Privacy Policy

Pursuant to the obligation set out in Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”), we hereby inform you that:

Controller of Personal Data

The controller of your personal data is St. Paul’s Developments Polska limited liability company, with its registered office in Łódź, entered into the register of entrepreneurs of the National Court Register maintained by the District Court for Łódź-Śródmieście in Łódź, XX Commercial Division of the National Court Register, under KRS number: 0001180896, NIP: 7282565141, REGON: 100027792 (hereinafter referred to as the “Controller”).

You may contact the Controller:

• by post, at the Controller’s registered office address,
• by e-mail: biuro@st-pauls.com.pl, rodo@st-pauls.com.pl,
• via the contact form available on the website https://st-pauls.pl/kontakt/,
• by telephone: +48 42 290 80 00.

Personal Data Processed

The Controller processes your personal data necessary to conclude and perform a contractual relationship between you and the Controller or to respond to an inquiry submitted via the contact form available on the website.

Purposes and Legal Bases of Processing

Your personal data is processed for the following purposes and on the following legal bases:

1. preparation and submission of offers by the Controller, conducting negotiations, concluding and performing a contract between you and the Controller (Article 6(1)(b) GDPR – processing necessary for the performance of a contract),
2. handling complaints (Article 6(1)(b) GDPR – performance of a contract, and Article 6(1)(c) GDPR – compliance with a legal obligation),
3. contacting you for the purpose of assessing customer satisfaction (Article 6(1)(f) GDPR – legitimate interest consisting in building a positive company image and promoting its services and products),
4. pursuing claims or defending against claims and undertaking actions related to debt recovery (Article 6(1)(f) GDPR – legitimate interest consisting in securing and enforcing claims),
5. performing tasks related to mutual settlements (Article 6(1)(b) GDPR – performance of a contract),
6. direct marketing of the Controller’s products and services, including responding to inquiries submitted via the contact form (Article 6(1)(f) GDPR – legitimate interest consisting in promoting goods and services offered by the Controller),
7. fulfilling accounting, tax, social security, public procurement, data archiving obligations and other legal obligations (Article 6(1)(c) GDPR – compliance with legal obligations).

Recipients of Personal Data

In connection with the purposes of processing indicated above, the Controller may disclose your personal data to:

1. entities and authorities authorized to process such data under applicable law, including tax authorities, courts, and others,
2. entities providing services to the Controller in connection with the performance of the contract, including IT system providers, postal service providers, accounting, auditing, financial and legal service providers,
3. banks and financial institutions,
4. entities providing sales and marketing services.

Area of Data Processing

Your personal data will be processed exclusively within the European Union or the European Economic Area.

Data Retention Period

The Controller will retain your personal data for the period necessary to perform the contract, and if the contract is not concluded – for the validity period of the offer submitted by either party. After that period, data will be retained to the extent and for the duration required by applicable law, including tax and accounting regulations, or for the period necessary to pursue claims or defend against claims. After these periods, the data will be deleted or anonymised.

Rights of Data Subjects

You have the right to request from the Controller access to your personal data, rectification, and, in cases provided for by law, erasure or restriction of processing, as well as the right to object to processing and the right to data portability.

To exercise these rights, you may contact the Controller at: rodo@st-pauls.com.pl.

If you believe that the processing of your personal data violates data protection regulations, you have the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office.

Providing your personal data is voluntary; however, it is necessary to conclude and perform a contract with the Controller and to respond to inquiries submitted via the contact form.

Additional Information

The Controller does not make decisions based solely on automated processing, including profiling.

The Controller reserves the right to amend, modify, supplement, or remove content from this Privacy Policy at its sole discretion, in particular in the event of changes in applicable laws or obligations. Updated versions of this Privacy Policy will be made available on the Controller’s website at: st-pauls.pl/polityka-prywatnosci. Changes will be communicated in accordance with applicable data protection laws.