GDPR Policy

In accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”), ONE House sp. z o.o. provides the following information regarding the processing of personal data:

  1. Data Controller

The data controller is ONE Housesp. z o.o., located at Bobrowiecka 8, 00-728 Warsaw, registered in the Entrepreneurs Register kept by the District Court for the capital city of Warsaw in Warsaw, XIII Economic Department of the National Court Register under the KRS number: 0000455576, NIP: PL5272691848, REGON: 146613100, gdpr@one-house.pl.

  1. Categories of Processed Data

The data controller may process the following categories of personal data: identification data, address data, contact data, and any other data that may be necessary for the purposes for which the controller processes data.

  1. Purposes of Processing Personal Data

Personal data may be processed by the data controller for the following purposes:

  1. Execution of a contract concluded between you and the data controller, or taking steps at your request prior to entering into a contract – based on Article 6(1)(b) of the GDPR;
  2. Direct marketing of the data controller’s products and services, which is the legitimate interest of the data controller – based on Article 6(1)(f) of the GDPR;
  3. Responding to your inquiries or correspondence addressed to the data controller, which is the legitimate interest of the data controller – based on Article 6(1)(f) of the GDPR;
  4. Fulfillment of legal obligations incumbent on the data controller – based on Article 6(1)(c) of the GDPR;
  5. Pursuing claims or defending against claims, which is the legitimate interest of the data controller – based on Article 6(1)(f) of the GDPR;
  6. Facilitating participation in recruitment processes conducted currently and in the future by the data controller, if the controller has received the appropriate application – based on Article 6(1)(b) or Article 6(1)(a) of the GDPR (if the candidate has consented to the processing of their data).
  1. Source of Personal Data 

The data controller processes personal data that originate from you or from a party with which you are associated.

The data controller may also process data originating from other parties if you have consented to their disclosure to the controller.

The data controller may also process data originating from publicly available sources.

  1. Recipients of Data

The data controller may disclose personal data to its subcontractors (entities whose services it uses in processing) such as:

  1. IT service providers;
  2. Accounting service providers;
  3. Marketing service providers.

The data controller is authorized to disclose personal data to other entities if such obligation arises from legal provisions.

The data controller is also authorized to disclose personal data to entities participating in the process of executing the concluded contract, if it is necessary for the performance of the contract.

The data controller does not transfer personal data outside the European Economic Area except for the sharing of data with Google LLC, which processes data on behalf of the data controller in connection with the data controller’s use of the Google Analytics service. The transfer of data outside the European Economic Area as part of using this service is based on standard contractual clauses.

  1. Retention Period of Personal Data

The data controller may retain your personal data for the following periods:

  1. In the case of data processed for the purpose of executing a contract or taking steps at your request – for the period required by law and the period necessary to pursue its own claims or defend against claims brought against the data controller;
  2. In the case of data processed for marketing purposes – until objection is raised against their processing for this purpose, withdrawal of consent, or until the data controller decides to delete them;
  3. In the case of data processed to respond to your inquiries or correspondence – for a period of 3 years from the date of submission of the inquiry or correspondence;
  4. In the case of data processed to fulfill legal obligations incumbent on the data controller – for the period required by law;
  5. In the case of data processed to pursue claims or defend against claims – for the limitation period of potential claims;
  6. In the case of data processed for recruitment processes – for the duration of the given recruitment process (if the processing was based on Article 6(1)(b) of the GDPR) or for a period of 5 years from the collection of the data (if the processing was based on Article 6(1)(a) of the GDPR).
  1. Rights of Data Subjects

You have the following rights:

  1. Right to access the provided personal data and right to receive a copy of them;
  2. Right to rectify personal data;
  3. Right to erase personal data;
  4. Right to request restriction of processing of personal data;
  5. Right to data portability;
  6. Right to object to the processing of personal data;
  7. Right to lodge a complaint with a supervisory authority;
  8. If the processing of data is based on consent, you also have the right to withdraw your consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

W przypadku, gdy przetwarzanie danych odbywa się na podstawie zgody, mają Państwo również prawo do cofnięcia zgody na przetwarzanie danych osobowych w dowolnym momencie. Cofnięcie zgody nie wpływa na zgodność z prawem przetwarzania, którego dokonano na podstawie zgody przed jej cofnięciem.

To exercise the above rights, you may contact the data controller.

The data controller does not make decisions concerning you that are based solely on automated processing, including profiling, unless you have consented to this.