Privacy Policy of the Website

1. Introduction

1.1. The joint controllers of your personal data are:
a) RentPlanet S.A., KRS: 00001044568, hereinafter referred to as: RP S.A.,
b) RentPlanet Apartments sp. z o.o., KRS: 0000658841, hereinafter referred to as: RPA,
c) RentPlanet Professionals sp. z o.o., KRS: 0000727418, hereinafter referred to as: RPP,
with their registered offices in Wrocław, ul. Powstańców Śląskich 7a, 53-332 Wrocław.

1.2. The joint controllers have concluded a Joint Controllership Agreement, the main content of which is available
on the website https://www.rentplanet.pl/polityka-rodo/.

1.3. Definitions:

  • Personal data – information about an identified or identifiable natural person through one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including the device IP address, internet identifier and information collected via cookies and other similar technologies.
  • Policy – this Privacy Policy.
  • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
  • Service – the website operated by the Controllers at https://noclegi.rentplanet.pl/
  • Processing of personal data – an operation or a set of operations performed on personal data or sets of personal data, whether or not by automated means, including, among others, collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • User – any natural person visiting the Service or using one or more services or functionalities described in the Policy.

2. Processing of Personal Data in connection with the use of the Service

2.1. In connection with the User’s use of the Service, the Controllers collect data to the extent necessary to provide the individual services offered. Below are detailed rules and purposes of processing Personal Data collected during the User’s use of the Service.

3. Purposes and legal bases for processing Personal Data in the Service

3.1. Personal data of Users using the Service are processed by the Controllers:

  • for the purpose of providing services by electronic means in the scope of making content available to Users in the Service, i.e. among others for the purpose of providing short-term, medium-term and long-term apartment rental services – in which case the legal basis for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) GDPR),
  • for the purpose of establishing and pursuing claims or defending against claims – the legal basis for processing is the legitimate interest of the Controllers (Article 6(1)(f) GDPR), consisting in the protection of their rights,
  • for the purpose of enabling contact with the Controllers via telephone number or contact form – the legal basis for processing is the legitimate interest of the Controllers (Article 6(1)(f) GDPR),
  • for the purpose of providing the User with information about offers, promotions, discounts and news – the legal basis is the consent granted by you (Article 6(1)(a) GDPR),
  • for the purpose of fulfilling legal obligations incumbent on the Controllers, including in particular accounting and bookkeeping obligations (Article 6(1)(c) GDPR).

4. Cookies

4.1. The Controllers use cookies within the Service. The purposes and rules regarding the use of cookies are set out in the Cookies Policy: https://u.profitroom.com/2017.rentplanet.pl/uploads/Politykacookies.pdf

5. Categories of processed data

5.1. The Controllers process the following categories of User data:

  • first and last name,
  • e-mail address,
  • telephone number,
  • correspondence address,
  • residential address,
  • PESEL / passport number,
  • stay period,
  • payment details (billing address, payment card number).

5.2. Providing the above Personal Data is voluntary and free of charge; however, failure to provide them will prevent registration in the Service and the use of certain Services indicated in the Service Regulations.

5.3. In accordance with the principle of data minimisation, we process only those categories of Personal Data that are necessary to achieve the purposes referred to in point 3 above.

5.4. The Controllers are entitled to verify the Personal Data provided by the User in order to determine whether such data are accurate.

6. Period of processing Personal Data

6.1. The period of data processing by the Controllers depends on the type of service provided or the contract performed and the purpose of processing. As a rule, data are processed for the duration of the service, until the consent given is withdrawn or an effective objection to data processing is raised in cases where the legal basis for data processing is the legitimate interest of the Controllers.

Personal data are processed in particular for the period necessary to achieve the purposes
of data processing, i.e.:

  • for the performance of contracts concluded with the User – for the duration of the contract;
  • for maintaining effective communication with the User, including until all requested information is provided to the User, as well as for a period of 1 year from the date of expressing the will to contact;
  • for conducting marketing activities by the Controllers – for the period specified in the consent given by the User or until the User withdraws consent;
  • for tax settlements concerning the User, in order to fulfil the obligation required by law related to the period of storing tax and accounting documentation – for a period of 5 years counted from the end of the year to which these documents relate;

6.3. Data processed on the basis of consent will be processed for the period specified in the content of the consent or until the consent is withdrawn. Withdrawal of consent does not affect the lawfulness of the processing of personal data carried out on the basis of consent given before its withdrawal.

6.4. The data processing period may be extended if processing is necessary to establish and pursue possible claims or defend against claims, and after that time only if and to the extent required by law. After the processing periods expire, the data are irreversibly deleted.

7. User rights

7.1. The User has the right to access the content of the data and to request rectification, erasure, restriction of processing, the right to data portability and the right to lodge a complaint with a supervisory authority dealing with personal data protection.

7.2. The User also has the right to object, for reasons related to his or her particular situation, to the processing of data carried out on the basis of the legitimate interest of the Controllers.

8. Recipients of Personal Data

8.2. In connection with the provision of services, personal data will be disclosed to external entities, including in particular IT service providers enabling proper use of the Service.

Recipients of Personal Data may also include:

  • employees, contractors, subcontractors and other persons employed by or cooperating with the Controllers;
  • accounting offices cooperating with the Controllers;
  • law firms cooperating with the Controllers;
  • entities providing IT services to the Controllers, including in particular website hosting services and e-mail services;
  • entities providing marketing services to the Controllers;
  • entities participating in settlements, including invoice system providers, online payment systems and banks;
  • entities providing postal and courier services;
  • entities providing systems for online apartment reservations;
  • entities providing marketing services;
  • public authorities and entities performing public tasks or acting on behalf of public authorities, to the extent and for the purposes resulting from generally applicable law.

8.4. In the event of obtaining the User’s consent, his or her data may also be made available to other entities for their own purposes, including marketing purposes.

8.5. The Controllers reserve the right to disclose selected information concerning the User to competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with applicable law.

9. Transfer of Personal Data outside the EEA

9.1. The User’s personal data may be transferred outside the EEA in cases specified in the Cookies Policy, only if separate consent is given.

10. Security of Personal Data

10.1. The Controllers continuously conduct risk analysis to ensure that Personal Data are processed by them in a secure manner – ensuring in particular that only authorised persons have access to the data and only to the extent necessary due to the tasks performed by them. The Controllers ensure that all operations on Personal Data are recorded and carried out only by authorised employees and collaborators.

10.2. The Controllers take all necessary actions to ensure that their subcontractors and other cooperating entities also provide guarantees of applying appropriate security measures whenever they process Personal Data on behalf of the Controllers.

10.3. This Privacy Policy does not apply to third-party websites linked on the Controllers’ Service. We cannot guarantee that these third parties process your personal data in a reliable or secure manner. We recommend that you read the privacy statements of these websites before using them.

11. Contact with the controller

The Controllers have designated a Joint Contact Point – Kamil Durnaś, iod@rentplanetapartments.pl.

12. Changes to the Privacy Policy

12.1. The Policy is reviewed on an ongoing basis and updated if necessary. The User will be actively informed of any changes to the Policy as soon as possible.

12.2. Other documents related to personal data protection are available on the website: https://www.rentplanet.pl/polityka-rodo/.

12.3. The current version of the Policy was adopted and has been in force since 28 August 2025.