Privacy Policy (GDPR) and Service Disclaimers

Last updated: 2025-12-27

This document describes the rules for processing personal data in the HALA System (H^L^) service, available under the domains: halasystem.com, halasystem.pl, halasystem.de (the “Service”).

This Policy applies to users located within the European Economic Area (EEA) and is prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”). With regard to cookies and similar technologies, the provisions implementing the ePrivacy Directive also apply (in Germany in particular, the requirement to obtain consent for storing or accessing information on a user’s terminal device, except where strictly necessary).

1. The controller of personal data is: +48 ARCHITEKTURA civil-law partnership (Karol Szparkowski, Kamil Miklaszewski), ul. Kazimierzowska 85/40, 02-518 Warsaw, Poland.
2. Tax ID (NIP): 5213586417, REGON: 142668475.
3. Contact regarding data protection and privacy matters: info@halasystem.com.

• We process personal data only to the minimum extent necessary to operate the Service, communicate with users and ensure security.
• As a rule, the Service does not require account creation or user login.
• We do not sell personal data and do not disclose it to third parties for their own marketing purposes.
• We do not require the provision of special categories of personal data (so-called “sensitive data”) and ask users not to provide such data.
• Data is provided voluntarily; however, failure to provide certain data may make it impossible to handle an enquiry or generate a report.

• Contact data: e-mail address, and optionally name/company name or phone number – if provided in a message or form.
• Content and configuration data: message content, attachments, and data entered into the tool/configurator (e.g. dimensions, parameters, building type, plot data or address – if provided).
• Location data and plot geometry: data related to location and plot/area outlines (e.g. geometry/shape) if the drawing function is used – solely to generate results and send summaries.
• Technical data: IP address, browser/device identifiers, server logs, timestamps, error and security information.
• Analytics/marketing data (cookies) – if tools are active: cookie identifiers, measurement events, traffic sources and campaign performance data.

• The Controller does not expect or require the provision of special categories of personal data, such as data concerning health, political opinions, religious or philosophical beliefs, biometric data, sexual orientation, etc.
• Users are requested not to include such information in messages or attachments.
• If such data is provided voluntarily, the Controller may delete, anonymise or restrict its processing to the absolute minimum necessary to handle the matter, unless retention is required by law or for the establishment, exercise or defence of legal claims.

Data is obtained directly from the user (entered in the Service or sent by e-mail) and from the Service’s technical systems (logs and measurement tools, if active).

• Contact and handling of enquiries (replying to e-mails, handling requests): Article 6(1)(b) GDPR (pre-contractual steps) or Article 6(1)(f) GDPR (legitimate interest – communication and service handling).
• Generation and sending of summaries/reports (e.g. e-mail with results, including configuration/plot data): Article 6(1)(b) GDPR.
• Operation and security of the Service (maintenance, logs, prevention of abuse): Article 6(1)(f) GDPR.
• Establishment, exercise or defence of legal claims: Article 6(1)(f) GDPR.
• Analytics and marketing (traffic, conversions and campaign performance measurement), if used: as a rule Article 6(1)(a) GDPR (consent), where required by cookies/ePrivacy regulations.

• Google Analytics 4 (GA4) – traffic and event measurement (implemented via gtag and Google Tag Manager).
• Google Ads – measurement of campaign effectiveness and conversions (if tags are active).
• Google Tag Manager (GTM) – management of measurement tags.
• Mapbox / OpenStreetMap (OSM) – map functions and location/plot drawing features.
• Hotjar – a planned usability analysis tool (e.g. heatmaps, session recordings), if enabled.
• If Hotjar is enabled, it may record user interactions within the Service. The Controller may implement masking/limitation measures and activate the tool only after obtaining consent, where required.

• As a rule, the Controller does not maintain a user account database.
• User data is mainly handled via e-mail correspondence and summaries/results sent by e-mail.
• For technical reasons, server logs and data within analytics/marketing tools may exist, if such tools are active.

• E-mail correspondence and enquiries: as a rule up to 12 months from the last contact.
• Technical and security logs: typically 6–12 months.
• Analytics/marketing data: according to tool settings and until consent is withdrawn (where consent is the legal basis) or cookies expire.
• Data may be retained longer only where required by law or necessary to establish, exercise or defend legal claims (until the expiry of limitation periods).

• Data may be disclosed only to processors acting on behalf of the Controller, in particular hosting and infrastructure providers (OVH, Hetzner), e-mail service providers, and IT, maintenance and security service providers.
• If Google tools (GA4/GTM/Ads) or Hotjar are active, data may also be processed by these providers, solely to the extent necessary for operation and measurement.

Where data is transferred outside the EEA via service providers’ tools (e.g. Google, Hotjar), the Controller applies GDPR-compliant safeguards, such as Standard Contractual Clauses (SCCs), and additional measures where required by law.

• The Service may use cookies and similar technologies:
  • Strictly necessary – for the operation of the Service.
  • Analytics – for traffic measurement (GA4).
  • Marketing – for campaign effectiveness measurement (Google Ads).
  • Usability – for behaviour analysis (Hotjar), if enabled.
• The Controller plans to implement a consent management mechanism (cookie banner/settings).
• Until such a mechanism is implemented, users may restrict cookies via their browser settings.
• Once implemented, users will be able to withdraw consent or change preferences at any time.

• Users have the right to access, rectify, erase (“delete”), restrict processing, data portability, object to processing, and withdraw consent (where consent is the legal basis).
• Requests regarding the exercise of rights may be submitted at any time by contacting: info@halasystem.com.
• Requests are handled without undue delay, in accordance with GDPR. If complete erasure is not possible due to legal obligations or the defence of claims, processing will be restricted to the minimum necessary and the legal basis will be indicated.
• Users have the right to lodge a complaint with a supervisory authority. In Germany, this is the competent data protection authority for the user’s place of residence or the place of the alleged infringement; in Poland, the President of the Personal Data Protection Office (UODO).

• Graphic materials presented in the Service (photos, visualisations, renders, diagrams, video footage) are for illustrative purposes only.
• They do not necessarily depict projects or assets of the Controller or the HALA system and may relate to examples from other investors.
• Some materials may originate from free stock image databases or licensed sources.
• Graphic materials do not constitute a guarantee of parameters, price, availability or outcome.

• Any amounts, price ranges, cost estimates, parameters, schedules, reports and results presented in the Service (including those generated based on user-provided data) are for informational and indicative purposes only.
• They do not constitute a commercial offer or an invitation to conclude a contract, nor do they guarantee price, timing, contractor availability or feasibility of the investment. Each investment requires separate design, formal and cost-estimation work.
• Actual costs, timelines and scope may differ significantly due to factors beyond the Controller’s control, including but not limited to: planning and administrative requirements, legal constraints on the property, ground and environmental conditions, utilities and infrastructure, access and transport requirements, technological and fire-safety/BHS/sanitary requirements, design standards and solutions, installations and energy systems, market and contractor conditions, documentation scope, and financing and contractual risks.
• Users are obliged to independently verify Service results with competent authorities and qualified professionals, including through a full design and cost-estimation process.
• The Controller and the Service owner shall not be liable for the final investment cost, discrepancies between estimates and actual costs, investment decisions made by the user, or indirect damages (including loss of profits), except where liability cannot be excluded under mandatory provisions of law.

The Controller may update this Policy in the event of technological, legal or organisational changes. The current version is published in the Service together with its effective date.