Privacy policy


concerning the processing of personal data - electronic services website

General information

The Controller of your personal data is the company: Cornerstone Partners Sp. z o. o. with its registered office in Warsaw, at 8 Żurawia St., 00-503 Warsaw, for which the registration files are kept by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register, entered in the Register of Entrepreneurs of the National Court Register under KRS number: 0000091870, NIP: number: 5213182418, REGON number: 017458007, hereinafter referred to as the “Controller”.

For all matters relating to the processing of your personal data, you can contact:

Cornerstone Partners Sp. z o.o., 8 Żurawia St., 00-503 Warszawa
telephone: +48 22 123 76 12

Data protection is carried out in accordance with the requirements of generally applicable laws, in particular the Act of 18.07.2002 on the provision of electronic services, and the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC ("GDPR").

At the same time, we would like to point out, given the responsibilities of the Controller, that we pay particular attention to the issue of privacy, as well as to data security.

The Service performs functions to obtain information about you as a user of the Website and your behavior in the following ways:

  • through the information voluntarily entered on the forms.
  • by storing cookies ("cookies") on your end device.
  • through information in the forms:

  • The Service collects information voluntarily provided by you as a user.
  • The service can also save information about the connection parameters (time stamp, IP address).
  • The data you provide in the contact form are treated as confidential and are not made available to third parties except with your consent as a user of the site.
  • By default, your data as a user of the service is not transferred outside the European Economic Area or to international organizations. In case of transfer to recipients in third countries, the Controller will use the standard contractual clauses adopted by the European Commission which set out the basic guarantees for the security of your data.
  • A website owned by the Controller may include social media features, such as Facebook or Twitter buttons. These features may collect certain information about visitors to our website, such as IP address or browsing history, and may install cookies on visitors' browsers. Please note that the processing of personal data collected in this way is subject to the rules adopted by the operators of social media networks and therefore this Privacy Policy does not apply to them.
  • Data will be processed for marketing purposes until you withdraw your consent to such processing.
  • The data collected is used to monitor and see how you, as a user, use our services in order to improve the service by providing a more efficient and seamless navigation. We monitor user information using tools that record user behavior on the site.
  • In addition, you have the ability to disable or restore the collection of "cookies" by changing the settings in your web browser. Instructions for managing cookies are available in the settings of your software (web browser.
  • Additional personal information, such as e-mail address, is only collected where the user has explicitly consented to it by filling out the form. We retain and use the above data only as necessary to perform the function.
  • Deleting cookies or turning them off in your browser may result in the Site not working properly and may limit your access to various features of the Site.
  • The information collected includes your IP address, browser type, language, operating system type, Internet service provider, time and date information, location, and information submitted to the site via the contact form.

Legal basis and purpose of personal data processing

The legal bases for data processing are: taking necessary actions prior to the conclusion of the contract, conclusion and performance of the contract and provision of services in accordance with the contract - Article 6(1)(b) and (f) of GDPR, as the so-called legitimate interest of the Controller, which is to assert and defend his rights, marketing purposes of the Controller including profiling for marketing purposes and for analytical purposes - Article 6(1)(b) and (f) of GDPR, as the so-called legitimate interest of the Controller, or Article 6(1)(a) - consent given,

Marketing purposes, including analytical purposes and profiling of third parties, including partners of the Controller- Article 6(1)(a) of GDPR - consent, if consent is not given, personal data are not processed for this purpose,

fulfillment of the Controller's legal obligations arising from applicable regulations law - Article 6(1)(c) of GDPR - processing is necessary to comply with legal requirements to which the Controller is subject,

asserting claims related to the contract concluded with you / services provided - Art. 6 (1) (b) and (f) of GDPR as the so-called legitimate interest of the Controller, which is to assert claims and defend his rights. The specific purpose and basis of processing shall be given in a separate notice to data subjects.

Your personal data will be stored until the statute of limitations for claims under the contract / provision of services or until the expiration of the obligation to store data under the law, in particular the obligation to store accounting documents relating to the contract. We process all data processed for accounting purposes and for tax reasons for 5 years calculated from the end of the calendar year in which the tax liability arose. After the above-mentioned periods, your data will be deleted or anonymized.

Your personal data may be shared with third parties for the purposes mentioned above for marketing purposes if you consent to the specific marketing purposes for which the sharing is necessary.

Moreover, the data may be disclosed to entities processing personal data on behalf of the Controller among others, group companies, IT service providers, entities processing data in order to collect debts, notaries, banks, building administrators and housing communities, marketing agencies - whereby such entities process data on the basis of a contract with the Controller and only in accordance with our instructions.

You have the right of access to your data and the right to request their rectification, erasure, restriction of processing. At the same time, if the basis for the processing of your personal data is a legitimate interest of the Controller you may object to the processing of your personal data. In particular, you have the right to object to the processing for direct marketing purposes, including profiling and for analytical purposes, to the extent that the processing of your personal data is based on consent, you have the right to withdraw your consent. Withdrawal of consent does not affect the lawfulness of processing that was done on the basis of consent before its withdrawal.

In so far as your data are processed for the purpose of concluding and performing a contract/providing services or processed on the basis of consent - you also have the right to personal data portability. You will then receive your personal data in a structured, commonly used, machine-readable format. Furthermore, it is possible to send the data in question to another data controller.

You also have the right to lodge a complaint to the supervisory authority responsible for personal data protection, i.e. the President of the Office for Personal Data Protection.