INFORMATION ON PERSONAL DATA PROCESSING 1
1. DATA CONTROLLER
The controller of your data is “JDP Drapała & Partners” Sp. j. with its registered office in Warsaw, ul. Bonifraterska 17, 00-203 Warszawa, entered in the business register of the National Court Register kept by the District Court for the Capital City of Warsaw, XII Commercial Division of the National Court Register under number 0000880140, REGON: 140887753, NIP: 7010056483 (“Controller” or “JDP”).
2. PURPOSE AND LEGAL BASIS FOR DATA PROCESSING
Your personal data are processed for the purposes of:
- informing on practising a profession and JDP’s activity:
- on the basis of a consent given voluntarily (article 6 section 1 item (a) GDPR), where JDP collected a consent;
- on the basis of the legitimate interests pursued by JDP (article 6 section 1 item (f) GDPR) involving informing about the Controller’s activity and practising a profession by its lawyers;
- sending correspondence, including replying to messages sent to the Controller, for the purposes of JDP’s legitimate interests (article 6 section 1 item (f) GDPR) involving contacting and maintaining relationships with clients and persons having interest in the areas of JDP’s activity;
- archiving materials and communications created by JDP as part of its business activity, for the purposes of JDP’s legitimate interests (article 6 section 1 item (f) GDPR) involving documenting the activity in accordance with applicable provisions, including principles of practising as an attorney-at-law, an advocate or a tax advisor.
3. DATA RECIPIENTS AND PROVIDING PERSONAL DATA OUTSIDE THE EEA
- Personal data may be provided to entities working with JDP based on concluded agreements. In particular, personal data may be made available to entities that render services to the Controller in the area of information activities support (e.g. entities sending newsletters, letters, invitations as well as other communication and materials on JDP’s behalf); entities providing IT support to JDP, including those operating and servicing IT systems and providing data hosting or cloud services; electronic mail service providers; entities archiving and shredding documents; post operators or couriers; consulting companies cooperating with JDP. Moreover, personal data may be transferred to public authorities or entities (or those performing public tasks) authorised to receive data under applicable legal provisions.
- Generally, personal data will not be provided outside the European Economic Area. However, if such transfer is to take place in the future – which may happen, for instance, if the Controller potentially uses IT solutions based on cloud solutions or IT solutions served by a servicing centre based outside the European Economic Area – the Controller will provide a mechanism that will legalise such transfer under the European legislation and will guarantee personal data protection. The data subjects will be informed about the transfer in advance.
4. PERIOD FOR WHICH PERSONAL DATA WILL BE STORED
Your personal data will be stored for the duration of JDP’s or its shareholders’ business activity, unless before the end of this period (i) a consent to processing data for a specific purpose is effectively withdrawn or (ii) the data processing for this purpose is effectively objected.
5. VOLUNTARY PROVISION OF PERSONAL DATA
Provision of personal data for the purposes of being informed about practising a profession and JDP’s activity is voluntary. However, if you do not provide your personal data, it will not be possible for you to be informed about practising a profession and JDP’s activity.
Provision of personal data is necessary to exchange correspondence with the Controller.
6. PROFILING AND AUTOMATED DECISION-MAKING
Personal data processed for the purposes described above will not be subject to profiling and no automated decision-making will take place with respect to the data subjects.
7. DATA SUBJECTS’ RIGHTS
- In connection with JDP’s processing of personal data, the data subjects have the following rights:
- pursuant to article 15 GDPR – right of data access;
- pursuant to article 16 GDPR – right to data rectification;
- pursuant to article 17 GDPR – right to data erasure;
- pursuant to article 18 GDPR – right to restriction of data processing;
- pursuant to article 20 GDPR – right to data portability;
- right to withdraw the consent at any time where personal data are processed on the basis of a prior consent; the withdrawal will not affect the lawfulness of processing based on the consent before its withdrawal;
- pursuant to article 21 GDPR – right to object the processing where personal data are processed for the purposes of the Controller’s legitimate interests.
- These rights may be exercised by making a respective demand towards the Controller to the addresses indicated in article 1 above. Moreover, in case of newsletters it is possible to unsubscribe from newsletters by clicking an appropriate link at the bottom of each email. The statement of unsubscribing will be deemed a withdrawal of the consent or an objection to receiving the communication to which the statement refers.
- In connection with JDP’s processing of personal data, the data subjects also have a right to lodge a complaint with a competent supervisory authority, in particular in the country of the data subjects’ habitual residence, place of work or place of alleged violation. In Poland the supervisory authority is the Head of the Personal Data Protection Office, Stawki 2, 00-193 Warszawa.
1 provided on the basis of article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Official Journal of the European Union L 119/1 („GDPR”)