1. Home
  2. Privacy Policy

Privacy Policy

KDCP

Information on the processing of personal data:

 

&1

Purpose of the Privacy Policy

 

In connection with the services provided by KDCP Kancelaria Doradztwa Celnego  i Podatkowego Rutkowski i Wspólnicy sp. z o.o. (hereinafter referred to as: "Law firm" or "Controller") collects and processes personal data in accordance with relevant regulations, including, in particular, the Regulation of the European Parliament and the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC(Official Journal of the EU of 2016 No. 119), (hereinafter referred to as "GDPR") and with the data processing rules provided therein. In view of the above, in order to ensure adequate protection of personal data, the subject of the data must, first of all, be provided with information on the processing of their personal data, specified in art. 13 or 14 of the GDPR, depending on whether such data were obtained directly from the data subject or from other sources.

 

&2

Personal Data Controller

 

  1. The Controller of your personal data is: KDCP Kancelaria Doradztwa Celnego  i Podatkowego Rutkowski i Wspólnicy sp. z o.o. with registered office in Warsaw, 02-305 Warszawa, Aleje Jerozolimskie 142A,  NIP: 5272735327 REGON: 361372087, KRS: 0000555501.
  2. You can contact the Controller by writing to the email address:  kancelaria@kdcp.pl or to the mailing address: KDCP Kancelaria Doradztwa Celnego  i Podatkowego Rutkowski i Wspólnicy sp. z o.o. , 02-305 Warszawa, Aleje Jerozolimskie 142A.

 

&3

Objectives and grounds for processing

 

  1. In the case of correspondence addressed to the Controller by email or traditional mail, personal data contained in that correspondence is processed for the purposes of communication and handling of the matter to which the correspondence referred, or related matters. The legal basis for the processing of personal data is the legitimate interest of the Controller (art. 6 sec. 1 letter f of the GDPR), consisting in the conducting of correspondence addressed to the Controller in connection with the services provided by the Controller.
  2. In the case of electronic contact, the Controller may request the disclosure of personal data to the extent in which it will be necessary for the handling of the matter communicated. In that case, the legal basis for the processing of personal data is the legitimate interest of the Controller, i.e. Art. 6 sec. 1 letter f of the GDPR, consisting in the need to resolve the matter communicated to the Controller and connected with the services provided by the Controller.
  3. Data provided in e-mail correspondence, by traditional mail, or by telephone, may also be processed on the basis of art. 6 sec. 1 letter b of the GDPR, i.e. for the purposes of taking action at the request of the person to whom the data refer, before the conclusion of a contract. Such a situation arises, in particular, when you approach the Controller with the view to establishing cooperation, for example, in providing legal advice.
  4. If data is collected for the purposes of concluding or executing a specific contract, the Controller provides the data subject with detailed information on the processing of their personal data, not later than at the moment of concluding the contract,
  5. In connection with the provision of services, the Controller also collects personal data during meetings at the Company's headquarters, which is related to the training courses and other similar events organised by the Controller, as well as in the exchange of business cards for purposes related to establishing and maintaining business contacts, and for the Controller's direct marketing related to the presentation of current offers and promotion of services provided by the Controller. In this case, the legal basis shall be the legitimate interest of the Controller, i.e. Art. 6 sec. 1 letter f of the GDPR, or your consent, referred to in art. 6 sec. 1 letter a of the GDPR.
  6. If the processing of data is related to recruitment or the performance of the employer's duties, information on the processing is included in the content of the advertisements in question, while employees are provided with the information in a manner adopted in accordance with the Controller's internal procedures.
  7. The disclosure of personal data is voluntary but it is generally necessary, for example, for the purposes of concluding a contract and executing it correctly, as well as for the performance of pre-contractual activities, for example, aimed at enabling contact with you. Failing to provide data may result, in particular, in the inability to establish cooperation and the inability to execute the contract correctly. The provision of some data may also be required by law.

 

&4

Sharing personal data with other entities

 

  1. The Controller's websites may allow third-party systems to collect information about Users' activities for statistical purposes (e.g. Google Analytics), advertising purposes (e.g. Google AdSense) or for the purposes of offering additional functionalities (e.g. Linkedln.com), as well as running an advertising campaign (e.g. Google Adwords). In the above-mentioned cases, your data is processed on the basis of art. 6 sec. 1 letter f of the GDPR.
  2. Data may be subject to disclosure, including entrusting for processing, to other third parties, including those operating information systems and third-party communication systems (e.g. email) and equipment, as well as to entities providing legal and accounting services, and marketing agencies. The recipients of the data may be, in particular, public authorities and courts, as well as persons and entities against whom claims may be asserted or rights enforced in connection with the execution of the contract or taking other actions related to cooperation with you. Your data is not transferred to third countries, unless it is necessary, in particular in relation to the execution of a contract on your behalf. In that case, you will be informed about it.
  3. Other disclosure of personal data to competent authorities or to third parties that make a request for such information, may be made only on the basis of an appropriate legal basis and in accordance with the provisions of applicable law.

 

&5

Area of processing, profiling

 

  1. Your data may be passed to entities located outside of the European Union, in particular to the above-mentioned service providers. In the event of passing personal data to third countries (located outside of the EU/EEA), the Law Firm applies appropriate instruments intended to ensure the security of your personal data.
  2. Your personal data are not subject to profiling or any other form of automated decision-making.

 

&6

Duration of processing

 

  1. The duration of data processing depends on the purpose of the processing and may result from regulations if they are the basis for processing. 
  2. In the case of data processing on the basis of the Controller's legitimate interest, data will be processed for the period necessary to perform such interest or until an effective objection to the data processing is raised. 
  3. If the processing of data is based on consent to the processing, the data are processed until the moment the consent is withdrawn. 
  4. In case the processing of personal data is required for the conclusion and execution of a contract, the data will be processed in accordance with the data processing notice accompanying the contract. As a rule, they can then be processed for a period in which claims related to the contract may emerge, that is, for a period of 7 years from the end of the year in which the above-mentioned contract expired, with the longest possible statute of limitations for civil law claims being 6 years (subject to exceptions), with an additional year for last-minute claims or problems with the service of claims, while counting from the end of the year serves to facilitate the management of data from contracts that expire in a given year. 
  5. Data processed prior to the conclusion of the contract are processed for the purposes of its conclusion at your request until the moment of contact related to the will to conclude the contract or until its cessation.
  6. The period of data processing may be extended in case the processing is necessary for the establishment, pursuit, or defence against potential claims, and, after that period, only in the cases and in the extent required by law. After the indicated period, the data will be irreversibly deleted.

 

&7

Rights of data subjects

 

  1. The Data Subjects are entitled to the following rights:
    1. the right to be informed about the processing of personal data – upon the receipt of a notification, the Controller provides information about the processing of data, including (i) information about the purposes and legal grounds for processing, (ii) information about the scope of the data held, (iii) information about entities to which the data are disclosed, and (iv) information about the planned date of deletion of the data.
    2. the right to correct the data - at the request of the Data Subject, the Controller corrects any inconsistencies or errors in the personal data being processed, or supplements them in case they are incomplete;
    3. the right to restrict the processing of data - in case of notification of a breach, the Controller ceases to perform operations on personal data and to store personal data, until the reasons for restricting the processing of data are removed;
    4. the right to obtain copies of the data – the Controller provides copies of the processed data concerning the applicant, and in the event of subsequent requests for the provision of copies of documents, the Controller will inform the applicant about the need to pay a fee that depends on the number of copies made;
    5. the right to deletion of the data - at the request of the Data Subject, the Controller will delete the Subject's data the processing of which is no longer necessary for the fulfilment of any of the objectves for which the data were collected.
    6. the right to transfer personal data - the Controller releases the personal data provided to the extent to which they are processed by automated means or in connection with a concluded contract or consent given in a form that can be read by a computer. According to the regulation, it is possible to transfer the data to another entity, provided that there are technical capabilities in this regard both on the part of the Controller and the other entity.
    7. the right to object to the processing of data for the purposes of direct marketing – the person whose personal data are processed by the Controller may at any time object to the processing of the personal data for the purposes of direct marketing, without having to justify the objection;
    8. the right to object to the processing of data for other purposes – the person whose personal data are processed by the Controller may at any time object to the processing of the personal data on grouds related to that person's particular situation; an objection in this regard should contain a justification;
    9. the right to lodge a complaint – if the data subject believes that the processing of their personal data violates the provisions of the GDPR or other personal data protection laws, they may lodge a complaint with the President of the Personal Data Protection Office;
    10. the right to revoke consent – in the case of processing of data by the Controller on the basis of consent granted, the person whose data are processed may at any time revoke the consent, however, this does not affect the legality of the processing carried out before the consent was revoked;
    11. the right to be forgotten – the Data Subject has the right to request from the Controller to immediately delete the personal data concerning the Data Subject, while the Controller is obliged to delete the personal data without undue delay; this obligation arises when one of the following situations occurs:
      1. the personal data are no longer needed by the Controller, 
      2. consent to the processing of personal data was revoked, 
      3. the Data Subject objects to the processing of the data, 
      4. personal data were processed unlawfully.
  2. The request referred to in sec. 1 above may be submitted in writing or by e-mail to the following address: kancelaria@kdcp.pl. The response will be provided in writing, except for situations in which the request was submitted by e-mail and a request was made for the response to be provided by e-mail within one month from the submission of the request. The Controller has the right to extend the consideration of the request to 2 months by notifying the person before the end of the first month of the deadline.