposes on the Controller the obligation to inform on automated taking up decisions, including profiling, referred to in Article 22 section 1 and 4 of the GDPR Regulation, as well as – at least in those cases – significant information on the rules of taking up these decisions, and significance and possible consequences of such processing for the data subject. Taking it into consideration, in that point of the privacy policy the Controller shall provide information on the possible profiling.
  2. The Controller can use profiling on the Website doing so for direct marketing purposes, but decisions taken up by the Controller on the basis of such a profiling do not refer to the possibility of using Electronic Services offered by the Website. Profiling on the Website may e.g. result in offering of the Advertisement which a specific User might be interested in or offering better Website service conditions to him. In spite of profiling, it is the User, who takes up voluntary decisions on his/her willingness to make use of the presented offer.
  3. Profiling on the Website consists of automatic analysis or forecast of the User’s behaviour on the Website, or analysis of the history of the User’s activity on the Website. The condition necessary for such profiling is that the Controller has got the User’s personal data.
  4. The data subject shall have the right not to be subject to a decision which produces legal effects concerning him or her or significantly affects him or her and which is based solely on automated processing of data

6) DATA SUBJECT’S RIGHTS

  1. Right to access, correct, limit, erase or port – the data subject has the right to request from the Controller an access to his/her personal data, to correct it or to erase it („the right to be forgotten”) or to limit processing, the right to object against processing, as well as the right to port his/her personal data. Detailed conditions regarding realisation of the aforementioned rights can be found in Articles 15-21 of GDPR Regulation.
  2. Right to withdraw the consent at any time – the data subject, whose data has been processed by the Controller upon the explicit consent of such a subject (pursuant to Article 6 Section 1 letter a) or Article 9 Section 2 letter a) of GDPR Regulation) has the right to withdraw the consent at any time, which shall not affect the lawfulness of processing, which was realised on the basis of such a consent before its withdrawal.
  3. Right to complain to the supervising authority – the data subject, whose information has been processed by the Controller has the right to lodge a complaint to the supervising authority as defined in the provisions of GDPR Regulation and English legislation, in particular, the Law on Personal Data Protection.
  4. The right to object - the data subject has the right to object– on grounds related to his/her particular situation - at any time, against processing of his/her personal data based on Article 6 Section 1 letter e) (public interest tasks) or f) (legitimate interest of the Controller), including profiling based on these regulations. In such a case, the Controller must not process such personal data anymore, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests or fundamental rights and freedoms of the data subject.
  5. The right to object against direct marketing – if personal data is processed for the purpose of direct marketing, the data subject has the right to object at any time, to processing of his/her personal information for the purposes of such a marketing, including profiling, to the extent to which processing is related to such a direct marketing.
  6. In order make use of the rights stipulated in this point of the privacy policy, you can contact the Controller by sending the relevant written or electronic message to the Controller’s address presented in the preamble to this privacy policy or using the contact form available at the Website.

7) COOKIES ON THE WEBSITE AND ANALYTICS

  1. Cookie files (cookies) are small portions of text information in a form of text files, sent by the server and saved on the appliances of the visitor of the Website (e.g. on the hard drive of your PC, laptop or memory card of your smartphone, depending on a type of an appliance used by the visitor of the Website). You can find detailed information on cookie files and their origin e.g. here: https://pl.wikipedia.org/wiki/HTTP_cookie.
  2. Cookies, which can be sent via the Website can be divided into various types, according to the following criteria:
    With regard to the provider:
    1. own (created by the Controller’s Website) and
    2. belonging to other persons/third parties (other, than the Controller)
    With regard to the period of their retention on the appliance of the Website’s visitor:
    1. session cookies (stored till the moment of closing of the Website or a browser) and
    2. persistent cookies (having some expiration period, defined by parameters of each file or until they are removed by hand)
    With regard to the purpose of their usage:
    1. strictly necessary cookies (enabling proper functioning of the Website),
    2. functional/preferential cookies (enabling adjustment of the Website to the visitor’s preferences),
    3. analytical and performance cookies (collecting information on the use of the Website),
    4. targeting, advertising or social cookies (collecting information on the visitor of the Website in order to display personalised advertisements to such a person and for other marketing activities, including those performed on sites different from the Website, such as social networks.
  3. The Controller may process information contained in Cookies during visiting of the Website for the following particular reasons:
    Purposes of using Cookies on the Controller’s Website Identification of the Users as logged in to the Website and showing them, that they are actually logged in (strictly necessary Cookies)
    Saving data from the filled-in forms, questionnaires or login data for the Website (strictly necessary Cookies and/or functional/preferential Cookies)
    Adjustment of the Website’s contents to individual preferences of the User (e.g. colours, font size, layout) and optimisation of the use of the Website (functional/preferential Cookies)
    Keeping anonymous statistics, presenting the Users’ behaviours on the Website (statistical Cookies)
  4. Checking in the most popular internet browsers, which Cookie files (including the expiry period of Cookies and their provider) are being sent in a given moment by the Website can be done, as follows:
    In Chrome browser:
    (1) in the address bar, click the ’locked’ icon on the left, (2) go to the benchmark „Cookie files”.
    In Firefox browser:
    (1) in the address bar, click the ’shield’ icon on the left, (2) go to the benchmark „Allowed” or „Blocked”, (3) click the button „Tracking cookies between websites”, „Tracing elements of social networks or „Content with tracing elements”
    In Internet Explorer browser:
    (1) Click „Tools” menu, (2) go to „Internet options” benchmark, (3) go to „General” benchmark, (4) then go to „Settings”, (5) click the button „Display files”
    In Opera browser:
    (1) in the address bar, click the ’locked’ icon on the left, (2) go to the benchmark „Cookie files”.
    In Safari browser:
    (1) click menu „Preferences”, (2) go to „Privacy” benchmark, (3) click the button „Manage website data”
    Independent of the browser used, you can apply tools available e.g. at:
    https://www.cookiemetrix.com/ or: https://www.cookie-checker.com/
  5. As a standard, most of browsers available on the market accept cookies by default. But each person has the right to determine the conditions of using Cookies by changing of his/her browser settings. It means, that it is possible for example, to partially limit (e.g. in time) or even disable Cookies – in the last case, however, it may affect some functionalities of the Website.
  6. Settings of the browser with regard to Cookies are important from the point of view of the consent on using Cookie files by our Website – pursuant to the regulations, such a consent may be also expressed through the settings of the browser. Detailed information on modification of the browser’s settings regarding Cookies and their removal in the most popular internet browsers are available in the viewer application help and the following sites (please click a link):
  7. The Controller may use on the Website the services of Google Analytics, Universal Analytics provided by the company Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, and Ireland). These services help the Controller to keep statistics and analyse movement on the Website. Collected data is processed as a part of the aforementioned services in order to generate statistics useful for hosting of the Website and analysing of movement on the Website. This data are cumulative. While using the above-mentioned services on the Website, the Controller collects such information, as sources and medium of obtaining the Website’s visitors, and their activities on the Website, information on equipment and browsers which they are using while visiting the Website, IP address and domain, geographical data and demographic information (age, gender) and interests.
  8. Specific person may easily block access of Google Analytics to information on his/her activity on the Website – to do that, one can e.g. install an opt-out browser add-on, provided by the company Google Ireland Ltd., available at: https://tools.google.com/dlpage/gaoptout?hl=pl.

8) FINAL PROVISIONS

  1. The Website may contain links to other internet sites. The Controller recommends its Users to get acquainted with the privacy policies of such internet sites while being re-directed to them. This privacy policy shall refer to the Controller’s Website only.
© 2020 Homestify Ltd. All rights reserved.
Design by V R A N A | Developed by Dreamcode