This website is for informational purposes only, and materials presented hereon should be treated as illustrative. All information and materials contained on this website are not legally binding and do not constitute a commercial offer, including within the meaning of Article 66 § 1 of the Civil Code. Ghelamco GP5 spółka z ograniczoną odpowiedzialnością Foksal S.K.A. with its registered office in Warsaw reserves the right to introduce changes to the above information and materials at any time.

Information clause concerning contact with the Controller

1. Personal Data Controller

The Controller of your personal data is Ghelamco GP5 spółka z ograniczoną odpowiedzialnością Foksal spółka komandytowo-akcyjna, with its registered office in Warsaw, address: pl. Europejski 1, 00-844 Warsaw, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, under number KRS: 0000476612, NIP No.: 5252564070, REGON No.: 146871486, with the share capital of PLN 50,000.00 (“Controller”).

2. Controller’s contact details

You can contact the Controller:

1. by phone: +48 600 113 113;
2. by e-mail: rodo@ghelamco.pl;
3. in writing, by sending correspondence to the address: Ghelamco GP5 spółka z ograniczoną odpowiedzialnością Foksal S.K.A., pl. Europejski 1, 00-844 Warsaw.

3. Contact details of the Data Protection Officer

The Controller has appointed a person in charge of personal data protection, i.e. a Data Protection Officer, who can be contacted:

1. by e-mail: rodo@ghelamco.pl;
2. in writing, at the following mailing address: Ghelamco GP5 Spółka z ograniczoną odpowiedzialnością Foksal S.K.A., pl. Europejski 1, 00-844 Warsaw.

4. IV. Purposes of data processing, legal basis

The Controller processes your data for the following purposes:

1. 1. to pursue the legitimate interest of the Controller (on the basis of Article 6(1)(f) of the GDPR), that is:
   • 1.1. contact with the Controller in relation to its business activity and providing information about the Controller’s investments, including communication and solving matters to which the contact relates (in particular handling inquiries, complaints, etc.), as well as contact with the Controller with respect to other matters;
   • 1.2. direct marketing – sending out information for the purpose of marketing of the services and goods offered by the Controller, in particular in the form of rental or sale of residential or commercial premises, including by sending newsletters;
   • 1.3. establishing, asserting or defending itself against claims;
2. contact with regard to conclusion or performance of the concluded agreement (in particular with regard to conclusion of a contract for lease or sale of premises/an apartment) (Article 6(1)(b) of the GDPR).
3. marketing of Ghelamco Group entities (on the basis of your consent, i.e. Article 6(1)(a) of the GDPR) by sending out information for the purpose of marketing services and goods offered by companies from the Ghelamco Group, to which the Controller belongs, in particular in the form of rental or sale of residential or commercial premises, including by sending newsletters.

5. Categories of data recipients

Your personal data may be made available to the following categories of entities:

1. clients and contractors of the controller;
2. entities authorised under the law (courts, state authorities, etc.);
3. subcontractors and other entities providing services to the Controller, including in particular entities providing accounting, IT, marketing, communication and analytical, legal and debt collection services;
4. companies affiliated with the Controller.

In any case, the processing of your personal data by the aforementioned recipients will take place on the basis of a relevant authorisation, a data processing agreement or on the basis of the applicable legislation.

6. Transferring data outside the European Economic Area

The Controller will not transfer your personal data outside the European Economic Area or to an international organisation.

7. Security measures

In order to ensure the integrity and confidentiality of personal data, the Controller has implemented procedures which allow access to personal data only to authorised persons and only to the extent that it is necessary for the tasks they perform. The Controller applies organisational and technical solutions to ensure that personal data are processed only by authorised persons.

8. Data retention period

Your personal data will be processed by the Controller for the following purposes:

1. to establish, assert or defend itself against claims related to the contact that has been carried out – until such time as such claims become time-barred;
2. to enable contact with the Controller – until the conclusion of the matters to which the contact relates;
3. to enable contact related to the agreement – until the expiration of the agreement or until such time as such claims become time-barred;
4. to conduct direct marketing – until you raise an objection or for a period of 5 years.

9. Your rights

Under the GDPR, you have the right to:

1. request access to your data and receive a copy thereof;
2. rectification (correction) of your data;
3. erasure of data – if there is no legal basis for the data to be processed;
4. limitation of data processing – if the personal data processed by the Controller are incorrect or processed without a legal basis, or if their erasure is impossible due to the existence of a valid legal basis for the processing;
5. data portability – the right to receive, in a structured, commonly used machine-readable format, personal data provided on the basis of consent or under an agreement; you can also request to have the data transferred directly to another entity;
6. lodge a complaint with the supervisory authority – if the data are processed in violation of the law, you can lodge a relevant complaint with the President of the Personal Data Protection Office.

In order to exercise your rights, you may contact the Controller using one of the methods specified in Section II or Section III.

10. Right to object

You may, at any time, object to the processing of your personal data processed by the Controller in order to pursue a legitimate interest (Article 6(1)(f) of the GDPR), through the means of communication indicated in Section II or Section III.

11. Information on the requirement or voluntary nature of providing data and the consequences of not providing them

Providing your personal data is voluntary, but it is necessary in order for the Controller to implement the aforementioned purposes, to which the processing on the legal basis relevant in a given case relates.