Privacy Policy

Housers Sp. z o.o.

1. Introduction

This document constitutes the Privacy Policy of Housers Sp. z o.o., with its registered office in Nowe Chechło, ul. Akacjowa 37, 42-622, entered into the Register of Entrepreneurs under KRS number 0000743661, REGON 380942064 (hereinafter referred to as the “Controller”).

The purpose of this Privacy Policy is to define the rules and methods of processing personal data originating from natural persons who use websites administered by the Controller (hereinafter referred to as the “User”). This Policy also contains information regarding the rights of individuals in relation to the personal data they provide.

The legal basis for this Policy is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), as well as the Polish Personal Data Protection Act of 10 May 2018. This Policy fulfils the Controller’s obligations arising from Article 13 of the GDPR.

This Policy applies to each website, application or service referring to this information, as well as to data provided through them by telephone, electronically or in person at the Controller’s registered office. Please note that by leaving websites administered by the Controller, for example by following a link to another domain, the User enters an area where this Policy no longer applies. The Controller is not responsible for the privacy policies used by other entities.

2. Controller of Personal Data

Housers Sp. z o.o. is the controller of personal data provided by Users of websites and social media services who visit and use the functionalities offered by the websites and social media profiles administered by the Controller.

The Controller may obtain Users’ personal data in particular through:

  • contact forms available on the Controller’s websites,

  • direct contact by telephone, email or post,

  • marketing activities carried out by the Controller, where Users provide their personal data and choose the communication channels through which they wish to receive commercial information.

When collecting personal data, the Controller records information about the source from which it was obtained. Personal data may be obtained directly from the data subject or from third parties.

The Controller exercises special care to ensure that personal data is processed in accordance with the purpose for which it was collected and used, and in compliance with applicable law, in particular the principles set out in Article 5 of the GDPR.

The Controller has appointed a Data Protection Officer. Contact with the Data Protection Officer is possible via email at: iod.housers@dpag.pl.

3. Purposes and Legal Bases for Processing Personal Data

The Controller processes personal data in accordance with its business profile and only for the purposes described below. If, due to applicable law, the nature of a service or the need to settle it, it becomes necessary to process additional personal data, the Controller may process such data to the extent necessary.

3.1. Contact via contact forms

When a User submits a question or enquiry through a contact form available on the Controller’s website, the following personal data may be processed:

  • full name,

  • email address,

  • phone number,

  • message content.

In the case of contact via Messenger, the Controller may process the Facebook identifier, usually including the User’s first name, surname or nickname, and profile picture.

The legal basis for processing such personal data is the Controller’s legitimate interest under Article 6(1)(f) GDPR, consisting in handling messages and responding to enquiries. Failure to provide the required data will make it impossible to process the message and respond to the enquiry.

3.2. Sending commercial information electronically

For the purpose of sending Users information about commercial offers electronically, the Controller may process the following personal data:

  • full name,

  • email address,

  • phone number.

The User will receive commercial information through the communication channels selected by the User.

The legal basis for processing such data is the Controller’s legitimate interest under Article 6(1)(f) GDPR, consisting in maintaining ongoing contact with Users and informing them about current offers.

3.3. Operation of the Facebook fan page

For the purpose of operating the Facebook fan page under the name “Housers Nieruchomości: Najem & Sprzedaż Premium”, the Controller processes personal data of persons who:

  • subscribe to the fan page by clicking “Like” or “Follow”,

  • publish comments under posts,

  • otherwise interact with the fan page.

In such a case, the Controller may process the following categories of personal data:

  • Facebook identifier, usually including first name, surname or nickname,

  • profile picture,

  • other photos that may also show the User’s image,

  • content of comments,

  • statistical data concerning visitors to the fan page available via Facebook Insights and collected with the use of cookies.

The legal basis for processing such data is the Controller’s legitimate interest under Article 6(1)(f) GDPR, consisting in operating the fan page, informing about the Controller’s activity, promoting the brand and services, building and maintaining a community, communicating with Users through Facebook functionalities and generating statistics relating to user activity.

3.4. Establishment, exercise and defence of legal claims

The Controller may also process personal data for the purpose of establishing, exercising or defending legal claims, including documenting objections raised against data processing.

The legal basis for such processing is Article 6(1)(f) GDPR, i.e. the Controller’s legitimate interest in establishing, pursuing or defending legal claims.

4. Recipients of Personal Data

Recipients of personal data provided to the Controller may include:

  • authorised personnel of the Controller,

  • entities processing personal data on behalf of the Controller, such as hosting providers and software providers,

  • competent public authorities authorised under applicable law,

  • in the case of the Facebook fan page, other Facebook users, since information about followers, likes, comments, posts and other content shared by Users may be public,

  • the owner of the Facebook platform, in accordance with its own privacy rules.

The Controller does not sell, disclose or transfer personal data to other persons or institutions, unless this takes place with the explicit consent or at the request of the data subject, or at the request of authorities authorised under applicable law, or where this is necessary to fulfil the Controller’s legally justified purposes.

5. Transfers of Personal Data Outside the EEA

As the Controller uses applications and tools whose servers may be located outside the European Economic Area (EEA), personal data obtained in connection with the use of the websites may be transferred to third countries, in particular to the United States.

Such transfers are made only to entities that ensure an adequate level of personal data protection, including entities certified under the EU-US Data Privacy Framework, and where applicable on the basis of appropriate safeguards such as standard contractual clauses adopted by the European Commission.

Additionally, in connection with the operation of the Facebook fan page, Facebook may transfer personal data outside the EEA.

6. Retention Period of Personal Data

The Controller processes personal data for the period necessary to achieve the purpose or purposes for which it was provided.

This means in particular that:

  • data processed on the basis of the Controller’s legitimate interest is processed until an effective objection is raised or until that legitimate interest ceases to exist,

  • data processed for the purpose of establishing, pursuing or defending claims is processed for the period corresponding to the limitation period for such claims,

  • in the case of activity on the Controller’s Facebook or Instagram profiles, personal data is processed until such activity is deleted by the User,

  • personal data obtained through private messages is processed until a response is provided,

  • data collected by Facebook, including post history, Messenger activity history and other platform activity, is retained in accordance with Facebook’s own rules.

7. Rights of Data Subjects

Any person whose personal data is processed by the Controller has the right to:

  • access their personal data,

  • rectify their personal data,

  • erase their personal data,

  • restrict the processing of their personal data,

  • object to the processing of their personal data.

Where the legal basis for processing is the Controller’s legitimate interest, the data subject has the right to object to the processing of personal data at any time, without having to justify the decision, in particular where the legitimate interest involves direct marketing activities.

The above rights may be exercised by sending an appropriate request by email to: iod.housers@dpag.pl, or by post to the Controller’s registered office address indicated above.

8. Automated Decision-Making and Profiling

Personal data provided directly by Users will not be used for automated decision-making, including profiling.

However, profiling may occur in connection with marketing or analytics cookies, for example in the context of remarketing activities, but only where the User has given the appropriate consent.

9. Security and Storage of Information

The Controller ensures the security of personal data against unlawful disclosure to unauthorised persons, unlawful acquisition, destruction, loss, damage, alteration, or processing in a manner inconsistent with the GDPR.

The Controller applies appropriate technical and organisational measures to protect personal data, including measures referred to in Articles 24 and 32 GDPR, ensuring the confidentiality, integrity and availability of processing services.

With regard to the Facebook fan page, detailed information on the processing of personal data by Facebook is available in Facebook’s own privacy policy.

10. Cookies

Cookies are small files sent by a web server to the User’s browser and stored on the User’s device. Cookies help the Controller analyse web traffic and recognise which part of the website has been visited.

Cookies do not enable the Controller to access the User’s computer or other information stored on it, except for information concerning how the website is used and personal data that Users make available automatically due to browser settings.

The Controller uses:

  • necessary cookies,

  • analytics/performance cookies,

  • marketing cookies.

10.1. Necessary cookies

Necessary cookies are used to ensure the proper functioning of the Controller’s website. They are required for basic functions such as page navigation, session management and access to secure areas of the website.

These cookies do not store information that identifies the User and do not require consent.

Examples include:

  • maintaining the User’s session while visiting the website,

  • remembering privacy settings and display preferences.

10.2. Marketing cookies

Marketing cookies are used to personalise advertising content displayed to the User. Their purpose is to tailor offers to the User’s preferences based on activity on the website.

Their use requires the User’s consent.

Examples include:

  • displaying personalised advertisements based on pages or content viewed,

  • analysing user activity in order to prepare marketing reports,

  • integration with social media networks enabling external advertising.

10.3. Performance and analytics cookies

Analytics and performance cookies are used to measure traffic, improve website functionality and content, and create aggregated reports.

Their use requires the User’s consent.

10.4. Session and persistent cookies

Session cookies are temporary files stored on the User’s device until logout or leaving the website.

Persistent cookies allow the Controller to recognise the User’s browser during subsequent visits and to adapt the website to the User’s needs, for example by remembering language preferences or font size, and may also be used for statistical purposes.

Persistent cookies remain stored on the User’s device until they are deleted.

10.5. Managing cookie preferences

The User may consent to performance/analytics cookies and marketing cookies. Additional cookies are used only after prior consent, which may be given by changing the relevant option from “Off” to “On” and saving the settings.

Consent may be withdrawn at any time. To do this, the User should click the “Cookie Preferences” window located in the lower-left corner of the website in order to reopen the cookie settings panel.

Withdrawal of consent does not affect the lawfulness of processing carried out before the consent was withdrawn. After withdrawal of consent, the User should independently remove old cookies from the browser settings.

Selecting “On” means consent, while selecting “Off” means no consent.

10.6. Additional information regarding cookies

In order to monitor and improve the websites, the Controller collects aggregated information about Users browsing the website, including details about the operating system, browser version, domain name, IP address, URL from which the User accessed the website and to which the User proceeds, as well as which subpages were visited.

The Controller may prepare general statistics, collect traffic data and information about related websites, and may share such aggregated data with third parties for marketing, advertising or other promotional purposes. Such aggregated data does not contain personal data.

Use of the website is voluntary. Lack of consent for analytics or marketing cookies does not affect the basic functioning of the website, although it may limit personalisation and measurement.

Data obtained through cookies may be processed outside the EEA. In such cases, transfers are based on appropriate safeguards, including standard contractual clauses and the EU-US Data Privacy Framework, where applicable.

11. Social Media Plugins

The websites may use social media plugins redirecting Users to the Controller’s profiles on social media platforms such as Facebook.

Through these functionalities, Users may share or promote selected content in social media. Please note that the use of such plugins may involve data exchange between the User and the relevant social media platform.

The Controller does not process such data and does not know which specific data is collected by those platforms. Therefore, Users are encouraged to review the privacy policies and terms of use of the relevant social media services before using these plugins.

12. Right to Lodge a Complaint

If a User considers that their rights under applicable law or this Privacy Policy have been violated, they have the right to lodge a complaint with the President of the Personal Data Protection Office in Poland.

13. Final Provisions

In matters not regulated by this Privacy Policy, the applicable provisions of European Union law and Polish law concerning personal data protection shall apply.

Last updated: 20 September 2025.