Privacy Policy

Privacy Policy

Prepared on the basis of the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ EU L 2016 No. 119, p. 1) (hereinafter referred to as ‘GDPR’).

The Privacy Policy contains information regarding:

  • The personal data controller;
  • The purposes, legal basis and duration of personal data processing:
  • concerning users of the website of the Góraszka mixed-use investment project at https://projektgoraszka.pl/owned by the Controller (hereinafter referred to as the ‘Website’),
  • Newsletter subscribers;
  • The use of cookies or other similar technologies;
  • Recipients of personal data;
  • Transfer of personal data to third countries;
  • Rights of data subjects;
  • Supervisory authority;
  • Changes to the privacy policy.

Personal data controller:

The personal data controller is the company under the name ‘GENERAL AVIATION’ sp. z o.o. with its registered office in Warsaw (address: ul. Polna 11, 00-633 Warsaw), entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register, under KRS number: 0000135697, NIP: 5321755176, REGON: 016805145 (hereinafter referred to as the ‘Administrator’).

The Administrator can be contacted by post at the following address: ul. Polna 11, 00-633 Warsaw or by e-mail at: rodo@nhood.com

Purposes, legal basis and duration of data processing:

Website

In connection with the user’s use of the website, the Administrator collects data to the extent necessary to provide specific services, as well as information about the user’s activity on the Website. The detailed rules and purposes of processing Personal Data collected during the user’s use of the Website are described below.

In order to provide the service of granting the user access to the Website, the Administrator processes information about the user’s device to ensure the proper functioning of the services: the computer’s IP address, information contained in cookies or other similar technologies, session data, web browser data, device data, data on activity on the Website, including on individual subpages.

This information does not contain data concerning the identity of users, but in combination with other information it may constitute personal data and therefore the Administrator provides it with full protection under the GDPR.

This data is processed for the purpose of providing the service of granting access to the Website (Article 6(1)(b) of the GDPR) and in connection with the consent (Article 6(1)(a) of the GDPR) to the use of specific cookies or other similar technologies, expressed through the relevant web browser settings and consent management platform.

The data is processed until the user stops using the Website and, in the case of consent management, until the limitation period for claims expires.

In order to process complaints, the Controller processes the personal data of users submitting complaints, in particular their email address, name, content of the complaint, circumstances of the event giving rise to the complaint, information obtained in the course of processing the complaint, including explanations of the event giving rise to it. In the course of considering the complaint, the Administrator may process a range of other information, including the user’s first and last name, information about the user’s use of the services, cookies or other similar technologies, and information about devices.

This data is processed for the purpose of providing services (Article 6(1)(b) of the GDPR) and is processed for the time necessary to consider the complaint and for no longer than 3 months after the end of the complaint procedure for archiving purposes in case of the need to defend against possible claims against the Administrator in accordance with the information provided below.

In order to pursue claims by the Controller or other users or entities, or to defend against claims by users or other entities, the Administrator may process the personal data of specific users until the pending proceedings are completed and until the expiry of the limitation period for the Administrator’s claims against the user, which as a rule is 3 years in accordance with the Civil Code, but in special cases provided for by law may be longer.

If personal data is processed for the purpose of pursuing claims of other users, such data may be made available for this purpose to a public authority authorised by law, e.g. courts, police, public prosecutor’s office, bailiffs.

This data will then be processed, including made available, for the purpose of fulfilling an obligation under the law (Article 6(1)(c) of the GDPR), i.e. the obligation to consider complaints, in accordance with the Act on the provision of electronic services or in the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in pursuing its claims against the user. The legitimate interest of the Controller will then take precedence over the rights and freedoms of the user.

In order to improve the quality of its services, the Controller processes statistical information regarding the use of the Website, including information about the session, IP number, amount of time spent on individual pages and subpages, use of individual service functionalities, information about the device and web browser. The Controller uses cookies or other similar technologies.

This data is processed in the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in facilitating the use of the Website, improving the quality and functionality of the services provided, and the processing of this data does not violate the rights and freedoms of users. Information about users is not used for any additional purposes, and due to the specific nature of the website service, adjusting the way the website content is displayed, facilitating the use of the website and improving the quality of services provided on the website is not only a market standard, but also an expectation of users towards website providers.

Furthermore, users may withdraw their consent at any time by changing their web browser settings regarding the acceptability of cookies or other similar technologies.

This data is processed as part of the Administrator’s ongoing activities, but for no longer than 60 days from receipt of the information. After this time, the Administrator may continue to process general statistical data, which will be devoid of any information relating to individual users.

The Administrator may post marketing information about its products or services on the Website. The display of this content is carried out by the Administrator in accordance with the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR) consisting in the publication of content related to the services provided and promotional content of campaigns in which the Administrator is involved.

Newsletter

The Administrator may also process the e-mail addresses of newsletter subscribers in order to provide the ordered service in the form of a newsletter, provided electronically. The Administrator processes the following data: the e-mail address provided, the date of subscription, and information about the sending of newsletters.

In addition, the Administrator processes the email addresses provided for the provision of the service in the form of making the newsletter available also for the performance of the service in accordance with this privacy policy, including to inform about changes in the above-mentioned documents.

The data is processed in accordance with the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR) for the purpose of providing the service in the form of a newsletter. Consent to receive messages for the purpose of providing the newsletter service and to inform about promotions and offers is expressed on the basis of Article 398(1) and (2) of the Act of 12 July 2024 on electronic communications.

In order to process complaints, the Administrator processes the personal data of subscribers submitting complaints, in particular: e-mail address, name, content of the complaint, circumstances of the event giving rise to the complaint, information obtained in the course of processing the complaint, including explanations of the event giving rise to it. In the course of considering complaints, the Administrator may process a range of other information, including the user’s first and last name, information about subscribers’ use of the newsletter service, cookies or other similar technologies, and information about devices.

The data is processed for the purpose of providing the newsletter service (Article 6(1)(b) of the GDPR) and is processed for the time necessary to consider the complaint and for no longer than one year after the end of the complaint procedure for archiving purposes in accordance with the Accounting Act, if necessary to defend against possible claims against the Administrator in accordance with the information provided below.

In order to pursue claims by the Controller or by other users or entities, or to defend against claims by users or other entities, the Administrator may process the personal data of specific subscribers until the end of the ongoing investigation and until the expiry of the limitation period for the Administrator’s claims against the subscriber, which is generally 3 years, but in special cases provided for by law may be longer.

This data will then be processed, including made available, in the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR) consisting in pursuing its claims against the user. The Administrator’s legitimate interest will then take precedence over the rights and freedoms of the subscriber.

Cookies

The Controller uses cookies mainly to provide the user with electronic services and to improve the quality of those services. Therefore, the Administrator and other entities providing analytical and statistical services on its behalf use cookies to store information or access information already stored on the User’s telecommunications terminal equipment (computer, telephone, tablet, etc.). The use of cookies on the Website is not intended to identify Users. This Policy regulates the processing of data related to the use of our own cookies.

Necessary cookies

The Administrator uses necessary cookies primarily to provide Users with the services and functionalities of the Website that the User wishes to use.

Essential cookies may only be installed by the Administrator via the Website.

The legal basis for data processing in connection with the use of essential cookies is the necessity of processing for the performance of a contract (Article 6(1)(b) of the GDPR).

Functional and analytical cookies

Functional cookies are used to remember and adapt the Website to the User’s choices, including language preferences. Functional cookies may be installed by the Administrator and its partners via the Website.

Analytical cookies enable the collection of information such as the number of visits and sources of traffic to the Website. They are used to determine which pages are more or less popular and to understand how Users navigate the Website by compiling statistics on Website traffic. Data processing is carried out in order to improve the performance of the Website. The information collected by these cookies is aggregated, so it is not intended to determine your identity. Functional cookies may be installed by the Administrator and its partners via the Website.

The legal basis for the processing of Personal Data in connection with the use of necessary and analytical cookies by the Administrator for this purpose is its legitimate interest (Article 6(1)(f) of the GDPR), consisting in ensuring the highest quality of services provided through the Website.

The processing of Personal Data in connection with the use of functional and analytical cookies is subject to the User’s consent to the use of (separately) functional and analytical cookies via the cookie consent management platform. This consent may be withdrawn at any time via this platform.

Advertising cookies

Advertising cookies allow the advertising content displayed to be tailored to the interests of Users within and outside the Website. Based on the information from these cookies and the User’s activity on other websites, a profile of the User’s interests is built. Advertising cookies may be installed by the Administrator and its partners via our website.

The legal basis for the processing of Personal Data in connection with the use of advertising cookies by the Administrator for this purpose is its legitimate interest (Article 6(1)(f) of the GDPR), consisting in ensuring the highest quality of services provided through the Website.

The processing of Personal Data in connection with the use of advertising cookies is possible after obtaining the User’s consent to the use of consent via the consent management platform. This consent may be withdrawn at any time via this platform.

Administrator’s partners

The Website also has cookies from the Administrator’s partners, through which they collect user data as independent administrators. The User should familiarise themselves with the privacy policy and cookie policy of the respective partner.

The list of the Administrator’s partners and the cookies they use is provided below:

Changing browser settings

The web browser should allow the user to change the settings to reject, delete or block cookies. The following links provide relevant information for the most popular browsers: Google Chrome, Mozilla Firefox, Microsoft Edge, Opera,Safari.

As some cookies are necessary for the Website to function, changing your browser settings may cause some services to not work properly or even prevent you from using the Website.

Consent management platform (ConsentManager)

The Administrator uses a consent management platform to facilitate the exercise of your rights under the GDPR.

You can view the consent management platform and use it to set your cookie preferences. The consent management platform allows you to:

  • obtain detailed information about the cookies that the Administrator uses on the Website and about the Administrator’s partners;
  • give and withdraw your consent to the use of optional cookies by the Administrator and the Administrator’s partners;
  • object to the processing of optional cookies by the Administrator’s partners on the basis of their legitimate interest.

The consent management platform will appear in the form of a cookie banner during the user’s first visit to the Website. During subsequent visits, the user may change the selected settings.

The consent management platform will remember the consents or objections expressed by the user. In accordance with these, the Administrator will make the Website available to the user for use. The user may view their settings and make changes at any time.

Recipients of user data:

The Administrator discloses users’ personal data only to entities processing it under personal data processing agreements for the purpose of providing services to the Administrator, e.g. hosting and website maintenance, IT services, e-mail services, marketing and PR services, consulting and legal services.

Personal data security

The Administrator conducts ongoing risk analysis to ensure that personal data is processed by it in a secure manner – ensuring, above all, that only authorised persons have access to the data and only to the extent necessary for the performance of their tasks. The Controller ensures that all operations on personal data are recorded and performed only by authorised employees and associates.

The Controller takes all necessary measures to ensure that its subcontractors and other cooperating entities also guarantee the application of appropriate security measures whenever they process personal data on behalf of the Controller.

Transfer of personal data to countries outside the EEA

The level of protection of personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers Personal Data outside the EEA only when necessary and with an adequate level of protection, primarily through:

  • cooperation with entities processing personal data in countries for which the European Commission has issued an appropriate decision confirming the adequate level of personal data protection;
  • the use of standard contractual clauses issued by the European Commission;
  • the use of binding corporate rules approved by the competent supervisory authority.

The Controller always informs about the intention to transfer personal data outside the EEA at the stage of their collection.

Rights of data subjects

Every data subject has the right:

  • to information about data processing – the Controller shall provide the person making the request with information about the processing of personal data, including, in particular, the purposes and legal grounds for the processing, the scope of personal data held, the entities to which it is disclosed and the planned date of deletion of personal data (after the end of the storage period);
  • the right to obtain a copy of the data – the Controller shall provide the person making the request with a copy of the personal data concerning them;
  • the right to rectify the data – the Controller shall, at the request of the person making the request, remove any inconsistencies or errors in the personal data being processed and supplement them if they are incomplete;
  • the right to erase data – the Controller shall, at the request of the person making the request, erase or permanently anonymise personal data whose processing is no longer necessary for any of the purposes for which it was collected;
  • the right to restrict data processing – at the request of the person making the request, the Controller shall cease to perform operations on personal data – with the exception of operations for which the person whose data is being processed has given their consent – and to store them, in accordance with the accepted period of storage of personal data or until the reasons for restricting the processing of personal data cease to exist;
  • the right to data portability – to the extent that personal data is processed by automated means, the Controller shall, upon request, provide the personal data supplied by the data subject in a format that allows the personal data to be read by a computer;
  • right to object (including for marketing purposes) – the data subject may at any time object to the processing of personal data which is based on the Controller’s legitimate interest;
  • right to withdraw consent – at any time and without giving a reason, but the processing of personal data carried out before the withdrawal of consent will remain lawful. Withdrawal of consent will result in the Controller ceasing to process personal data for the purpose for which consent was given.

In order to exercise the above rights, the data subject should contact the Controller using the contact details provided and inform him of which right he wishes to exercise and to what extent.

Complaint to the supervisory authority

In connection with the processing of personal data on the Website, each user has the right to lodge a complaint with the supervisory authority, which in the Republic of Poland is the President of the Personal Data Protection Office, who can be contacted as follows:

  • by post: ul. Stawki 2, 00-193 Warsaw,
  • via the electronic inbox available at: https://www.uodo.gov.pl/pl/p/kontakt;
  • by telephone: (22) 531 03 00.

Changes to the privacy policy:

The privacy policy may be supplemented or updated in accordance with the current needs of the Administrator in order to provide users with up-to-date and reliable information about their personal data and information about them. Users will be informed of any changes to the privacy policy on the Website.

This privacy policy is effective from the date of its publication on the website.

Date of publication of the updated Privacy Policy: 7 November 2025