GDPR
Information on the processing of personal data
In connection with the implementation of the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ. U. EU. L. 2016 No. 119, p. 1) (hereinafter: ‘RODO’), Maj & Cieślak Kancelaria Prawna Spółka Cywilna (the ‘Administrator’) would like to inform you about the rules for processing your personal data and the rights to which you are entitled in connection with the above.
The following rules are applicable as of 25 May 2018.
If you have any questions regarding the manner and scope of the Administrator’s processing of your personal data, as well as the rights you are entitled to, please contact the Administrator at ul. Grójecka 34 lok. 8, 02-308 Warsaw or using the e-mail box, at: biuro@kancelariamc.pl.
I. DESIGNATION OF THE ADMINISTRATOR
The administrator of your personal data is Maj & Cieślak Kancelaria Prawna Spółka Cywilna, ul. Grójecka 34 lok. 8, NIP: 1132915323 REGON: 365063294.
II. PURPOSES AND LEGAL BASIS OF PROCESSING YOUR PERSONAL DATA
Your personal data, in the form of your e-mail address and other data that may be included in your e-mail correspondence with the Administrator, is processed in connection with the correspondence conducted and in connection with the storage of this correspondence on the Administrator’s e-mail server. The e-mail correspondence is carried out by the Administrator in connection with its business activities, the subject of which is legal activity.
In addition, the Administrator processes your personal data for the purposes of:
- the conclusion and performance of the legal services contract (Article 6(1)(b) of the RODO);
- to establish contact with the Administrator, based on your consent (Article 6(1)(a) RODO);
- for statistical purposes, consisting of the preparation of internal analyses and compilations by the Administrator (Article 6(1)(f) RODO);
- for information and network security purposes (Article 6(1)(f) RODO);
- where applicable, in connection with the conduct of litigation and proceedings before public authorities and other proceedings, including the investigation and defence of claims (Article 6(1)(f) RODO).
III. OBLIGATION TO PROVIDE PERSONAL DATA TO THE ADMINISTRATOR
The provision of personal data by you is a necessary condition for the conclusion and performance of the legal services agreement and for establishing contact with the Administrator. Failure to provide the indicated data will make it impossible to perform the above activities.
The Administrator, on the basis of the legally justified interest, processes data specifying how the user uses the websites administered by the Administrator.
IV. INFORMATION ON THE RECIPIENTS OF YOUR PERSONAL DATA
In connection with the processing of your personal data, it may be shared with the following recipients or categories of recipients:
- companies supporting the Administrator in the conduct of its business, including the Administrator’s subcontractors, entities operating ICT systems, entities providing tax, consulting, advisory, auditing, accounting services;
- entities managing the Administrator’s website.
V. PERIODS OF PERSONAL DATA PROCESSING
Your personal data will be processed for the period necessary to fulfil the purposes indicated in point. II purposes and the legitimate interests indicated. In the case of processing of personal data on the basis of your consent, the data will be processed until such consent is withdrawn.
VI. RIGHTS OF THE DATA SUBJECT
The controller shall ensure that all data subjects whose data are processed by it have adequate rights under the RODO. In this regard, you have the following rights:
- the right of access to your personal data, including the right to obtain a copy of that data;
- the right to request the rectification (amendment) of your personal data – where the data is inaccurate or incomplete;
- the right to request the erasure of personal data (the so-called ‘right to be forgotten’) – where:
- the data are no longer necessary for the purposes for which they were collected or otherwise processed;
- the data subject has raised an effective objection to the processing;
- the data subject has withdrawn the consent on which the processing is based and there is no other legal basis for the processing;
- the data are being processed unlawfully;
- the data must be erased in order to comply with a legal obligation;
- the right to request the restriction of the processing of personal data – where:
- the data subject contests the correctness of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the data, requesting instead that the data be restricted,
- the controller no longer needs the data for its purposes, but the data subject needs the data for the establishment, defence or assertion of claims;
- the data subject has objected to the processing of the data – until it is established whether the legitimate grounds on the part of the controller override the grounds for the objection;
- the right to data portability – where:
- the processing is carried out on the basis of a contract concluded with the data subject or on the basis of consent given by the data subject;
and
- the processing is carried out by automated means;
- the right to object to the processing of personal data, including profiling, when:
- there are reasons related to your particular situation;
and
- the processing is based on the basis of necessity for purposes arising from the legitimate interest of the Controller as referred to in para. Il above.
VII. RIGHT TO WITHDRAW CONSENT TO THE PROCESSING OF PERSONAL DATA
To the extent that you have given your consent to the processing of your personal data, you have the right to withdraw it. The withdrawal of your consent shall not affect the lawfulness of data processing carried out on the basis of your consent prior to its withdrawal.
VIII. RIGHT TO LODGE A COMPLAINT TO A SUPERVISORY AUTHORITY
If you consider that the Administrator’s processing of your personal data violates the provisions of the RODO, you have the right to lodge a complaint with the competent supervisory authority.
IX. PROFILING AND AUTOMATED DECISION-MAKING
The Controller does not undertake automated decision-making in relation to personal data, including profiling as referred to in the provision of Article 22(1) and (4) of the RODO.
X. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
The Administrator does not transfer personal data to third countries or international organisations.