PRIVACY POLICY OF THE WEBSITE WGHOLDING.PL
GENERAL PROVISIONS
This privacy policy for the Website is informational in nature, meaning it does not impose obligations on users of the Website. The privacy policy primarily outlines the principles regarding the processing of personal data collected by the Administrator on the Website, including the legal basis, purposes, and duration of personal data processing, as well as the rights of individuals whose data is being processed, along with information concerning the use of Cookies and similar technologies and analytical tools on the Website.
The personal data administrator collected via the Website is WG PROPERTY LIMITED LIABILITY COMPANY based in Warsaw (registered office and mailing address: al. Jana Pawła II 27, 00-867 Warsaw); entered into the Register of Entrepreneurs of the National Court Register under KRS number 0000560862; the registry court where the company's documentation is stored: District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register; share capital amounting to 5,000 PLN; NIP: 5213698228; REGON: 361653018, email address: biuro@wgholding.pl, contact phone number: 732055672 – hereinafter referred to as the “Administrator” and also being the Owner of the Website.
Contact details of the Data Protection Officer: email address: biuro@wgholding.pl.
Personal data on the Website are processed by the Administrator in accordance with applicable legal regulations, in particular, according to the Regulation of the European Parliament and Council (EU) 2016/679 of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR” or “GDPR Regulation.” The official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.
Using the Website is voluntary. Likewise, providing personal data by users of the Website is voluntary, with the stipulation that failure to provide certain data required to use specific functionalities of the Website may result in the inability to use that functionality (e.g., contact form). Providing personal data is, in this case, a contractual requirement, and if the individual whose data is being processed wishes to use a specific functionality provided on the Website by the Administrator, they are obliged to provide the required data. The scope of data required to use the functionalities of the Website is indicated by the Administrator on the Website (e.g., before filling out the contact form).
The Administrator takes particular care to protect the interests of individuals whose personal data are being processed, ensuring that the data collected are: (1) processed lawfully; (2) collected for specified, lawful purposes and not subjected to further processing incompatible with those purposes; (3) factually accurate and adequate in relation to the purposes for which they are processed; (4) stored in a form which permits identification of the data subjects for no longer than is necessary for the purposes of processing; and (5) processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, through the use of appropriate technical or organizational measures.
Taking into account the nature, scope, context, and purposes of processing, as well as the risk of infringement of the rights or freedoms of individuals with varying probabilities and severity of threat, the Administrator implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with the GDPR Regulation and to demonstrate compliance. These measures are reviewed and updated as necessary. The Administrator employs technical measures to prevent unauthorized access to and modification of personal data transmitted electronically.
Any terms, phrases, and acronyms used in this privacy policy and beginning with a capital letter should be understood according to their meanings as defined in this document.
LEGAL BASES FOR DATA PROCESSING
The Administrator is entitled to process personal data in cases where – and to the extent that – at least one of the following conditions is met: (1) the data subject has given consent to the processing of their personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Administrator is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, requiring protection of personal data, particularly when the data subject is a child.
The processing of personal data by the Administrator requires the existence of at least one of the bases specified above. The specific bases for the processing of users' personal data by the Administrator are indicated in the subsequent section of the privacy policy – with respect to the purpose of processing personal data by the Administrator.
PURPOSE, BASIS, AND DURATION OF DATA PROCESSING ON THE WEBSITE
The purpose, basis, and duration, as well as the recipients of personal data processed by the Administrator, result from the actions taken by the user on the Website.
The Administrator may process personal data on the Website for the following purposes, on the following bases, and for the periods specified in the table below:
DATA RECIPIENTS ON THE WEBSITE
For the proper functioning of the Website, it is necessary for the Administrator to use the services of external entities (such as software providers). The Administrator uses only the services of such data processors who provide sufficient guarantees of implementing appropriate technical and organizational measures, ensuring that processing meets the requirements of the GDPR and protects the rights of data subjects.
Personal data may be transferred by the Administrator to a third country, provided that the Administrator ensures that this is done in relation to a country that provides an adequate level of protection compliant with the GDPR, and in the case of other countries, that the transfer will be based on standard data protection clauses. The Administrator ensures that the data subject has the opportunity to obtain a copy of their data. The Administrator transfers the collected personal data only when it is necessary to achieve a specific data processing purpose in accordance with this privacy policy.
Data transfer by the Administrator does not occur in every case and not to all recipients or categories of recipients indicated in the privacy policy – the Administrator transfers data only when it is necessary to achieve a specific purpose of personal data processing and only to the extent necessary to achieve that purpose.
The personal data of users of the Website may be transferred to the following recipients or categories of recipients:
-
Service providers supplying the Administrator with technical, IT, and organizational solutions enabling the Administrator to conduct business activities, including their Website and electronic services (in particular, providers of software for running the Website, email and hosting providers, and providers of software for managing the company and providing technical support to the Administrator) – The Administrator shares the collected personal data of the user with the selected provider acting on their behalf only when it is necessary to achieve a specific data processing purpose in accordance with this privacy policy.
-
Legal and consulting service providers providing the Administrator with legal or advisory support (in particular, law firms, accounting offices, brokerage houses) – The Administrator shares the collected personal data of the user with the selected provider acting on their behalf only when it is necessary to achieve a specific data processing purpose in accordance with this privacy policy.
PROFILING
The GDPR imposes an obligation on the Administrator to inform about automated decision-making, including profiling, referred to in Article 22, paragraphs 1 and 4 of the GDPR, and – at least in these cases – essential information about the principles of their decision-making, as well as the significance and expected consequences of such processing for the data subject. Keeping this in mind, the Administrator provides information regarding possible profiling in this section of the privacy policy.
The Administrator may use profiling on the Website for the purposes of direct marketing, but the decisions made on this basis by the Administrator do not concern the conclusion or refusal to conclude a contract or the possibility of using electronic services on the Website. The result of using profiling on the Website may include granting a given person a discount, sending them a discount code, reminding them of unfinished actions on the Website, sending a proposal for a service that may match the interests or preferences of that person, or offering better conditions compared to the Administrator's standard offer. Despite profiling, it is up to the individual to freely decide whether they want to take advantage of the discount or offer provided in this way.
Profiling on the Website involves the automatic analysis or prediction of a given person's behavior on the Website, e.g., by analyzing their past activity history on the Website. A prerequisite for such profiling is that the Administrator has the personal data of that person in order to subsequently send them a discount code or an offer.
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
RIGHTS OF THE DATA SUBJECT
-
Right of access, rectification, restriction, deletion, or transfer – The data subject has the right to request access to their personal data from the Administrator, their rectification, deletion ("right to be forgotten"), or restriction of processing, and has the right to object to processing as well as the right to transfer their data. Detailed conditions for exercising the above rights are specified in Articles 15-21 of the GDPR.
-
Right to withdraw consent at any time – The data subject whose data is processed by the Administrator based on expressed consent (under Article 6, paragraph 1, letter a or Article 9, paragraph 2, letter a of the GDPR) has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
-
Right to lodge a complaint with a supervisory authority – The data subject whose data is processed by the Administrator has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, particularly the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.
-
Right to object – The data subject has the right to object at any time for reasons related to their particular situation – to the processing of their personal data based on Article 6, paragraph 1, letter e) (public interest or task) or f) (legitimate interest of the Administrator), including profiling based on these provisions. In such a case, the Administrator may no longer process such personal data unless it demonstrates the existence of compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of claims.
-
Right to object to direct marketing – If personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing, including profiling, to the extent that the processing is related to such direct marketing.
To exercise the rights mentioned in this section of the privacy policy, you can contact the Administrator by sending a relevant written message or by email to the address indicated at the beginning of the privacy policy.
COOKIES ON THE WEBSITE AND ANALYTICS
Cookies are small text files sent by the server and stored on the side of the person visiting the Website (e.g., on the hard drive of a computer, laptop, or on the memory card of a smartphone – depending on which device the visitor uses to access our Website). Detailed information about cookies, as well as the history of their origin, can be found, among others, here: https://pl.wikipedia.org/wiki/HTTP_cookie.
Cookies that may be sent by the Website can be classified into different types based on the following criteria:
The Administrator may process the data contained in cookies when visitors use the Website for the following specific purposes:
Checking Cookies in Popular Web Browsers
It is possible to check in the most popular web browsers which cookies (including their duration and provider) are currently being sent by the Website in the following ways:
Cookies Policy
By default, most web browsers available on the market accept the storage of cookies. Users have the ability to specify the conditions for using cookies through their browser settings. This means, for instance, that users can partially restrict (e.g., temporarily) or completely disable the ability to save cookies. However, in the latter case, this may affect some functionalities of the Website.
Browser settings regarding cookies are important for consenting to the use of cookies by our Website – according to regulations, such consent can also be expressed through the browser settings. Detailed information on how to change cookie settings and remove them in the most popular web browsers is available in the help section of the browser and on the following pages (just click on the respective link):
-
In the Chrome browser
-
In the Firefox browser
-
In the Internet Explorer browser
-
In the Opera browser
-
In the Safari browser
-
In the Microsoft Edge browser
The Administrator may use Google Analytics and Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on the Website. These services help the Administrator conduct statistics and analyze traffic on the Website. The data collected are processed within the framework of the above services to generate statistics useful for administering the Website and analyzing traffic on the Website. This data is aggregated. When using the above services on the Website, the Administrator collects data such as sources and medium of visitors to the Website, their behavior on the Website, information about the devices and browsers used to visit the site, IP addresses and domains, geographic data, and demographic data (age, gender) and interests.
It is possible for individuals to easily block the sharing of information about their activity on the Website with Google Analytics – for this purpose, one can install the browser add-on provided by Google Ireland Ltd., available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
In connection with the possibility of the Administrator using advertising and analytical services provided by Google Ireland Ltd., the Administrator indicates that full information about the rules for processing data of individuals visiting the Website (including information saved in cookies) by Google Ireland Ltd. can be found in the privacy policy of Google services available at: https://policies.google.com/technologies/partner-sites.
The Administrator may use the Facebook Pixel service provided by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the Website. This service helps the Administrator measure the effectiveness of advertisements and learn about the actions taken by visitors to the Website, as well as display tailored advertisements to those individuals. Detailed information about the operation of the Facebook Pixel can be found at the following address: https://www.facebook.com/business/help/742478679120153?helpref=page_content.
Management of the Facebook Pixel operation is possible through advertisement settings in one's account on Facebook.com: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
The Website may contain links to other websites. The Administrator encourages users to familiarize themselves with the privacy policy established on those other websites after navigating away from this Website. This privacy policy applies only to the Administrator's Website and the personal data processed in connection with its use.