TABLE OF CONTENTS:
- GENERAL PROVISIONS
- GOUNDS FOR DATA PROCESSING
- PURPOSE, BASIS, AND PERIOD OF PROCESSING INFORMATION ON THE WEBSITE
- RECIPIENTS OF PERSONAL DATA ON THE WEBSITE
- PROFILING ON THE WEBSITE
- DATA SUBJECT’S RGHTS
- COOKIES ON THE WEBSITE AND ANALYTICS
- FINAL PROVISIONS
- The Controller of personal data collected via the Website is the company Homestify Ltd. with the registered office in London (registered and mailing address: 71-75 Shelton Street, Covent Garden, WC2H 9JQ, London, England), entered in the register of companies for the United Kingdom, including England and Wales, Northern Ireland and Scotland, held by the Companies House under no. 12168629, having electronic mail address: [email protected] – hereinafter referred to as „the Controller,” at the same time being the Service Provider of the Website.
- Personal data on the Website are processed by the Controller according to the binding legal regulations, in particular, in accordance with the regulation of the European Parliament and of the Council (EU) 2016/679 dated 27th of April, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as ‘GDPR’ or ‘GDPR Regulation’. The official text of the GDPR regulation: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679
- The Controller takes the utmost care to protect interests of data subjects, especially, the Controller is responsible, and it assures, that data collected by the Controller are (1) processed in concordance with the law; (2) collected for specific, legitimate purposes and they don’t undergo further processing, which is not concordant with those purposes; (3) substantively correct and adequate for the purposes, which they are processed for; (4) kept in a form enabling to identify data subjects, no longer, than for the period necessary to achieve the purpose, which they are processed for, and (5) processed in a way, that provides adequate safety of personal data, including protection against unauthorized or illegal processing or accidental loss, destruction or damage, with the use of appropriate technical and organisational tools.
- Bearing in mind the character, extent, context and purposes of processing and the risk of infringing of the rights of freedom of natural persons, with various probability and significance of threats, the Controller shall implement the relevant technical and organisational tools to perform such processing in compliance with this regulation and in such a way, that it could prove it. If necessary, these tools are inspected and updated. The Controller applies technical tools, which prevent from unauthorized obtaining and modifying of electronically transferred personal data.
2) GROUNDS FOR DATA PROCESSING
- The Controller is authorised to process personal information in the cases, if – and in to such extent, in which – at least one of the following conditions is met: (1) data subject gave the consent to processing of his/her personal data for one or more specific purposes; (2) processing is necessary for performance of a contract, the party of which is a data subject, or for taking up activities on the request of a data subject, before concluding of a contract; (3) processing is necessary for fulfilling of legal obligation imposed on the Controller, or (4) processing is necessary for purposes resulting from legitimate interests realised by the Controller or any third party, except from situations, in which interest or fundamental rights and freedoms of a data subject, requiring protection of personal data, especially when a data subject is a child, prevail over the aforementioned interests.
3) PURPOSE, BASIS, AND PERIOD OF PROCESSING INFORMATION ON THE WEBSITE
- Each time, the purposes, grounds and period, as well as recipients of personal data processed by the Controller derive from activities taken up by a given User on the Website or by the Controller.
- The Controller can process personal data within the Website for the following purposes, on such grounds an in such periods, as those presented in the following figure.
|Purpose of personal data processing||Legal grounds for the processing||Data retention period|
|Performance of a contract for Electronic Service or taking up activities on the explicit data subject’s request before concluding of the aforementioned contracts||Art. 6 section 1 letter b) of GDPR Regulation (performance of a contract) – processing is necessary for performance of a contract, the party of which is a data subject or taking up activities on the request of a data subject, before concluding of the contract||Data shall be retained only for such period as may be required for performance of the contract for Electronic Service, or till its termination or expiration.|
|Direct marketing||Article 6 section 1 letter f) of GDPR Regulation (legitimate interest of the Controller) – processing is necessary for the purposes resulting from taking care of interests and good image of the Controller, its Website and tending for providing of Electronic Services||Data is retained for the period of existence of legitimate interest realised by the Controller, but not longer, than till the expiration date of rights of the Controller to claim for remuneration against a data subject, in relation to business activity carried on by the Controller. The Controller may not process data for direct marketing purposes in the case of expression of effective objection on that issue by the data subject.|
|Marketing||Article 6 section 1 letter a) of GDPR Regulation (consent) – the data subject gave the consent for processing of his/her personal data by the Controller for marketing purposes.||Data is retained till the moment of a data subject’s withdrawal of the consent for further processing of his/her personal data for marketing purposes.|
|Keeping accounting books and tax records||Article 6 section 1 letter c) of GDPR Regulation (legal obligation) – processing is necessary for fulfilment of legal obligations imposed on the Controller.||Data is retained for the period required by legal regulations, which impose on the Controller the obligation to retain documentation, within the time-limits of expiry of tax obligation, unless tax regulations or other provisions state otherwise.|
|Determination, redress and protection of claims raised by the Controller or against the Controller||Article 6 section 1 letter f) of GDPR Regulation (legitimate interest of the Controller) – processing is necessary for the purposes resulting from legitimate interests of the Controller – determination, redress and protection of claims raised by the Controller or against the Controller||Data is retained for the period of existence of legitimate interest of the Controller, but not longer, than till the expiry of the period for which claims may be raised against the Controller.|
|Making use of the Website and providing its proper functioning||Article 6 section 1 letter f) of GDPR Regulation (legitimate interest of the Controller) – processing is necessary for the purposes resulting from legitimate interests of the Controller – hosting and maintaining of the Website||Data is retained for the period of existence of legitimate interest of the Controller, but not longer, than till the expiry of the period for which claims may be raised by the Controller against a data subject, in relation to business activity carried on by the Controller.|
|Keeping statistics and analysis of the movement on the Website||Article 6 section 1 letter f) of GDPR Regulation (legitimate interest of the Controller) – processing is necessary for the purposes resulting from legitimate interests of the Controller – keeping statistics and analysing of the movement on the Website in order to improve functioning of the Website and extension of Electronic Services rendered by the Controller||Data is retained for the period of existence of legitimate interest of the Controller, but not longer, than till the expiry of the period for which claims may be raised by the Controller against a data subject, in relation to business activity carried on by the Controller.|
4) RECIPIENTS OF PERSONAL DATA ON THE WEBSITE
- For the proper functioning of the Website, including performance of Electronic Services, it is necessary for the Controller to use some outsourced services (such as a software supplier). The Controller shall use services rendered only by such processors, who provide sufficient guaranties of implementation of the relevant technical and organisational tools in order to make such processing concordant with the requirements of GDPR Regulation and to protect data subjects.
- Personal data of the Website’s Users may be transferred to the following recipients or categories of recipients:
- Providers of social plugins placed on the Websites, scripts and other similar tools, which enable the browser of the Website’s visitor to download contents from providers of aforementioned plugins (e.g. logging in with the use of login information for a specific social network) and for that purpose, transferring the visitor’s personal data to such providers, including:
5) PROFILING ON THE WEBSITE
- The Controller can use profiling on the Website doing so for direct marketing purposes, but decisions taken up by the Controller on the basis of such a profiling do not refer to the possibility of using Electronic Services offered by the Website. Profiling on the Website may e.g. result in offering of the Advertisement which a specific User might be interested in or offering better Website service conditions to him. In spite of profiling, it is the User, who takes up voluntary decisions on his/her willingness to make use of the presented offer.
- Profiling on the Website consists of automatic analysis or forecast of the User’s behaviour on the Website, or analysis of the history of the User’s activity on the Website. The condition necessary for such profiling is that the Controller has got the User’s personal data.
- The data subject shall have the right not to be subject to a decision which produces legal effects concerning him or her or significantly affects him or her and which is based solely on automated processing of data
6) DATA SUBJECT’S RIGHTS
- Right to access, correct, limit, erase or port – the data subject has the right to request from the Controller an access to his/her personal data, to correct it or to erase it („the right to be forgotten”) or to limit processing, the right to object against processing, as well as the right to port his/her personal data. Detailed conditions regarding realisation of the aforementioned rights can be found in Articles 15-21 of GDPR Regulation.
- Right to withdraw the consent at any time – the data subject, whose data has been processed by the Controller upon the explicit consent of such a subject (pursuant to Article 6 Section 1 letter a) or Article 9 Section 2 letter a) of GDPR Regulation) has the right to withdraw the consent at any time, which shall not affect the lawfulness of processing, which was realised on the basis of such a consent before its withdrawal.
- Right to complain to the supervising authority – the data subject, whose information has been processed by the Controller has the right to lodge a complaint to the supervising authority as defined in the provisions of GDPR Regulation and English legislation, in particular, the Law on Personal Data Protection.
- The right to object - the data subject has the right to object– on grounds related to his/her particular situation - at any time, against processing of his/her personal data based on Article 6 Section 1 letter e) (public interest tasks) or f) (legitimate interest of the Controller), including profiling based on these regulations. In such a case, the Controller must not process such personal data anymore, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests or fundamental rights and freedoms of the data subject.
- The right to object against direct marketing – if personal data is processed for the purpose of direct marketing, the data subject has the right to object at any time, to processing of his/her personal information for the purposes of such a marketing, including profiling, to the extent to which processing is related to such a direct marketing.
7) COOKIES ON THE WEBSITE AND ANALYTICS
- Cookie files (cookies) are small portions of text information in a form of text files, sent by the server and saved on the appliances of the visitor of the Website (e.g. on the hard drive of your PC, laptop or memory card of your smartphone, depending on a type of an appliance used by the visitor of the Website). You can find detailed information on cookie files and their origin e.g. here: https://pl.wikipedia.org/wiki/HTTP_cookie.
- Cookies, which can be sent via the Website can be divided into various types, according to the following criteria:
With regard to the provider:
- own (created by the Controller’s Website) and
- belonging to other persons/third parties (other, than the Controller)
With regard to the period of their retention on the appliance of the Website’s visitor:
- session cookies (stored till the moment of closing of the Website or a browser) and
- persistent cookies (having some expiration period, defined by parameters of each file or until they are removed by hand)
With regard to the purpose of their usage:
- strictly necessary cookies (enabling proper functioning of the Website),
- functional/preferential cookies (enabling adjustment of the Website to the visitor’s preferences),
- analytical and performance cookies (collecting information on the use of the Website),
- targeting, advertising or social cookies (collecting information on the visitor of the Website in order to display personalised advertisements to such a person and for other marketing activities, including those performed on sites different from the Website, such as social networks.
- The Controller may process information contained in Cookies during visiting of the Website for the following particular reasons:
Purposes of using Cookies on the Controller’s Website Identification of the Users as logged in to the Website and showing them, that they are actually logged in (strictly necessary Cookies) Saving data from the filled-in forms, questionnaires or login data for the Website (strictly necessary Cookies and/or functional/preferential Cookies) Adjustment of the Website’s contents to individual preferences of the User (e.g. colours, font size, layout) and optimisation of the use of the Website (functional/preferential Cookies) Keeping anonymous statistics, presenting the Users’ behaviours on the Website (statistical Cookies)
- Checking in the most popular internet browsers, which Cookie files (including the expiry period of Cookies and their provider) are being sent in a given moment by the Website can be done, as follows:
In Chrome browser:
(1) in the address bar, click the ’locked’ icon on the left, (2) go to the benchmark „Cookie files”.
In Firefox browser:
(1) in the address bar, click the ’shield’ icon on the left, (2) go to the benchmark „Allowed” or „Blocked”, (3) click the button „Tracking cookies between websites”, „Tracing elements of social networks or „Content with tracing elements”
In Internet Explorer browser:
(1) Click „Tools” menu, (2) go to „Internet options” benchmark, (3) go to „General” benchmark, (4) then go to „Settings”, (5) click the button „Display files”
In Opera browser:
(1) in the address bar, click the ’locked’ icon on the left, (2) go to the benchmark „Cookie files”.
In Safari browser:
(1) click menu „Preferences”, (2) go to „Privacy” benchmark, (3) click the button „Manage website data”
Independent of the browser used, you can apply tools available e.g. at:
https://www.cookiemetrix.com/ or: https://www.cookie-checker.com/
- As a standard, most of browsers available on the market accept cookies by default. But each person has the right to determine the conditions of using Cookies by changing of his/her browser settings. It means, that it is possible for example, to partially limit (e.g. in time) or even disable Cookies – in the last case, however, it may affect some functionalities of the Website.
- Settings of the browser with regard to Cookies are important from the point of view of the consent on using Cookie files by our Website – pursuant to the regulations, such a consent may be also expressed through the settings of the browser. Detailed information on modification of the browser’s settings regarding Cookies and their removal in the most popular internet browsers are available in the viewer application help and the following sites (please click a link):
- The Controller may use on the Website the services of Google Analytics, Universal Analytics provided by the company Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, and Ireland). These services help the Controller to keep statistics and analyse movement on the Website. Collected data is processed as a part of the aforementioned services in order to generate statistics useful for hosting of the Website and analysing of movement on the Website. This data are cumulative. While using the above-mentioned services on the Website, the Controller collects such information, as sources and medium of obtaining the Website’s visitors, and their activities on the Website, information on equipment and browsers which they are using while visiting the Website, IP address and domain, geographical data and demographic information (age, gender) and interests.
- Specific person may easily block access of Google Analytics to information on his/her activity on the Website – to do that, one can e.g. install an opt-out browser add-on, provided by the company Google Ireland Ltd., available at: https://tools.google.com/dlpage/gaoptout?hl=pl.
8) FINAL PROVISIONS