Privacy notice for persons with whom electronic communication is exchanged
provided in accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016 (hereinafter: “GDPR”).
1. PERSONAL DATA CONTROLLER
The personal data controller is “JDP Drapała & Partners” spółka jawna, with its registered office in Warsaw, ul. Bonifraterska 17, 00-203 Warszawa, entered in the Register of Businesses of the National Court Register (KRS) maintained by the District Court for the Capital City of Warsaw, 12th Commercial Division of the National Court Register, with KRS number: 0000880140, REGON: 140887753, NIP: 7010056483 (hereinafter “Data Controller” or “JDP”).
The Data Controller has an Internet website at: www.jdp-law.pl, and apart from the postal and personal contact at its registered office, it may be contacted by email at: office@jdp-law.pl.
2. PURPOSE AND LEGAL BASIS OF PERSONAL DATA PROCESSING
Personal data are processed for the following purposes:
- EXCHANGE OF COMMUNICATION, including responding to messages sent to the Data Controller, based on the legitimate interest of JDP (Article 6(1)(f) GDPR), namely keeping in contact with persons interested in our activity, timely exchanging of any communication related to performed activity, and taking care of the quality of cooperation with customers, clients and other stakeholders – with the use of electronic mail;
- TALKS BEFORE ENTERING INTO AN AGREEMENT, ENTERING INTO AND PERFORMANCE OF AN AGREEMENT based on the legitimate interest of JDP (Article 6(1)(f) GDPR), namely taking actions related to the performed activity with the participation of persons authorised/appointed to act on behalf of or for other entities being the other party to an agreement or pursuant to Article 6(1)(b) if the above-mentioned actions are taken directly by a natural person that is the other party to an agreement;
- ARCHIVING materials and messages, including communication generated by JDP as part of its business activity, based on the legitimate interest of JDP (Article 6(1)(f) GDPR), namely recording of performed activity in accordance with legal provisions in force, including principles applicable to the professions of attorney-at-law, lawyer and tax advisor.
3. DATA RECIPIENTS AND TRANSFER OF PERSONAL DATA OUTSIDE THE EEA
- Personal data may be transferred to entities cooperating with JDP pursuant to signed agreements. In particular, data may be shared with entities that provide the Data Controller with IT support, including service and maintenance of IT systems, data hosting and cloud services, with email, archiving and document destruction service providers, postal operators or courier companies, and consulting companies with whom JDP cooperates. Furthermore, personal data may be transferred to public authorities or bodies (or those who perform public tasks) authorised to obtain the data in accordance with legal provisions in force.
- In principle, personal data will not be transferred outside the European Economic Area. However, if such transfer of personal data occurs in the future, which may happen, among others, as a result of the Data Controller’s possible use of IT solutions based on cloud solutions or maintained by a service centre situated outside the European Economic Area, the Data Controller will ensure a mechanism according to which, in accordance with the EU law, it will make the transfer lawful and ensure relevant guarantees of personal data protection. Data subjects will receive prior notification regarding such transfer.
4. DATA RETENTION PERIOD
JDP will process personal data for the period necessary to handle the case in relation to which the communication is exchanged, and afterwards the communication will be retained to the extent necessary for archiving purposes related to the recording of the performed business activity, for a period not shorter than the limitation period for possible claims.
5. VOLUNTARY PROVISION OF PERSONAL DATA
The provision of personal data is necessary in order to exchange communication with the Data Controller.
6. PROFILING AND AUTOMATED DECISION-MAKING
The data processed for the purposes described herein will not be subject to profiling, and data subjects will not be subject to automated decision-making.
7. RIGHTS OF DATA SUBJECTS
- In connection with the processing of personal data by JDP, data subjects have the following rights:
- pursuant to Article 15 GDPR – the right to access their personal data;
- pursuant to Article 16 GDPR – the right do to rectify their personal data;
- pursuant to Article 17 GDPR – the right to request erasure of their personal data;
- pursuant to Article 18 GDPR – the right to request restriction of processing of their personal data;
- pursuant to Article 21 GDPR – the right to object to processing of their data unless the processing is based on the legitimate interest of the Data Controller.
- The above-listed rights may be exercised by expressing the relevant request to the Data Controller and sending it to the contact addresses presented in Clause 1. “Personal Data Controller” shown at the beginning of this notice.
- In connection with the processing of personal data by JDP, data subjects also have the right to lodge a complaint with the relevant supervisory authority, in particular in the state of their habitual residence, their place of work, or the place where the alleged breach has occurred. In Poland, the supervisory authority is President of the Personal Data Protection Office, Stawki 2, 00-193 Warszawa.