Privacy Policy

Introduction

  1. This document constitutes a description of the privacy policy (hereinafter referred to as the Policy) of MUNIAK Development Sp. z o.o. with its registered office in Warsaw, ul. Dywizjonu 303 139/U2, 01-470 Warsaw, registered in the register of entrepreneurs maintained by the District Court for Warsaw in Warsaw, XII Commercial Division of the National Court Register under number KRS:0000686210, REGON:367789581, NIP: 5223095810, share capital: PLN 5,000.00 (hereinafter referred to as the Administrator).
  2. The purpose of the Policy is to define the principles and methods of processing personal data originating from natural persons who are users of internet services administered by the Administrator (hereinafter referred to as the User). The Policy also contains information regarding the rights of natural persons in relation to personal data disclosed by them.
  3. The legal basis for the Policy is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as GDPR), as well as the Personal Data Protection Act of 10 May 2018 (Journal of Laws 2018 item 1000). The Policy constitutes the Administrator's implementation of obligations arising from Articles 12 and 13 of the GDPR.
  4. The Policy applies to every website, application or service referring to this information, as well as to data transmitted through them, by telephone, electronic means or in person at the Administrator's registered office. Please note that when leaving websites administered by the Administrator (e.g., by following a link to a page located in another domain), the User enters an area where the Policy does not apply. The Administrator is not responsible for the privacy policy principles applicable to pages operated by other entities.

Contact with the Administrator is possible via email: daneosobowe@muniakdevelopment.pl, by phone at: +48 22 403 91 88, or by mail to the Administrator's registered office address specified in point 1.1 above.

Personal Data Administrator

  1. Muniak Development is the Administrator of personal data provided by Users of the internet service operated at: www.muniakdevelopment.pl, who have visited and used the functionalities offered by this service (hereinafter referred to as the Internet Service).
  2. The Administrator may acquire Users' personal data in particular through:
    1. Users' contact with the Administrator through the contact form available in the Internet Service and the provision of personal data concerning them along with the message content,
    2. Users' consent to receive commercial information about current and planned investments and the Company's related offer,
    3. direct contact through telephone conversations, electronically, and by mail,
    4. submission of application documents by job candidates directly to email addresses belonging to the Administrator, or through intermediary services,
    5. state institutions and public authorities which, within the framework of proceedings conducted by them, transfer personal data for the purpose of implementing legal provisions.
  3. When collecting personal data, the Administrator registers information regarding the source of their acquisition. The acquisition of Users' personal data takes place directly from the persons to whom the data relates, as well as from third parties.
  4. The Administrator exercises particular care to ensure that personal data are processed in accordance with the purpose for which they were collected and used appropriately to the premises and categories of data processing permitted by law, in particular in accordance with the principles of personal data processing defined in Article 5 of the GDPR.

Purposes and legal bases for processing personal data

The Administrator processes personal data in accordance with its business profile, exclusively for the purposes indicated below. If, due to legal provisions, service characteristics or the necessity of its settlement, there is a need to process other personal data of the persons to whom the data relates, the Administrator may process them to the necessary extent.

  1. For the purpose of contacting the Administrator through the contact form posted in the Internet Service in connection with submitting a question or sent inquiry, Users' personal data such as: first name, surname, telephone number, email address are processed. The legal basis for processing personal data is the Administrator's legitimate interest – Article 6(1)(f) GDPR, consisting in ensuring message handling and providing answers to questions arising from it. Refusal to provide personal data will result in the inability to handle the sent message and thus its deletion.
  2. For the purpose of sending Users commercial information electronically about the Company's current offers, Users' personal data such as: first name, surname, telephone number, email address are processed.
  3. The legal basis for processing personal data is the Administrator's legitimate interest – Article 6(1)(f) GDPR, which is maintaining constant contact with Users by the Administrator for the purpose of transmitting commercial information about current and planned investments.
  4. For the purpose of establishing, pursuing claims and defending against claims, including documenting reported objections to the processing of personal data, Users' personal data that they have provided to the Administrator will be processed. The legal basis for processing personal data is Article 6(1)(f) GDPR, which allows the processing of personal data for the purpose of potential establishment, pursuit or defense of claims, being the implementation of the Administrator's legitimate interest.
  5. For the purpose of conducting the recruitment process, it is necessary to provide candidates' personal data to the extent resulting from Article 221 §1 of the Labor Code: first name(s) and surname, date of birth, contact details indicated by the candidate, education, professional qualifications and the course of previous employment, if this is necessary to perform work of a specific type or in a specific position. The legal basis for conducting the recruitment process is:
    1. the Act of 26 June 1974 Labor Code (Journal of Laws 1974 No. 24 item 141 as amended),
    2. Article 6(1)(b) GDPR, which allows the processing of personal data if they are necessary to take actions aimed at performing a contract. Providing other data by candidates, not mentioned in the catalog of Article 221 §1 of the Labor Code, is voluntary. The legal basis for processing such personal data is Article 6(1)(a) GDPR, which allows the processing of personal data based on voluntarily given consent, which can be withdrawn at any time without affecting the lawfulness of processing performed on the basis of consent before its withdrawal.

The recruitment process consists of several stages during which candidates' personal data is processed: initial selection of received applications, contact with selected candidates, employee selection.

In the case of a candidate's consent to process the provided personal data in future recruitments, the legal basis for their processing is Article 6(1)(a) GDPR, which allows the processing of personal data based on voluntarily given consent, which can be withdrawn at any time, without affecting the lawfulness of processing performed on the basis of consent before its withdrawal

Recipients of personal data

  1. Recipients of personal data provided to the Administrator by persons to whom the data relates are the following entities to whom personal data are transferred to the minimum extent necessary to achieve the purpose(s) for which the data were acquired:
    1. authorized personnel of the Administrator,
    2. entities processing personal data on behalf of the Administrator (e.g., accounting office, technical service providers, hosting service providers),
    3. competent authorities authorized in accordance with applicable law.
  2. The Administrator declares that it does not sell, make available or transfer collected personal data for processing to other persons or institutions, unless this occurs with express consent or at the request of persons to whom the data relates, or at the request of state authorities authorized by law for the needs of proceedings or activities conducted by them related to security or defense, for legally defined tasks performed for the public good, when this is necessary to fulfill the Administrator's legally justified purposes.

Transfer of personal data to countries outside the European Economic Area (EEA)

Due to the fact that the Administrator uses applications whose servers are located outside the EEA, personal data acquired in connection with Users' use of websites may be transferred to third countries. In this regard, the Administrator has ensured to use only suppliers that provide guarantees of a high level of personal data protection. These guarantees result in particular from standard contractual clauses concluded with these entities and the implementation by the Administrator of appropriate technical measures ensuring lawful entrustment of processing personal data transferred by the Administrator.

Period of personal data processing

The Administrator processes acquired personal data for the period necessary to achieve the purpose(s) for which they were provided. The data processing period is related to the purposes and bases of their processing, therefore:

  1. data processed on the basis of the Administrator's legitimate interest will be processed until the effective submission of an objection by the person to whom the data relates or the cessation of that interest. Data processed for the purpose of pursuing or defending claims will be processed for a time equal to the limitation period of those claims;
  2. data processed on the basis of consent will be processed until the withdrawal of consent expressed by the person to whom the data relates;
  3. personal data processed within the recruitment process will be processed until the completion of this process, unless the candidate consents to data processing for future recruitment purposes.

Rights of data subjects

  1. The Administrator implements the rights of persons to whom the data relates in connection with the processing of their personal data. In particular, each data subject has the right to:
    1. access to their personal data,
    2. rectification of personal data,
    3. erasure of data ("right to be forgotten"),
    4. restriction of personal data processing,
    5. object to personal data processing.
  2. In cases where the legal basis for processing personal data is the Administrator's legitimate interest, the data subject has the right to object at any time to the processing of personal data, without the need to justify their decision, particularly in cases where the legitimate interest consists in conducting activities related to direct marketing.
  3. Consent expressed by data subjects through Internet Services may be withdrawn at any time, which will not affect the lawfulness of data processing performed before its withdrawal.
  4. The Administrator informs that it is not obliged to delete data (i.e., implement the "right to be forgotten") in cases where data processing is necessary for:
    1. exercising the right of freedom of expression and information,
    2. fulfilling a legal obligation of processing under European Union law or Polish law,
    3. archival purposes in the public interest, scientific or historical research purposes or statistical purposes,
    4. establishing, pursuing or defending claims.
  5. The above rights, as well as the intention to withdraw consent, may be implemented by sending an appropriate request electronically to the email address: daneosobowe@muniakdevelopment.pl or by mail to the Administrator's registered office address specified in point 1.1 of the Policy.

Automated decision-making and profiling

Your data may be processed by the Administrator in an automated manner, including in the form of profiling. However, decisions concerning individual persons related to this processing will not be automated.

Information security and storage

The Administrator ensures the security of personal data against unlawful disclosure to unauthorized persons, data acquisition by unauthorized persons, destruction, loss, damage or alteration, and processing of personal data in a manner inconsistent with GDPR provisions.

The data Administrator takes technical and organizational measures to secure personal data that meet GDPR requirements, in particular the measures mentioned in Articles 24 and 32 of the GDPR, ensuring confidentiality, integrity and availability of processing services for transferred personal data.

Cookies

Cookies are small files sent by an internet server to the User's browser and stored on their computer. Cookies help the Administrator analyze network traffic and recognize which part of the website was visited. Cookies do not in any way enable the Administrator to access the computer or information about Users, except for information about how the website was used and personal data that Users automatically share due to browser settings.

The Administrator uses session and persistent cookies, as well as Facebook pixel. Session cookies are temporary files that are stored in the User's terminal device until logout or leaving the website. Persistent cookies enable the Administrator to recognize your browser during the next visit to the Internet Service and adapt the Service to Users' needs (e.g., remembering preferred language or font size), as well as for statistical purposes. Persistent cookies remain in your peripheral device memory until their deletion. By using the Internet Service, the User consents to placing cookies on their computer or other device for the purposes specified above. If the User does not consent to receiving cookies, they may manage and control them through their browser settings. However, it should be remembered that deleting or blocking cookies may affect the way the Internet Service is used.

For the purpose of monitoring and improving the Internet Service, aggregate information about Users is collected when browsing the website, including details about the operating system, browser version, domain name, IP address, User's URL from which they reach the Administrator's websites and where they go, and which subpages of the website were visited. The Administrator may conduct general statistics, collect data on network traffic in the Internet Service and information about related pages, and share this aggregate data with third parties for marketing, advertising or other promotional purposes, however, this aggregate data does not contain any personal data. For statistical purposes, the Administrator uses services from providers such as: Google Analytics.

Social media plugins

The Internet Services use so-called social media plugins redirecting to the Administrator's profiles maintained on social media portals: Facebook, LinkedIn, Instagram.

Through the functionalities offered by these plugins, Users can share or distribute individual content on social media. However, we draw attention to the fact that using these plugins results in data exchange between the User and the given social media portal or internet service. The Administrator does not process this data and has no knowledge of what User data is collected. Therefore, we encourage you to familiarize yourself with the terms and privacy policies of these social media services before using a given plugin.

Right to complaint

In any case of recognition that the rights of a natural person resulting from legal provisions and the Policy are violated, Users have the right to file a complaint with the Personal Data Protection Office with its seat in Warsaw at ul. Stawki 2.

Final provision

In matters not regulated by this Policy, European Union and national regulations on personal data protection shall apply.