Private Policy

Privacy Statement

The privacy statement contains all the most important data on how My Tower processes personal data and on the user’s rights in this regard.

This Privacy Statement is effective as of May 11, 2022.

1. Scope and Updates of this Privacy Statement.

This Privacy Statement applies to your use of the My Tower services and Applications, services (including payment processing services relating to My Tower), My Tower products and tools regardless of how the user accesses them, including via mobile devices and applications.

This Privacy Statement also applies when expressly referenced by a link or similar, such as from partner sites that offer My Tower Services.

My Tower may amend this Privacy Statement at any time by publishing an updated version of it on the website or in the Application with the effective date. My Tower will notify the user of significant changes to this Privacy Statement via the website https://mytowerapp.eu/polityka-prywatnosci/ or via e-mail.

2. Data controller

May Tower Europe Spółka z ograniczoną odpowiedzialnością with its registered office in Krakow, address: ul. Sukiennicza 8 / U7, 31-069 Kraków, entered into the Register of Entrepreneurs kept by the District Court for Kraków-Śródmieście in Kraków, 11th Commercial Division under the KRS number: 0000882769, REGON: 388128682, NIP: 6762592315, share capital: PLN 5,000.00, contact with the customer service office via e-mail: kontakt@mytowerapp.eu , which is the administrator of users’ personal data, hereinafter referred to as: “My Tower” or “Administrator”.

3. Data protection officer and contact

If you have any questions regarding the Privacy Statement or other data protection statements in My Tower, please contact the Data Protection Officer: iod@mytowerapp.eu

If you have any questions or complaints related to this Privacy Statement or the processing of personal data by My Tower, please contact the data controller or the data controller.

4. Personal data collected and processed by My Tower

4.1 Personal data provided by the user when using the Services or registering an account on the My Tower website

User identification information, such as name, address, telephone number, e-mail address, username or tax identification numbers provided when creating a My Tower account or at a later date.
Financial information (e.g., credit card numbers, bank account numbers, transaction details, and payment methods).
Billing information and other information that you provide
You may provide additional information in web forms by updating or adding information to your My Tower Account, submitting inquiries, using the dispute resolution option, contacting Customer Service, or by contacting My Tower for any other reason relating to the Services.
Other data the collection and processing of which is legally required or which My Tower may collect by law, e.g. data used to authenticate and identify the User or to verify the information collected.
4.2 Personal data collected automatically when the User uses the Services or creates a My Tower account

Data generated as part of the transaction (purchase of services) or associated with the user’s My Tower account as a result of the transaction, such as transaction amounts, place and time of the transaction and the payment method used,
Data generated by other user activities while using the Services related to the User’s account,
Data on all other user interactions with Service Providers, User’s advertising preferences and communication with My Tower.
Location data, including general location data of the User (e.g. IP address) and precise information about the location of the mobile device.Most mobile devices allow you to disable geolocation services for all applications in the settings menu and manage these settings.
Information about the mobile device and connection, such as statistics on the use of My Tower services, information about traffic to and from websites, referring URLs, information about advertisements, User’s IP address, time spent on the website, data from browser history, language settings and internet log data.
4.3 Personal data collected in connection with the use of cookies and similar technologies

My Tower uses cookies, web beacons and other similar technologies to collect data when the User uses the Services. My Tower collects this data from devices (including mobile) with which the User uses the Services. My Tower collects the following information regarding the use of the Services and devices:

Data on the pages visited by the user, time of access, frequency and duration of visits, clicked links and other activities undertaken as part of the use of the Services, as well as in advertising content and e-mail messages.
Data about the actions and interactions of our advertising partners, including data about the ads viewed, how often they were displayed, when and where they were displayed, and whether the User took any action, such as clicking an ad or making a purchase.
Device model or type, operating system and its version, browser type and settings, device ID, advertising ID, individual device token and data related to cookies,
The IP address from which the device connects to the Services.
Location data, including general User’s location data (e.g. IP address) and accurate mobile device location information, with most mobile devices allowing you to disable location services for all apps in the settings menu and manage these settings.
4.4 Data from social networks shared by the User with My Tower

My Tower allows you to use social networks (such as Facebook) or features of other single sign-on service providers (e.g. Google or Apple) on systems where you already have an account to link your My Tower account with service accounts single sign-on. At the stage of establishing a connection with single sign-on services, the User has the right to specify the personal data that My Tower may have access to.
My Tower allows the User to share personal information on social networks (such as Facebook) or link the My Tower account to a social network. Social networks may automatically share certain personal information about you with My Tower (e.g. information about the content you have viewed or liked, information about advertisements you have viewed or clicked on, etc.). The scope of personal data shared with My Tower companies by social networks can be specified in the privacy settings of the accounts on social networks.
My Tower may also use plugins and other technologies available on social media sites. If the User clicks on a link displayed using a social network plug-in, it means voluntary connection to the respective social network.
5. Purposes and legal grounds for data processing and categories of recipients

My Tower processes your personal data for a variety of purposes and on a variety of legal bases for processing such data. Personal data collected by My Tower is used, among others, to: provide and improve the Services through the Application, provide personalized content on our website, contact the user in matters related to the My Tower account and Services, provide customer service services, present advertising and marketing content selected for the user, as well as to detect, investigate and reduce cases of fraud or other unlawful activities and to prevent the occurrence of such cases. In addition, My Tower shares user data with third parties, including service providers acting on behalf of My Tower.

A summary of the purposes for which My Tower processes your personal data, including the categories of recipients to whom My Tower transfers the data for the aforementioned purposes, organized according to the legal grounds for processing or sharing, is as follows:

5.1 My Tower processes the user’s personal data in order to fulfill the obligations arising from contracts concluded with the user and to provide the Services. This includes the following goals:

Data processing in relation to the user or the Service Provider for the purpose of concluding a contract and fulfilling its provisions.
The provision of Services by My Tower, including enabling transactions with Service Providers, including the transfer of your personal data to Service Providers, if it is necessary to conclude a transaction. Maintaining transaction history for you, providing additional services such as processing payments and managing your My Tower account, providing you with other services in accordance with the terms and conditions applicable to the service, and providing the functionality of the Services. In connection with the provision of the Services, My Tower will send the User notifications regarding the execution of transactions and the use of the Services in accordance with the notification settings on the User’s My Tower account.
Enabling the performance of the service, including notifications regarding the implementation of the delivery service (e.g. information regarding the performance of the Services),
General customer service, including resolving your My Tower account issues, resolving disputes, providing other customer support services, and enforcing payment claims. My Tower may contact you using the My My Tower notification system, email, telephone, mobile push notifications, or regular mail. In the event of a telephone contact, My Tower may use automatically initiated calls with a notification of their recording or automatic text messages in accordance with the provisions of the User Agreement and Payment Terms, to the extent permitted by applicable law.
Processing of general location data (such as IP address or zip code) in order to provide location-dependent services (such as specific area search and other personalized content based on general location data).
Enforce the User Agreement, Payment Terms, this Privacy Statement, and other rules and policies.
5.2 My Tower transfers your personal data to processors and the following recipients for at least one of the purposes described above:

Service Providers
Payment service providers,
External administrators of websites, applications, services and tools.
5.3 My Tower processes your personal data in order to comply with legal obligations:

Participation in investigations and proceedings (including court proceedings) conducted by public administration bodies or government agencies, in particular for the purpose of detecting, investigating and prosecuting illegal activities.
Detect, prevent and mitigate illegal activities (e.g. in the case of fraud, money laundering and terrorist financing).
Fulfilling third party requests for information under the third party’s statutory rights to obtain information from My Tower (e.g., in the event of an intellectual property infringement, piracy or other illegal activity).
Ensuring information security as part of the Services.
Archiving of the User’s personal data in accordance with the provisions on document storage.
5.3 My Tower processes the User’s personal data in order to protect his or her important interests or important interests of other natural persons. This includes the following goals:

Preventing, detecting and mitigating the effects of illegal activities that may harm important interests of the User or important interests of another natural person, unless there is a legal obligation.

5.4 If necessary, My Tower transfers the User’s personal data to processors and the following recipients for at least one of the purposes described above:

Third party service providers, such as hosting service providers, providers of the following payment methods: UPay, Przelewy24, Blik, credit cards, Google Pay, Apple Pay, etc.

5.5 My Tower processes your personal data when it is necessary for the legitimate interests of My Tower or a third party, except where the interests, fundamental rights and freedoms of the user override. To reconcile the legitimate interests of My Tower with your rights, My Tower applies appropriate controls. Based on these principles, My Tower processes user data for the following purposes:

Participation in proceedings conducted by courts, prosecutor’s offices, government agencies, public authorities, entities of international law; in particular for the purposes of detecting, investigating and prosecuting illegal activities (unless there is a statutory obligation to do so), and My Tower may legitimately assume that disclosure of data is necessary to avoid imminent inconvenience or report suspected crime. In such cases, My Tower will only disclose the information it deems necessary, such as User’s name, zip code, telephone number, e-mail address, (former) usernames, IP addresses, claims for illegal activities, and also the history of auctions and sale offers.
Protect the legitimate interests of third parties in relation to civil claims (unless there is a legal obligation to do so) where My Tower can reasonably assume that disclosure to third parties is necessary to avoid unavoidable inconvenience.
Preventing, detecting, mitigating, and investigating fraud, security breaches and other illegal activities, including assessing the risks associated with them (e.g. by using captcha codes or a phone number stored in your My Tower account for two-factor authentication) (unless that there is a legal requirement in this regard).
Monitoring and improving information security on the Services, unless there is a legal requirement to do so.
Verifying identity, assessing applications and comparing information to validate them.
Automatic filtering and, if necessary, manual control of messages sent using communication tools to prevent illegal or suspicious activity or violation of the User Agreement or other rules and policies, including enforcement of the prohibition to circumvent the My Tower Agreement.
Providing users with features that enable easier or more convenient processing of transactions.
Analyzing and improving the Services provided by entities belonging to the My Tower group, e.g. by verifying data regarding the use of the Website Application or information received from users about blocked or non-functioning websites in order to identify and solve problems and to improve the functionality of services, e.g. in as part of developing the Services.
Analysis of telephone calls with Customer Service recorded with the User’s consent.
Email advertising (subject to notification settings in your My Tower account).
To the extent permitted by law without the user’s consent: to communicate with the user by e-mail (e.g. by e-mail or SMS) or by phone to offer coupons, discounts, special offers; to conduct research and surveys, and to inform the User about the Services (as set out in the notification settings in the User’s My Tower account). If you do not wish to receive marketing communications from My Tower, you can unsubscribe from such content at any time by clicking on the link in the email you receive. Due to technical reasons, it may take several days for these changes to take effect.
Notifications regarding promotions and Services after logging into your account or in the Messages section of the My My Tower website (as specified in your My Tower account notification settings).
Adjusting the content of the website to the User’s preferences based on the User’s behavior.
Assess the quality and effectiveness of email marketing campaigns (e.g. through click and page entry analytics).
Service status assessment,
Offering affiliate and bonus programs and conducting other activities with other entities as part of brand partnership (co-branding),
Providing shared content and services (e.g., service registration, transaction processing, and customer service) in collaboration with other My Tower entities or payment service providers.
Initiating, preparing and implementing acquisitions, mergers in the case of mergers, sales or acquisitions of companies. In such a situation, My Tower requires the acquired or merged company to comply with the provisions of the Privacy Statement with respect to the User’s personal data. If the User’s personal data is processed for any purpose not specified in this Privacy Statement, the User will be notified in advance.
Asserting or defending against claims, including claims by a My Tower user against a Service Provider or claims by a Service Provider against a user.
If necessary, My Tower transfers your personal data to processors and the following recipients for at least one of the purposes described above:
The entities that are part of My Tower Inc.
Third Party Service Providers
Other My Tower users
Law enforcement, courts, government agencies or public authorities, intergovernmental or supranational bodies
To third parties who are parties to court proceedings
Payment service providers,
debt collection companies (e.g. information on late payments, payment arrears or other irregularities that may be significant to the User’s creditworthiness or that may be used by My Tower to confirm the User’s identity, assess risk, establish credit limits or enforce repayment of outstanding obligations )
Other companies in the context of the acquisition of the company
5.5 With your consent, we process your personal data for the following purposes:

User photo, which can be placed in the user’s profile to confirm identification by other users,
Biometric data, i.e. facial image and dactyloscopic data, to confirm identification and provide access to real estate used by the user,
Personalize, measure and improve My Tower and third-party advertising on the online offering of My Tower and third-party sites.
Marketing communication using telephone or electronic mail services (e-mail, SMS, whatsapp, signal), including communication from third parties. My Tower may use third party services to send marketing communications on behalf of My Tower.
Processing of the User’s precise location data for the purposes of location-related services.
The provision of single sign-on services allows the user to register or sign in to third party services using My Tower credentials.
Processing of User’s personal data on the basis of consent obtained from him for the purpose of providing or sharing services by My Tower or third parties.
If necessary, My Tower transfers the User’s personal data to processors and the following recipients for at least one of the purposes described above:

Entities belonging to the My Tower group,
External service providers,
Third parties using the single sign-on system (as authorized by the User in each case),
Other third parties with whom My Tower cooperates to provide the User with certain services (in accordance with the conditions provided when obtaining the User’s consent)
Third party financial partner institutions that may offer you financial products may use such data to provide common content and services (such as registration, transaction processing, and customer service). These third party financial partner institutions will only use your personal information to send you marketing materials if you choose to use their services.
5.8 Automated Decision Making

My Tower uses technologies for automated profiling or decision making. My Tower will not make automated decisions about you that could significantly affect you, unless necessary to enter into contracts and perform their terms, My Tower has your consent, or applicable law requires the use of such technologies.

5.9 Information on the processing of biometric data is available at the following link: https://mytowerapp.eu/klauzula-o-danych-biometrycznych/

6. Transfer of personal data abroad.

My Tower does not transfer personal data outside the EEA.

7. The period of data storage and their deletion

Your personal data will be stored by My Tower and its service providers in accordance with applicable data protection laws and to the extent necessary to process information, as set out in this Privacy Statement. My Tower will delete the user’s personal data in accordance with our data retention and deletion policy or take appropriate steps to anonymize the data, unless the law requires the data to be stored for a longer period (e.g. for tax, accounting and control purposes), which will be from 6 up to 10 years. To the maximum extent permitted or required by law, My Tower restricts the processing of your personal data instead of deleting it (e.g. by limiting access to data). This applies in particular to cases in which My Tower may still need the data to perform the provisions of the contracts, to protect against legal claims or in the event that such data retention is otherwise required or permitted by law. In such situations, the period of limited personal data processing depends on the law. Upon expiry of the storage period or limited processing, the user’s personal data will be deleted.

When processing personal data on the basis of the user’s consent, which includes consent for longer storage, My Tower retains the information for as long as necessary in accordance with the terms of the consent or until its withdrawal.

8. Rights of the data subject

The user – as the data subject – has the right to inspect his data, the right to correct, delete, limit the scope of their processing and transfer. In addition, the user has the right to object to the processing of his personal data in order to pursue the legitimate interests of My Tower. The user has the right to lodge a complaint with the data processing supervisory authority.

Detailed user rights in connection with the processing of personal data by My Tower:

The User has the right to withdraw consent to the processing of his personal data by My Tower at any time. In this case, My Tower can no longer process the user’s personal data on the basis and to the extent of the withdrawn consent. Withdrawal of consent does not affect the lawfulness of data processing based on consent before its withdrawal.
The User has the right to access their personal data processed by My Tower. In particular, the user has the right to obtain information about the purposes of processing his personal data, categories of personal data held by My Tower, categories of recipients to whom the user’s personal data have been or will be made available, the expected period of data storage, rights to correct, delete and limit the scope or blocking the processing of personal data, as well as the possibility of submitting a complaint to the supervisory body, familiarizing yourself with data sources, the use of technology by My Tower for automatic decision-making, including profiling, and – if applicable – important information on this subject. Your ability to access your data may be limited by national law.
You have the right to request My Tower to correct your inaccurate personal data without undue delay. The user (taking into account the purposes of processing) has the right to supplement incomplete personal data, including by means of an additional statement.
The user has the right to request the deletion of their personal data, unless their processing is necessary to exercise the right to freedom of expression and information, to comply with the law, for reasons of public interest, or for the purpose of submitting legal claims or defending against them. The right to delete data may be limited by local law.
The User has the right to request the restriction of the processing of his data if:
considers the data to be inaccurate;
the data processing is unlawful, but the User does not want his data to be deleted;
My Tower no longer needs the User’s data, but the User needs this data to make a legal claim or defend against such a claim or
The user has objected to data processing.
The user has the right to receive the user’s personal data held by My Tower, which the user has provided to My Tower, in a structured, commonly used, machine-readable form, and has the right to transfer this data to another administrator (“right to data portability”).
The user has the right to lodge a complaint with the supervisory authority. As a rule, this right can be exercised by contacting the supervisory authority competent for the place of residence, place of work or at the data controller’s office.
If the user’s personal data is processed for the purposes of legitimate interests, the user has the right to object to such processing depending on the specific situation. This also applies to profiling. If My Tower processes the user’s personal data for direct marketing purposes, the user has the right to object to the processing of data for marketing purposes at any time, which also includes objection to profiling in the scope related to direct marketing.
Usually, exercising your rights regarding your personal data (e.g. the right to access or delete data) is free of charge. In the event of excessive or clearly unjustified requests, in particular if they are repeated, My Tower may charge a fee (in accordance with the actual cost) on the basis of relevant legal provisions or refuse to fulfill the request.
To exercise your rights as a data subject, please go to the Privacy Contacts page. In addition, the User may contact My Tower.
To change your settings for notifications sent by My Tower (including marketing communications), please go to the My My Tower page under “Notification Settings”. If you do not wish to receive marketing communications from My Tower, you can unsubscribe from such content at any time by clicking on the link in the email you receive. Due to technical reasons, these changes may take several days to apply. For information on managing the settings of cookies and similar technologies, see the next section, Cookies and Similar Technologies.
9. Cookies and Similar Technologies

My Tower and selected third parties may use cookies and similar technologies to provide better, faster and more secure features or to display personalized advertising. Cookies are small text files that are automatically created in the user’s browser and stored on the device used to access the Services. Detailed information on My Tower’s use of cookies, similar technologies and your choices in this regard can be found in the “Cookie Statement”.

My Tower uses cookies and similar technologies that are stored on the user’s device only when the browser is turned on (session cookies) and cookies and similar technologies that are stored for longer (persistent cookies). Whenever possible, My Tower uses appropriate security measures to prevent unauthorized access to our cookies and similar technologies. The unique ID ensures that only My Tower or selected third parties have access to cookie data.

User options in relation to cookies:

The user has the right to disable the use of cookies and similar technologies, as long as the device allows this. Appropriate settings on the mobile device or browser level are used to manage cookies. You can determine whether My Tower has the right to use cookies and similar technologies to deliver personalized advertising:

To manage the settings for the use of native cookies (and similar technologies) for advertising purposes, please go to the AdChoice – Ad Settings page on My Tower (you can also click on the link in the ad or the footer on the My Tower website).

Users may also use advertising and related settings to define the scope of consent to the processing of their personal data for advertising purposes using cookies (and similar technologies).

If you do not consent to the processing of personal data by My Tower for advertising purposes using cookies (and other similar technologies), the ads will not be adjusted to the User’s preferences based on data from cookies, web beacons or similar technologies, but still they will be displayed.

10. Data security

My Tower protects the User’s personal data by using technical and organizational security measures to minimize the risk of data loss, misuse of data, unauthorized access, disclosure and modification. My Tower uses, among others firewalls and data encryption algorithms, as well as physical firewalls in data centers and data access authorization mechanisms.

11. Relevant information on data protection

In order to protect privacy, we only allow Service Providers to have limited access to users’ contact, address and financial data to the extent necessary to complete the transaction and payment. However, users and Service Providers may access each other’s full name, user name, e-mail address, and other contact and address details when entering into a transaction.
In order to work properly and to ensure access to all Services, the application requires access on the mobile device to:
SMS. The application sends and receives SMS messages,
contacts. The application reads the contacts in the phone book in order to facilitate dialing the numbers with which the user wants to call,
memory of the mobile device. The application stores in memory logs of its activities and a list of numbers recently received and performed by the Application,
IMEI identifier of the device. The application requires access to the device identifier and the USIM card used to authorize the account,
cameras. The application allows you to take a photo of real estate defects,
other functionalities listed below, necessary for the proper functioning of the Application: displaying network connections, connecting to and disconnecting from the Wi-Fi network, sending / receiving data to / from the Internet, pairing with Bluetooth devices, disabling the screen lock, full network access, changing sound settings , wake up when turning on the device, control vibration, prevent the device from going to sleep, modify system settings, microphone, information about the Wi-Fi connection, find accounts on the device
When a User enters into a transaction with a Service Provider, My Tower provides the Service Provider with the user’s personal information (such as full name, username, email address, contact details, address and billing information). The Service Provider becomes the controller of this data and is responsible for its processing upon receipt from My Tower, including compliance with any restrictions under this Privacy Statement and the User Agreement.
Service Providers should ensure that user information is adequately safeguarded. The activities of Service Providers must comply with applicable data protection regulations, and in particular, they must protect the rights of data subjects, e.g. by offering them access to personal data collected by the Service Provider and delete them at the user’s request in cases provided for by law.
Personal data to which the Service Provider has access may only be used for the purposes of concluding transactions or in connection with other services offered on the My Tower website (e.g. delivery, complaints about fraud, communication with users), as well as for purposes, as explicitly permitted by the user to whom the data relates. Using the shared personal data of other users for any other purpose is a violation of the provisions of the Agreement with the Service Provider.
When providing personal data of third parties on My Tower, the Service Provider must obtain the consent of the data subject, or disclosure of such data to My Tower must be legally permitted for other reasons. The User is obliged to inform other persons about the methods of processing personal data by My Tower on the basis of the Privacy Statement.
All messages sent through My Tower’s communication tools are first received by My Tower and then forwarded to the recipient. All messages are automatically filtered. If necessary, suspicious messages are checked manually by Customer Service. In the event of a breach of the User Agreement (including any rules and regulations applicable to My Tower), My Tower reserves the right not to transmit the message and to limit the Service Provider’s provision of services or to block the Service Provider’s account on the My Tower website. The above principles protect the legitimate interests of My Tower, such as protection against fraud and suspicious activities (such as spam, viruses, phishing and others), enforcement of the provisions of the Service Provider Agreement and other rules and principles,
Some of the personal data that you provide to My Tower (e.g. personally identifiable information) is required to enter into a User Agreement and accept payment terms. Although the provision of certain personal data, such as an address, is voluntary, it may be required to use the Services.
Under the terms of the User Agreement, minors may not use the Services.
My Tower does not recommend using someone else’s mobile device to use the Services. After logging in, the device owner will have access to most of the account functions and certain activities without the need for additional authorization. Actions that can be taken without additional logging in may include: purchase and payment for services, displaying data assigned to the user’s account.
If you try to change your password, update other account details, or perform actions not listed above, the system will ask you for the password.
To end the session, please log out and / or clear your cookies. If appropriate security options have been set in the User’s browser, it is enough to close the browser to log out. If you are using a public or shared computer, we recommend that you log out and / or clear your cookies after using the Services to protect your account and personal information.