PolskiHave a custom question or need help? Contact us!
This Privacy Policy applies to personal data controlled by companies comprising the R4R corporate group, collectively referred to as the Joint Controllers.
To the extent that you use the services of Other Landlords, these entities act as independent controllers of your personal data. The information clause of the Other Landlords constitutes a separate document, the link to which can be found in the “Privacy Policy” tab (LINK).
Under the joint controllership agreement, the Joint Controllers have agreed on their respective responsibilities for compliance with the obligations under the GDPR, in particular:
each of the Companies is responsible within its own scope for fulfilling the information obligations arising from the GDPR regarding the provision of information referred to in Articles 13 and 14 of the GDPR;
the company R4R Leasing Sp. z o.o. is responsible for fulfilling the obligations under the GDPR regarding the exercise of your rights. Regardless of this arrangement, you may also exercise your rights against the other Joint Controllers, who will forward your request to R4R Leasing Sp. z o.o. for its execution.
The Joint Controllers have designated a common contact point where you can report matters regarding personal data. For this purpose, you should contact us electronically at: [email protected], or in writing to the address of the Joint Controllers (with the note “personal data protection”).
Under this document, we wish to transparently inform you:
why and how the Companies collect, use, and store your personal data;
on what legal basis this personal data is processed; and
what your rights and our obligations are in connection with this processing.
The following capitalized terms used in the Privacy Policy shall have the following meanings:
Joint Controllers or Companies – means a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. The current list of Joint Controllers is in section 8.1.
Personal Data – means any information relating to an identified or identifiable natural person;
Data Subject – an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
Account – a part of the Service assigned to a given User, identified by an email address, through which the User can perform specific actions within the Service;
Platform or Service – the R4R website through which the User can use the Services;
Cookies – IT data stored on the User’s end device, through which they use the Service, containing data about the User’s use of the Platform;
Privacy Policy – this document. It defines the rules according to which R4R processes Personal Data. The Terms of Service and the Privacy Policy are the documents regulating the conditions of using the Platform;
Terms of Service – a document regulating the rules of using the Platform, determining the types and scope of Services available on the Platform, the complaint handling procedure, and the technical conditions for using the Service. The Terms of Service and the Privacy Policy are the documents regulating the conditions of using the Platform;
Registration – the process of creating an Account by the User;
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1), applicable from 25 May 2018;
Service – a service provided by the Company to the User. These services will include, among others: publishing announcements, notifications, etc.;
User – any person using the R4R service.
Other Landlords – R4R Warszawa Wilanowska Spółka z o.o. (KRS: 0000797908), R4R Warszawa Woronicza Spółka z o.o. (KRS: 0000759998), R4R Warszawa Taśmowa Spółka z o.o. (KRS: 0000759723), R4R Gdańsk Kołobrzeska Spółka z o.o. (KRS: 0000759426), R4R Poznań Szczepanowskiego Spółka z o.o. (KRS: 0000747162), R4R Wrocław Rychtalska Spółka z o.o. (KRS: 0000640333), R4R Łódź Wodna Spółka z o.o. (KRS: 0000640262), R4R Wrocław Jaworska II Spółka z o.o. (KRS: 0000814299), R4R RE Wave 4 Spółka z o.o. (KRS: 0000814236), R4R Kraków 3 Maja Spółka z o.o. (KRS: 0000798196), R4R Poland Sp. z o.o. (KRS: 0000718158), R4R RE Sp. z o.o. (KRS: 0000600773), R4R RE Wave 3 Sp. z o.o. (KRS: 0000798078), Pimech Invest Sp. z o.o. (KRS: 0000828847), M2 Hotel Sp. z o.o. (KRS: 0000766939), M2 Biuro Sp. z o.o. (KRS: 0000766653), R4R Wrocław Park Zachodni Sp. z o.o. (KRS: 0000888773), R4R Łódź Kilińskiego Sp. z o.o. (KRS: 0000894099), Hotel Wrocław Grabiszyńska Sp. z o.o. (KRS: 0000922220), R4R Poznań Nowe Miasto Sp. z o.o. (KRS: 0000932443).
Registration: To use the Services we provide, the platform allows you to create an account. During registration, the Companies may collect the following information about you:
first and last name;
email address;
mobile phone number.
If you create an Account, providing the data specified above is voluntary, but necessary to use the Services offered within the Account. The data you provide will be processed to provide the Service in accordance with the Terms of Service and this Privacy Policy. The consequence of not providing the data is the inability to successfully create an account.
Online Chat: Our Platform allows you to send an inquiry via Online Chat. If you choose this contact channel, the Companies may collect the following information about you:
first name;
email address;
mobile phone number;
city;
other information disclosed by you in the sent message.
Providing the data specified above is voluntary but necessary to respond to the inquiry received. The Companies will process the data listed above to execute your instruction or provide information. In a situation where the response to your inquiry is provided by telephone, the Companies may require you to re-provide the personal data submitted in the contact form to confirm your identity.
Telephone Call and Emails: On our Platform, we have also provided you with a telephone number and an email address. If you choose any of the above contact channels, the Companies will collect all the information you decide to provide to our employee or a cooperating entity during the conversation or in the electronic message. Calls may be recorded. If you do not consent to the recording of the call, please select another contact channel.
Facebook Messenger: The User has the option to contact the Joint Controllers using the built-in Messenger application from Facebook. For this purpose, it is necessary to be a registered user of the Facebook social platform. The rules of data collection via the Facebook platform are regulated by a separate Privacy Policy of the Controller, available on their corporate page on the Facebook platform: https://pl-pl.facebook.com/legal/terms
While using the Platform, the Companies may automatically collect your data in the following scope:
IP and device data: The Companies may collect Users’ IP addresses. An IP address is a number assigned to the end device of a person visiting the Platform. Additionally, the Controller may collect information about the operating system, as well as the type and version of your web browser.
Platform activity data: The Companies may collect data regarding your activity on the Service, primarily the date and duration of the visit, and the sequence of actions on the page. If you reach the Platform using links on other websites, the Joint Controllers will also collect data about which page redirected you to the Platform and information about the advertisements that caused such redirection.
Login data: For Users who have an Account, the Companies collect information regarding the date of registration on the Service and login to the Account, i.e., the date of the last password change, and the date of the last successful login.
The Platform uses files called cookies. They are saved by the Joint Controllers on the end device of the person visiting the Platform, provided the web browser allows it. A cookie usually contains the name of the domain from which it originates, its “expiration time,” and an individual, randomly selected number identifying this file. Information collected via these types of files allows for the compilation of general visit statistics for our Platform. The Companies use two types of cookies:
Session cookies: After the session of a given browser ends or the end device is turned off, the saved information is deleted from the device’s memory. The session cookies mechanism does not allow the collection of any personal data or any confidential information from the Clients’ end devices.
Persistent cookies: They are stored in the memory of the Client’s end device and remain there until deleted or expired. The persistent cookies mechanism does not allow the collection of any personal data or any confidential information from the Clients’ end devices.
The Companies use cookies for analysis, research, and audience auditing, and in particular to create anonymous statistics that help understand how Users use the Platform, which allows for improving its structure. The cookie mechanism is safe for the end devices on which you use the Platform. It is not possible for viruses or other unwanted software or malware to enter end devices this way. Nevertheless, you have the option in your browsers to limit or disable the access of cookies to your devices. If you use this option, some of our Services or parts of our Platform may become unavailable to you or may not function properly.
Below we present how you can change the settings of popular web browsers regarding the use of cookies:
Microsoft Edge browser: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox browser: https://support.mozilla.org/pl/kb/blokowanie-ciasteczek
Chrome browser: https://support.google.com/chrome/answer/95647?hl=pl
Safari browser: https://support.apple.com/kb/PH5042?locale=pl_PL
Opera browser: https://help.opera.com/pl/latest/web-preferences/
We may collect your Personal Data for direct marketing purposes directly from you, or from third parties, such as Google – primarily using marketing tools like Google Ads and other similar ones.
We cannot process Personal Data if we do not have a valid legal basis. Therefore, we only process Personal Data when:
processing is necessary for the performance of a contract (Art. 6(1)(b) GDPR), the subject of which is a service provided electronically – account creation;
based on your explicit, voluntary, and prior consent (Art. 6(1)(a) GDPR) – for the purpose of direct marketing. Any consent granted may be withdrawn at any time. Please note that the withdrawal of consent is only effective for the future and does not affect the lawfulness of processing based on consent before its withdrawal.
processing is necessary for the purposes of the legitimate interests pursued by the Companies (Art. 6(1)(f) GDPR) and does not excessively impact your interests or fundamental rights and freedoms. Please note that when processing personal data on this basis, we always try to balance our legitimate interest against your privacy. Such “legitimate interests” are:
establishing or pursuing civil claims by the Companies as part of their business activities, as well as defending against such claims;
responding to an inquiry received via any contact channel;
ensuring the proper functioning of the Service through the use of cookies collected on the Companies’ website.
Personal Data is processed only for a specific purpose and to the extent necessary to achieve it, and for as long as necessary. Listed below are the purposes pursued by the Companies and entities affiliated with the Companies through the processing of Personal Data, and the periods for which it is processed.
Purpose of processing and processing period:
Fulfilling contractual obligations: The duration of the contract between the User and the Company.
Responding to an inquiry received: The period necessary to perform this task.
Transfer of Personal Data and information to Other Landlords, if your inquiry or communication is addressed to them or relates to services provided by these entities.
Conducting direct marketing by the Company regarding the Company’s products and Services: The period for which the Company processes personal data for these purposes or until consent is withdrawn.
Conducting marketing using cookies collected on the Platform: “Session” cookies are temporary files stored in the user’s end device until logging out, leaving the website, or turning off the software (web browser). “Persistent” cookies are stored in the user’s end device for the time specified in the cookie file parameters or until they are deleted by the user.
Regardless of the periods above, your data may be processed by the Companies for the purpose of establishing or pursuing civil law claims by the Companies within the framework of the business conducted, as well as defending against such claims – for the relevant limitation periods of such claims, i.e., generally not longer than 6 years from the occurrence of the event resulting in the claim.
The Joint Controllers are authorized to determine, together with the other Joint Controllers, the purposes and means of processing Personal Data. The Joint Controllers declare that they are familiar with the rules of processing and securing Personal Data arising from the GDPR and other generally applicable legal provisions, with particular emphasis on the obligations of a personal data controller. The Joint Controllers declare and ensure that, pursuant to Art. 24 of the GDPR, they have technical and organizational measures aimed at ensuring the compliance of Personal Data processing with the provisions of the GDPR, and apply security measures meeting the requirements of the GDPR, as well as subject them to reviews and updates. All employees gaining access to Users’ Personal Data must adhere to internal policies and processes related to the processing of personal data to protect them and ensure confidentiality. They are also obliged to comply with all technical and organizational security measures implemented to protect Personal Data. We have implemented appropriate technical and organizational measures to protect Personal Data against unauthorized, accidental, or unlawful destruction, loss, alteration, misuse, disclosure, or access, and above all, against any other illegal forms of processing. These security measures have been implemented taking into account the state of the art, the costs of implementation, the risks associated with processing, and the nature of the Personal Data.
Personal Data may be transferred to recipients or other third parties to fulfill the purposes listed in section 3.2 to the extent necessary for them to perform tasks commissioned by the Companies, if required by law, or if the Companies have another legal basis.
Recipients or other third parties may be considered to include:
entities affiliated with the Companies personally or by capital, subsidiaries of the Companies, and special purpose vehicles;
entities processing personal data on behalf of the Companies, such as entities providing document archiving services or accounting services. These types of entities do not independently decide how to process your Personal Data. The processing of Personal Data by them occurs only to the extent necessary for the Companies to conduct their business. The Companies have control over the actions of such entities through appropriate contractual clauses protecting your privacy.
any national public administration bodies (e.g., Police), bodies of other EU Member States (e.g., bodies established to protect personal data in other Member States), or courts, if required by applicable national or EU law or upon their request;
Other Landlords (provided the content of your inquiry or communication is addressed to them);
legal or tax advisors;
providers of IT systems and hosting services;
courier or postal service providers;
entities operating call centers.
Personal data will not be transferred to countries outside the European Economic Area (“EEA”), which includes EU Member States, Iceland, Liechtenstein, and Norway.
Everyone has the right to access their Personal Data processed by the Companies. If you believe that any information concerning you is incorrect or incomplete, please submit a request for its rectification as specified in section 7.2 below. The Companies will promptly correct such information.
Furthermore, you have the right to:
withdraw your consent if the Companies obtained such consent for the processing of Personal Data (with the reservation that such withdrawal will not affect the lawfulness of data processing carried out prior to the withdrawal);
obtain a copy of your Personal Data;
request the deletion of your Personal Data in cases defined by the provisions of the GDPR;
request the restriction of processing of your Personal Data in cases defined by the provisions of the GDPR;
object – for reasons related to your particular situation – to the processing of your Personal Data if such processing is carried out for the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by the Companies;
data portability, i.e., to receive the Personal Data provided to the Companies in a structured, commonly used, and machine-readable format, and to request the transmission of such Personal Data to another personal data controller without hindrance from the Companies and subject to their own confidentiality obligations.
The Companies will verify your requests, demands, or objections in accordance with applicable personal data protection laws. However, please note that these rights are not absolute; the regulations provide for exceptions to their application. In response to your request, the Companies may ask to verify your identity or to provide information that will help the Companies better understand the situation. The Companies will make every effort to explain their decision to you if your requests cannot be fulfilled.
To exercise the above rights, please send an email to [email protected] or contact the Companies by mail at ul. Litewska 1, Warsaw 00-581. If you are dissatisfied with the way the Companies process your Personal Data, please notify us of the issue, and we will investigate any irregularities that may have occurred. Please report your concerns using the contact details provided above. If you have reservations about the Companies’ response, there is also the possibility of filing a complaint with the competent personal data protection authority. In Poland, this authority is the President of the Personal Data Protection Office. To ensure the currency and accuracy of Personal Data, we may periodically ask you to review and confirm the Personal Data we hold about you or to inform us of any changes regarding this Personal Data (such as a change in email address). We encourage you to regularly check the accuracy, timeliness, and completeness of the processed Personal Data.
This clause was updated on May 28th, 2026 and may be subject to further changes. If required by law, any information regarding future changes or additions to the processing of personal data described in this clause that may affect you will be provided to you via the appropriate form of communication usually used by the Companies in contacts with Users.
Companies with their registered office at ul. Litewska 1, 00-581 Warsaw: R4R Leasing Sp. z o.o. (KRS: 0000600776), R4R Warszawa Browary Spółka z o.o. (KRS: 0000640389), R4R Wrocław Kępa Spółka z o.o. (KRS: 0000640326), R4R Poland Sp. z o.o. (KRS: 0000718158), R4R RE Sp. z o.o. (KRS: 0000600773), R4R Gdańsk Stocznia Sp. z o.o. (KRS: 0000888813); and, with its registered office at ul. Opolska 110, 31-323 Kraków, Hotel Kraków Romanowicza sp. z o.o. (KRS: 0000926147).
© 2026 Resi4Rent - All rights reserved