Privacy Policy

This Privacy Policy explains how [LEGAL ENTITY NAME] (“D.H. Realting”, “we”, “us”) collects and processes the personal data of visitors to [WEBSITE ADDRESS], in accordance with Regulation (EU) 2016/679 (GDPR) and applicable [Polish] law.

1. Data controller The controller of your personal data is: [LEGAL ENTITY NAME] Legal form: […] Registered address: [ADDRESS] Registration details: [KRS / NIP / REGON / other] Email: [CONTACT EMAIL] Phone: [PHONE] [Data protection contact / DPO: [EMAIL], if appointed.]

2. What data we collect — Identification and contact data: name, email, phone number, messenger, preferred language. — Enquiry details: country and city of interest, budget and currency, purchase goal, property type, timeline, financing, and your message. — Subscription data: email address for the newsletter. — Technical and usage data: IP address, device and browser type, pages and actions, referral source — collected via cookies and analytics (see the Cookie Policy). We do not request special categories of data (health, religious or political views, etc.). Please do not include such information in free-text fields.

3. Sources and methods of collection We obtain data: (a) directly from you — via website forms, the newsletter, messengers (including WhatsApp), phone and email; (b) automatically — when you use the website, via cookies and analytics tools.

4. Purposes and legal bases — Responding to your enquiry, sourcing properties and providing services — legal basis: performance of a contract or pre-contractual steps at your request (Art. 6(1)(b) GDPR). — Marketing communications and the newsletter — legal basis: your consent (Art. 6(1)(a)); consent may be withdrawn at any time. — Analytics and improving the website — legal basis: consent to analytics cookies (Art. 6(1)(a)) and/or our legitimate interest (Art. 6(1)(f)). — Complying with legal obligations (accounting, tax and, where applicable, anti-money-laundering) — legal basis: legal obligation (Art. 6(1)(c)). — Establishing, exercising or defending legal claims — our legitimate interest (Art. 6(1)(f)).

5. Recipients and processors We do not sell your personal data. Access, to the extent necessary, may be granted to: — IT infrastructure and hosting providers: [Vercel Inc. — hosting], [Neon — cloud database]; — analytics and communication tools: [Google — web analytics], [Meta Platforms — WhatsApp]; — partners, agents, developers and legal, tax or financial advisers — only as needed to fulfil your enquiry; — public authorities — where required by law. A full, current list of processors and their locations is available: [TO BE COMPLETED / LINK].

6. International transfers outside the EEA Some recipients may be located outside the European Economic Area. In such cases, transfers take place with appropriate safeguards — under an EU Commission adequacy decision or Standard Contractual Clauses (SCCs). Details and copies of safeguards can be requested at [EMAIL]. [SPECIFY countries and mechanisms.]

7. Retention periods We keep data no longer than necessary: — enquiry and sourcing data — [PERIOD, e.g. 24 months] from the last contact; — newsletter data — until you withdraw consent; — accounting and tax records — for the period required by law [e.g. 5 years]; — data needed to defend legal claims — until the relevant limitation periods expire. Once the purposes are met or periods expire, data is deleted or anonymised.

8. Your rights You have the right to: access; rectification; erasure (“right to be forgotten”); restriction of processing; data portability; object to processing based on legitimate interest; withdraw consent at any time (without affecting the lawfulness of processing before withdrawal); and not be subject to a decision based solely on automated processing. You may also lodge a complaint with a supervisory authority — [in Poland: President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl]. To exercise your rights, contact [EMAIL]. We will respond within the time limits set by law.

9. Data security We apply reasonable technical and organisational measures to protect data against unauthorised access, loss, alteration or disclosure. No transmission over the internet can be guaranteed to be 100% secure. [Specify measures if needed.]

10. Cookies The website uses cookies and similar technologies. See the Cookie Policy for details: [LINK].

11. Automated decision-making and profiling We do not make decisions producing legal or similarly significant effects on you based solely on automated processing.

12. Children The website and services are not intended for persons under [16]. We do not knowingly collect their personal data.

13. Changes to this policy We may update this Policy from time to time. The current version is published on this page with its effective date.

14. Contact For data protection matters, contact: [EMAIL], [ADDRESS], [PHONE].

This text is a template and does not constitute legal advice. It must be reviewed and adapted by a qualified lawyer before publication.