Polityka prywatności

PJP MAKRUM S.A. PRIVACY POLICY

AND WEBSITE: www.pjpmakrum.com

The Privacy Policy is intended to increase your understanding of what happens to the data we collect from you. Below, we will try to answer any questions you may have.

The Policy therefore provides information on the principles of processing and protecting personal data collected by entities (companies) from the PJP MAKRUM S.A. group of companies (hereinafter referred to as "PJP") from you in connection with the purchase of real estate from PJP Group companies, the use of services provided by PJP Group entities, inquiries directed to PJP Group entities, and the bidding process. This also applies to data provided in connection with participation in events organized by PJP Group entities, participation in the recruitment process of PJP Group employees, subscription to the Newsletter or other channels of information about PJP Group entities' products and services, exchange of correspondence, etc., including in particular in connection with the use of our websites.

Polityka Prywatności ma charakter informacyjny - nie jest ona źródłem obowiązków dla Ciebie, a jedną z jej głównych funkcji jest wypełnienie obowiązku informacyjnego (art. 13  RODO).

The controller, i.e., the entity deciding how your personal data will be used, particularly within the scope of the PJP Group's marketing activities, is PJP Makrum S.A. with its registered office in Bydgoszcz (Pl. Kościelecki 3, 85-033 Bydgoszcz) – hereinafter also referred to as "PJP," "Company," or "We").

Special purpose vehicles established for specific projects are separate controllers of your personal data for individual investments (implementations), including the conclusion and performance of contracts.

In matters related to the processing of personal data, you can contact us by writing to our designated Data Protection Officer at:

• PJP Makrum S.A., 85-033 Bydgoszcz, Pl. Kościeleckich 3 (with the note: "Data Protection Officer")

• or by email: rodo@immobile.com.pl

We obtained your personal data by completing the contact form on our website - https://pjpmakrum.com or by contacting us in another way. In each of these cases, the relevant entity from the PJP group will be the controller of the personal data obtained through such contact (in particular, telephone contact, visits to branches or warehouses, etc.).

Providing your personal data is not mandatory, however, failure to do so will prevent us from performing the activities for which we require your data. For example, it is necessary to conclude and execute a contract with you, such as a reservation agreement or a sales contract.

If our use of your data is not necessary for the performance of the contract, compliance with a legal obligation, or does not constitute our legitimate interest, we may ask you for your consent to certain data uses. Consent may take the form of checking a box when browsing a website, selecting technical settings for information society services, or other statements or conduct that clearly indicate, in the given context, your acceptance of the proposed processing of your personal data. You can withdraw your consent at any time (this will not affect the lawfulness of the use of your data prior to your withdrawal).

If you are an employee or associate of our contractor, we may also have obtained your data from your employer or another entity with which you cooperate, which has designated you as a contact person in the scope of the contract concluded by the relevant company from the PJP group.

There is no single answer to this question. It all depends on the circumstances of your data processing. Here's how:

1. We process your data because it is necessary to conclude and perform the contract you entered into with us (Article 6, Section 1, Letter b of the GDPR) – for the purpose of concluding the contract (within the scope of activities leading to the conclusion of the contract – e.g., presenting you with an individual offer to purchase the premises after analyzing your specifications) and then performing the contract (e.g., disposing of the premises and establishing separate ownership, possibly considering your complaints and warranty claims).

2. We process your personal data for purposes arising from our legitimate interest (Article 6, Section 1, Letter f of the GDPR), i.e.:

- contacting you, including for purposes related to the provision of services (e.g., sending invoices);

- performing contracts with our contractors (e.g., subcontractors), where you are the designated contact person for their performance;

- handling inquiries you submit to us (e.g., via the contact form), which are not directly related to the performance of the contract, a construction project, or your interest in the GKI Group's offer;

- defending and pursuing claims arising from contracts concluded by companies within the PJP Group.

Controllers who are part of a group of companies (in our case, companies within the PJP Group) may have a legitimate interest in transferring personal data within the group of companies for internal administrative purposes, which also applies to the processing of customer or employee personal data.

3. We process your personal data based on your consent (Article 6, Section 1, Letter a of the GDPR) for the following purposes:

- conducting marketing activities, which involve sending you information about our current activities, in particular new investments and property sales offers, to your email address or contacting you at the telephone number provided.

You have the right to withdraw (revoke) your consent at any time. If applicable, you can use the unsubscribe link available in every email containing a commercial offer sent based on your marketing consent. If the commercial information you received does not contain such a link, you can send an email regarding your withdrawal of consent to marketing activities to: rodo@immobile.com.pl

We will process your personal data for marketing purposes until you withdraw your consent.

4. In certain situations, the law requires us to process your personal data (Article 6, Section 1, Letter c of the GDPR).

You have the right to access your personal data and to immediately rectify any inaccurate data. Taking into account the purposes of processing, you have the right to request that incomplete personal data be completed, including by providing an additional declaration. If you have consented to data processing, in particular for marketing purposes (including the sending of commercial information electronically), your consent may be withdrawn at any time. If you receive certain information or services, such as an electronic newsletter (so-called Newsletter), you may unsubscribe at any time by following the instructions contained in each such document.

You have the right to request that we immediately delete your personal data, and we are obligated to delete your personal data without undue delay if one of the following circumstances applies:

a. the personal data are no longer necessary for the purposes for which they were collected;

b. you have withdrawn the consent on which the processing is based and there is no other legal basis for the processing;

c. you object to the processing;

d. the personal data were processed unlawfully;

e. the personal data must be erased to comply with a legal obligation.

You have the right to request the restriction of the processing of your personal data if:

a. you contest the accuracy of your personal data – for a period enabling us to verify the accuracy of your personal data;

b. the processing is unlawful and you object to the erasure of your personal data, requesting instead the restriction of their use;

c. we no longer need the personal data for the purposes of processing, but you, as the data subject, require them to establish, pursue, or defend legal claims;

d. you have objected to the processing – pending determination of whether our legitimate grounds override the grounds for objection.

If we process your personal data by automated means based on consent or a contract, you have the right to receive the data concerning you that you provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit this personal data to another controller. You have the right to request that we transmit your personal data directly to another controller, where technically feasible.

To exercise the rights referred to above, you can contact us as indicated above, i.e., through the Data Protection Officer.

We will inform any recipient to whom your personal data has been disclosed of any rectification or erasure of personal data or restriction of processing that we have carried out at your request, unless this proves impossible or involves a disproportionate effort.

In connection with our processing of your personal data, you have the right to lodge a complaint with the supervisory authority, i.e., the President of the Personal Data Protection Office.

Your data will be processed automatically (including using IT software to manage our customer database), but as a result of such processing, no decisions will be made regarding you that would have legal, financial, or other similar effects. Such processing may involve, for example, creating appropriate categories of our customers and presenting them with offers based on their interests, based on user location, or analyzing user activity.

We share your personal data with our contractors and associates as part of contracts executed on our behalf (for example, we may transfer your data to an architect responsible for a construction project).

We share your data with an email marketing service provider, through which we send you information about our ongoing activities. As part of this service, you have the option to unsubscribe from our newsletter. Furthermore, your data is shared with service providers used by companies within the PJP Group.

All entities processing your personal data on our behalf are obligated to ensure appropriate technical and organizational measures to ensure the protection of your personal data. Entities processing your personal data on our behalf may only process it on our documented instructions and for the purposes specified by us.

To clarify what we wrote above, we transfer your data to:

1. entities processing data on our behalf and participating in the performance of our activities:

a) entities servicing the IT systems and computer hardware we use;

b) entities managing our properties;

c) our business partners, advertising agencies, and other entities intermediating in the sale of our investments, products, and services, or organizing marketing campaigns;

d) subcontractors supporting us, for example, in the performance of our services, troubleshooting, handling correspondence, or in the customer service process;

e) entities providing us with advisory, consulting, auditing, legal, tax, and accounting services, and research agencies acting on our behalf;

2. other data controllers processing data on their own behalf:

a) entities operating postal or courier services;

b) entities acquiring receivables or collecting them – in the event of your failure to pay our invoices on time;

c) entities cooperating with us in handling accounting, tax, and legal matters – to the extent they become data controllers.

We currently do not plan to transfer your data outside the EEA (comprising the European Union, Norway, Liechtenstein, and Iceland). However, it may turn out that during the term of a given contract, we decide to transfer data outside the EEA – only to the extent permitted by law.

We may disclose personal data at the request of government or law enforcement agencies, or when required by applicable laws, court orders, or other government regulations. We may also need to disclose personal data to conduct privacy or security audits and/or to investigate complaints or take action regarding security threats. We do not sell personal data to third parties, nor do we entrust the processing of personal data provided by users to third parties, which could be used by such third parties for their marketing purposes.

Your personal data will be stored no longer than necessary, i.e., depending on the purpose of processing:

1. concluding and performing the contract between you and us – for the duration of the contract and settlements after its termination, including the duration of the quality guarantee and warranty period for defects;

2. fulfilling a legal obligation to which we are subject:

a) for the duration of the performance of our obligations;

b) for the period during which we are required by law to store data (e.g., tax purposes);

or

c) for the period during which we may suffer legal consequences of failure to fulfill the obligation, e.g., receive a financial penalty from government authorities;

3. purposes arising from legitimate interests pursued by us:

a) direct marketing of our products and services – for the duration of the contract, and subsequently for the period of warranty and/or post-warranty service;

b) fraud prevention – for the duration of proceedings before the competent authorities;

c) pursuing and defending claims – for the period in which the claims become time-barred.

If we process personal data based on your consent to specific data uses, your data will be processed for the period indicated when obtaining your consent, and in the absence of such indication – until you withdraw your consent.

When you use our websites, user data is also collected automatically. This data may be collected in the website's system logs, using so-called cookies. Cookies are small pieces of information in the form of text files, sent by the server and stored on the website visitor's end (e.g., on the hard drive of a computer or laptop, or on a smartphone's memory card).

By storing cookies on a website user's device (computer, smartphone, tablet, etc.), we can, among other things:

a. Customize the website's functionality to your needs.

b. Eliminate the need to log in each time you visit the website (in the case of areas for registered users/customers).

c. Remember your settings from session to session.

d. Increase the speed and security of the website.

e. Personalize the website to your needs and enable users to find the information they need more quickly.

f. Continually improve the website with its users in mind.

g. Increase the effectiveness of marketing activities.

Cookies do not contain any data that identifies a user, and they cannot be used to determine anyone's identity. These files are not harmful to the user's end device in any way and do not change its settings or the settings of any software installed on it. Only the server that created them can read their content.

When you use our website, we use three types of cookies: session cookies, persistent cookies, and marketing cookies. Session cookies are temporary cookies that are stored on the user's device until you log out, leave the website, or close your browser. Persistent cookies are stored on the user's device for the time specified in the cookie parameters or until you delete them. Marketing cookies are "cookies" saved by other external scripts used on our website. We use them primarily for remarketing purposes.

By default, most web browsers available on the market accept cookies by default. Users can independently and at any time change their cookie settings, specifying the conditions for their storage and access by cookies to the user's device. Users can change the settings referred to in the previous sentence using their web browser settings or through the service configuration. These settings can be changed, in particular, to block the automatic handling of cookies in the web browser settings or to notify users each time cookies are placed on their device. Detailed information about the possibilities and methods of handling cookies is available in the software (web browser) settings.

You may delete cookies at any time using the available features in your web browser.

Restricting the use of cookies may affect some of the functionalities available on our website.

Detailed information on changing cookie settings and deleting cookies yourself in the most popular web browsers is available in the browser's help section.

We also process anonymized operational data related to website use (so-called logs – IP address, domain) to generate statistics helpful in website administration. From the moment a user connects to the website, the website's system logs contain information about the number (including IP address) and type of the user's end device used to connect to the website. This data is aggregated and anonymous, meaning it does not contain any identifying features of website visitors. Logs are not disclosed to third parties.

We may use Google Analytics, which uses cookies to collect anonymous information about the websites you visit on our website. Detailed information regarding the Google Analytics privacy policy can be found at: http://www.google.com/intl/pl/analytics/privacyoverview.html.

Additionally, we may use Google Ads and Google Analytics remarketing codes from display advertisers. These codes are used to create remarketing lists to tailor ads to users who have visited our website, and then display them on the Google Ads display network, the Google search engine, and on the websites of entities participating in the Google content network.

Our website, using the "similar audiences" feature, works within the Google Ads system and analyzes browsing activity on websites within the Display Network over the last thirty days. This information is then used with contextual targeting to define a remarketing audience profile. Based on this profile, Google Ads identifies a group of new users who share similar browsing patterns to those on our remarketing list. This list is never based on browsing history on sensitive topics, such as those related to race, religion, sexual orientation, or health.

By using remarketing tools and the "similar audiences" feature, our website does not collect your personal data via cookies, only your browsing history, and therefore, you remain anonymous.

You may opt out of the collection of remarketing and advertiser codes through Google Ads and Google Analytics, as well as the display of customized ads on the Google Display Network, as described in Section 6.5 above.

Our website may include features that enable sharing content through third-party social media applications, such as the Facebook "Like" button or the Twitter widget. All of these social media applications may collect and use data about your activity on our website. Any personal data you provide through these social media applications may be collected and used by other users of these social media applications, and interactions conducted through them are subject to the privacy policies of the companies providing the applications. We have no control over, and assume no responsibility for, these companies or their use of user data.

We strive to ensure a high level of security for processed personal data. Any incidents affecting data security, including suspected sharing of files containing viruses and other files of a similar nature or other than ddd mechanism files, should be reported to the email address of the Data Protection Officer provided above.

We employ technical and organizational measures to ensure the protection of processed personal data appropriate to the threats and categories of data being protected. In particular, we protect data against unauthorized access, unauthorized removal, processing in violation of applicable laws, and alteration, loss, damage, or destruction. Furthermore, we exercise special care to ensure that personal information is:

- correct and processed lawfully, - obtained only for specific purposes and not further processed in a manner incompatible with those purposes, - adequate, relevant, and not excessive, - accurate and up-to-date, - not kept longer than necessary, - processed in accordance with the rights of the data subjects, including the right to restrict access, - stored securely, - not transferred without appropriate protection. 

Personal data is stored in a database that utilizes technical and organizational measures to ensure the protection of processed data in accordance with the requirements set forth in generally applicable data protection laws. Access to the database is limited to individuals authorized by the data controller.

We employ appropriate policies and procedures to protect personal data against unauthorized loss, misuse, alteration, or destruction. We make every effort to limit access to users' personal data to those with a need to know. Those with access to the data are obligated to maintain its confidentiality. Furthermore, one of the principles of our policy in this regard is to retain personal information only for the period necessary to fulfill the user's request or until the user requests deletion of such information.

Yes, we may make changes to this document that reflect our current Privacy Policy. When changes are made, the date of the last update below will also change.

Privacy Policy last updated: May 7, 2024