Privacy
Policy

Set out below is detailed information concerning the personal data we process, including the data processed when you use our website (https://www.archicom.pl) and why we process them. This privacy policy is based on Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), which we refer to here as the General Data Protection Regulation, and the Telecommunications Law.

Personal data controllers

The controllers of your personal data are:

1. Archicom spółka akcyjna with its registered office in Wrocław, at ul. Powstańców Śląskich 9, 53-332 Wrocław, entered in the commercial register of the National Court Register under KRS number: 0000555355, maintained by the District Court for Wrocław-Fabryczna, 6th Commercial Division of the National Court Register,
2. Property developers, i.e. the companies responsible for the individual construction projects, a full list of which is published and updated at https://www.archicom.pl/lista-deweloperow.
3. Echo Investment Spółka Akcyjna with its registered office in Kielce, at al. Solidarności 36, 25-323 Kielce, entered in the commercial register of the National Court Register under KRS number: 0000007025, maintained by the District Court in Kielce, 10th Commercial Division of the National Court Register.

Contact us at:

• Phone +48 71 78 58 111
• Email: biuro@archicom.pl

Our employees responsible for data protection can be contacted by email at abi@archicom.pl

Bases, purposes and retention periods applicable to personal data common to all Controllers

The Controllers jointly determine the purposes and methods of processing some personal data, which means that they are the joint controllers of your data in this regard. The table below indicates the purposes of processing.

In each case, the Controllers strive to ensure that the scope of the personal data you provide is minimal and appropriate for the purposes of processing indicated below.

No. Purpose of processing Legal basis for processing Personal data retention periods or criteria for determining them

1 Direct marketing of the Controllers’ products and services, other than sending commercial information by electronic means or using telecommunications terminal devices and automated calling systems. Examples: discount cards, gifts, loyalty programmes or sending occasional gifts or holiday greeting cards to the mailing address or email address. Article 6(1)(f) of the GDPR – legitimate interest of being able to advertise, promote and offer products and services. From the time the data are acquired until a reasonable objection is lodged, as referred to in section VII, but in any case not longer than five years from your last activity connected with the marketing activities.

2 Sending – based on your consent – commercial information about the products and services of the Controllers, or their Business Partners offering related products and services, using electronic communication media, such as text messages (SMS), multimedia messages (MMS) and email. Article 6(1)(a) of the GDPR in conjunction with Article 10 of the Electronic Services Act – personal data processing upon consent. From the time the consent is obtained until it is withdrawn, but in any case not longer than five years from your last activity connected with the marketing activities.

3 Using – based on your consent – telecommunications terminal devices and automated calling systems for the direct marketing of the products and services of the Controllers, or their Business Partners offering related products and services. Examples: conversations with a consultant, your advisor or a representative of the Archicom Group. Article 6(1)(a) of the GDPR in conjunction with Article 172 of the Telecommunications Law – personal data processing upon consent. From the time the consent is obtained until it is withdrawn, but in any case not longer than five years from your last activity connected with the marketing activities.

4 Settling the effects of the actions of the Controllers’ Partners related to the products and services they offer in connection with the products and services of the Controllers. Examples: settling the work of the agents of the Archicom Group, turnkey fit-out companies and financial advisors. Article 6(1)(f) of the GDPR – legitimate interest of being able to verify cooperation with business partners. From the time the data are acquired until an objection is lodged, as referred to in section VII, but in any case not longer than three years from your last activity connected with the marketing activities.

5 Analysing data to better select the services and products to match the needs of our customers, generally improving our products, improving customer service processes and building a knowledge base concerning our customers. Examples: surveys concerning your evaluation of your cooperation with Archicom and the quality of the products and services. Article 6(1)(f) of the GDPR – legitimate interest of the Controllers of being able to better match the services to the needs of the customers, generally improving the products, improving customer service processes and building
a knowledge base concerning the customers. From the time the data are acquired until an objection is lodged, as referred to in section VII, but in any case not longer than seven years from your last activity connected with the marketing activities.

6 Conducting marketing, promotional and advertising campaigns, competitions or lotteries regulated in a contract or terms and conditions. Article 6(1)(b) of the GDPR
– processing necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract. From the time the data are acquired in connection with the planned or actual execution of a contract concerning a specific campaign, competition or lottery until the campaign, competition or lottery is concluded.

7 Establishing, exercising or defending against claims arising from marketing, promotional and advertising measures. Article 6(1)(f) of the GDPR – establishing, exercising or defending against claims. The limitation period for claims arising from the legal relationship between us (including contracts) plus six months from the end of that period – due to the possibility of a claim being lodged at the last moment.

8 Settling statutory charges (including taxes) connected with marketing, promotional and advertising measures. Article 6(1)(c) of the GDPR in connection with tax regulations imposing tax obligations – processing necessary to fulfil the legal obligation of the controller. Processing for the period required to perform the tax obligation and submit the relevant tax forms, and for the period required for their verification by fiscal authorities.

9 Archiving conducted to secure and store accounting documents for the periods indicated in the Accounting Act. Article 6(1)(c) of the GDPR in conjunction with Article 74 of the Accounting Act. Generally, for five years from the beginning of the year following the fiscal year the data concern.

10 Providing you with a systematised collection of your data using the tool referred to as the Customer Panel Article 15(3) of the GDPR – the Controller will provide a copy of the personal data being processed. Processing for the period required to fulfil the individual purposes of processing.

Bases, purposes and retention periods applicable to the personal data of journalists working with the Controllers

The Controllers jointly determine the purposes and methods of processing some personal data, which means that they are the joint controllers of your data in this regard. The table below indicates the purposes of processing.

In each case, the Controllers strive to ensure that the scope of the personal data you provide is minimal and appropriate for the purposes of processing indicated below.

No. Purpose of processing Legal basis for processing Personal data retention periods or criteria for determining them

1 Possibility of performing the obligation imposed by the Press Law (Article 4(1)) to inform the press of the Controller’s activities.

Possibility of exercising the right to inform the press about the Controller’s activities
– according to Article 5 of the Press Law.

The information concerns projects implemented by the Controllers, as well as related marketing events.

Article 6(1)(f) of the GDPR – the legitimate interest of being able to inform the press of the Controller’s activities. From the time the data are acquired until a reasonable objection is lodged, as referred to in section VII, but in any case not longer than five years from our last contact with you.

Bases, purposes and retention periods concerning your personal data specific to each Property Developer

The Property Developers – companies of the Archicom Group responsible for the individual residential projects – also pursue other purposes of processing their customers’ personal data.

NOTE: Your data are processed to the extent described below only by the Property Developer from which you have acquired the property.

No. Purpose of processing Legal basis for processing Personal data retention periods or criteria for determining them

1 Entering into and performing the reservation contract, the property development contract, the preliminary contract and the contract for the sale of the property, including the contact concerning the execution of the contract, the takeover of the property and settling the costs of property acquisition. Article 6(1)(b) of the GDPR – processing necessary for the performance of a contract to which you are a party, or in order to take steps, at your request, prior to entering into a contract. From the time of collecting the personal data connected with the contract until the contract has been fulfilled or terminated.

2 Managing or administering the property until a change in the manner in which the property is managed and the handover of the management of the property to the property manager and to the management board of the Housing Cooperative Article 6(1)(b) of the GDPR – processing necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into
a contract. From the time of collecting the personal data connected with the contract until the contract has been fulfilled or terminated.

3 Establishing, exercising or defending against claims arising from the implied warranty for the property sold. Article 6(1)(f) of the GDPR – pursuing our legitimate interest of being able to establish, exercise or defend against claims. The data are processed for the duration of the period during which defects in the property can be identified (generally five years from the date of handover of the property) and six years in the case of claims under the general principles, the time stipulated for claims under the implied warranty (generally one year from the date on which a defect is identified) and the time required to consider the claims.

4 To establish, exercise or defend against any claims other than the claims connected with the implied warranty for the item sold. Article 6(1)(f) of the GDPR – establishing, exercising or defending against claims. The limitation period for claims arising from the legal relationship between us (including contracts), and an additional six months from the end of that period – in connection with the possibility of a claim being lodged at the last moment.

5 Settling statutory charges (including taxes) connected with the sale of the property. Article 6(1)(c) of the GDPR in connection with tax regulations imposing tax obligations – processing necessary to perform the legal obligation of the controller. Processing for the period required to perform the tax obligation and submit the relevant tax forms, and for the period required for their verification by fiscal authorities.

6 Archiving conducted to secure and store accounting documents for the periods indicated in the Accounting Act. Article 6(1)(c) of the GDPR in conjunction with Article 74 of the Accounting Act. Generally, for five years from the beginning of the year following the fiscal year the data concern.

Data Protection Officer acting on behalf of all Controllers of your personal data

In the Archicom Group, we have appointed a single Data Protection Officer for you to contact regarding all matters connected with the protection of your personal data:

• in writing, using the following mailing address: Archicom S.A., ul. Powstańców Śląskich 9, 53-332 Wrocław,
• by email to: abi@archicom.pl.

Who are the recipients of your personal data?

In connection with our duties and objectives, your personal data may be provided to various data recipients that we cooperate with on a regular basis. The table below contains a list of recipient categories.

Categories of personal data recipients

1.             other Controllers
2.             Partners of the Controllers – companies offering services and products related to the services of the Controllers, including financial consulting services in connection with the acquisition of the property.
3.             other companies of the Archicom Group providing the following services for the Controllers: 
   1. sales support,
   2. office services,
   3. accounting services,
   4. ICT services,
   5. design services,
   6. construction services,
   7. services connected with the maintenance of the property or fault repair.

1.             companies not belonging to the Archicom Group that provide business process support services for the Controllers, including, in particular, the providers of: 
   • engineering and construction services,
   • notarial services,
   • accounting and payment services,
   • banks providing banking services for the Controllers, including the keeping of escrow accounts,
   • ICT services,
   • services connected with the maintenance and management of the property,
   • people and property security services provided for the Controller,
   • consulting services, including, in particular, legal or financial consulting,
   • organisation of events connected with the sale of the property,
   • supporting the marketing of the Controller’s products and services.

The Controllers do not provide your personal data to third countries, i.e. non-EEA countries.

The Controllers do not provide your personal data to international organisations.

Right to object to the processing of your personal data

You may object to the processing of your personal data based on the legitimate interests of the Controllers. This refers to all the purposes of processing indicated in the tables above where Article 6(1)(f) of the GDPR is indicated in the column with the basis for processing.

We will stop processing your data for the above-mentioned purposes, unless we can prove that there are legitimate grounds important for us that override your interests, rights and freedoms, or that your data will be required by us for the establishment, exercise or defence of potential legal claims. Consequently, please provide reasons for any objections, so we can examine your particular situation and address it accordingly.

We will make every effort to ensure you are informed of the actions we take in connection with your objection as soon as possible, but in any case not later than one month from when we receive your request. In special situations, when your objection is complicated or is submitted together with other demands, we reserve the right to extend this period by two more months. You will be advised of this within one month of when we receive your request.

If your objection concerns the processing of your personal data as indicated above for direct marketing purposes, we will stop processing your data in this regard without examining the grounds for your objection. In such a situation, it is not required for you to provide grounds for your objection.

The exercise of your right to object is free of charge.

You can submit any objections to us:

• in writing, using the following mailing address: Archicom S.A., ul. Powstańców Śląskich 9, 53-332 Wrocław,
• by email to: abi@archicom.pl.

What are your other rights?

Under the GDPR, you have specific rights connected with the processing of your personal data by the Controllers.

Right to access

The right to access your data means that you can obtain the following from the Controllers:

• confirmation on whether they process your personal data, 
  • where that is the case, you have the right to obtain a copy of the processed data and information about the circumstances of data processing.

Right to rectification

The right to data rectification means that you can request that:

• inaccurate personal data be rectified;
• incomplete personal data be completed.

When you request the rectification, you should prove that your personal data are inaccurate or incomplete.

If the Controller fails to rectify or complete the data, you will have the right to ask the supervisory authority to order the data controller to provide redress for your claim.

Right to erasure

The right to data erasure (“right to be forgotten”) means that you can ask the Controllers to erase your personal data if:

• your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• you withdraw your consent for data processing, and there are no other legal grounds for the processing;
• you object to the processing, and there are no overriding legitimate grounds for the processing, or you object to processing for direct marketing purposes;
• your personal data were processed unlawfully;
• your personal data have to be erased to comply with a legal obligation stipulated in Union or Member State law to which the Controllers are subject;
• your personal data have been collected in relation to the offering of information society services directly to a child below 16.

You can also ask the Controllers to notify other data controllers to whom they have provided your personal data that you also want those other Controllers to remove all links to the data and copies of the personal data.

The erasure of data should comprise the destruction of personal data (or the carriers on which the data are kept) or the modification thereof in order to prevents the data subject from being identified (e.g. blacking out).

The right to be forgotten is subject to the exceptions described in the GDPR. According to the GDPR, this right does not apply if data processing is required, among other things, to exercise the right to the freedom of speech and information or to establish, exercise or defend against claims.

Right to restrict the processing

The restriction of processing means that the processing of your data can be restricted to retention only.

The Controllers of your personal data are obliged to restrict the processing of your data in the following situations:

• if you contest the accuracy of your personal data or object to their processing – for a period enabling the Controllers to verify the accuracy of the personal data or consider your objection;
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
• the Controllers no longer need your personal data for the defined purposes of processing, but you find that the data are required for the establishment, exercise or defence of claims.

Right to data portability

The right to data portability means that you have the right to:

• receive your personal data in a structured, commonly used, machine-readable format;
• transfer the data to another controller (where technically feasible).

The right to data portability applies when:

• data processing is carried out by automated means, and
• the data were provided by you,
• and processing is necessary for the performance of a contract to which you are
  a party or in order to take steps at your request prior to entering into a contract,
• or when processing by a processor is done based on your consent.

Right to lodge a complaint with a supervisory authority

In any case, if you find that the processing of your personal data by the Controllers breaches the GDPR, you may file a complaint with the supervisory authority. In Poland, the supervisory authority is the President of the Personal Data Protection Office.

Right to withdraw your consent to the processing of your personal data

In any case, when your personal data are processed by the Controllers based on your consent, you have the right to withdraw your consent at any time.

The withdrawal of the consent will not affect the lawfulness of the processing of your personal data based on your consent before its withdrawal.

You can withdraw your consent:

• in writing, using the following mailing address: Archicom S.A., ul. Powstańców Śląskich 9, 53-332 Wrocław,
• by email to: abi@archicom.pl.

What are the grounds for you to provide your personal data to us and what are the consequences if you do not provide them?

Providing your personal data to us is voluntary, particularly if you provide the data to us while also giving consent to the processing. However, if we need your data to enter into and perform a contract, the consequence of failing to provide them may include not being able to execute the contract. This includes, in particular, contracts connected with the acquisition of the properties – reservation contracts, property development contracts, preliminary contracts or sale contracts.

Do we process your personal data based on automated decision-making?

The decisions we make with respect to you, including, in particular, the offers we submit to you and the advertisements we send, are not based exclusively on the automated processing of your personal data, including profiling.

How can you contact us to exercise your rights?

To exercise your rights connected with our processing of your personal data, you can contact us:

• in writing, using the following mailing address: Archicom S.A., ul. Powstańców Śląskich 9, 53-332 Wrocław,
• by email to: abi@archicom.pl.

The communication is free of charge. Where your requests are manifestly unfounded or excessive, in particular, because of their repetitive nature, the Controllers may:

• charge a reasonable fee taking into account the administrative costs of providing the information or communication, or taking the action requested; or
• refuse to act on the request.

Contact us by email or using the contact form

Our website enables you to contact us by email and using the contact form.  The information you provide this way is retained in order to examine your request and any further related queries, according to Article 6(1)(b) of the GDPR. The information will not be provided to third parties, except for other companies of the Archicom Group, where necessary.

Customer Panel

With this tool, we enable you to use many convenient functions connected with sales and after-sales service. In the Customer Panel, you can also access your personal data. The data are protected with a login and password with a suitable level of complexity.

Server log files

For security reasons (e.g. to investigate fraud), in order to protect our legitimate interest within the meaning of Article 6(1)(f) of the GDPR, whenever you access our website, we save information such as your IP address and the time you accessed the website in server log files. The information can be retained for up to two years, after which it is erased. The information that has to be retained for evidentiary purposes for a specific case is erased only after the situation is fully investigated.

Newsletter

The data you have provided when signing up for our mailing list to receive our newsletter are used only for this purpose. We need your email address for correct registration. To check whether the request was made by the actual holder of the email account, we use the “Double-opt-in” procedure. We record the request to sign up for the newsletter, the sending of the confirmation email and the receipt of the required reply. The processing of your contact details and the sending of the newsletter are done based on your consent according to Article 6(a) of the GDPR.  You can opt out of the newsletter at any time and withdraw the related consent to data processing for this purpose. Each newsletter contains a suitable link to do this.

Links to third-party websites

Our websites may contain links to third-party websites. This privacy policy does not include third-party websites, because we cannot assume responsibility for their content and the implementation of the data protection policy.

YouTube videos posted on our website

Our website also includes several videos. The operator of the plug-ins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA. The videos are shared by YouTube, LLC, which requires the IP address of your computer to send the content. When playing the videos, YouTube sends its own cookies. We do not have any control over the use of your IP address and the sending of such files. The privacy policy published by YouTube at https://policies.google.com/privacy?hl=pl&gl=pl contains information about the collection, processing and use of your personal data by YouTube and Google.

Google Maps

Our website includes maps of the Google Maps service. The operator of this service is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which requires the IP address of your computer to send the content. We do not have any control over the use of your IP address by Google. The privacy policy published by Google is available at: https://policies.google.com/privacy

Cookies

Due to our legitimate interest within the meaning of Article 6(1)(f) of the GDPR (analysis, improvement and economic activities), we use cookies on our website.  They are small files saved on your computer to store specific settings for the purposes of our online presence.  Thanks to them, we automatically receive specific data (e.g. your IP address, the browser you use and your operating system) via your computer and internet connection.

You can use our website without cookies by disabling cookies in your browser. However, this may reduce the comfort and functionality of our offering. To find out how to disable cookies in your browser, use the Help function in the Browser menu.

Google Analytics

Due to our legitimate interest within the meaning of Article 6(1)(f) of the GDPR (analysis, improvement and economic activities), we use Google Analytics, the network analysis service of Google Inc. (“Google”) on our website. Google Analytics uses “cookies”. They are small files saved on your computer to enable an analysis of the use of our website. Google can use this information to analyse the use of our website and prepare reports on the activity of the website. The information generated by cookies regarding the use of the website is usually sent to the Google server in the USA, where it is stored. Thanks to the statutory guidelines, the function of IP anonymisation is active, which means that your IP address has already been shortened and anonymised in the member states of the European Union or other countries of the European Economic Area. The IP address communicated by your browser in connection with Google Analytics is not added to other Google data.

You can also prevent the saving of the data generated by the cookies connected with your website (including your IP address) and the processing of these data by Google by downloading and installing an add-on for the browser available at: https://tools.google.com/dlpage/gaoptout?hl=pl

Right to amend the policy

We reserve the right to amend our privacy policy in the future, to always be able to adapt it to our website and regulatory changes.