GDPR DATA PROCESSING NOTICE
As a result of the entry into force of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) please be advised that the Law Firm of Michał Głowacki (the Law Firm) shall process, among others, the following personal data:
a) personal data of clients who are natural persons,
b) in the case of clients of the Law Firm being legal persons or associations not having legal personality – personal data of the persons authorised to represent such entities, and employees and associates of such clients,
c) personal data of service providers who are natural persons, as well as employees and associates of service providers,
d) persons addressing the Law Firm to obtain legal advice provided by the Law Firm and persons whose data were gathered when providing such services for the Law Firm’s clients,
e) persons associated with the Law Firm on a permanent or occasional basis in relation to the provision of services by the Law Firm.
For the above reasons, the Law Firm hereby provides you with significant information related to the processing of personal data.
We take data privacy seriously and value the trust that individuals place in us when providing us with personal data and we are committed to safeguarding the privacy and security of personal data we may collect from visitors to our websites and/or the clients to whom we provide legal and other services.
By providing your personal data to us (whether via one of our websites, by email, in person or over the phone), you agree to the processing set out in this Privacy notice.
This Privacy notice does not apply to, and the Law Firm is not responsible for, any third party websites which may be accessible through links from our websites.
If you follow a link to any of these third party websites, they will have their own privacy policies and you will need to check these policies before you submit any personal data to such third party websites.
PERSONAL DATA CONTROLLER
CONTACT DETAILS OF THE CONTROLLER
You can contact us using the following details:
- by phone: (+48 606970169)
PURPOSES OF DATA PROCESSING, LEGAL BASIS FOR PROCESSING AND LEGITIMATE INTERESTS
We will only use your personal data where we are permitted to do so by applicable law.
The principal legal grounds that justify our use of your personal data are:
- Contract performance: where your information is necessary to enter into or perform our contract with you.
- Legal obligation: where we need to use your information to comply with our legal obligations.
- Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
- Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.
- Consent: where you have consented to our use of your information (you will have been presented with a consent form or facility in relation to any such use and may withdraw your consent through an unsubscribe or similar facility).
We may use your personal data in the following ways (in each case, we note the grounds that we rely on to use your personal data):
1. To provide our legal and other services to you and to conduct our business – to administer and perform our services, including to carry out our obligations arising from any agreements entered into between you and us (please note that our Standard Terms of Engagement apply where we provide legal services); Legal grounds: contract performance, legitimate interests (to enable us to perform our obligations and provide our services to you), consent.
2. To facilitate use of our websites and to ensure content is relevant – to respond to requests for information or enquiries from visitors to our websites and to ensure that content from our websites is presented in the most effective manner for you and for your device; Legal grounds: legitimate interests (to allow us to provide you with the content and services on the websites), consent, contract performance.
3. For marketing and business development purposes – to provide you with details of new services, legal updates and invites to seminars and events where you have chosen to receive these. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us as set out in section 12 below; Legal grounds: legitimate interests, consent.
4. For research and development purposes – analysis in order to better understand your and our clients’ services and marketing requirements and to better understand our business and develop our services and offerings; Legal grounds: legitimate interests (to allow us to improve our services).
5. For recruitment purposes – to enable us to process applications for employment and to assess your suitability for any position for which you may apply at us; Legal grounds: legitimate interests (to ensure that we can make the most appropriate recruitment decisions), contract performance (in order for us to take steps at your request to enter into a contract with you).
6. To fulfil our legal, regulatory, or risk management obligations – to comply with our legal obligations (performing client due diligence/”know your client”, anti-money laundering, anti-bribery, sanctions or reputational risk screening, identifying conflicts of interests); for the prevention of fraud and/or other relevant background checks as may be required by applicable law and regulation and best practice at any given time (if false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and may be recorded by us or by them); to enforce our legal rights, to comply with our legal or regulatory reporting obligations and/or to protect the rights of third parties; Legal grounds: legal obligations, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities, to ensure that you fall within our acceptable risk profile and to assist with the prevention of crime and fraud). Where we process special categories of personal data we may also rely on substantial public interest (prevention or detection of crime) or legal claims.
7. To ensure that we are paid – to recover any payments due to us and where necessary to enforce such recovery through the engagement of debt collection agencies or taking other legal action (including the commencement and carrying out of legal and court proceedings); Legal grounds: contract performance, legal claims, legitimate interests (to ensure that we are paid for our services).
8. To inform you of changes – to notify you about changes to our services or our Standard Terms of Engagement for legal services or this Privacy notice; Legal grounds: legitimate interests (to ensure we can notify you about changes to our service, Standard Terms of Engagement etc.).
9. To reorganise or make changes to our business -In the event that we are undergo a re-organisation (for example if we merge, combine or divest a part of our business), we may need to transfer some or all of your personal data to the relevant third party (or its advisors) as part of any due diligence process or transfer to that re-organised entity or third party your personal data for the same purposes as set out in this Privacy notice or for the purpose of analysing any proposed re-organisation; Legal grounds: legitimate interests (in order to allow us to change our business).
SOURCES OF PERSONAL DATA
The Law Firm may collect or receive your personal data in a number of different ways:
- where you provide it to us directly, for example by corresponding with us by email, or via other direct interactions with us such as completing a form on our website or registering for and using one of our online tools;
- where we monitor use of, or interactions with, our websites, any marketing we may send to you, or other email communications sent from or received by the Law Firm;
- third party sources, for example, where we collect information about you to assist with “know your client” checks as part of our client acceptance procedures or where we receive information about you from recruitment agencies for recruitment purposes; or
- publicly available sources - we may, for example, use such sources to help us keep the contact details we already hold for you accurate and up to date or for professional networking purposes, e.g. LinkedIn, Twitter, Facebook.
CATEGORIES OF PROCESSED PERSONAL DATA
The Law Firm may collect and process different types of personal data in the course of operating our business and providing our services. These include:
- data serving the purpose of confirming identity, such as first and last name, job title, ID number, ID document number, date of birth;
- contact details such as: telephone number, e-mail address, postal and residence address;
- tax identification data;
- information about education and professional experience – if necessary from the point of view of the services provided;
- information about the economic and financial situation – if necessary from the point of view of the services provided;
- information about professional and business activities;
- information about the marital status – if necessary from the point of view of the services provided;
- images – in the scope of the monitoring in place in the Law Firm;
- financial data such as payment related information or bank account details;
- demographic data such as your address, preferences or interests;
- website usage and other technical data such as details of your visits to our websites or information collected through cookies and other tracking technologies;
- personal data provided to us by or on behalf of our clients or generated by us in the course of providing our services, which may, where relevant, include special categories of personal data;
- identification and other background verification data such as a copy of passports or utility bills or evidence of beneficial ownership or the source of funds to comply with client due diligence/”know your client”/anti-money laundering laws and collected as part of our client acceptance and ongoing monitoring procedures;
- recruitment related data such as your curriculum vitae, your education and employment history, details of professional memberships and other information relevant to potential recruitment;
- data that you may provide to us in course of registering for and attending events or meetings, including access and dietary requirements; and
- any other personal data relating to you that you may provide.
In addition, the Law Firm may process other personal data categories where it is impossible to include them to any of these groups and the processing is carried out for the purposes specified in this notice.
CATEGORIES OF RECIPIENTS
The data recipients may include the following categories of entities:
a. attorneys at law and legal advisers, notaries, and other entities providing legal services and taking independent decision as regards the purposes and manners of data processing, cooperating with the Law Firm;
b. assignees of the Law Firm’s receivables;
c. entities authorised on the basis of the applicable law regulations (in particular courts and state bodies);
d. economic information bureaux;
e. entities providing:
- services in the field of IT and new technology;
- payment services;
- accounting and financial services;
- audit and control services;
- recovery services;
- printing services;
- services consisting in destroying documents;
- postal and courier services;
- insurers and insurance brokers;
- other our third party service providers, external advisors or experts engaged in the course of the services we provide to our clients and with their prior consent,
We may also process your personal data to comply with our regulatory requirements or in the course of dialogue with our regulators as applicable, which may include disclosing your personal data to government, regulatory or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so.
TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA
In general, the Law Firm shall not transfer personal data outside the European Economic Area. However, the Law Firm may commission the provision of specific IT services or tasks to a service provider having its registered office outside the European Economic Area. In such a case data shall be transferred to a third state for which an adequacy decision was taken by the European Commission.
We recognise that information security is an integral element of data privacy.
While no data transmission (including over the Internet or any website) can be guaranteed to be secure from intrusion, we implement a range of commercially reasonable physical, technical and procedural measures to help protect personal data from unauthorised access, use, disclosure, alteration or destruction in accordance with data protection law requirements.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites or online services, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.
DATA RETENTION PERIOD
We will retain your personal data for as long as is necessary to fulfil the purpose for which this data was collected and any other permitted linked purpose (for example certain transaction details and correspondence related to any legal services we provide may be retained until the time limit for claims in respect of the transaction has expired or in order to comply with regulatory requirements regarding the retention of such data).
If your personal data is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires.
Our retention periods are also based on our business needs and good practice.
The Law Firm applies the following data retention periods:
a) for the purposes of performing a contract/contracts – until their termination or expiry;
b) to establish, exercise, or defend against legal claims – until the expiry of the limitation period or lodging an objection;
c) to comply with the legal obligations to which the Law Firm is subject – until the expiry of the obligations stemming from law regulations.
RIGHTS OF THE DATA SUBJECT
Data subjects enjoy the following rights:
- right of access to the contents of the data subject’s personal data,
- rectifying and completing them,
- restricting their processing and deleting them;
- right of personal data portability with regard to the data provided by you to the Law Firm, i.e. right to receive them in a structured and commonly used format and to send them to another controller (this right may be exercised only where the processing takes place on the basis of a consent or agreement and where it is fully automated).
In order to exercise the above rights, please contact the Law Firm.
We are also required to take reasonable steps to ensure that your personal data remains accurate.
In order to assist us with this, please let us know of any changes to the personal data that you have provided to us by contacting us or by using any relevant facilities that we provide.
While it is our policy to respect the rights of individuals, please be aware that your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime), our interests (e.g. the maintenance of legal privilege) and some of these rights may be limited (for example the right to withdraw consent) where we are required or permitted by law to continue processing your personal data to defend our legal rights or meet our legal and regulatory obligations.
RIGHT TO LODGE A COMPLAINT
The right to lodge a complaint with the supervisory body handling personal data protection where the data subject believes that the processing of personal data breaches the GDPR.
RIGHT TO OBJECT
You have the right to object to the processing of personal data if the processing is carried out for the purposes resulting from the legitimate interests pursued by the controller or a third party, i.e. on the basis of Article 6(1)(f) of the GDPR.
Such an objection must be based on your particular situation.
Upon receipt of the objection we shall cease to process your personal data for the purposes indicated above to which you have objected, unless we demonstrate that there is a compelling legitimate interest in the processing which overrides your interests, rights, or freedoms, or there are grounds for establishing, exercising and defending against claims.
RIGHT TO REVOKE CONSENT
Where personal data are processed on the basis of the consent of the data subject, the data subjects may revoke their consent at any time, whereby the revocation of consent shall be without prejudice to the legal compliance of the processing carried out before the revocation on the basis of such a consent.
COOKIES AND SIMILAR TECHNOLOGIES
When you visit our websites we may send a cookie to your computer.
This is a small data file stored by your computer to help improve functionality or tailor information to provide visitors with more relevant pages.
We may also analyse website traffic to identify what visitors find most interesting so we can tailor our websites accordingly.
We therefore encourage you to review them when you visit the website to stay informed of how we are using personal data.
If you have any questions about this GDPR Data Processing Notice or how we process your personal data, please contact us using contact details indicated above.
By accepting this Privacy Notice you also accept Terms and Conditions for using Emissions-EUETS.com.