Privacy policy

§ 1. SUBJECT OF THE PRIVACY POLICY

In this privacy policy you will find information about:

  • rules for the provision of electronic services via www.resinest.com;
  • terms and conditions of use of www.resinest.com;
  • cookie policy at www.resinest.com;
  • principles for the processing and protection of personal data by the controller.

This privacy policy is made available free of charge on the website www.resinest.com in a form that can be recorded, stored and reproduced by the person using the website www.resinest.com free of charge.

The administrator of the personal data processed for the purposes described in the privacy policy is ResiNest Spółka Akcyjna with its registered office in Białystok (15-101), 56 Jurowiecka Street, entered into the National Court Register – Register of Entrepreneurs by the District Court in Białystok, XII Economic Division of the National Court Register under KRS No.: 0000680710 (hereinafter: “Company” or “Administrator”).

The Company processes the personal data of individuals in the course of its business activities related to the rental of flats (hereinafter: “Apartment” or “Apartments”), including by means of the website operating at: www.resinest.com (hereinafter: “Portal”).

The Company pays particular attention to the protection of personal data and, therefore, all data of Portal users (hereinafter: “Users” or “User”) processed with the help of the Portal are processed in a manner compliant with the legal provisions on the protection of personal data applicable in the territory of the Republic of Poland. By processing your personal data, the Company complies with its obligations under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: “RODO”) and applicable national laws.

In the privacy policy, you will find, in particular, the information that the Company, as controller of personal data, is obliged to provide to data subjects pursuant to Articles 13 and 14 of the DPA.

The Company applies personal data processing policies designed to protect personal data. Only employees and other persons acting on behalf of the Company who have been authorised to process personal data and who have committed themselves to confidentiality are allowed to process personal data.

§ 2 CONTACT

Should you have any doubts or questions regarding the privacy policy or the protection of your personal data, you may contact the Company in particular through the Company’s registered address given above: ResiNest Spółka Akcyjna with its registered office in Białystok (15-101), 56 Jurowiecka Street.

For matters related to your stay in the flat, you can also contact via e-mail: hello@resinest.com 

§ 3. GENERAL RULES FOR USING THE PORTAL

The use of the Portal is free of charge, voluntary and allowed for all Users using the Internet.

Through the Portal, you can use the newsletter service and make a reservation for a stay in a flat via the contact form.

Technical requirements necessary for the cooperation with the information and communication system used by the Company: (1) computer, laptop or other multimedia device with access to the Internet; (2) access to e-mail, in the case of using functionalities in which e-mail is used (e.g. newsletter, booking, e-mail contact); (3) correctly configured browser according to Microsoft Internet Explorer standards.

The User of the Portal is obliged to use the Portal in a manner compliant with the law and good manners, with due regard for personal rights and copyrights and intellectual property rights of the Company and third parties. The User is obliged to enter data in the appropriate fields of the forms in accordance with the actual state of affairs. The provision of content of an unlawful nature is prohibited.

The Company makes every possible effort to secure your data and protect it from the actions of third parties. For this reason, the connection to the Portal is made via an encrypted HTTPS protocol. This helps to prevent interception and alteration of transmitted data. However, the measures taken by the Company may not be sufficient if you do not observe the general security rules when using the Portal.

You may submit complaints related to the provision of electronic services by the Company and other complaints related to the operation of the Portal, for example:

  • in writing to the Company’s registered address: ResiNest Spółka Akcyjna with its registered office in Białystok, 56 Jurowiecka Street, 15-101 Białystok
  • in electronic form via email to: hello@resinest.com 

It is advisable to state in the description of the complaint: (1) information and circumstances concerning the subject of the complaint, in particular the type and date of occurrence of the irregularity; (2) the content of the request; and (3) contact details of the complainant – this will facilitate and speed up the processing of the complaint. The requirements given in the preceding sentence are in the form of a recommendation only and do not affect the effectiveness of complaints submitted without the recommended description of the complaint.

The Company will respond to the complaint received and inform you of the manner in which the complaint has been dealt with, in particular in writing or by e-mail if you have provided an e-mail address for this purpose.

§ 4. COOKIES

Cookies are text files. They are stored on your terminal device (i.e. the device with which you browse the Portal). They serve to recognise your terminal device (e.g. computer, phone, tablet) when you connect to the Portal again. Cookies are used to better determine your individual needs.

The Company stores cookies on your terminal equipment and accesses the information contained therein for the purpose of:

  • adapting the content of webpages to the User’s preferences and optimising the use of the webpages; in particular, these files allow for the recognition of the device and appropriate display of the webpage, adapted to the User’s individual needs (e.g. by storing information on language preferences);
  • to create statistics which help us to understand how Users use the Portal, so that we can improve its structure and content;
  • maintain the user session.

Web browsers (User software) usually allow cookies to be stored on the end device by default. You can always change the settings of your browser that determine the use of cookies. You can therefore refuse to allow cookies to be placed on the terminal device from which you connect to the Portal. To do so, please use the option to disable the downloading and storage of cookies in your browser. The providers of popular web browsers offer information on how to disable the download and storage of cookies. However, disabling cookies may have a negative impact on the use of certain functionalities of the Portal.

If you do not change your cookie settings while continuing to use the Portal, you accept the cookies used by the Portal. The user can delete cookies from their device at any time.

Providers of particular functionalities of the Portal, indicated below, may also place their cookies on the User’s device.

The Company uses Google Analytics, which is a tool used to analyse your visits to the Portal. Google Analytics applications allow us to monitor the traffic on the Portal and to adapt it to your needs. You can find detailed information on the processing of data collected using Google Analytics at:

https://support.google.com/analytics/answer/6004245

Google may also share this information with third parties if it is required to do so by law or where such third parties process such information on Google’s behalf. The user can deactivate Google Analytics by installing a free browser add-on to block Google Analytics. Once the add-on is installed and activated, Google Analytics measurements on all pages displayed by the User will be disabled. The add-on is available at the following address:

https://tools.google.com/dlpage/gaoptout/

Google may also share this information with third parties if it is required to do so by law or where such third parties process such information on Google’s behalf. You can opt out of the personalisation of the advertisements displayed on your device by using the address:

https://adssettings.google.com/authenticated?hl=pl

§ 5. LINKS TO EXTERNAL WEBSITES AND PLUG-INS

The Portal contains links to external websites – e.g. facebook.com, instagram.com. The personal data processed via these websites are generally administered by third parties. The processing of your personal data by these entities is determined by the laws to which the administrators of these websites are subject and their internal regulations (e.g. privacy policies). To a certain extent, the Company may be an independent controller of your personal data processed through plug-ins or links placed on the Portal.

The Company may be the controller of your personal data to the extent necessary to redirect you from the Portal to an external portal. The legal basis for the processing of your data is the Company’s legitimate interest, i.e. to extend the functionality of the Portal and for the Company to carry out marketing activities through external portals.

Personal data processed in this way is transmitted to and administered by an external portal operator.

Personal data may be processed by these entities outside the European Economic Area.

§ 6 NEWSLETTER

A newsletter service is available on the Portal to provide information on promotions, special packages and events offered by the Company to the e-mail address provided by the User. The Company sends the newsletter to persons who have provided their e-mail address for this purpose. Subscribing to the newsletter is possible in particular by entering one’s e-mail address in the appropriate field on the Portal and clicking on the “Send” button, ticking the appropriate box (so-called checkbox) when making a reservation through the Portal. Until the “Send” button is clicked, it is possible to terminate the use of the form by leaving the web pages of the Portal or the subpage where the form is located. Until this point, it is also possible to make changes to a previously completed form field.

The provision of personal data is voluntary, but necessary in order to receive the newsletter. Failure to provide an e-mail address prevents you from receiving the newsletter. 

The basis for the processing of your personal data for the purposes of sending the newsletter is the fulfilment of the Administrator’s legitimate interest, i.e. to carry out information, marketing and promotional activities, in connection with your expression of a desire to receive commercial information electronically in the form of a newsletter [Article 6(1)(f) RODO, as well as Article 10 of the Act of 18 July 2002 on the provision of electronic services and Article 172 of the Act of 16 July 2004. Telecommunications Law].

You can withdraw your consent to receive the newsletter at any time by clicking on the relevant link at the bottom of the newsletter message or by sending a declaration of withdrawal of consent to the following email address: hello@resinest.com. Personal data will be processed until you withdraw your consent or object to the processing of your personal data.

§ 7. RESERVATION FORM

There is a form on the Portal which enables you to make a booking for a stay in an Apartment. The booking service is operated by a third party provider, Bookassist/Automatic Netware Limited, based in Dublin, st Floor South Block, Rockfield Central, Dublin D16 R6V0, Ireland, no. IE312796.

Only the information corresponding to the description assigned to each field should be entered in the various fields on the form. If specific information is to be entered for a particular field (e.g. the number of persons benefiting from a stay), that information should not be entered anywhere else but in the space provided.

In order to effectively make a booking via the form, it is necessary to tick a box (the so-called checkbox), confirming that the User has read and accepts the terms and conditions of the provider’s booking, the terms and conditions of  stayobiektu , the terms and conditions of providing electronic services and this privacy policy. Additionally, the User may also tick a second box (the so-called checkbox), constituting consent to receive information on current events and promotions.

The use of the form may be terminated at any time by leaving the web pages of the Portal or the sub-page on which the form is located, until the “Book” button is clicked. Until this time, it is also possible to make changes to previously completed form fields.

§ 8 PROCESSING OF PERSONAL DATA 

IN CONNECTION WITH E-MAIL CORRESPONDENCE

Among other things, the Company provides contact details on the Portal to enable you to contact it by electronic means of communication (via email).

Contact is possible by clicking on a hyperlink in the Portal consisting of the name of the Company’s e-mail address, which may result in an automatic redirection to the User’s e-mail programme. The use of this form of contact requires the disclosure of the personal data necessary to provide the User with a feedback response, which means above all the e-mail address. The absence of an e-mail address will prevent the Company from handling the User’s request. The User may also voluntarily provide other data in order to identify him or her, facilitate contact or service the enquiry. On the same basis, the Company processes personal data when you contact the Company by e-mail by sending an e-mail directly from your e-mail box to the Company’s e-mail address.

The legal basis for the processing of your personal data is the legitimate interest of the Company referred to in Article 6(1)(f) RODO, i.e. to conduct correspondence with you. Your personal data is processed by the Company in order to handle the correspondence sent to you.

Depending on the content of the message received from you, your personal data may also be processed for other purposes, e.g. for pre-contractual action or for the conclusion and performance of a contract [Article 6(1)(b) RODO].

As a general rule, personal data will be processed for the duration of the purpose for which the correspondence is being conducted, unless there is another basis for processing, and until the expiry of the period of limitation of claims or until you object to the processing of your personal data.

§ 9. PROCESSING OF PERSONAL DATA IN TELEPHONE CONTACT

You may contact the Company by telephone – contact details are provided on the Portal, among other places. The Company will only request personal data in a telephone call if this is necessary to fulfil the purpose of the telephone call, including to confirm your identity.

Telephone calls may be recorded, and you will be informed of this each time before you speak to a Company representative. You may choose not to consent to the recording. If you do not agree to the recording, you should terminate the call. Telephone calls are recorded for the purpose of monitoring the quality of the services provided by the Company and for the purpose of defending against or pursuing claims, which is the Company’s legitimate interest referred to in Article 6(1)(f) of the DPA.

The provision of personal data will in principle be voluntary, but may be required by the Company depending on the purpose for which it is provided. Failure to provide personal data may then make it impossible to fulfil your purpose (e.g. to make a telephone booking, to obtain information about a booking you have made).

Personal data obtained in this way will be processed in accordance with the rules appropriate to the specific purpose of the processing resulting from the telephone call, for no longer than the expiry of the limitation period for claims.

§ 10. DATA PROCESSING ON SOCIAL NETWORKS

The Portal contains links to external websites – social networks Instagram, Facebook, where the Company maintains its profiles (so-called fanpage). Personal data processed via these websites are administered by third parties. The processing of your personal data by these entities is governed by the laws to which the administrators of these websites are subject and their internal regulations (e.g. privacy policies). This privacy policy does not regulate the processing of personal data by these entities.

However, the Company may also be a stand-alone controller of personal data processed as part of the operation of the Company’s fanpage, processing personal data in accordance with the following principles. Personal data is processed by the Company on the Company’s fanpage on the social network for purposes that constitute legitimate interests pursued by the Company [Article 6(1)(f) RODO], i.e.:

  • in order to carry out marketing activities consisting of informing you about the Company and its services through its fanpage, including by sharing posts;
  • in order to reply to private messages sent via the social network functionality;
  • for the purpose of discussion in posts made on a fanpage, within a social network or on websites that allow discussion via accounts set up on a social network;
  • in order to obtain and analyse statistical data – the Company may obtain from the operator of the social network website statistical data concerning the fanpage, these are created on the basis of the monitoring of your activity on the fanpage by the operator of the given social network.

The provision of personal data is voluntary. In the case of any form of communication with the Company through the social network, the Company will automatically be provided with your data indicated in the definition of your account (name, surname or nickname, as well as your photo and other publicly available information). You can stop following the Company’s fanpage at any time and delete your posted comments. Please note that if you post on the Company’s fanpage, your personal data will be made available to other users of the social network and its operator, according to the rules of the respective social network.

§ 11. PROCESSING OF PERSONAL DATA IN THE FRAMEWORK OF THE LEASE OF FLATS

By booking a stay in an Apartment – whether directly on the Company’s Portal, by telephone, email or in person, or by booking via external booking portals – you provide your personal data necessary to make a booking and to carry out your stay in the Apartment.

Personal data may then be processed under the terms and for the purposes described in the terms and conditions of  stayApartamentu , the content of which can be found on the Portal.

As a rule, you provide your personal data yourself. If you have booked your stay via an external booking portal, your personal data necessary for the execution of your stay is provided to the Company by the operator of the external booking portal. This usually includes identification and contact details and information about the service purchased or booked.

Information on the obligation or lack of obligation to provide personal data, as well as on the consequences of failing to provide personal data, can be found in each case in the information obligation, which you should become familiar with before performing a specific action related to providing personal data. It is not obligatory to provide personal data when booking a stay in an Apartment, but it is required by the Company and necessary in order to book the Apartment.

As a general rule, personal data will be stored until the expiry of the statute of limitations for any claims relating to the performance of the hotel services contract, unless there is another basis for processing.

§ 12. PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF NEGOTIATION, CONCLUSION OF AND PERFORMANCE OF CONTRACTS OTHER THAN A SHORT-TERM RENTAL CONTRACT FOR A FLAT

The company processes personal data in connection with the negotiation, conclusion and performance of contracts with other parties. This applies to you if you are the other party to the contract as an individual or if you represent the other party to the contract (e.g. as board members, proxies, contact persons). In this case, your personal data are processed:

  • for the purpose of taking steps to enter into a contract and for the performance of the contract with the data subject [Article 6(1)(b) RODO] or with the entity represented by the data subject [Article 6(1)(f) RODO];
  • for purposes arising from the legitimate interests pursued by the Company, i.e. for the purposes of claiming or defending against claims, direct marketing, archiving [Article 6(1)(f) RODO];
  • in order to comply with legal obligations, in particular tax and accounting obligations, imposed on the Company by law [Article 6(1)(c) of the DPA].

The provision of personal data is in principle voluntary, but required by the Company and necessary for the conclusion and performance of the contract. Failure to provide data may prevent the conclusion or performance of the contract. In the case of the processing of personal data for the purpose of fulfilling tax and accounting obligations, the provision of data may be mandatory (e.g. for issuing a VAT invoice), which results from generally applicable laws.

§ 13. DATA RECIPIENTS

Depending on the purpose of the processing, your personal data may be disclosed to entities providing certain services to the Company, including, in particular, entities cooperating in the short-term rental of the Apartments. The extent of the data disclosed shall not exceed the need justified by the nature of such services. The recipients of the data may be entities providing postal or courier services, if the use of a traditional form of correspondence proves necessary. The recipients of any data processed electronically may be the Company’s IT service provider or the provider of IT solutions (e.g. software), including the providers of software for the short-term rental of Apartments, i.e. the PREVIO / Hotelgram system, the Bookassist system and MyAlfred. In the case of data processed for the purposes of e-mail marketing (e.g. newsletters), the data may be disclosed to a mass mailing service provider.

In addition to the above, recipients of your data may be banks, payment service providers and marketing, legal or accounting service providers. Your personal data may be disclosed to the Company’s insurer if this is necessary for the settlement of a claim. 

If you have booked your stay via an external booking portal, your stay data may be disclosed to the operator of this portal.

Personal data may also be made available to the competent public authorities if required by applicable law.

§ 14. RETENTION PERIOD OF PERSONAL DATA

The Company shall not keep your personal data for longer than is necessary for the specific purpose of the processing. The duration of the processing of your personal data by the Company depends on the type of service provided and the purpose of the processing. The period of processing of your personal data is indicated next to the individual processing activities listed in the Privacy Policy.

If the processing of personal data is necessary for the establishment and investigation of possible claims or the defence against claims, the data will be processed until the expiry of the limitation period for such claims.

Personal data processed in order to comply with legal obligations incumbent on the Company shall be processed for the period required by generally applicable law (e.g. the period of retention of accounting documents).

Where personal data is processed on the basis of the Company’s legitimate interest, the personal data shall be processed for the period necessary to pursue that interest or to raise an effective objection to the processing of the personal data.

§ 15. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

As a general rule, the Company does not transfer personal data to third countries (outside the European Economic Area – EEA). In particular, personal data of persons renting Apartments is not transferred to such countries. If, however, the transfer of personal data outside the EEA is necessary, the Company will inform you of this at the time of obtaining the personal data. The Company will make every effort to ensure that the processing of personal data outside the EEA is carried out using the highest standards, which will be done in particular by:

  • the use of processors of personal data in third countries for which a European Commission decision has been issued as to whether an adequate level of personal data protection is ensured;
  • use of standard contractual clauses approved by the European Commission;
  • the application of binding corporate rules approved by the competent supervisory authority.

§ 16. POWERS

As data subjects of the personal data processed by the Company, you are entitled to:

  • request access to personal data,
  • request the rectification of personal data,
  • request the deletion of personal data,
  • request the restriction of the processing of personal data,
  • to transfer personal data to another controller where the personal data originates from you and the processing is carried out by automated means based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the RODO or on a contractual basis pursuant to Article 6(1)(b) of the RODO,
  • object to the processing of your data for direct marketing purposes,
  • object to the processing of personal data on the basis of Article 6(1)(f) RODO, i.e. processing necessary for the purposes of the legitimate interests pursued by the Company,
  • to lodge a complaint with a supervisory authority.

The consents you have given may be withdrawn at any time, which will not affect the lawfulness of the processing carried out on the basis of the consent before its withdrawal.

You may exercise the above rights, in particular by contacting the Company’s designated Data Protection Officer:

  • in writing to the following address: ResiNest Spółka Akcyjna with its registered office in Białystok, 56 Jurowiecka Street, 15-101 Białystok
  • electronically via e-mail: hello@resinest.com 

§ 17. DURATION OF THE PRIVACY POLICY

This version of the privacy policy is effective as of [-] February 2023 until amended and a revised version is published by the Company.