Article 1. Data controller
- The personal data controller is Zieliński Chęciński Partnerzy Kancelaria Radców Prawnych sp. p. with its registered office in Poznan, ul. Kościelna 37, 60-537 Poznań, entered into the register of entrepreneurs of the National Court Register by the District Court for Poznań-Nowe Miasto and Wilda in Poznan, 8th Commercial Division of the National Court Register, under the KRS number: 0000830268, holding the tax identification number [NIP]: 7812006574 (hereinafter referred to as ”Data controller”), who places great emphasis on the protection of privacy and confidentiality of personal data of its Clients, as well as the data of its employees, job applicants and other natural persons, whose data are processed by the Controller (hereinafter referred to as ”Users”).
- It is possible to contact the Data Controller in writing by sending correspondence to the address of the Data Controller’s registered office, by e-mail at: email@example.com or by completing the contact form available at the website of the Data Controller.
- The data controller has not appointed a data protection officer.
Article 2. Rules of personal data processing
- The Data Controller shall select and apply with due care the appropriate technical and organisational measures which ensure the protection of all personal data. Only those people duly authorised by the Data Controller shall have full access to databases.
- The Data Controller shall protect the personal data from being disclosed to any unauthorised persons and against their processing in violation of applicable laws. When processing personal data, the Data Controller shall apply solutions adapted to the scale and nature of the processing, guaranteeing the highest degree of protection to the data subjects, following both from the technological and organisational solutions applied.
Article 3. Basis for personal data processing
2. The provision of personal data is voluntary, however, failure to do so shall make the conclusion and performance of the agreement, participation in the recruitment procedure or performance of the requested activities impossible.
3. The following provisions shall be the basis for the processing of personal data:
a) art. 6(1)(a) of the GDPR– with regards to the personal data obtained by means of consent, based terms and conditions stipulated in art. 7 of the GDPR;
b) art. 6(1)(B) of the GDPR – with regards to data provided on a voluntary basis in order to prepare and perform the Agreement between the User and the Data Controller or entity to whom the Data Controller subcontracts the performance of the Agreement, or in order for the User to take part in the recruitment procedure. The provision of data shall be voluntary, however, it is necessary to perform the Agreement and take part in the recruitment procedure;
c) art. 6(1)(C) of the GDPR – to the extent required to fulfil the legal obligation incumbent on the Data Controller, e.g. arising from the tax law regulations and other legal regulations related to the conducted business;
d) art. 6(1)(e) of the GDPR – to the extent required to complete a task carried out in the public interest, in particular for the purposes of counteracting criminal offences;
e) article 6(1)(f) of the GDPR – with regards to data processed in connection with the accomplishment of the Data Controller’s legitimate objectives.
4. The Data Controller may process the data of third parties shared by the Users for the purpose of and in connection with the provision of services by the Data Controller. The User, by providing the Data Controller with the data of third parties, shall represent that it has the relevant consent of the third parties to provide their data to the Data Controller.
5. The Data Controller shall only process the personal data of a child who is under 16 years of age if it has obtained the consent of the person who exercises parental authority or custody of the child and only to the extent of the consent given.
7. The Administrator shall not apply profiling to Users within the meaning of Article 4(4) of the GDPR.
Article 4. Period of personal data processing
The User’s data shall be kept for no longer than is necessary, i.e.:
a) with regard to the performance of the Agreement – until such performance of the Agreement is completed, and after that time, for the period required by law or for the fulfilment of potential claims that may be raised by and against the Administrator;
b) with regard to the fulfilment of a legal obligation incumbent on the Data Controller – until it is fulfilled;
c) with regards to the legitimate interests pursued by the Data Controller or any third party – until their realisation or until the User objects to the processing of personal data, unless there are legitimate grounds for their further processing;
d) with regard to the processing which takes place solely on the basis of consent – until the immediate deletion of data taking place on the basis of a request made by the User.
Article 5. Rights of the User
1. In connection with the processing of personal data by the Data Controller, the User has the right:
a) to demand access to his/her personal data – art. 15 of the GDPR;
Upon request of the User regarding access to his/her data, the Data Controller shall inform the User whether it processes the User’s data and shall inform the User about the details of such processing in accordance with the GDPR, and shall provide the User with access to his/her data. The access to the data shall take place by sending the copy of such data by electronic mail. In the case of a request for delivery of another copy of the data in paper form, the Data Controller has the right to charge the User the costs related to preparing them in such a form and sending them in accordance with art. 15(3) of the GDPR.
b) to rectify the personal data – art. 16 of the GDPR;
The Data Controller shall rectify the incorrect data upon request of the User.
c) to demand the deletion of person data – art. 17 of the GDPR;
This right shall apply to the extent to which the deletion of the data shall not be contrary to the legal regulations applicable to the Data Controller, in particular the accounting regulations.
d) to restrict the processing of his/her personal data – art. 18 of the GDPR;
This right shall apply to the extent to which the Data Controller may restrict the processing of personal data in the context of applicable legal regulations and to the extent to which this does not affect the Data Controller’s right to assert its claims against the User.
e) to transfer data – art. 20 of the GDPR;
Upon request of the User, the Data Controller shall issue the data regarding the User, who has delivered them for the purpose of the conclusion or performance of the Agreement, or which are processed on the basis of consent, in a structured, commonly used machine-readable format, or shall provide such data to another entity, if possible.
f) to object to their processing – art. 21 of the GDPR;
If the User raises an objection to the processing of his/her data, motivated by his/her particular situation, and the data are processed by the Data Controller on the basis of the Data Controller’s legitimate interest, the Administrator shall take the objection into consideration unless there are compelling legitimate grounds for the data processing on the part of the Data Controller, which override the interests, rights and freedoms of the person raising the objection or grounds for the establishment, assertion or defence of claims.
g) to withdraw his/her consent to the data processing, without affecting the lawfulness of the data processing which has taken place on the basis of consent before its withdrawal – art. 7(3) of the GDPR;
h) to lodge a complaint with the supervisory authority – art. 77 of the GDPR.
2. If the Data Controller is not able to determine the content of the request or identify the person who exercises the aforementioned rights on the basis of the notification made, it shall ask the requester for additional information.
3. The notifications shall be responded to within one month of the date of their receipt. If it is necessary to extend this time limit, the Data Controller shall inform the requester about the causes of such an extension.
Article 6. Sharing of personal data
- Personal data will be made available only to authorised entities, i.e. to authorised employees of the Data Controller and other persons acting with the authorisation of the Data Controller, and to other entities authorised to receive the User’s data on the basis of relevant legal regulations, as well as to entities providing services to the Law Firm, including IT and accounting services. The personal data of the Users may be transferred to other entities – in cases not indicated by the Data Controller or legal regulations – only with the User’s consent.
- The Data Controller shall not transfer the personal data of the Users to any third-party countries or international organisations.
- The Data Controller shall oblige all entities to which it entrusts the User’s personal data, to implement the relevant safeguards for these data.
Article 7. Cookies
1. The website at https://zcplegal.pl/ (“Website”) uses IT data stored in website user devices, i.e., in particular, text files containing the name of the website from which they come, the time of their storage on the user’s device and their unique number (”Cookies”).
2. Pursuant to art. 173(1) of the Telecommunications Law of 16 July 2004 (Journal of Laws of 2021, item 576), the Data Controller shall hereby inform that:
a) Cookies are used on the Website in order to facilitate the use of the Website, as they allow for the adaptation of the contents available on the Website to the individual needs and preferences of Website users, and are used to prepare general statistics regarding the use of the Website.
b) the personal data collected using Cookies are gathered solely for the purpose of performing specific functions for the users, and are encrypted in a manner which makes unauthorised access to them impossible.
d) the Website user may change the Cookie settings at any time – detailed information on the ways of handling Cookies is available in the software (web browser) settings. Exemplary options of editing settings in popular browsers:
- Mozilla FireFox: https://support.mozilla.org/pl/kb/ciasteczka
- Internet Explorer: http://www.support.microsoft.com/kb/278835/pl
- Edge: https://privacy.microsoft.com/pl-pl/windows-10-microsoft-edge-and-privacy
- Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=pl
- Opera: https://help.opera.com/pl/latest/web-preferences/#cookies.
ul. Polska 15, 60-595 Poznań
+48 61 27 87 595
Zieliński Chęciński Partnerzy Kancelaria Radców Prawnych sp.p.
Day-to-day legal advice to business entities
ZCP Legal&Tax © 2022 All rights reserved