Privacy policy

PRIVACY POLICY
This Privacy Policy applies to personal data whose Controller is R4R Leasing Sp. z o.o.with headquarters in Warsaw (00-582) at Al. Szucha 6, KRS 0000600776 ("Company", "Controller", R4R). If you have any questions or comments, please contact [email protected] As part of this document, we would like to inform you in a transparent way: why and how the Company collects, uses and stores your personal data; what legal basis these personal data are processed and what are your rights and our obligations in relation to this processing.

Definitions
The following capitalized terms used in the Privacy Policy are given the following meanings:
• Controller, Company or R4R Leasing Sp. z o.o. with its registered office in Warsaw (00-582) at Al. Szucha 6: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
• Personal data - means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
• Account - assigned to a given User, identified by means of an e-mail address, part of the Website with which the User may perform specific actions within the Website;
• R4R Platform or Website - website through which the User may use the Services;
• Cookies - IT data that are stored on the User's device by means of which he uses the Website, containing data about the User's use of the Platform;
• Privacy Policy - this document. It sets out the principles according to which R4R processes Personal Data. The Website Regulations and the Privacy Policy are documents regulating the terms of use of the Platform;
• Website Regulations - a document regulating the principles of using the Platform, specifying the types and scope of Services available on the Platform, the complaint procedure and the technical conditions of using the Website. The Website Regulations and the Privacy Policy are documents regulating the terms of use of the Platform;
• Registration - the process of creating an Account by the User;
• GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Regulation on the Protection of data) (Journal of Laws EU. 2016, No. 119, page 1), effective from 25 May 2018;
• Service - a service provided by the Company to the User. These services will include: publication of announcements, notifications, etc.;
• User - any person using the R4R Website.

Types of personal data.
Data provided by Users
Registration:
In order to use the Services we provide, the website allows you to set up an account. During registration, the Company may collect the following information about you:
• first name and last name
• e-mail adress;
• mobile number.
If you set up an account, providing the data specified above is voluntary, but necessary to use the Services offered under your R4R account. The data provided by you will be processed in order to provide the Service, in accordance with the Website Regulations. The consequence of not providing data is the inability to effectively set up an account.

Contact form:
Our portal allows you to send a query via the contact form. If you choose this contact channel, the Company may collect the following information about you:
• first name and last name;
• e-mail adress;
• mobile number;
• The city;
• other information disclosed by you in the message.
Providing the data specified above is voluntary, but necessary to answer the received question. The Company will process the data listed above in order to implement your instruction or provide information. In a situation where the answer to your inquiry will be given by phone, the Company may require you to provide us again with the personal data provided in the contact form to confirm your identity.

Phone call and emails:
We have also provided you with a phone number and email address on our website. If you choose one of the above contact channel, the Company will collect all information that you choose to provide to our employee or entity cooperating with the Company during a conversation or in an electronic message.
Calls can be recorded. If you do not agree to record the conversation, please choose a different contact channel.

Data collected automatically
When using the R4R portal, the Company may automatically collect your data in the following areas:
• IP and device data:
The Company may collect Users IP addresses. The IP address is the number assigned to the terminal equipment of the person visiting the website. In addition, the Company may collect information about the operating system and the type of your web browser and its version.
• Data on activity on the Website:
The company may collect data on your activity on the portal, and above all the date and duration of the visit and the sequences of activities on the site. In the event that you reach the R4R portal using links on other websites, the Company will also collect data from which page was redirected to the R4R website and information about the ads from which such redirection took place.
• Login details:
In the case of Users who have an account, the Company collects information on the date of registration on the site and logging in to the account, the date of the last password change, the date of the last successful login.
• Cookies
The website uses cookies, called cookies. They are saved by the Company on the end device of the person visiting the R4R website, if the web browser allows it. A cookie usually contains the name of the domain from which it comes, its "expiration time" and an individual, randomly selected number identifying this file. Information collected using this type of file allows the development of general statistics of visits to our portal. The company uses two types of cookies:
• Session cookies: after the browser session ends or the end device is turned off, the saved information is deleted from the device's memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from the clients' end devices.
• Cookies are permanent: they are stored in the memory of the Customer's terminal device and remain there until they are deleted or expire. The mechanism of persistent cookies does not allow the collection of any personal data or any confidential information from customers' end devices.
The Company uses cookies for analysis and research as well as auditing audits, and in particular to create anonymous statistics that help to understand how Users use the website, which allows improving its structure.
The cookie mechanism is safe for end devices used by the website. This way it is not possible for viruses or other unwanted software or malware to get to your terminal equipment. However, in your browsers you have the option of limiting or disabling access of cookies to your devices. If you use this option, some of our Services or some parts of our portal may become inaccessible to you or may malfunction.
Below we present how you can change the settings of popular web browsers regarding the use of cookies
• Internet Explorer: support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
• Mozilla Firefox: support.mozilla.org/pl/kb/W%C5%82%C4%85czanie%20i%20wy%C5%82%C4%85czanie%20obs%C5%82ugi%20ciasteczek
• Chrome: support.google.com/chrome/answer/95647?hl=pl
• Safari: support.apple.com/kb/PH5042?locale=pl_PL
• Opera: help.opera.com/pl/latest/web-preferences/

Data collected from other sources
We may collect your personal data for marketing purposes directly from you or from third parties such as Google - primarily through marketing tools such as Google Ads and other similar.

Legal grounds, purposes and periods of data processing
Legal grounds for data processing
We cannot process personal data unless we have a valid legal basis. Therefore, we process personal data only if:
• the processing is necessary for the performance of a contract (art.6 par.1 lit.b GDPR), the subject of which is the service provided electronically - setting up an account;
• based on your explicit, voluntary and prior consent (art.6 par.1 lit.a GDPR) - for direct marketing. Any consent given may be withdrawn at any time. It should be remembered that withdrawal of consent is effective only for the future and does not affect the lawfulness of processing based on consent before its withdrawal;
• the processing is necessary for the pursuit of the legitimate interests of the Company (art.6 par.1 lit.f GDPR) and does not unduly affect your interests or fundamental rights and freedoms. Please note that when processing personal data on this basis, we always try to balance our legitimate interest and your privacy. Such "legitimate interests" are:
• for establishing or pursuing civil law claims by the Company as part of its operations, as well as defense against such claims;
• for answering the query received through any contact channel;
• for marketing using cookies collected on the Company's website.
Fulfilling contractual obligations: The duration of the contract between the User and the Company.
Answering the received question: The period necessary to perform this task
Direct marketing by the Company regarding the Company's products and Services: The period for which the Company processes personal data for other purposes or until consent is withdrawn.
Conducting marketing using cookies collected on the Company's website. Session cookies are temporary files that are stored on the user's end device until logging out, leaving the website or turning off the software (web browser). Persistent cookies are stored on the user's end device for the time specified in the cookie parameters or until they are deleted by the user.
Regardless of the above periods, your data may be processed by the Company for the purposes of determining or pursuing civil law claims as part of its business, as well as defense against such claims - for appropriate limitation periods for such claims, i.e. in principle no longer than 6 years from the occurrence of the event giving rise to the claim.

Security measures for personal data
All employees who gain access to Users personal data must comply with internal policies and processes related to the processing of personal data in order to protect them and ensure confidentiality. They are also required to comply with all technical and organizational security measures put in place to protect personal data.
We have implemented appropriate technical and organizational measures to protect personal data against unauthorized, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access, and above all other illegal forms of processing. These security measures have been implemented taking into account technical capabilities, implementation costs, processing risks and the nature of personal data.
Transfer of personal data to recipients and other third parties.
The data may be transferred to recipients and other third parties to achieve the objectives set out in the policy and to the extent that they are necessary for them to perform the tasks ordered by the
Company, if required by law or if the Company has a different legal basis. The following may be considered as recipients or other third parties:
• entities related to the Company in person or capital, subsidiaries of the Company and special purpose vehicles;
• entities processing personal data at the request of the Company, such as entities providing document archiving services or accounting services. These types of entities do not decide for themselves how to process your personal data. The processing of personal data by them takes place only to the extent that it is necessary for the business of the Company. The company has control over the operations of such entities through appropriate contractual provisions protecting your privacy.
• any national public administration authorities (e.g. Police), authorities of other EU Member States (e.g. authorities established to protect personal data in other Member States) or courts, if required by applicable national or EU law or at their request;
• legal or tax advisers;
• providers of IT systems and hosting services;
• courier or postal service providers;
• entities operating call centers.

Data transfer outside the European Economic Area
Personal data will not be transferred to countries outside the European Economic Area ("EEA"), which includes EU Member States, Iceland, Liechtenstein and Norway.

The rights of Users and their use
Rights
Each person has the right to access their personal data processed by the Company. If you believe that any information about your person is incorrect or incomplete, please submit a request for rectification The Company will immediately correct such information. In addition, you have the right to:
• withdraw your consent if the Company has obtained such consent to process personal data (provided that such withdrawal does not violate the lawfulness of data processing carried out prior to withdrawal);
• obtain a copy of your personal data;
• request deletion of your personal data in cases specified by the provisions of the GDPR;
• request to limit the processing of your personal data in cases specified by the provisions of the GDPR;
• objecting - for reasons related to your particular situation - to the processing of your personal data, if such processing is carried out for the purpose of pursuing the public interest or legitimate interests of the Company;
• transfer of data, receipt of personal data provided to the Company in a structured, commonly used and machine-readable format, and to request that such personal data be sent to another personal data controller, without impediments by the Company and subject to its own confidentiality obligations.
The Company will verify your requests, requests or objections in accordance with applicable data protection laws. However, it should be remembered that these rights are not absolute; regulations provide for exceptions to their application. In response to your request, the Company may ask you to verify your identity or provide information that will help the Company better understand the situation. The company will endeavor to explain its decision to you if your requests are not met.

rights regarding the processing of personal data
To exercise the above rights, please send an email to [email protected] or contact the Company by mail at Al. Szucha 6, Warsaw 00-582.
If you are not satisfied with the way the Company processes your personal data, please notify us of the problem and we will investigate any irregularities that arise. Please report your concerns using the contact details provided above. If you have any objections to the Company's reaction, it is also possible to submit a complaint to the competent personal data protection authority. In Poland, this body is the President of the Office for Personal Data Protection. In order to ensure the timeliness and accuracy of personal data, we may periodically ask you to check and confirm the personal data we hold about you or to inform us of any changes regarding this personal data (such as changing your email address). We encourage you to regularly checking the correctness, timeliness and completeness of personal data processed.

Information clause updates
This clause was updated on May 15, 2019 and may be subject to further changes. If required by law, any information regarding future changes or additions to the processing of personal data described in this clause, which may relate to your person, will be forwarded to you through the appropriate form of communication usually used by the Company in dealing with Users.