Privacy policy

PRIVACY POLICY OF THE SERVICE

DEFINITIONS

  • Data Controller – Panattoni Income Fund S.C.A. SICAV-RAIF, 5 rue de Strasbourg,  L-2564 Luxembourg, Grand Duchy of Luxembourg
  • Personal Data  – information about a natural person identified or identifiable by one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, internet identifier and information collected via cookies and/or other similar technology.
  • Policy – this Privacy Policy.
  • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC.
    Service – website run by the Data Controller at the address http://www.panattoni-if.com
  • User – any natural person visiting the Website or using one or more services or functionalities described in the Policy.

DATA PROCESSING IN CONNECTION WITH THE USE OF THE WEBSITE

In connection with the User’s use of the Website, the Data Controller collects data to the extent necessary to provide individual services offered, as well as information about the User’s activity on the Website. The detailed rules and purposes of processing Personal Data collected during the use of the Website by the User are described below.

PURPOSES AND LEGAL BASIS FOR DATA PROCESSING ON THE WEBSITE

USING THE SERVICE

Personal data of all persons using the Website (including IP address or other identifiers and information collected via cookies or other similar technologies) are processed by the Data Controller:

  • in order to provide electronic services in the scope of making the content collected on the Website available to Users – then the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR);
  • for analytical and statistical purposes – then the legal basis for processing is the legitimate interest of the Data Controller (Article 6 (1) (f) of the GDPR), consisting in conducting analyzes of Users’ activity, as well as their preferences in order to improve the functionalities used and the services provided;
  • in order to possibly establish and pursue claims or defend against claims – the legal basis for processing is the Data Controller’s legitimate interest (Article 6 (1) (f) of the GDPR), consisting in the protection of its rights;
  • The User’s activity on the Website, including his Personal Data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities related to the IT system used to provide services by the Data Controller). The information collected in the logs is processed primarily for purposes related to the provision of services. The Data Controller also processes them for technical and administrative purposes, for the purposes of ensuring the security of the IT system and managing this system, as well as for analytical and statistical purposes – in this respect, the legal basis for processing is the Data Controller’s legitimate interest (Article 6 (1) (f) GDPR).
    If the User publishes any Personal Data of other people on the Website (including their name, address, telephone number or e-mail address), they may do so only if they do not violate the law and personal rights of these people.

CONTACT FORMS

The Data Controller provides the possibility of contacting it by means of electronic contact forms. Using the form requires providing Personal Data necessary to contact the User and answer the inquiry. The User may also provide other data to facilitate contact or service of the inquiry. Providing data marked as mandatory is required in order to accept and handle the inquiry, and failure to do so results in the inability to process it. Providing other data is voluntary.

Personal data is processed:

  • in order to identify the sender and handle his inquiry sent via the provided form – the legal basis for processing is the necessity of processing to perform the contract for the provision of the service (Article 6 (1) (b) of the GDPR); in the scope of optional data, the legal basis for processing is consent (Article 6 (1) (a) of the GDPR);
  • for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Data Controller (Article 6 (1) (f) of the GDPR), consisting in keeping statistics of inquiries submitted by Users via the Website in order to improve its functionality.

COOKIES AND SIMILAR TECHNOLOGY

Cookies are small text files installed on the device of the User browsing the Website. Cookies collect information that facilitates the use of the website – e.g. by remembering the User’s visits to the Website and the activities performed by the User.

“SERVICE” COOKIES

The Data Controller uses the so-called service cookies primarily to provide the User with services provided electronically and to improve the quality of these services. Therefore, the Data Controller and other entities providing analytical and statistical services to him use cookies by storing information or accessing information already stored in the User’s telecommunication end devices (computer, telephone, tablet, etc.).

Cookies used for this purpose include:

  • cookies with data entered by the User (session ID) for the duration of the session (user input cookies);
  • authentication cookies used for services that require authentication for the duration of the session (authentication cookies);
  • cookies used to ensure security, e.g. used to detect fraud in the field of authentication (user centric security cookies);
  • persistent cookies used to personalize the User’s interface for the duration of the session or a little longer (user interface customization cookies).

ANALYTICAL AND MARKETING TOOLS USED BY THE DATA CONTROLLER’S PARTNERS

The Data Controller and its Partners use various solutions and tools used for analytical and marketing purposes. Basic information about these tools is presented below. Detailed information in this regard can be found in the privacy policy of a given partner.

GOOGLE ANALYTICS

Google Analytics cookies are files used by Google company to analyze how the User uses the Website, to create statistics and reports on the functioning of the Website. Google does not use the collected data to identify the User and does not combine this information to enable identification. Detailed information on the scope and principles of data collection in connection with this service can be found here.

COOKIES SETTINGS MANAGEMENT

The use of cookies to collect data through them, including access to data stored on the User’s device, requires the User’s consent. This consent may be withdrawn at any time.

The consent is not required only for cookies, the use of which is necessary to provide a telecommunication service (data transmission to display the content).

Withdrawal of consent to the use of cookies is possible through the browser settings. Detailed information on this can be found at the following links:

The User may at any time verify the status of his current privacy settings for the browser used, using the tools available at the following links:

RETENTION OF PERSONAL DATA

The retention period of data processed by the Data Controller depends on the type of service provided and the purpose of processing. As a rule, the data is processed for the duration of the service or the performance of the order, until the consent is withdrawn or an effective objection to data processing is raised in cases where the legal basis for data processing is the legitimate interest of the Data Controller.

The data processing period may be extended if the processing is necessary to establish and pursue any claims or defend against claims, and after that time only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.

USER’S RIGHTS

To the extent that the User’s data is processed on the basis of consent, this consent may be withdrawn at any time by contacting the Data Controller or using the functionalities available on the Website.
The User has the right to access the data and request rectification, deletion, processing restrictions, the right to transfer data and the right to object to data processing, as well as the right to lodge a complaint with the supervisory body dealing with the protection of personal data.

The User has the right to object to the processing of data for marketing purposes, if the processing takes place in connection with the legitimate interest of the Data Controller, and – for reasons related to the specific situation of the User – in other cases where the legal basis for data processing is the legitimate interest of the Data Controller ( e.g. in connection with the implementation of analytical and statistical purposes).

For more information on the rights resulting from the GDPR, see here.

DATA RECIPIENTS

In connection with the provision of services, Personal data will be disclosed to external entities, including in particular suppliers responsible for the operation of IT systems, entities such as banks and payment operators, entities providing accounting services, couriers (in connection with the implementation of the order), marketing agencies (in the scope of marketing services) and entities related to the Data Controller, including companies from its capital group.

If the User’s consent is obtained, his or her data may also be made available to other entities for their own purposes, including marketing purposes.
The Data Controller reserves the right to disclose selected information about the User to the competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.

TRANSFER OF DATA OUTSIDE EEA

The level of protection of Personal Data outside the European Economic Area (EEA) differs from the one provided by European law. For this reason, the Data Controller transfers Personal Data outside the EEA only when it is necessary and with an adequate level of protection, primarily through:

  • cooperation with entities processing Personal Data in countries for which an appropriate decision of the European Commission has been issued regarding the assurance of an adequate level of protection of Personal Data;
  • use of standard contractual clauses issued by the European Commission;
  • application of binding corporate rules approved by the competent supervisory authority;
  • in the case of data transfer to the USA – cooperation with entities which apply measures recommended by the European Commission with reference to data transfers.
  • The Data Controller always informs about the intention to transfer Personal Data outside the EEA at the stage of collecting them.

SECURITY OF PERSONAL DATA

The Data Controller conducts a risk analysis on an ongoing basis to ensure that personal data is processed in a safe manner – ensuring, above all, that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks they perform. The Data Controller makes sure that all operations on Personal Data are recorded and performed only by authorized employees and associates.

The Data Controller takes all necessary steps to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures in each case when they process Personal Data on behalf of the Data Controller.
CONTACT DETAILS

Contact with the Data Controller is possible via the e-mail address info@panattoni-if.com, or the correspondence address: PANATTONI INCOME SP. Z O.O., Rondo Daszyńskiego 1, 00-843 Warsaw.

The Data Controller has appointed a Data Protection Officer, who can be contacted by e-mail iod@panattoni.pl in any matter regarding the processing of Personal Data.

PRIVACY POLICY AMENDMENTS

The policy is verified on an ongoing basis and updated if necessary.

The current version of the Policy has been adopted and has been in force since 30 September, 2021.