Effective as of 01.11.2025
Dear User,
Domio Nieruchomości Jarosław Jakowenczuk (address: Zamknięta 10, unit 1.5, 30-554 Kraków, NIP: 6832140200), as the provider of the Domio service (chatbot in the Telegram application), makes every effort to ensure the security and confidentiality of your personal data. We care about your privacy both when you use our services via the chatbot and when you contact us electronically or use the subscriptions and notifications we offer. We operate in accordance with applicable law, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation, hereinafter: GDPR).
In this document, we present the most important information regarding the processing of personal data. For the sake of clarity, we have presented it in the form of questions and answers. Thanks to this, you will learn for what purpose, on what basis and for how long we process your data, who has access to it, and what rights you are entitled to.
The controller of personal data is Domio Nieruchomości Jarosław Jakowenczuk, NIP: 6832140200.
In case of questions or doubts related to the processing of personal data, you can contact us electronically at the e-mail address: kontakt@domioestate.pl.
We process your personal data for the following purposes:
Provision of services and user account handling – in order to enable you to use our service via the Domio chatbot. Your data (e.g. the identifier in Telegram, data provided during the conversation) is necessary for you to be able to search for real estate offers, save preferences, receive search results or use other functionalities (such as notification subscriptions).
Performance of our services (performance of the contract) – the personal data you provide to us is needed to fulfil your orders and requests, e.g. to search for and present you with apartment offers, connect you with a seller or advisor, carry out a purchase transaction, settle the contract, as well as to pursue our claims if necessary.
Responding to enquiries – if you send us questions or requests (e.g. via the chatbot, e-mail or other communication channels), we process your data to provide you with answers, explanations and support. This also applies to situations where you contact us via social media or other messengers.
Subscriptions, notifications – for the purpose of sending you information you have subscribed to. If you express your wish to receive notifications about new apartment offers, news from the real estate market, we use your data to deliver this content to you. We send such messages only on the basis of your request or consent.
Marketing and statistical purposes – information about how you use our services (e.g. data on activity in the chatbot or visits to our website) is used by us for promotional and analytical purposes. This helps us to promote and develop Domio, improve our products and raise the quality of services provided (e.g. by analysing usage statistics of various functionalities in order to better adapt the service to users’ needs).
Fulfilment of tax and accounting obligations (Article 6(1)(c) GDPR).
We process the following categories of data:
contact details (first name, last name),
telephone number,
e-mail address,
Telegram identifier,
data concerning activity in the chatbot,
search preferences and subscription settings.
Providing personal data is voluntary, but necessary to use the Domio chatbot.
If data is not provided, we will not be able to provide services.
The legal bases for the processing of personal data by Domio are as follows:
Conclusion and performance of a contract or taking steps at your request prior to entering into a contract – Article 6(1)(b) GDPR.
This legal basis applies when the processing of your data is necessary for the provision of our services and performance of the contract with you (e.g. when you use the chatbot to find an apartment or conclude a service agreement with us).
Legal obligation – Article 6(1)(c) GDPR.
In certain situations, legal provisions require us to process specific data, for example when we must store information needed to issue an invoice or fulfil other tax and accounting obligations.
Domio’s legitimate interest – Article 6(1)(f) GDPR.
We rely on our legitimate interest for such purposes as: carrying out marketing activities, monitoring and analysing the way in which our services are used (statistics), improving the functionality of the service and maintaining a business relationship with you. Legitimate interest also constitutes a basis when we pursue our claims or defend ourselves against potential claims.
Your voluntary consent – Article 6(1)(a) GDPR.
Situations in which we ask for your consent include, for example, the wish to receive our newsletter, marketing materials or participation in promotional activities not directly related to the performance of a contract. If you grant such consent, you may withdraw it at any time, which does not affect the lawfulness of the processing carried out before the withdrawal.
Establishment, exercise or defence of legal claims – Article 6(1)(f) GDPR.
If necessary, we may also process your data on the basis of our legitimate interest consisting in establishing claims we are entitled to, pursuing them before a court or another competent authority, and defending ourselves against claims directed at us.
We process personal data only as long as it is necessary to fulfil the above-mentioned purposes, unless you submit an effective request to delete your data earlier or withdraw your consent (if the processing is based on consent).
The period of data processing may differ depending on the basis and purpose. For example:
Data processed in connection with the provision of services is processed for the duration of the contract and for the necessary period after its termination in order to secure potential claims (taking into account limitation periods).
Data processed on the basis of consent (e.g. for sending a newsletter) is processed until you withdraw such consent.
In addition, certain legal provisions may require longer storage of some data – for example, financial documents (which we must keep for the period required by tax law) or data needed for accounting or reporting purposes. In all cases, we follow the principle of data minimisation and store data no longer than necessary.
In some situations, further transfer of your personal data may prove necessary for us to duly and professionally fulfil our obligations and conduct our business. Each time, however, before we share your data with another entity, we require that it ensure an adequate level of protection and confidentiality of the data.
We may transfer your personal data to the following categories of recipients:
Entities involved in the performance of our services – e.g. accounting offices settling transactions, payment service providers (if you use paid subscriptions or services), IT companies supporting our service (including providers of IT infrastructure, hosting and communication platforms such as Telegram, as well as analytical tools), Domio partners. All these entities process data on our behalf or in cooperation with us, to the extent necessary to perform a given service.
Authorised employees and associates of Domio – only authorised persons such as our employees, real estate advisors or business partners who need this data to perform their duties and provide assistance as part of our services may have access to your data. These persons are obliged to maintain confidentiality.
Trusted business partners – only in a situation where you yourself decide to use the services they offer via Domio and this requires the transfer of data. For example, if you ask us to arrange a consultation with a credit expert, renovation team? transport company or a meeting with a property developer, we will transfer your contact details to such a partner solely for the purpose of providing this specific service and with your knowledge.
Authorised public authorities – if we are obliged to do so by applicable law. This concerns, among others, courts, law enforcement authorities, supervisory authorities (e.g. the Personal Data Protection Office) or other state institutions that may gain access to data on the basis of relevant provisions.
As a rule, we do not transfer your personal data to countries outside the European Economic Area (EEA).
However, if in connection with the provision of our services such a necessity arises, we will each time assess the circumstances of such a transfer and ensure an adequate level of data protection so that the processing is carried out in compliance with applicable legal regulations. This means that, in the event of data transfer outside the EEA, we will apply appropriate safeguards provided for by the GDPR (e.g. standard contractual clauses, certification mechanisms or other solutions accepted by the European Union).
We also inform you that when using our service, we rely on services and technologies provided by entities that may have their registered office outside the EEA. This applies, for example, to the Telegram messenger platform or Google analytics services. Under GDPR, these are entities located in so-called third countries, for which an adequate level of personal data protection must be ensured or appropriate safeguards applied. We ensure that we cooperate only with such providers who guarantee compliance with high data protection standards – among other things, by concluding contracts based on standard data protection clauses with them or by using other lawful mechanisms of GDPR compliance. Thanks to this, the use of their services and technologies in the process of personal data processing is lawful and safe.
We do not make automated decisions concerning you, in particular decisions that would produce legal effects concerning you or similarly significantly affect you. In other words, we do not use fully automated data processing (including profiling) that would decide about your rights, obligations or affect you significantly in a similar scope. All key decisions related to the services provided are taken by humans, possibly supported by analytical tools, but we do not leave users’ fate solely in the hands of algorithms.
On our website (if you use it outside the chatbot), we use so-called cookies, i.e. small text files stored on your computer, smartphone, tablet or other device. These files can be read by our ICT system upon subsequent visits, as well as by systems belonging to other entities whose services we use (e.g. Google analytical tools).
Thanks to cookies, we collect anonymous data on visits and user activity on our websites. This information helps us improve the available functionalities of the service, identify possible errors and carry out marketing activities (e.g. through analysis of which functionalities are most popular).
Remember that web browsers by default allow cookies to be stored on the user’s end device. However, you can manage cookies yourself – block or limit them – using your browser settings or available free tools. You should know that disabling or limiting the handling of cookies may affect some functionalities of our website. For example, some elements of the service may not function properly, page loading time may increase, or difficulties in using certain services may occur.
(Note: In the functioning of the chatbot itself in the Telegram application, cookies are not used, because the interaction takes place in the application, not via a web browser. The above information about cookies concerns situations when you use related Domio web services, e.g. the information website or links opened outside Telegram.)
In order to ensure a high and consistent level of protection of processed data, we use appropriate security measures, both technical and organisational. We protect your personal data against unauthorised access, loss, alteration or destruction. Among the safeguards we use are, among others:
encryption of data transmission using the TLS protocol (ensuring the confidentiality of communication, e.g. when you send us information via websites),
use of secure, reputable cloud and hosting solutions that guarantee adequate safeguards (e.g. access control, protection of data centres against physical access by unauthorised persons),
regular creation of backup copies of important data in order to prevent its irreversible loss in the event of a failure or security incident,
carrying out periodic security tests and audits of our IT systems to detect and remove potential vulnerabilities,
continuous security monitoring – we constantly supervise our systems for unauthorised actions or breaches and react quickly if something raises doubts,
minimising the risk of potential abuse – we implement internal policies and procedures regarding data protection (e.g. strong password policy, incident response procedures),
ensuring continuous confidentiality, integrity, availability and resilience of our processing systems – this means that we make sure that data is available only to authorised persons, is not changed or destroyed in an uncontrolled manner and that our services operate without interruption,
making personal data available only to authorised persons – only trained employees or associates who need such access to perform their duties have access to your data,
regular updating and changing of access passwords to systems processing personal data, as well as using strong authentication methods to prevent access by unauthorised persons.
Our procedures and safeguards are continuously updated along with changing standards and technologies so that your data remains properly protected.
You have the right to exercise a number of rights concerning your personal data. In particular, you have the right to:
access your personal data – you can obtain information about what data we hold about you and receive a copy of it,
rectification (correction) of data – if you find that the data we hold is incorrect or outdated, you have the right to request its correction or completion,
erasure of data (the so-called right to be forgotten) – you may request the erasure of your data, provided we have no legal basis to continue storing it (e.g. when the data is no longer needed for the purposes for which it was collected),
restriction of processing – you may indicate the scope in which we are to process your data (e.g. temporarily limit processing or not use certain categories of data), particularly when you question the accuracy of the data or the legal basis for processing,
object to processing – at any time you have the right to object to the processing of your data based on our legitimate interest (e.g. objection to data processing for direct marketing or statistical purposes). After an objection is lodged, we will stop processing your data for this purpose unless we demonstrate compelling legitimate grounds which override your interests, rights and freedoms (or grounds for the establishment, exercise or defence of legal claims),
data portability – you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and to have this data transmitted directly to another controller, where technically feasible. This right applies to data we process on the basis of your consent or in connection with the performance of a contract,
withdraw consent – if the processing of your data is based on consent, you have the right to withdraw your consent to processing for a specific purpose at any time.
Please remember that the above rights are not absolute – in certain situations, we may lawfully refuse to comply with your request or limit it. This will occur, for example, when legal provisions oblige us to continue processing certain data (despite your request for erasure) or when your request concerns data necessary for the establishment, exercise or defence of legal claims. In each case, however, any refusal will be duly justified by us.
Withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal. In other words, until the moment of consent withdrawal, the processing was lawful.
If you submit a request to us regarding the exercise of any of the above rights, we will respond to it without undue delay – no later than within one month of receiving the request. In the case of a complex nature of the request or a large number of requests, this period may be extended by a maximum of another two months. In such a situation, however, we will inform you in advance about the need to extend the deadline and state the reasons for the delay.
If you believe that we are processing your personal data in violation of applicable regulations, you have the right to lodge a complaint with a supervisory authority. In Poland, this authority is the President of the Personal Data Protection Office (PUODO). A complaint may be submitted in particular in writing to the address of the Office or via the website of the Personal Data Protection Office.
Of course, we also encourage you to contact us directly before taking formal steps – we will do our best to clarify any doubts and resolve any issues regarding your data.
Yes. The protection of personal data is a process that is subject to ongoing modifications as the legal environment, technology and our services evolve. Therefore, our Privacy Policy may be updated or amended in the future, which we will inform you about each time in an appropriate way.
In the event of significant changes to the content of the Policy, we will inform you by placing a clear notice in our service – for example, on the Domio website or in a message sent via the chatbot. If you are a registered user or an active subscriber of our services at the time significant changes are introduced, we may also send you a separate notification electronically (e.g. by e-mail or in-app message) so that you can become familiar with the changes.
We encourage you to review the provisions of this Privacy Policy on a regular basis – by using our services, you accept its provisions. If you have any questions regarding the content of the Policy or your personal data, contact us at kontakt@domioestate.pl. We make sure that your data is safe and that you are properly informed about all important issues related to its processing.