Privacy policy

FOR
(1) EPP PROPERTY MANAGEMENT Sp. z o.o.
(2) EPP COMMUNITY PROPERTIES – PM SERVICES Sp. z o.o.

TABLE OF CONTENTS
1. DEFINITIONS
2. DATA PROCESSING IN CONNECTION WITH USING THE SERVICE
3. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING IN THE SERVICE
4. SOCIAL NETWORKING SERVICES
5. COOKIES AND SIMILAR TECHNOLOGY
6. ANALYTICAL AND MARKETING TOOLS USED BY THE CONTROLLER’S PARTNERS
7. MANAGING COOKIES SETTINGS
8. PERSONAL DATA PROCESSING PERIOD
9. USER’S RIGHTS
10. DATA RECIPIENTS
11. DATA TRANSFER OUTSIDE EEA
12. PERSONAL DATA SAFETY
13. CONTACT DETAILS
14. AMENDMENTS TO PRIVACY POLICY

PRIVACY POLICY
1. DEFINITIONS

1.1. Controller – jointly Controller 1 and Controller 2 or, depending on context, any of the above.
1.2. Controller 1 – company EPP PROPERTY MANAGEMENT Spółka z ograniczoną odpowiedzialnością with its registered office in Kielce, adres: ul. Świętokrzyska 20, 25-406 Kielce.
1.3. Controller 2 – company EPP COMMUNITY PROPERTIES – PM SERVICES sp. z o.o. with its registered office in Kielce, adres: ul. Świętokrzyska 20, 25-406 Kielce
1.4. Personal Data – information on an individual identified or identifiable by one or several specific features determining his/her physical, physiological, genetic, psychic, economic, cultural or social identity, including the equipment IP, location data, an online ID, and information collected via cookies and other similar technology.
1.5. Policy – this Privacy Policy.
1.6. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
1.7. Service – the Internet service operated by the Controller at the following address: https://pl.epp-poland.com/ and other services operated for the facilities administered by Controller 1 or Controller 2, such as this service. The addresses of the services may be updated from time to time.
1.8. User – any individual visiting the Service or using one or more services or functionalities described herein.

2. DATA PROCESSING IN CONNECTION WITH USING THE SERVICE

2.1. In connection with the User’s making use of the Service, the Controller 1 and Controller 2 collect data to the extent necessary to provide individual offered services as well as information on the User’s activity in the Service. The detailed terms and conditions and the purposes of processing the Personal Data collected during the User’s use of the Service are described below.
2.2. Controller 1 and Controller 2 are joint controllers of the Personal Data based on a separate agreement.

3. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING IN THE SERVICE
USING THE SERVICE

3.1. The Personal Data of all individuals using the Service (including IP address or other identification details and information collected via cookies or other similar technologies) are processed by the Controller:

3.1.1. for purposes of providing electronically supplied services to the extent of making available to the Users the contents collected in the Service – in this case, the legal basis for processing is that the processing is necessary for the performance of a contract (Article 6(1)(b) GDPR);
3.1.2. for analytical and statistical purposes – in this case, the legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting in conducting the analyses of the Users’ activity and their preferences in order to improve the functionalities applied and the services provided;
3.1.3. for purposes of determining and seeking or defending against claims, if any – in this case, the legal basis for processing is Article 6(1)(c) GDPR.

3.2. The User’s activity in the Service, including his/her Personal Data, is recorded in system logs (a special computer programme used for storing chronological records with information on events and actions relating to the IT system used for providing the services by the Controller). The information collected in logs are processed predominantly for purposes connected with the provision of services. They are also processed by the Controller for technical and administrative purposes, for the purpose of ensuring IT system security and managing such IT system, as well as for analytical and statistical purposes – in this case, the legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR).

CONTACT FORMS

3.3. The Controller provides the possibility to contact the Controller with the use of electronic forms. The use of a contact form required providing Personal Data necessary to initiate contact with the User and answer the issue. The User may also provide other data to facilitate the contact or managing the request. The provision of data marked as obligatory is required for the admission and processing of the request and the lack of provision of this data results in the lack of possibility to process the request. Provision of other data is optional
3.4. The Personal data is processed:

3.4.1. for the purposes of identifying the sender and processing their request through the form – in this case, the legal basis for processing is that the processing is necessary for the performance of a contract (Article 6(1)(b) GDPR); in the scope of optional data the basis for processing is consent (Article 6(1)(a) GDPR);
3.4.2. for analytical and statistical purposes – in this case, the legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting in conducting the analyses of the Users’ activity in the Service in order to improve the functionalities applied.

NEWSLETTER AND MARKETING CONTENT

3.5. The Controller sends marketing content including provision of the newsletter service to those individuals who provided their e-mail address or phone number for this purpose. The provision of data is required for the purposes of sending marketing content or providing the newsletter sending service and the failure to provide the same results in the inability to send it. This form of communication with Users may include profiling.
3.6. The Personal Data are processed:

3.6.1. for the purposes of providing the newsletter sending service – in this case, the legal basis for processing is that the processing is necessary for the performance of a contract (Article 6(1)(b) GDPR);
3.6.2. in the case of sending to the User marketing contents in a newsletter or other ways – in this case, the legal basis for processing, including profiling, is the Controller’s legitimate interest (Article 6(1)(f) GDPR) in connection with the User’s consent to receive a newsletter;
3.6.3. for analytical and statistical purposes – in this case, the legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting in conducting the analyses of the Users’ activity in the Service in order to improve the functionalities applied;
3.6.4. for purposes of determining and seeking or defending against claims, if any – in this case, the legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting in the protection of its rights.

SOCIAL NETWORKING SERVICES

3.7. The Controller processes the Personal Data of the Users visiting the Controller’s profiles in the social media (Facebook, YouTube, Instagram, Twitter). These data are processed exclusively in connection with operating the profile, including for the purpose of informing the Users on the Controller’s activity and promoting various types of events, services, and products. The legal basis for the Personal Data processing by the Controller for this purpose is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting in the promotion of its own brand.
3.8. In case of the registration of the user in the app and/or with the participation of participation in the points collecting program, incentive program and/or in individual actions, respectively, and in connection with the use of the application, the Controller may obtain the User’s personal data from Facebook, TikTok, Google and Apple.

4. COOKIES AND SIMILAR TECHNOLOGY

4.1. Cookies are small text files that are placed on the computer by the visited websites. They are commonly used to make websites work better or more efficiently, and to provide information to website owners.
We use the following categories of cookies: session and permanent.

4.1.1. session files – they remain on the User’s device until leaving the website or turning off the software (web browser);
4.1.2. permanent files remain on the device for the time specified in the file parameters or until they are manually deleted by the User.

4.2. FOR WHAT PURPOSES DOES THE CONTROLLER USE COOKIE FILES?
As for the purpose, the Controller uses two categories of cookie files: “necessary” and “optional” for the following purposes:

4.2.1. “Necessary” cookie files – for the purpose and to the extent necessary for the proper display of the website. The aim is to provide basic functions such as security, network management and availability. You can disable them by changing your browser settings, but this may affect the functioning of the website. For this purpose, session cookies may be used on the Service.
4.2.2. “Optional” cookie files including:
a) analytical – in order to study the preferences of people using the Service with the use of the results of these studies for the purpose of improving the quality of displaying the website;
b) marketing – in order to enrich information about the User, provide a personalized Promotion and/or make an automatic decision;
c) social network plug-ins – for marketing purposes to display personalized advertising on portal pages
For this purpose, permanent and session cookies may be used on the Service.
The use of this category of cookies is based on the user’s consent. The indicated data is not combined with such information as name and surname, e-mail address and other data enabling easy identification of the person visiting the website.

4.3. ANALYTICAL COOKIES (OF THIRD PARTIES)

4.3.1. (provider Google Inc.)
These cookies are used to collect information about how visitors use the Service. The administrator uses this information to create reports and improve the website. Cookies collect information in a way that does not directly identify anyone, including the number of visitors to the site and blog from which visitors have visited the site and the pages they have visited. Google’s overview on privacy and data protection can be found at https://support.google.com/analytics/answer/6004245. As part of the service provided, data may be transferred outside the EEA and Switzerland, mainly to the United States.

MARKETING COOKIES

4.3.2. Information on how the User uses the Website, which allows to customize the display of relevant advertisements on our websites or third-party websites, tailored to the preferences and habits of Users.
Based on this information, it is possible to create, for example, general User profiles, which means that the Service User is subject to profiling, but this type of profiling does not affect his rights.
4.3.3. Decisions regarding the display of the Promotion on the websites may be made automatically based on the collected information about the User’s activity. The processing of personal data concerning the User in order to prepare and deliver tailored Promotions may in some cases rely on the use of IT systems that allow for automatic tailored Promotions, which are then displayed on the Service on the website without human intervention. The Administrator informs that in accordance with applicable law, in cases where a decision made on the basis of such processing of personal data concerning the User causes legal effects for the User or significantly affects him in a similar way, the User has the right to obtain human intervention on the part of the Controller, express own position and challenge the decision. For this purpose, the User may contact the Controller or using the functionalities provided on the Service.
The automatic decision, including profiling referred to in point 4.3.4, will take place in the event of express consent in the cookie configurator.

SOCIAL MEDIA PLUGINS

4.4. The Service uses social media plugins (such as Facebook, Google+, LinkedIn, Twitter). These plugins enable the User to share the contents published in the Service in a selected social networking service. Due to the use of such plugins in the Service, a given social networking service receives information on the User’s making use of the Service and may assign such information to the User’s profiles created in such social networking service. The Controller does not have knowledge on the purpose or scope of data collection by social networking services. For detailed information, see:

4.4.1. Facebook: https://www.facebook.com/policy.php
4.4.2. Google: https://privacy.google.com/take-control.html?categories_activeEl=sign-in
4.4.3. LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=pl_PL
4.4.4. Twitter: https://twitter.com/en/privacy

MANAGING AND DELETION OF COOKIE FILES

4.5. Most browsers offer the option of accepting or rejecting all cookies. The user can also easily change the settings for files of this type in the browser settings. Blocking all cookies on the Service may cause difficulties in operation or completely prevent the use of some functionalities.
4.6. Managing and deleting cookies varies depending on the browser you use. For detailed information on this subject, use the Help function in your browser or visit the website http://www.allaboutcookies.org, which explains step by step how to control and delete cookies in most browsers.
4.7. Information about individual browsers can be found on the pages:
a) EDGE: https://support.microsoft.com/pl-pl/microsoft-edge/usuwanie-plik%C3%B3w-cookie-w-przegl%C4%85darce-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
b) Mozilla Firefox: HTTP://SUPPORT.MOZILLA.ORG/PL/KB/CIASTECZKA
c) Google Chrome:
HTTP://SUPPORT.GOOGLE.COM/CHROME/BIN/ANSWER.PY?HL=PL&ANSWER=95647
4.8. You can opt out of Google Analytics across all sites by visiting: http://tools.google.com/dlpage/gaoptout.

OPERATIONAL DATA

4.9. Even if cookies are not installed, the website administrator can access the following data characterizing the way the website is used (hereinafter: other operational data):
a) the ID number assigned to the device of the person visiting the website,
b) markings identifying the end of the telecommunications network,
c) ICT system (type of device, operational, web browser) used by the Internet user,
d) information about the start, end and scope of each use of the website

4.9.1. To ensure the highest quality of the service, the Controller occasionally analyzes log files in order to determine: which pages are visited most often, which web browsers are used, whether the page structure does not contain errors, etc. Operational data is not combined with such information as name and surname e-mail address and other data enabling easy identification of the person visiting the website.

ACCESS TO INFORMATION STORED ON THE DEVICE OTHER THAN COOKIES

4.10. Based on the consent (expressed on the device) and only for the purpose of providing the service electronically through the Application, the Controller gains access to the functionalities of the end device (e.g. mobile phone).

GDPR

4.11. Information obtained through the cookie mechanism and operational data may constitute personal data within the meaning of the GDPR in certain exceptional situations. If the information indicated above is qualified as personal data, the administrator of personal data is the Controller. Even in the case of doubts whether a given category of information is personal data, the Controller introduces mechanisms protecting this information as personal data.
4.12. The processing of the above categories of data to the extent it is necessary for the correct display of the website (“necessary” cookies) is based on the so-called cookies. legitimate interest of the website administrator (Article 6(1)(f) of the GDPR). For this purpose, there may be:
a) a) occasional analysis of log files in order to determine: which browsers are used by website visitors; which tabs, pages or subpages are most or least visited or viewed; whether the page structure does not contain errors;
b) b) preventing unauthorized access to the website and the distribution of malicious codes, stopping denial-of-service attacks, and preventing damage to computer systems and electronic communication systems.
In the above cases, you have the right to raise an objection.

4.13. However, if you consent to the installation of “optional” cookies (analytical, e.g. provided by Google Analytics / marketing), the information collected in this way will be used to study the preferences of people using the Service, with the purpose of the results of these studies for the purpose of improving the quality of the displayed pages. In this case, the basis for data processing is art. 173 sec. 2 of the Telecommunications Law (Journal of Laws of 2004, No. 171, item 1800) in connection with joke. 6 sec. 1 lit. a) GDPR. As indicated by art. 174 of the Telecommunications Law, the provisions on the protection of personal data shall apply to obtain the consent of the subscriber or end user. You can withdraw and delete cookies from your device at any time. Withdrawal of consent does not affect the lawfulness of the processing that was made on the basis of consent before its withdrawal.

5. PERSONAL DATA PROCESSING PERIOD

5.1. The period of data processing by the Controller depends on the type of the service provided and the processing purpose. As a rule, data are processed for the duration of the service provision, until the withdrawal of the consent granted or until making an objection against data processing in cases where the legal basis for data processing is the Controller’s legitimate interest.
5.2. The data processing period may be extended in the case where the processing is necessary to determine and seek or defend against claims, if any. Following the processing period expiry, the data become irreversibly deleted or anonymised.

6. USER’S RIGHTS

6.1. The User shall have the right to have access to the data and to request from the Controller their rectification or erasure or restriction of processing, the right to data portability, the right to object against data processing, and the right to lodge a complaint with a supervisory authority dealing with the Personal Data protection.
6.2. To the extent the User’s data are processed, such consent can be withdrawn at any time by contacting the Controller or using the functionalities available via the Service.
6.3. The User has the right to object against data processing for marketing purposes, if such processing takes place in connection with the Controller’s legitimate interest as well as, for reasons related to the User’s special situation, in other cases where the legal basis for data processing is the Controller’s legitimate interest (e.g., in connection with pursuing analytical and statistical purposes).
6.4. For more information on rights under GDPR, refer to Transparency Policy [link].

7. DATA RECIPIENTS

7.1. In connection with the provision of services, the Personal Data will be disclosed to third party entities, including, without limitation, providers of IT services, in particular hosting services, providers responsible for IT system operation, providers of analytical services, marketing agencies (to the extent of marketing services) and the Controller’s affiliates, including member entities of the Controller’s group of companies.
7.2. If the User’s consent is obtained, his/her data can also be made available to other entities for their own purposes, including marketing ones.
7.3. The Controller reserves the right to disclose selected information on the User to competent authorities or third parties who require the provision of such information, relying on relevant legal basis and in compliance with applicable legal regulations.

8. DATA TRANSFER OUTSIDE EEA

8.1. The Personal Data protection level outside the European Economic Area (EEA) differs from the one which the European law ensures. For this reason, the Controller transfers the Personal Data outside the EEA only in the case where it is necessary and subject to ensuring appropriate protection level, mainly through:
8.1.1. the cooperation with the Personal Data processors in the countries for which the European Commission issued a decision declaring that an appropriate level of the Personal Data protection is ensured therein (adequacy decision);
8.1.2. the application of standard contractual clauses issued by the European Commission;
8.1.3. the application of binding corporate rules approved by the competent supervisory authority.

9. PERSONAL DATA SAFETY

9.1. The Controller conducts the risk analysis on an ongoing basis for the purpose of ensuring that the Personal Data are processed by the Controller safely, in a manner that warrants first of all that data access is granted only to authorised persons and only to such extent as may be necessary in the light of the duties they perform. The Controller shall also see to it that any and all operations on the Personal Data are registered and performed by authorised employees and associates only.
9.2. The Controller shall take any such measures as may be necessary to ensure that its subcontractors and other associates equally warrant the application of appropriate security measures each time they process the Personal Data on the Controller’s instruction.

10. CONTACT DETAILS

10.1. The Controller can be contacted by writing at rodo@epp-poland.com or at its mailing address: ul. Świętokrzyska 20, 25-406 Kielce.
10.2. The Controller has appointed the Personal Data Protection Coordinator who can be contacted by writing at rodo@epp-poland.com in any issues related to Personal Data processing.

11. AMENDMENTS TO PRIVACY POLICY

11.1. This Policy is subject to ongoing verification and is updated whenever necessary.