Privacy Policy

GENERAL

1.1. This privacy policy of the Website is an informational document, which means that it does not establish any obligations for the Service Recipients or Customers of the Website. The privacy policy mainly contains the principles for personal data processing by the Controller on the Website, including the basis, purposes and scope of personal data processing and the rights of the data subjects as well as information about the use of cookies and analytical tools.

1.2. The Controller of the personal data collected via the Website is Greenhomes sp. z o.o. with its registered office in Zabrze, 41-803, ul. Zamkowa 1, entered in the register of entrepreneurs of the National Court Register maintained by the District Court in Gliwice, 10th Commercial Division of the National Court Register, under KRS (National Court Register Number): 0000863658, NIP (Tax Identification Number): 6482800959, REGON (National Official Business Register Number): 387249030, e-mail: movehouse@move-house.eu, contact phone number: +48 796 744 974 – hereinafter referred to as the “Controller”, who is also the Website Service Provider and the Seller.

1.3. Personal data on the Website are processed by the Controller according to the applicable law, including, in particular, according to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR” or “GDPR Regulation”. Official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

1.4. The use of the Website, including making purchases on the Website, is voluntary. Similarly, the provision of their personal data by the Service Recipient or Customer using the Website is voluntary except in two cases: (1) conclusion of contracts with the Controller – failure to provide the personal data in the cases and to the extent indicated on the Website and in the Terms and Conditions of the Website and this privacy policy as required to enter into and perform the Sale Contract or the Electronic Services Contract with the Controller will prevent the conclusion of such a contract. In such a situation, providing the personal data is a contractual requirement, and if the data subject wants to enter into a particular contract with the Controller, they have to provide the required data. In each case, the scope of data required to enter into the contract is previously indicated on the web page of the Website and in the Terms and Conditions of the Website; (2) statutory duties of the Controller – providing personal data is a statutory requirement arising from the generally applicable law obliging the Controller to process personal data (e.g., data processing to keep tax books or account books), and the failure to provide them will prevent the Controller from fulfilling such duties.

1.5. The Controller takes great care to protect the interests of the persons whose data they process, including, in particular, being responsible for ensuring that the data they collect are: (1) processed according to the law; (2) collected only for the indicated purposes and not subject to further processing contrary to such purposes; (3) correct and adequate to the purposes of processing; (4) kept in a form preventing the identification of the data subjects for periods longer than necessary to achieve the purposes of processing and (5) processed in a way that ensures the appropriate security of the personal data, including protection against prohibited or unlawful processing and accidental loss, destruction or damaging of data using suitable technical or organisational measures.

1.6. Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the Controller implements appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with the Regulation. Those measures are reviewed and updated where necessary. The Controller uses technical measures to prevent the personal data sent electronically from being acquired and modified by unauthorised persons.

1.7. All words, phrases and acronyms used in this privacy policy and beginning with a capital letter (e.g., Seller, Website, Electronic Service) shall be understood according to their definition provided in the Terms and Conditions of the Website available on the pages of the Website.

BASIS FOR DATA PROCESSING

2.1. The Controller is entitled to process personal data if and to the extent to which at least one of the following conditions is met: (1) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the controller is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Is entitled to store the IP address of the participant. Only one account can be assigned to each participant. There is no right of participation. The registration cannot be transferred.

2.2. In each case, personal data processing by the Controller requires the existence of at least one of the grounds indicated in section 2.1 of the privacy policy. The specific basis for the processing of the personal data of the Service Recipient and Customers of the Website by the Controller is indicated in the next section of the privacy policy – with reference to the specific purpose of personal data processing by the Controller.

PURPOSES, BASIS, PERIOD AND SCOPE OF DATA PROCESSING ON THE WEBSITE

3.1. The Controller may process personal data on the Website for the following purposes, on the following basis, in the following periods and to the following extent:

Performance of a Sale Contract or Electronic Services Contract or taking action upon the request of the data subject before entering into the above-mentioned contracts
Direct marketing
Marketing
Allowing the Customer to express their opinion regarding the Sale Contract they have signed
Keeping tax or account books
Establishment, exercise or defence of claims that may be asserted by the Controller or that may be asserted against the Controller

Article 6(1)(b) of the GDPR Regulation (performance of a contract). The data are kept for the period required for the performance, termination or another form of expiry of the contract.
Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Controller). The data are kept for the duration of the existence of a legitimate interest of the Controller, but in any case not longer than until the end of the limitation period for claims regarding the data subject on the account of the business conducted by the Controller. The claim limitation period is defined by the law, including, in particular, the Civil Code (the basic limitation period for claims connected with the conduct of business is three years, and for a sale contract – two years). The Controller cannot process data for direct marketing purposes if the data subject makes a successful objection in this regard.
Article 6(1)(a) of the GDPR Regulation (consent) The data are kept until the data subject withdraws their consent to the further processing of their data for this purpose.
Article 6(1)(a) of the GDPR Regulation The data are kept until the data subject withdraws their consent to the further processing of their data for this purpose.
Article 6(1)(c) of the GDPR Regulation in connection with Article 86(1) of the Tax Ordinance Act, i.e., the Act of 17 January 2017 (Journal of Laws of 2017, item 201) or Article 74(2) of the Accounting Act, i.e., the Act of 30 January 2018 (Journal of Laws of 2018, item 395). The data are kept for the period required by the law obliging the Controller to keep tax books (until the end of the limitation period for the tax liability, unless tax acts stipulate otherwise) or account books (5 years, starting from the beginning of the year following the fiscal year the data concern).
Article 6(1)(f) of the GDPR Regulation The data are kept for the duration of the existence of a legitimate interest of the Controller, but in any case not longer than until the end of the limitation period for claims regarding the data subject on the account of the business conducted by the Controller. The claim limitation period is defined by the law, including, in particular, the Civil Code (the basic limitation period for claims connected with the conduct of business is three years, and for a sale contract – two years).

Maximum scope: first name and last name; e-mail address; contact phone number; delivery address (street, house number, unit number, postal code, town, country), address of residence / business / registered office (if different from the delivery address).
E-mail address
First name and last name, e-mail address, phone number
First name and last name, e-mail address, phone number
First name and last name; address of residence / business / registered office, company name and tax identification number (NIP) of the Service Recipient or Customer
First name and last name; contact phone number; e-mail address; delivery address (street, house number, unit number, postal code, town, country), address of residence / business / registered office

DATA RECIPIENTS ON THE WEBSITE

4.1. To ensure the correct functioning of the Website, including the implementation of Sale Contracts, the Controller has to use the services of external entities (e.g., software provider or payment processor). The Controller only uses the services of processors that provide sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the GDPR Regulation and ensure the protection of the rights of the data subjects.

4.2. The data are not provided by the Controller in every case and to all the recipients or categories of recipients indicated in this privacy policy – the Controller provides data only when required to achieve a specific purpose of personal data processing and only to the extent necessary for its achievement. Personal data of Service Recipients and Customers of the Website may be provided to the following recipients or categories of recipients:

1. processors of electronic payments or card payments – for Customers who use electronic payments or card payments on the Website, the Controller provides the personal data of the Customer they gather to the selected processor of the above-mentioned payments on the Website engaged by the Controller to the extent necessary for the processing of the Customer’s payment.

2. provider of a review system – for Customers who consented to give their opinion on the Sale Contract they have signed, the Controller provides the personal data of the Customer they gather to the selected provider of the review system used to review the Sale Contracts entered into via the Website engaged by the Controller to the extent necessary for the Customer to give their opinion using the review system.

3. providers of technical, IT and organisational services for the Controller enabling the Controller to conduct their business, including the Website and the Electronic Services provided via the Website (including, in particular, the providers of the software used to operate the Website, providers of e-mail and hosting, providers of enterprise management software and providers of technical support for the Controller) – the Controller provides the personal data of the Customer they gather to the selected provider engaged by the Controller only if and to the extent necessary to achieve the particular purpose of data processing conforming to this privacy policy.

4. providers of accounting, legal and consulting services providing the Controller with accounting, legal or consulting support (including, in particular, bookkeeping firms, legal firms or debt collection companies) – the Controller provides the data of the Customer they gather to the selected provider engaged by the Controller only if and to the extent necessary for the achievement of the particular purpose of data processing conforming to this privacy policy.

RIGHTS OF THE DATA SUBJECT

5.1. The right to access, rectification, restriction, erasure or data portability – the data subject will have the right to request from the Controller access to and rectification or erasure (“the right to be forgotten”) of personal data or restriction of processing concerning the data subject or to object to the processing as well as the right to data portability. The specific conditions for the exercise of the above-mentioned rights are given in Articles 15–21 of the GDPR Regulation.

5.2. Right to withdraw the consent at any time – the data subject whose data are processed by the Controller based on their consent (based on Article 6(1)(a) or Article 9(2)(a) of the GDPR Regulation) has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

5.3. The right to lodge a complaint with the supervisory authority – the data subject whose data are processed by the Controller has the right to lodge a complaint with the supervisory authority according to the GDPR Regulation and Polish law, including, in particular, the Personal Data Protection Act. In Poland, the supervisory authority is the President of the Personal Data Protection Office.

5.4. The right to object – the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Article 6(1)(e) (public interest or tasks) or Article 6(1)(f) (legitimate interest of the Controller), including profiling based on those provisions. In such a situation, the Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

5.5. The right to object to direct marketing – where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

5.6. To exercise the rights discussed in this section of the privacy policy, the data subject may contact the Controller by sending a suitable message in writing or by e-mail to the address of the Controller indicated at the beginning of the privacy policy or using the contact form available on the Website.

COOKIES ON THE WEBSITE, PERFORMANCE DATA AND ANALYTICS

6.1. Cookies are small pieces of text information in the form of text files that are sent by the server and saved on the devices of the visitor of the Website (e.g., on the hard drive of a computer or laptop or on the memory card of a smartphone – depending on the type of device used by the person visiting the Website). Specific information about Cookies as well as their history can be found, for instance, here: https://en.wikipedia.org/wiki/HTTP_cookie.

6.2. The Controller may process the data kept in the Cookies while the visitors use the Website for the following purposes:
saving data from filled-out Booking Forms and surveys of the Website;
adapting the contents of the Website to the individual preferences of the Service Recipient (e.g., concerning the colours, font size and page layout) and improving the use of the Website;
maintaining anonymous statistics illustrating the way the Website is used;

6.3. Normally, most web browsers available on the market accept the saving of Cookies by default. Everyone can configure the use of Cookies by changing the settings of their web browser. This means that Cookies can be partially (e.g., for a specific period) or completely disabled – in the latter case, this may affect some of the functions of the Website.

6.4. The Cookie settings of the web browser are relevant in the context of the consent to the use of Cookies by our Website – according to the law, such consent may also be given through appropriate settings of the web browser. Where no such consent is given, it is necessary to accordingly change the Cookie settings of the web browser.

6.5. Specific information about the ways of changing the Cookie settings and removing them manually in the most popular web browsers are available in the help section of the web browser and on the following pages (just follow the link):
in the Chrome browser
in the Firefox browser
in the Internet Explorer browser
in the Opera browser
in the Safari browser
in the Microsoft Edge browser

6.6. The Controller may use the services of Google Analytics, Universal Analytics provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the Website. These services help the Controller analyse traffic on the Website. The gathered data are processed in connection with the above-mentioned services in an anonymised fashion (they are the so-called performance data, which do not enable the identification of the data subject) to generate statistics helpful in the administration of the Website. These data are aggregated and anonymous, i.e., they do not include any identifying details (personal data) of the persons visiting the Website. By using the above-mentioned services on the Website, the Controller gathers data such as the sources and the medium used to acquire the visitors to the Website and their behaviour on the Website, information about the devices and browsers they use to visit the website, IP and domain, geographical data and demographic data (age, sex) and interests.

6.7. The data subject can disable the communication of information about their activity on the Website to Google Analytics on the Website – to do so, the data subject can install a browser add-on provided by Google Inc., which can be found here: https://tools.google.com/dlpage/gaoptout?hl=pl

FINAL PROVISIONS

7.1. The Website contains references to other websites. The Controller recommends reading the privacy policies of such websites after accessing them. This privacy policy only concerns the Website of the Controller.