In case you are providing your personal data, we as a data controller and owner of the Forest buildings.
Polcom Investment XVIII sp. z o.o., with its registered seat in Warsaw, address: Chmielna 71 St. 00-801 Warsaw, entered into the register of entrepreneurs of the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, XIII Commercial Division of the National Court Register under the KRS number no.: 0000485196, (hereinafter referred to as the “HB Reavis” or “we”), would like to inform you about the processing of your personal data and of your rights related to the said processing.
HB Reavis is part of the HB Reavis Group, which consists of all the entities consolidated under the group holding HB Reavis Holding S.A. with its headquarters in Luxembourg, due to which the reference to HB Reavis Group may be found in the Privacy Notice (hereinafter referred to as the “HB Reavis Group”).
Personal data is processed for the following processing activities:
1) Ensuring the safety of visitors and users of the building as well as protection of the building and property
2) Acceptance, processing, and handling of complaints
3) The issuing of entry cards
4) The administration of incidents in our buildings
5) Mutual communication
6) The operation of a “help desk”
7) Promotion of our events and services
8) Organization and administration of an event
9) Sending of reminders
10) Sending of newsletters,
11) Invoice issuance
12) Assessing the clients’ experience (Net Promoter Score)
13) GDPR complaints
14) More by HB Reavis activities
A further description of our purposes:
What is our purpose and legitimate interest for processing your personal data?
The protection of our buildings and the safety of the people using our buildings are the key elements and the number one priority in our business activities. For us to be able to ensure the proper level of protection and safety, we installed a video monitoring system (CCTV). When entering the buildings or if you are near them, the CCTV might record you. If you enter the building or garage, we will process your personal data in the following ways:
a) We scan your vehicle licence plate number (LPNo) if you use the intercom system located at the ramp.
b) We scan your LPNo if the LPNo recognition technology for the automatic opening on the ramp for authorised vehicles is used in conjunction with the vehicle or enter the garage using an entry card.
c) We scan your LPNo when opening the ramp in order to ensure free parking. Once the free parking period expires, we process this data in order to determine the exact parking fee.
d) We collect data regarding the entry card upon entry and departure through contact points in the building, i.e., from the public part to the private part of the building, so that we ensure access for authorised persons only.
e) We produce your visual images by means of an installed CCTV camera system, which records the internal spaces of the building, the parking lot and part of the area outside the building.
f) In case you are visiting the premises of the building or attending an event organized by one of the tenants at the building we need to register you at the reception for safety and protection purposes. While registering you at the reception, we need to process your personal data as we want to fulfill our purpose and legitimate interests to the fullest.
What is our legal basis for the processing of your personal data?
We process your personal data based on the legitimate interests under Article 6 (1) (f) of GDPR for the protection of our rights and interests and for ensuring security in our premises.
What kind of personal data do we process?
a) A photograph of your LPNo.
b) A photograph of your LPNo.
c) A photograph of your LPNo.
d) Card number, place, and entry time.
e) A visual image of you.
f) Name, surname, ID number, identification of the tenant (if attending a tenant’s event) and date and time of the entry.
How long do we store your personal data?
a) We store your personal data for 7 days.
b) We store your personal data for the duration of the accounting year
c) We store your personal data for 6 months.
d) We store your personal data for 6 months.
e) We store your personal data captured by cameras located in the building or in the parking lot and on the outside of the building for 15 days.
f) We store your personal data for 90 days.
What is our purpose for and legitimate interest in processing your personal data?
In each lift in the building, there are voice communicators through which it is possible to contact the central security desk of the building in real time should a problem arise. These calls are recorded so that in case of a complaint associated with the handling of a problem, we have an audio recording of the given event available.
What is our legal basis for the processing of your personal data?
In the cases of the acceptance, processing, and handling of complaints, we process your personal data based on the legitimate interests under Article 6 (1) (f) of GDPR.
What kind of personal data do we process?
An audio recording of the complaint or call.
How long do we store your personal data?
We store your personal data for 15 days.
What is our purpose and legitimate interest for processing your personal data?
For us to permit you to enter the premises of your employer, we will issue to you an entry card/virtual access card which allows you access to restricted premises of the building and/ or the parking lot. Moreover, we will issue to you a temporary entry card in case that you are a guest of our tenant.
What is our legal basis for the processing of your personal data?
We process your personal data based on legitimate interests under Article 6 (1) (f) of GDPR to issue entry cards.
What kind of personal data do we process?
Name, surname, and the business name of your employer
How long do we store your personal data?
For the duration of your contractual relationship with our tenant or the duration of the rental relationship, whichever relationship ends first.
What is our purpose and legitimate interest for processing your personal data?
Your personal data is processed for the purpose of the administration of incidents that occur in our buildings, such as car accidents in the parking lot, etc. When such an incident occurs, it is necessary to fill out an incident form for insurance purposes and other legal matters.
What is our legal basis for the processing of your personal data?
Your personal data is processed during the insurance and offense event in accordance with Article 6 (1) (f) GDPR, i.e. we process your personal data on the basis of legitimate interests.
What kind of personal data do we process?
Requested data in the insurance form and offense claim.
How long do we store your personal data?
We store your personal data only during the time that it is strictly necessary to deal with the insurance and offense event.
What is our purpose and legitimate interest for processing your personal data?
Our philosophy is to always be open and transparent. This includes being open to communication from any person interested in us. To fulfil this goal, we created several types of contact forms that can be used to contact us. Additionally, we have also published the email addresses of employees working for us, so you can contact them at any time with any question related to our building and business you may have. However, to ensure effective, flawless, and clear communication, we must process some of your personal data.
Moreover, when executing the sales/leasing process with our (potential) clients we strive to maintain very effective and transparent communication canal. To fulfil this purpose, we use the CRM database filled with contact data (including personal data) of our (potential) clients or their employees. We do this to ensure effective and flawless communication with the (potential) clients and to build a database consisting of all our business partners.
What is our legal basis for the processing of your personal data?
If you contact us via e-mail or web-based form, we process your personal data based on legitimate interests under Article 6 (1) (f) of GDPR.
What kind of personal data do we process?
Name, surname, email address and phone number. For the purposes of the CRM database, in addition to the aforementioned data, we also process job title and employer identification data.
How long do we store your personal data?
We store your personal data until you unsubscribe from our contact database.
What is our purpose for and legitimate interest in processing your personal data?
We process your personal data to ensure that our contractual obligations arising from the contract with a third party (our tenant and the company on whose behalf you are acting), in which you are in the position of the contact person, are effectively fulfilled. Based on the contract with your employer We provide a help desk application for reporting issues in connection with the building in which the offices of your employer are situated or to which you provide any services. To properly use the application, you or your employer provided us with your personal data, as you are the designated person for communication in the application. We need to process your personal data to ensure effective, flawless, and clear communication, as well as to ensure the fulfilment of our obligations towards the companies on whose behalf you are acting.
What is our legal basis for the processing of your personal data?
We process your personal data based on the legitimate interests under Article 6 (1) (f) of GDPR.
What kind of personal data do we process?
Title, name, surname, position, place of work, signature, email address, phone number, the identification information of your employer.
How long do we store your personal data?
During your contractual relationship with our tenant or the duration of the rental relationship, whichever relationship ends first.
What is our purpose for and legitimate interest in processing your personal data?
Furthermore, we may process your personal data by taking photographs and audio-visual recordings, which are used for the purpose of and legitimate interest in the promotion of our events and services and to help us improve our brand and goodwill by publishing the photographs (where it is possible that you will appear) and audio-visual recordings on our social media profiles such as YouTube, LinkedIn, Facebook, Twitter and Instagram, as well as via other channels such as our websites.
What is our legal basis for the processing of your personal data?
We process your personal data based on the legitimate interests under Article 6 (1) (f) of GDPR.
What kind of personal data do we process?
Photographs or/and audio-visual images of you. In the case of private events, also your name, surname and email address will be processed.
How long do we store your personal data?
We may process your personal data for the entire existence of the HB Reavis Group.
8. Organization and administration of an event
Description of our purpose and legitimate interests:
Your personal data is processed for the purpose of ensuring your attendance at the event (e.g., processing of your personal data during the ticket purchase or for sending the invitation) and administration of matters regarding the event. This purpose includes mainly efficient communication relating to the event, proper performance of the event, providing you with the notices about the event, collecting feedback, notification about the changes, ensuring the examination of your complaint or claim, carrying out our obligations arising from our mutual contract and for verification process
What is our legal basis for the processing of your personal data?
We process your personal data on the basis of the performance of a contract or pre-contractual relations in accordance with Article 6 (1) (b) of GDPR. The conclusion and the fulfillment of the contract are possible only if we can process your personal data. In case that the personal data is not provided, we will not be able to enter the contract with you and so to provide your attendance at the event.
What kind of personal data do we process?
Name, surname, e-mail, and telephone.
How long do we store your personal data?
We only process your personal data for the time strictly necessary to ensure the organization and administration of our event.
What is our purpose for and legitimate interest in processing your personal data?
We also process your personal data for the purpose of sending reminders related to unsent webpage forms. Whenever you start filling out any webpage form published on our website, we automatically process the personal data you fill in. In some cases, you might forget to send the form. Therefore, we use the automatically saved personal data to remind you to finish filling out the form or to send the filled-out form.
What is our legal basis for the processing of your personal data?
We process your personal data based on the legitimate interests under Article 6 (1) (f) of GDPR to send you reminders related to unsent webpage forms.
What kind of personal data do we process?
Personal data requested by the webpage form (such as name, surname, email, phone number, etc.).
How long do we store your personal data?
We store your personal data for 30 days.
What is our purpose for processing your personal data?
We also process your personal data for the purpose of direct marketing. To ensure the promotion of our products and services, improving our brand and goodwill we will provide you with our newsletters, invitations to our events, marketing alerts and follow-up marketing materials via the various available channels such as email marketing communication, SMS messages, pop-up windows, online remarketing ads (Google Ads, Facebook ads, native ads…).
Sending information regarding the ongoing construction of our buildings in your neighborhood. This information will mainly concern the current state of construction, planned progress or associated constraints. Moreover, we will provide you with HB Reavis Group marketing activities related to the above-mentioned construction. When building our projects, we realize that it also affects the neighborhoods around the construction site. Therefore, we strive to have the best possible relationship with the residents living around the construction site. In order to achieve that, we maintain the transparent communication in which we share all the information regarding the construction.
What is our legal basis for the processing of your personal data?
We process your personal data based on consent under Article 6 (1) (a) of the GDPR. We use your personal data for the contact with you based on consent granted by you in line with the Act on rendering services via electronic means and consent granted by you in line with the Telecommunications Law.
What kind of personal data do we process?
Name, surname, email, and phone number.
How long do we store your personal data?
If you give us any consent to provide you with our marketing content and newsletter, we store your personal data until you unsubscribe from our consent database. By granting given consent you further acknowledge that you can withdraw that consent electronically by clicking on “unsubscribe” in any of our e-mail sent to you or by clicking on “Privacy Management” on our web page. Here you can withdraw each of the consents before the lapse of the time you granted it for, i.e., at any time. Withdrawal of the consent is without prejudice to the lawfulness of our processing of your personal data prior to such withdrawal
What is our purpose for processing your personal data?
In order for us to issue VAT invoices for using parking lots in the Forest buildings we have to process some personal data. In such cases necessary personal data is transferred to the reception.
What is our legal basis for the processing of your personal data?
Your personal data are processed during the insurance proceedings in accordance with Article 6 (1) (c) GDPR, i.e. the processing is necessary for compliance with a legal obligation to which our company is subject.
What kind of personal data do we process?
In case of payment under 450 PLN we process Tax Identification Number assigned by the parking user to his receipt. In case of payment over 450 PLN, we process: (i) name and surname/name of the company, (ii) address, (iii) Tax Identification Number, (iv) receipt with Tax Identification Number on it and (v) parking ticket.
How long do we store your personal data?
Your personal data will be processed during the period set by the applicable legal obligation or line with it.
What are our purpose and legitimate interests for the processing of your personal data?
After we lease/sell our offices/building we evaluate the clients’ experience and happiness with our business relationship and with the leased/sold offices/building by collecting surveys from the clients or their employees (i.e., Net Promoter Score).
What is our legal basis for the processing of your personal data?
We process your personal data on the basis of the legitimate interests under Article 6 (1) (f) of GDPR.
What kind of personal data do we process?
We process name, surname, e-mail address, phone number, position, and identification of the employer.
How long do we store your personal data?
We only process your personal data for the time strictly necessary to carry out the assessment.
What are our purposes for the processing of your personal data?
We strive to protect your privacy as much as possible, and therefore we process your personal data in compliance with GDPR and all other relevant laws. However, if you disagree with the way we handle your personal data, you can exercise your rights via our Data Protection Officer. To ensure that your complaint is handled, some of your personal data must be processed.
What is our legal basis for the processing of your personal data?
Your personal data is processed while handling your complaint in accordance with Article 6 (1) (c) GDPR, i.e. the processing is necessary for compliance with a legal obligation to which our company is subject.
What kind of personal data do we process?
Personal data provided by you when submitting the complaint (such as name, surname, email, phone number, etc.).
How long do we store your personal data?
We store your personal data strictly during the time necessary to deal with the complaint.
For more information on how we process your personal data when you use the More by HB Reavis app, please click here.
Once we no longer need your personal data for the purposes for which we processed it, we will delete your personal data or archive it for the period of time specified by law or the archiving plan.
With whom do we share your personal data?
We may also share your personal data with companies within the HB Reavis Group. We may also be obliged to disclose your personal data to state authorities and public authorities, (courts and law enforcement authorities i.e. (police and prosecutor), and only to the extent necessary as required by applicable and effective law to exercise their power.
Based on several agreements with third parties, which act as our intermediaries or independent operators, we may provide your personal data, in particular to these companies, to the extent necessary to ensure the provision of services specified for individual companies:
In addition to the companies listed above, we use the following categories of intermediaries: data centres, hosting – marketing tools – analysis and tracking tools – events, surveys – business operations / management tools – task management and communication tools.
From whom do we get the personal data?
We get personal data from you or from our tenant.
Do we use automated individual decision-making?
No, we do not use automated individual decision-making.
Do we transfer your personal data to third countries?
Your personal data are processed within the territory of the Republic of Poland and other states of the European Union. Your personal data can be processed by a country outside of European Union if this third country has been confirmed by the European Commission as a country with adequate level of data protection or if other appropriate data protection safeguards exist (for example, binding corporate privacy rules or EU standard data protection clauses).
What are your rights?
Your rights as a data subject are stated below. Please note that the exact conditions to exercise these rights are set out in detail in Chapter III of GDPR, while in a particular circumstance not all rights may be exercised. You have following rights:
How can you exercise your rights?
Electronically: dataprivacy@hbreavis.com
In writing to the address: Polcom Investment XVIII sp. z o.o., Chmielna 71 St. 00-801 Warsaw, at hands of: legal department or at HB Reavis Group s.r.o., Twin City C, at hands of: compliance department Mlynské Nivy 16, 821 09 Bratislava, Slovakia
Telephone: +421 918 723 243
We strive to protect your privacy as much as possible and therefore we process your personal data in compliance with GDPR and all other relevant laws. However, if you disagree with the way we handle your personal data, you can exercise your rights via our Data Protection Officer at:
Data Protection Officer’s contact: Erika Wild, contact point at Twin City C, Mlynské Nivy 16, 821 09 Bratislava, Slovak Republic, tel. +421 918 723 243, email: dataprivacy@hbreavis.com
Or you can file a complaint in supervising authority regarding the processing of your personal data. Your local supervisory authority may be found at: https://edpb.europa.eu/about-edpb/about-edpb/members_en#member