1. Introduction

This Privacy Policy sets out the rules for processing and protecting the personal data of users of the Invenme.pl portal ("Portal"), which is administered by Invenme sp. z o.o., based in Łódź ("Administrator"). This policy aims to ensure transparency in the Administrator's handling of personal data, inform users of their rights and obligations, and fulfill the informational obligations imposed on data controllers by the GDPR.

2. Personal Data Controller

• 2.1. Controller Details: The personal data controller is Invenme sp. z o.o., located at ul. Brzeźna 3/217, 90-303 Łódź, Poland. Tax ID (NIP): 7252342554, registered in the Register of Entrepreneurs of the National Court Register under number KRS 0001099786.
• 2.2. Contact: Contact with the Personal Data Controller can be made primarily via email at: [email protected].

3. Scope of Personal Data

The Administrator processes personal data collected at the time of user registration on the Portal and during the use of its functionalities, including:

• Identification Data: First name, last name, company name, VAT ID.
• Contact Data: Email address, phone number, company address, website.
• Portal Activity Data: Query history, recommendations.
• Financial Data: Payment information, if required.
• Technical Data: IP address, cookies, device information.
• Data provided by business partners: name, phone number, email address – for the purpose of fulfilling the Query submitted by the User on the Portal.

4. Purposes of Data Processing

Personal data are processed for the following purposes:

• Managing the user's account.
• Providing services in accordance with the Portal's Terms and Conditions.
• Direct marketing of services, if consented to by the user.
• Handling complaints and resolving technical issues.
• Ensuring the security of services provided by the Portal.
• Conducting statistics to enhance Portal functionalities.

5. Legal Basis for Processing

Przetwarzanie danych osobowych odbywa się na podstawie:

• Consent: User consent (Art. 6(1)(a) GDPR).
• Contractual Necessity: Necessity to perform a contract to which the user is a party (Art. 6(1)(b) GDPR).
• Legitimate Interests: Legitimate interests pursued by the Administrator (Art. 6(1)(f) GDPR), such as direct marketing, ensuring Portal security, and Portal analysis and administration.

6. Data Recipients

Personal data of users may be shared with:

• Entities processing data on behalf of the Administrator, e.g., hosting companies, IT system providers, including cloud storage services.
• Financial institutions, for payment processing.
• Law enforcement and other governmental bodies, upon request and within the scope provided by law.
• Business Partners, such as real estate agents, for the purpose of fulfilling the Queries submitted by Users on the Portal.

Business Partners, upon receiving personal data, become independent administrators of such data and are responsible for their processing according to the RODO provisions. Data are transferred solely for the purpose of contacting the user in the case of a property that meets the parameters specified in the Query, which is carried out according to Art. 6 us. 1 lit. b RODO (fulfillment of an agreement) and lit. f RODO (lawful interest of the Administrator and Business Partners).

7. Transfer of Data Outside the EEA

Personal data may be transferred to third countries (outside the European Economic Area) only when necessary and with appropriate data protection measures, in accordance with GDPR provisions.

8. Data Retention Period

Personal data is stored for the period necessary to achieve the purposes for which it was collected, and thereafter for the period required by legal provisions or until the expiration of any claims.

9. Rights of Users

Users have the right to:

• Access their data and receive a copy of it.
• Rectify (correct) their data.
• Erase data, restrict data processing.
• Data portability.
• Object to data processing.
• Withdraw consent to the processing of personal data.
• Lodge a complaint with a supervisory authority.

10. Security Measures to Protect Personal Data

10.1. Technical and Organizational Measures: The Administrator applies advanced technical and organizational measures ensuring a high level of protection of processed personal data, appropriate to the risks associated with the different categories of data. In particular, protections include:

• Data Encryption: All data transmitted between the user's device and the Portal servers are encrypted using SSL/TLS protocol, ensuring data protection from interception by unauthorized persons.
• Server Security: Personal data are stored on highly secure servers (both local and cloud-based), accessible only to authorized personnel.

10.2. The Administrator employs data minimization strategies, meaning only the personal data necessary for specific purposes are collected and processed. Where possible, data is pseudonymized to enhance protection.

10.3. Users are recommended to use up-to-date antivirus programs and other technical protection measures that can prevent risks such as malware or phishing attacks. The Administrator regularly updates the software on its servers to minimize the risk of attacks.

10.4. In the event of a data security breach, the Administrator is obligated to react promptly and inform users and the appropriate regulatory authorities about the incidents, in accordance with applicable laws.

10.5. The Administrator advises users to utilize resources offered by specialist IT entities regarding network security and privacy protection methodologies, to better secure their devices and personal data.

10.6. Although the Administrator takes appropriate steps to secure personal data, no Internet transmission method or electronic storage method is 100% secure. The Administrator cannot guarantee absolute security of personal data but commits to informing users of any security breaches and taking appropriate actions to minimize potential damage.

10.7. Users can contact the Administrator at any time regarding the security of their personal data via the email address available on the Portal's website.

11. Use of Cookies, Analytical Tools, and Profiling

11.1. Cookies: The Portal uses cookies that are essential for its proper functioning, as well as for analytical, advertising, and functional purposes. Cookies are small text files stored on the user's device that allow for recognizing the user and properly tailoring content.

11.2. Analytical Tools:

• Google Analytics: We use Google Analytics to collect statistical data about users and their behavior on the site. This data is used to analyze traffic and improve site functionality.
• Cloudflare Analytics: We use Cloudflare Analytics to monitor the security and performance of our portal, without collecting user-identifying data.
• Hotjar: We use Hotjar to understand how users interact with our portal, using heatmaps and session recordings.
• Facebook Pixel: We use Facebook Pixel, which is part of Meta Platforms tools, to analyze website traffic, measure the effectiveness of advertising efforts, and conduct remarketing activities. The data collected by Facebook Pixel can be used on both Facebook and Instagram to display personalized advertising content to users who have visited our Portal. This data is processed in accordance with Meta Platforms' privacy policy, available at: https://www.facebook.com/policy.php.

11.3. Purposes of Using Cookies and Analytical Tools:

• Improving site functionality,
• Personalizing the interface and content of the site,
• Optimizing marketing activities,
• Enhancing the security of services,
• Displaying personalized ads and conduct remarketing activities within Meta Platforms such as Facebook and Instagram.
• Facilitating the support of clients by integrating with the tools used by partners.

11.4. Profiling: As part of analytical tools, profiling is used to tailor advertising content and recommendations to user preferences, allowing for better alignment of our services with customer needs.

11.5. Managing Cookies and Analytical Tools:

Users can manage their cookies settings at any time through their web browser, and can also disable analytical tools through the appropriate options available in these tools (e.g., tracking blocking add-ons).

11.6 Data Protection: We ensure that all data collected through cookies and analytical tools are treated with the utmost care and appropriate protective measures are applied to ensure their security.

12. Changes to the Privacy Policy

The Administrator reserves the right to change this Privacy Policy. Users will be informed of any changes well in advance.

This policy has been developed in the spirit of transparency and compliance with applicable regulations, keeping in mind the best practices for protecting the personal data of users of the Invenme portal.