Privacy Policy (EN)

Flatapp Application Privacy Policy

TABLE OF CONTENTS

General provisions
The principles of personal data processing
The legal grounds for processing personal data
The scope of personal data processing
Managing personal data
The rights of data subjects
Cookie policy

Art. 1

General provisions

The Administrator of the personal data is Inside Park Application limited liability company, with its registered office in Torun, KRS: 0000754803, NIP: 7123376120, Prosta Street 12-14/1, 87-100 Torun, (hereinafter referred to as “the Administrator”).
Personal data shall be processed in accordance with generally applicable laws, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) of 27 April 2016 (hereinafter referred to as “GDPR”).
We kindly ask that any questions, requests or comments regarding the protection of privacy should be directed to the following email address: aplikacja@insidepark.pl .
In matters not covered by this policy, the provisions of the Application Regulations, which are available in the Application in the Tab https://flatapp.pl/app/regulations-en, shall apply. Capitalised terms have the meaning given to them in the Application Regulations.

Art. 2

The principles of personal data processing

When processing personal data, the Administrator shall apply the following principles:
1. Legality – the processing of personal data may only take place if at least one legal prerequisite occurs;
2. Purposefulness – in order for data to be processed, there must be a specific, explicit and legitimate purpose for doing so. If the processing serves multiple purposes, consent/basis is needed for all purposes.
3. Adequacy – we only process the data that are necessary for the purpose of their collection.
4. Substantive correctness – the Administrator is required to ensure that the data they collect are correct and updated if necessary. They should assess the credibility of the source of the data and implement a means of verifying the veracity of the processed data;
5. Limited duration – the principle of limiting data storage – the Administrator shall not process personal data for longer than necessary. In practice, the Administrator makes a case-by-case, specific assessment of how long they should process personal data. The storage period depends on a number of variables.
6. Data integrity and confidentiality – personal data shall be secured by appropriate technical and organisational measures. The Administrator shall take the utmost care to protect the information provided against any threats.

Art. 3

The legal grounds for processing personal data

In accordance with the above-mentioned principle of legality, the processing of personal data may only take place if at least one legal prerequisite occurs.
The Administrator shall be entitled to process personal data if one of the following situations occurs:
1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes (Article 6 par. 1 sub-par a GDPR). On this basis, the Administrator will process personal data, in particular for the purposes of assessing the credibility of the counterparty and transactional risk;
2. the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (article 6 par. 1 sub-par b GDPR). On this basis, the Administrator will process personal data, in particular to enable the use of the functionalities of the Application, primarily:
  - the usage of the module: Property rental service, together with the repair and renovation of rented flats as part of the service, together with instructional video clips for property-related issues,
  - the usage of the module: The service of buying and selling rental receivables together with instructional video clips for real estate issues;
  - the usage of the module: Property reservation service together with instructional video clips for real estate issues,
  - the usage of the module: Easy and intuitive access to the products offered on the real estate market;
  - the usage of the module: access to training material;
  - the usage of a comprehensive transaction service.
the processing is necessary for compliance with a legal obligation to which the Administrator is subject (Article 6 par. 1 sub-par c GDPR). On this basis, the Administrator will process personal data, in particular for the purposes of issuing invoices, fulfilling accounting obligations;
the processing is essential for the purposes of the legitimate interests pursued by the Administrator (Article 6 par. 1 sub-par f GDPR). On this basis, the Administrator will process personal data, in particular for the purposes of pursuing claims, keeping statistics.

Art. 4

The scope of personal data processing

The Administrator processes the following categories of personal data:

Personal data of Landlords, Tenants, Property Sellers and Buyers, Investors and Service Providers:
1. Personal data shall be processed by the Administrator in order to enable the use of the functionalities of the Application, to provide services (including services by electronic means), and in order to perform actions at the request of the data subject, to enter into a contract, to implement the contract and to provide after-sales service.
2. The scope of data processing (the maximum scope) includes: first and last name, e-mail address, telephone number, country, PESEL number (personal ID number), Number and series of identity card or passport, expiry date of identity document, residential address, date of birth, parents’ first names, maiden name, payment card number, bank account number, bank name.
3. Personal data shall be processed for the time necessary for the correct usage of the functionalities of the Application. The Administrator shall cease to process the personal data when all legitimate obligations and risks have expired (in particular, when the period of limitation of the given claims has expired, the obligations resulting from legal provisions).
4. The provision of personal data is voluntary. However, the refusal to provide such data (or the provision of unreliable, untrue data) may prevent the usage of the functionalities of the Application;
Personal data of Landlords, Tenants, Property Sellers and Buyers, Investors and Service Providers:
1. personal data will be processed by the Administrator in order to assess the credibility of the counterparty and the transactional risk.
2. The scope of data processing (the maximum scope) includes: the amount of income (range), education, occupation, duration of employment in the current position (range), age (range), marital status, the number of dependants, information on life insurance, the amount of credit obligations (range), and information on specific activities: the number of properties rented, the number of properties sold, the number of properties purchased. The amount of damage, the number of incidents related to noise and order, the number of properties bought and sold, timeliness, average rating.
3. Personal data are processed for the amount of time necessary for the correct usage of the Application’s functionalities. The Administrator shall cease to process personal data when all legitimate obligations and risks have expired (in particular, when the period of limitation of the given claims has expired, the obligations resulting from legal provisions).
4. The provision of personal data is voluntary. However, the refusal to provide such data (or the provision of unreliable, untrue data) may prevent the conclusion and proper execution of the contract.
Data of the people contacting the Administrator
1. The data are processed by the Administrator in order to respond to questions, requests or comments expressed through the available channels.
2. The data, depending on the situation, may include:
  1. name and surname,
  2. e-mail address,
  3. telephone number,
  4. IP address.
3. The provision of personal data is voluntary. However, the refusal to provide them (or the provision of unreliable, untrue data) may prevent us from contacting you and providing the expected answers.

Art. 5

Managing personal data

The Administrator shall use personal data for the purpose for which they were obtained. In addition, the data may be used for the purposes resulting from the legitimate interests pursued by the Administrator, such as:
1. detection and prevention of misuse and abuse,
2. the establishment, defence and pursuit of claims,
3. the creation of compilations, analyses and statistics.
The personal data processed will never fall into the wrong hands. They will not be traded. However, they may be transferred to:
1. to entities/bodies authorised by law,
2. entities to which the transfer of personal data is necessary for the performance of a specific activity (e.g. accounting services, making payments, IT service, delivery of Products, provision of Services).
The Administrator uses automated profiling to assess the credibility of the User
The information resulting from the assessment of the User’s credibility and the risk assessment of the transaction may be made available to other Application Users. The assessment may be made available to other Application Users in a simplified form. Other Users do not receive the detailed, specific information that constitutes the components of the assessment.
Personal data will not be processed outside the EEA (European Economic Area).

Art. 6

The rights of data subjects

As a general rule, data subjects have the right to:
1. access and rectify the content of their data,
2. delete their data,
3. restrict the processing of their personal data,
4. transfer the data or obtain their copy,
5. withdraw their consent at any time without affecting the lawfulness of the processing,
6. object to the processing of personal data.
The details on how to exercise the rights outlined above are set out in Articles 15-21 of the GDPR.
In order to exercise the rights outlined above, please contact aplikacja@insidepark.pl
Each request will be thoroughly examined by the Administrator and responded to.
The rights described above are not absolute (in practice, therefore, it may happen that despite receiving a request, the Administrator will not be able, for example, to delete the data, because, in accordance with the law, their processing will still be necessary).
Data subjects also have the right to file a complaint with the President of the Personal Data Protection Office, in particular when the processing of personal data violates the provisions of the GDPR.

Art. 7

Cookie Policy

The Application uses cookies. The Administrator uses the following types of cookies:
1. cookies necessary to ensure the usability of the Application, the operation of its basic functions,
2. cookies for statistical purposes (including anonymous information about the number of users, their patterns of behaviour, the time spent in the Application),
3. cookies for marketing purposes. Cookies make advertising campaigns more effective. Their usage makes it easier for advertisers to reach their target groups. This type of data are collected through services provided by Google Inc.
Detailed information on the policies of Google Inc.
1. https://policies.google.com/technologies/cookies?hl=en#types-of-cookies
2. https://policies.google.com/privacy?hl=en&gl=en.
Cookies are not in any way linked to or associated with other information provided by users.
The users of the Application have the right to disable cookies (all of them or individual types) in the Application settings. The use of the Application without changing these settings will be considered as an explicit affirmative action.
Please note that opting out of marketing cookies will not stop advertisements from being displayed. Advertisements will still be visible, though they will not be customised.