Information Security Policy
Information regarding the processing of personal data
Ladies and Gentlemen, we would like to inform You that the administrator makes every effort to ensure all means of physical, technical and organizational protection of personal data against accidental or international loss, alteration, unauthorized disclosure, use or access, in accordance with all applicable rules.
Who is the administrator of your personal data?
The controller of your personal data is LOCO Spółka z ograniczoną odpowiedzialnością Sp. k. with its registered office in (00-833) Warsaw at ul. Sienna 72 prem.. 14 entered to the Register of Entrepreneurs, kept by the District Court for the capital city of Warsaw in Warsaw, 12th Commercial Department of the National Court Register under the number KRS 0000499544, registered under the number REGON 147124372 and NIP 527-27-10-126 , tel. + 48 22 25 15 517, www.loco-estate.com , firstname.lastname@example.org The administrator has not appointed the Data Protection Officer.
You can contact us as follows:
- by post to the following address: Sienna 72/14, 00-833 Warsaw
- by E-mail address: email@example.com
- by phone at: +48 22 25 15 517
What is your personal data and what is their processing?
This is all information about an identified or identifiable natural person. You can find such a definition in art. 4 point 1)GDPR1. As my Client you are an identified person. By entering into a agency agreement, you will provide me with your name, postal address or e-mail address, telephone number and probably a number of other, regarding real estate properties, in relation to which we will conclude a real estate agency agreement. The processing of personal data is an operation or set of operations performed on personal data or personal data sets in an automated or non-automated manner, such as collecting, recording, organizing, organizing, storing, adapting or modifying, downloading, browsing, using, disclosing by sending, disseminating or otherwise sharing, matching or combining, limiting, deleting or destroying. You can find such a definition in art. 4 point 2) of GDPR. I will keep the data you provide me both in paper version (if you provide me with documents in this form) and electronically. We will probably keep electronic correspondence, store scans of letters and documents in your case. By sending an e-mail, I will pass your data to my hosting provider (they will be saved on his server). By issuing an invoice to you, your data will be sent to my accountant. Your phone number will appear in the call register of our phones. Over time, this data will be archived and later deleted. This is the processing of your personal data. These are processes that happen every day, it is difficult to imagine the provision of services without them. However, you have the right to have control over them.
For what purpose and on what legal basis will I process your personal data? I will process your personal data to perform a real estate agency agreement for you or in connection with the activities undertaken at your request, before entering into such an agreement. The basis for data processing in this situation is the provision of art. 6 clause 1 lit. b) GDPR. You do not have to give any additional consent for this. Simply put, the fact that I am performing an agreement with you, or that we are conducting discussions, negotiations, on the conclusion of such an agreement results in my right to process your data. After completing the provision of services, I will store your data for the period prescribed by law (e.g. storage of accounting records under the provisions of the Accounting Act or processing of your data pursuant to the Act of 1 March 2018 to prevent money laundering and terrorist financing ). In such a situation, the basis for their processing is the provision of art. 6 clause 1 lit. c) GDPR. Just the law requires me to process (storage is also processing) your data for some time. Then, I will store your data until the expiry of the claims limitation period, pursuant to art. 6 clause 1 lit. f) GDPR under the so-called almost justified interest pursued by the data controller. In other cases, your consent may be the basis for processing your data. Art. 6 clause 1 lit. a) GDPR. You can consent to the processing of data for a specific purpose – e.g. marketing, sending messages and offers in the future.
How long will I process your personal data? I will process your personal data until the end of the agreement we concluded. Then, for the time required by law and then for a period equal to the limitation period for claims. If you entrust me with your personal data based on consent, I will process them until you cancel it.
Who will I transfer your data to? The circle of recipients of your data will depend on the nature of the agreement we conclude. They can be potential buyers of real estate, their sellers, tenants, landlords, notaries, offices and courts, developers. Your data will go to my IT service provider. We will conduct electronic correspondence, so it will go to the server of the hosting service provider. The invoice issued will go to accounting, and it may use the accounting system. I use different software – for invoicing, for office management, word processors, spreadsheets or cloud computing. Providers of these services may have access to your data. They then have the status of a processor. However, I conclude relevant agreements with them, according to which they are required to secure your data in a lawful manner and process it only to the extent that I allow them.
What rights do you have regarding the processing of personal data? You have the following rights related to the processing of personal data:
- the right to withdraw consent to data processing if you have given it
To the extent that your data is processed on the basis of consent, you have the right to withdraw consent to data processing at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You can do this by sending a statement of withdrawal of consent to my mailing or email address.
- the right to access your personal data
- the right to request the rectification of your personal data
- the right to request the deletion of your personal data
- the right to request limiting of processing of your personal data
- the right to object to the processing of your data due to your special situation – in cases where I process your data on the basis of my legitimate interest,
- the right to transfer your personal data
You have the right to receive your personal data in a structured, commonly used, machine-readable IT format. You can then send this data to another data controller or request that the data were sent to another controller. I will only be able to do this if it is technically possible. The right to transfer personal data only applies to those data that I process based on the agreement with you or based on your consent,
- The right to lodge a complaint from a supervisory authority
If you find that I process your data unlawfully, you have the right to lodge a complaint with the supervisory body dealing with the protection of personal data, which is the President of the Office for Personal Data Protection.
Voluntariness of data transfer. Providing your personal data is voluntary, however providing such data as: name and surname, address of residence, PESEL, ID card number, telephone number, e-mail address, data on marital status and matrimonial property regime, data on real estate is necessary to conclude the agreement. If you refuse to provide these data, I will not be able to enter into an agreement with you. This results from the provisions of the Act of 1 March 2018 on counteracting money laundering and financing of terrorism – without obtaining this data I am not allowed to conclude a brokering agreement.
Profiling and automated processing. When processing your data using electronic devices, in office management programs, we do it in an automated manner. However, we will not process your data in the form of profiling.
Automated profiling and processing. When we process your data with the help of electronic devices, in office management programs, we do it in an automated manner. We will not, however, process your data in the form of profiling.