The terrace is open from 8:30 a.m. to 4:00 p.m.
PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA AND YOUR RIGHTS
In case you are providing your personal data, we as a data controller and owner of the Forest buildings.
Polcom Investment XVIII sp. z o.o., with its registered seat in Warsaw, address: ul. Chmielna 71, 00-801 Warsaw, entered into the register of entrepreneurs of the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, XIII Commercial Division of the National Court Register under the KRS number no.: 0000485196, (hereinafter referred to as the “HB Reavis” or “we”), would like to inform you about the processing of your personal data and of your rights related to the said processing.
HB Reavis is part of the HB Reavis Group, which consists of all the entities consolidated under the group holding HB Reavis Holding S.A. and HB Reavis Investments Holding S.A. with its headquarters in Luxembourg, due to which the reference to HB Reavis Group may be found in the Privacy Notice (hereinafter referred to as the “HB Reavis Group”).
This notice applies to current and former employees, tenants, visitors and contractors. This notice does not form part of any contract of employment or other contract to provide services. This Privacy Notice may be updated from time to time. We encourage you to periodically review this Privacy Notice for the latest information on our privacy practices. Your continued use of our services after the posting of changes to this Privacy Notice will mean that you accept those changes.
It is important that you read and retain this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using that information and what your rights are under the data protection legislation.
If you are in Forest, in its immediate vicinity (as a visitor, employee or for any other purpose) or visit websites, apps or social media related to this building, your personal data may be processed for the following purposes:
1) Ensuring the safety of visitors and users of the building as well as protection of the building and property
2) Acceptance, processing, and handling of emergency calls
3) The issuing of entry cards or QR codes
4) The administration of incidents in our buildings
5) Mutual communication
6) The operation of a “help desk”
7) Promotion of our events and services
8) Organization and administration of an event
9) Invoice issuance
10) Assessing the clients’ experience
11) GDPR complaints
12) More services
13) Sending of marketing materials.
A further description of our purposes:
1. Ensuring the safety of visitors and users of the building as well as protection of the building and property.
What is our purpose and legitimate interest for processing your personal data?
The protection of our buildings and the safety of the people using our buildings are the key elements and the number one priority in our business activities. For us to be able to ensure the proper level of protection and safety, we installed a video monitoring system (CCTV). When entering the buildings or if you are near them, the CCTV might record you. If you enter the building or garage, we will process your personal data in the following ways:
| Ways of processing your personal data | What kind of personal data do we process? | How long do we store your personal data? |
|---|---|---|
| We scan your vehicle licence plate number (LPNo) if the LPNo recognition technology for the automatic opening on the ramp for authorised vehicles is used in conjunction with the vehicle or enter the garage using an entry card. | A photograph of your LPNo | We store your personal data for the duration of the accounting year |
| We scan your LPNo when opening the ramp in order to ensure free parking. Once the free parking period expires, we process this data in order to determine the exact parking fee. | A photograph of your LPNo | We store your personal data for 6 months |
| We collect data regarding the entry card or QR code upon entry and departure through contact points in the building, i.e., from the public part to the private part of the building, so that we ensure access for authorised persons only. | Card number, place, and entry time | We store your personal data for 6 months |
| We produce your visual images by means of an installed CCTV camera system, which records the internal spaces of the building, the parking lot and part of the area outside the building. | A visual image of you | We store your personal data captured by cameras located in the building or in the parking lot and on the outside of the building for 15 days |
| In case you are visiting the premises of the building or attending an event organized by one of the tenants at the building we need to register you at the reception for safety and protection purposes. While registering you at the reception, we need to process your personal data as we want to fulfill our purpose and legitimate interests to the fullest. | Name, surname, ID number, e-mail address and telephone number, identification of the tenant (if attending a tenant’s event) and date and time of the entry | We store your personal data for 90 days |
What is our legal basis for the processing of your personal data?
We process your personal data based on the legitimate interests under Article 6 (1) (f) of GDPR for the protection of our rights and interests and for ensuring security in our premises.
2. The acceptance, processing, and handling of emergency calls
What is our purpose for processing your personal data?
In each lift in the building, there are voice communicators through which it is possible to contact the central security desk of the building in real time should a problem arise. These calls are recorded and we are processing your personal data when it is necessary to protect the life or physical safety of you or another person.
What is our legal basis for the processing of your personal data?
The legal basis is justified under ‘vital interest’, we process your personal data under Article 6 (1) (d) of GDPR.
What kind of personal data do we process?
An audio recording of the call.
How long do we store your personal data?
We store your personal data for 6 weeks.
3. The issuing of entry cards or QR codes
What is our purpose and legitimate interest for processing your personal data?
For us to permit you to enter the premises of your employer, we will issue to you an entry card/virtual access card which allows you access to restricted premises of the building and/ or the parking lot. Moreover, we will issue to you a temporary entry card in case that you are a guest of our tenant.
What is our legal basis for the processing of your personal data?
We process your personal data based on legitimate interests under Article 6 (1) (f) of GDPR to issue entry cards.
What kind of personal data do we process?
Name, surname, and the business name of your employer
How long do we store your personal data?
For the duration of your contractual relationship with our tenant or the duration of the rental relationship, whichever relationship ends first.
4. The administration of incidents in our buildings
What is our purpose and legitimate interest for processing your personal data?
Your personal data is processed for the purpose of the administration of incidents that occur in our buildings, such as car accidents in the parking lot, etc. When such an incident occurs, it is necessary to fill out an incident form for insurance purposes and other legal matters.
What is our legal basis for the processing of your personal data?
Your personal data is processed during the insurance and offense event in accordance with Article 6 (1) (f) GDPR, i.e. we process your personal data on the basis of legitimate interests.
What kind of personal data do we process?
Requested data in the insurance form and offense claim.
How long do we store your personal data?
We store your personal data only during the time that it is strictly necessary to deal with the insurance and offense event.
5. Mutual communication.
What is our purpose and legitimate interest for processing your personal data?
Our philosophy is to always be open and transparent. This includes being open to communication from any person interested in us. To fulfil this goal, we created several types of contact forms that can be used to contact us or to download more information about the building. Additionally, we have also published the email addresses of employees working for us, so you can contact them at any time with any question related to our building and business you may have. However, to ensure effective, flawless, and clear communication, we must process some of your personal data.
Moreover, when executing the sales/leasing process with our (potential) clients we strive to maintain very effective and transparent communication canal. To fulfil this purpose, we use the CRM database filled with contact data (including personal data) of our (potential) clients or their employees. We do this to ensure effective and flawless communication with the (potential) clients and to build a database consisting of all our business partners.
What is our legal basis for the processing of your personal data?
If you contact us via e-mail or web-based form, we process your personal data based on legitimate interests under Article 6 (1) (f) of GDPR.
What kind of personal data do we process?
Name, surname, email address and phone number. For the purposes of the CRM database, in addition to the aforementioned data, we also process job title and employer identification data.
How long do we store your personal data?
We store your personal data until you unsubscribe from our contact database.
6. The operation of a “help desk”
What is our purpose for and legitimate interest in processing your personal data?
We process your personal data to ensure that our contractual obligations arising from the contract with a third party (our tenant and the company on whose behalf you are acting), in which you are in the position of the contact person, are effectively fulfilled. Based on the contract with your employer We provide a help desk application for reporting issues in connection with the building in which the offices of your employer are situated or to which you provide any services. To properly use the application, you or your employer provided us with your personal data, as you are the designated person for communication in the application. We need to process your personal data to ensure effective, flawless, and clear communication, as well as to ensure the fulfilment of our obligations towards the companies on whose behalf you are acting.
What is our legal basis for the processing of your personal data?
We process your personal data based on the legitimate interests under Article 6 (1) (f) of GDPR.
What kind of personal data do we process?
Name, surname, email address, phone number, the identification information of your employer.
How long do we store your personal data?
During your contractual relationship with our tenant or the duration of the rental relationship, whichever relationship ends first.
7. Promotion of our events and services
What is our purpose for and legitimate interest in processing your personal data? Furthermore, we may process your personal data by taking photographs and audio-visual recordings, which are used for the purpose of and legitimate interest in the promotion of our events and services and to help us improve our brand and goodwill by publishing the photographs (where it is possible that you will appear) and audio-visual recordings on our social media profiles such as YouTube, LinkedIn, Facebook, X (former Twitter) and Instagram, as well as via other channels such as our websites.
What is our legal basis for the processing of your personal data?
We process your personal data based on the legitimate interests under Article 6 (1) (f) of GDPR.
What kind of personal data do we process?
Photographs or/and audio-visual images of you. In the case of private events, also your name, surname and email address will be processed.
How long do we store your personal data?
We may process your personal data for the entire existence of the HB Reavis Group.
8. Organization and administration of an event
What is our purpose for processing your personal data?
Your personal data is processed for the purpose of ensuring your attendance at the event (e.g., processing of your personal data during the ticket purchase or for sending the invitation) and administration of matters regarding the event. This purpose includes mainly efficient communication relating to the event, proper performance of the event, providing you with the notices about the event, collecting feedback, notification about the changes, ensuring the examination of your complaint or claim, carrying out our obligations arising from our mutual contract and for verification process
What is our legal basis for the processing of your personal data?
We process your personal data on the basis of the performance of a contract or pre-contractual relations in accordance with Article 6 (1) (b) of GDPR. The conclusion and the fulfillment of the contract are possible only if we can process your personal data. In case that the personal data is not provided, we will not be able to enter the contract with you and so to provide your attendance at the event.
What kind of personal data do we process?
Name, surname, e-mail, and telephone.
How long do we store your personal data?
We only process your personal data for the time strictly necessary to ensure the organization and administration of our event.
9. Invoice issuance
What is our purpose for processing your personal data?
In order for us to issue VAT invoices for using parking lots in the Forest building we have to process some personal data. In such cases necessary personal data is transferred to the reception.
What is our legal basis for the processing of your personal data?
Your personal data are processed during the insurance proceedings in accordance with Article 6 (1) (c) GDPR, i.e. the processing is necessary for compliance with a legal obligation to which our company is subject.
What kind of personal data do we process?
In case of payment under 450 PLN we process Tax Identification Number assigned by the parking user to his receipt. In case of payment over 450 PLN, we process: (i) name and surname/name of the company, (ii) address, (iii) Tax Identification Number, (iv) receipt with Tax Identification Number on it and (v) parking ticket.
How long do we store your personal data?
Your personal data will be processed during the period set by the applicable legal obligation or line with it.
10. Assessing the clients’ experience
What are our purpose and legitimate interests for processing of your personal data?
After we lease/sell our offices/building we evaluate the clients’ experience and happiness with our business relationship and with the leased/sold offices/building by collecting surveys from the clients or their employees.
What is our legal basis for the processing of your personal data?
We process your personal data on the basis of the legitimate interests under Article 6 (1) (f) of GDPR.
What kind of personal data do we process?
We process name, surname, e-mail address, phone number, position, and identification of the employer.
How long do we store your personal data?
We only process your personal data for the time strictly necessary to carry out the assessment.
11. GDPR complaints
What are our purposes for processing of your personal data?
We strive to protect your privacy as much as possible, and therefore we process your personal data in compliance with GDPR and all other relevant laws. However, if you disagree with the way we handle your personal data, you can exercise your rights via our Data Protection Officer. To ensure that your complaint is handled, some of your personal data must be processed.
What is our legal basis for the processing of your personal data?
Your personal data is processed while handling your complaint in accordance with Article 6 (1) (c) GDPR, i.e. the processing is necessary for compliance with a legal obligation to which our company is subject.
What kind of personal data do we process?
Personal data provided by you when submitting the complaint (such as name, surname, email, phone number, etc.).
How long do we store your personal data?
We store your personal data strictly during the time necessary to deal with the complaint.
12. More services
For more information on how we process your personal data when you use the More app, please check out the privacy section in your profile at the More app.
13. Sending of marketing materials
What is our purpose for and legitimate interest in processing your personal data?
In the case of a previous business relationship (you have requested more information regarding our projects/available capacities in buildings using our web forms) we may process your personal data to ensure the promotion of our products and services, improving our brand and goodwill we will provide you with our newsletters, invitations to our events, marketing alerts and follow-up marketing materials via the various available channels such as email marketing communication.
What is our legal basis for the processing of your personal data?
We process your personal data on the basis of the legitimate interests under Article 6 (1) (f) of GDPR.
What kind of personal data do we process?
How long do we store your personal data?
We store your personal data until you unsubscribe from our contact database. You can unsubscribe from our contact database electronically by clicking on “unsubscribe” in any of our e-mail sent to you.
Once we no longer need your personal data for the purposes for which we processed it, we will delete your personal data or archive it for the period of time specified by law or the archiving plan.
With whom do we share your personal data?
We may also share your personal data with companies within the HB Reavis Group. We may also be obliged to disclose your personal data to state authorities and public authorities, (courts and law enforcement authorities i.e. (police and prosecutor), and only to the extent necessary as required by applicable and effective law to exercise their power.
Based on several agreements with third parties, which act as our intermediaries or independent operators, we may provide your personal data, in particular to these companies, to the extent necessary to ensure the provision of services specified for individual companies:
In addition to the companies listed above, we use the following categories of intermediaries: data centres, hosting – marketing tools – analysis and tracking tools – events, surveys – business operations / management tools – task management and communication tools.
From whom do we get the personal data?
We get personal data from you or from our tenant.
Do we use automated individual decision-making?
No, we do not use automated individual decision-making.
Do we transfer your personal data to third countries?
Your personal data are processed within the territory of the Republic of Poland and other states of the European Union. Your personal data can be processed by a country outside of European Union if this third country has been confirmed by the European Commission as a country with adequate level of data protection or if other appropriate data protection safeguards exist (for example, binding corporate privacy rules or EU standard data protection clauses).
What are your rights?
Your rights as a data subject are stated below. Please note that the exact conditions to exercise these rights are set out in detail in Chapter III of GDPR, while in a particular circumstance not all rights may be exercised. You have following rights:
How can you exercise your rights?
Electronically: dataprivacy@hbreavis.com
In writing to the address: Polcom Investment XVIII sp. z o.o., ul. Chmielna 71, 00-801 Warsaw, at hands of: legal department or at HB Reavis Group a. s., at hands of: compliance department, Mlynské nivy 5, 821 09 Bratislava, Slovakia.
We strive to protect your privacy as much as possible and therefore we process your personal data in compliance with GDPR and all other relevant laws. However, if you disagree with the way we handle your personal data, you can exercise your rights via our Data Protection Officer at: HB Reavis Group a. s., Mlynské Nivy 5, 821 09 Bratislava, Slovak Republic, email: dataprivacy@hbreavis.com.
Or you can file a complaint in supervising authority regarding the processing of your personal data. Your local supervisory authority may be found at: https://edpb.europa.eu/about-edpb/about- edpb/members_en#member
The terrace is open from 8:30 a.m. to 4:00 p.m.