GDAŃSK, ON APRIL 22, 2020.
This information applies to personal data collected by Paulina Żęgota-Bąk, running a business under the name Kancelaria Adwokacka Paulina Żęgota-Bąk, (the “Administrator”) as the administrator of personal data, the ways in which it is used, and the rights of natural persons related to collecting and using such data. If you have any questions or comments, please contact us at firstname.lastname@example.org
In order to conduct business, the Administrator collects and uses information identifying natural persons (also called “personal data”), including information about persons cooperating with the Administrator.
Personal data: all information about an identified or identifiable natural person through one or several specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person, including image, voice recording, contact details, location data , information contained in correspondence, information collected through recording equipment or other similar technology.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC.
2. Scope of information
In this clause, the Administrator informs about all forms of use of personal data (“processing”) in relation to natural persons who are:
a) contractors (principals), including potential contractors (principals), the Administrator;
b) contractors of the Administrator’s clients;
c) partners, employees, statutory representatives, proxies or representatives of such contractors; and
d) other persons whose data we process for the purpose of issuing or processing invoices
(together “Country” or “Counterparties”).
3. Types of personal data
3.1. Data provided by Contractors
In connection with the cooperation between the Contractor and the Administrator, the Administrator may process the provided personal data, such as:
name and surname, PESEL number,
company, business address and correspondence addresses, NIP or REGON number, residential address, registered address,
contact details such as email address or telephone or fax number,
position held by you within your organization,
specific identification numbers that are not commonly assigned numbers (e.g. business ID number),
Bank account number.
In the case of concluding a contract directly between the Contractor and the Administrator, providing the data specified above is voluntary, but necessary for the purpose of concluding the contract and handling cooperation between the Contractor and the Administrator.
The consequence of not providing data is the Administrator’s inability to perform actions.
3.2. Data collected from other sources
The administrator may also obtain the Counterparty’s personal data from other sources, such as:
registers of CEIDG or KRS entrepreneurs – to verify information provided by Contractors. In this case, the scope of processed data will be limited to data available to the public in relevant registers,
Entities in which you are employed or whose representatives you are. In this case, the scope of processed data will include information necessary for the implementation of the contract between the Administrator and such entity, e.g. information about the termination of your employment with a given entity, change of contact details or change of job position.
4. Legal bases, purposes and periods of data processing
4.1. Legal grounds for data processing
The administrator may not process personal data if there is no valid legal basis for doing so. Therefore, the Administrator processes personal data only if:
processing is necessary to fulfill contractual obligations towards the Contractor, if he is a party to the contract concluded with the Administrator,
the processing is necessary to comply with legal obligations, e.g. the obligation to issue an invoice or other document required by law, or it is explicitly dictated by a legal provision (this applies to cases of disclosing the data of Contractors at the request of competent authorities or courts),
processing is necessary for the implementation of the legitimate interests of the Administrator or a third party and does not unduly affect the interests or fundamental rights and freedoms of the Contractor. When processing personal data, the Administrator undertakes to maintain a balance between legitimate interests
and the Contractor’s privacy.
Such legitimate interests are:
conclusion and performance of contracts with Contractors who are organizational units without legal personality or legal persons,
determining or pursuing civil law claims by the Administrator as part of the business, as well as defense against such claims,
verification of Contractors in public registers,
verification of the identity of persons employed in cooperating entities
with the Administrator, e.g. suppliers, couriers, architects, etc.,
contact with Contractors, including keeping internal registers of Contractors to enable contact by the Administrator
4.2. Purposes and periods of data processing
Personal data is processed only for a specific purpose and to the extent necessary to achieve it and for as long as it is necessary. Listed below are the purposes that the Administrator pursues through the processing of personal data and the periods for which it processes them.
Purpose of processing
Fulfilling contractual obligations
The duration of the contract between the Contractor and the Administrator
Verification of the identity of persons employed in entities cooperating with the Administrator
The duration of the contract between the entity employing the person and the Administrator or until such person’s employment ceases
Archiving data on the basis of generally applicable legal provisions, such as the Accounting Act and the Tax Code
The period indicated in the relevant provisions; as a rule, 6 years from the end of the calendar year in which, for example, an invoice was issued, the contract was terminated, etc.
Notwithstanding the above periods, the Contractor’s data may be processed by the Administrator for the purposes of determining or pursuing by the Administrator civil-law claims as part of the business, as well as defense against such claims – for appropriate periods of limitation of such claims, i.e. in principle no longer than 6 years from the occurrence of the event giving rise to the claim.
5. Transfer of personal data
The Administrator is entitled to provide personal data to the Administrator’s employees.
Data may be transferred to recipients and other third parties to achieve the purposes listed in point 4.2 to the extent that they are necessary for them to perform the tasks ordered by the Administrator, if required by law or if the Administrator has a different legal basis. The following may be considered as recipients or other third parties:
entities processing personal data at the request of the Administrator, such as IT system providers or entities providing document archiving services,
any national public administration authorities (e.g. the Police), authorities of other EU Member States (e.g. authorities established to protect personal data in other Member States) or courts, if required by applicable national or EU law or at the request of these authorities,
courier or postal service providers,
other persons within the organization of the given Counterparty.
In connection with the obligation arising from art. 13 section 2 lit. f) GDPR The administrator informs that in relation to your data there will be no automated decision making or profiling.
6. Rights of Contractors and exercise of these rights
6.1. Your rights
Each person has the right to access their personal data processed by the Administrator. If you believe that any information about you is incorrect or incomplete, please submit a request for rectification as described in Section 6.2 below. The administrator shall correct such information immediately.
In addition, you have the right to:
withdraw your consent in the event that the Administrator has obtained such consent for the processing of personal data (provided that such withdrawal does not violate the lawfulness of data processing carried out prior to withdrawal),
request removal of your personal data in cases specified by the provisions of the GDPR,
request to limit the processing of your personal data in cases specified by the provisions of the GDPR,
objecting – for reasons related to your particular situation – to the processing of your personal data (including profiling), if such processing is carried out in order to implement the public interest or legitimate interests of the Administrator or a third party,
transfer of data, i.e. receipt of personal data provided to the Administrator in a structured, commonly used and machine-readable format, and to request that such personal data be sent to another personal data administrator, without any difficulties on the part of the Administrator and subject to own confidentiality obligations,
obtaining a copy of the security – this applies to cases of personal data transfer outside the EEA. The administrator will verify your requests, requests or objections in accordance with applicable provisions on the protection of personal data. However, it should be remembered that these rights are not absolute and the regulations provide for exceptions to their application.
In response to your request, the Administrator may ask you to verify your identity or provide information that will help you better understand the situation. The administrator will make every effort to explain his decision to you if your requests are not met.
6.2. Exercise of your rights
You can exercise the above rights by sending an appropriate letter to the address of the Administrator’s seat.
If you are not satisfied with the way the Administrator processes your personal data, please inform us about the problem and we will investigate any irregularities. Please report your concerns using the contact details provided above.
If you have objections to the Administrator’s reaction, it is also possible to submit a complaint to the competent personal data protection authority. In Poland, this body is the President of the Office for Personal Data Protection.
In order to ensure the timeliness and accuracy of personal data, we may periodically ask you to check and confirm the personal data we hold about you or to inform us of any changes regarding this personal data (such as changing your email address). We encourage you to regularly check the correctness, timeliness and completeness of personal data processed.
7. Messages sent via the contact form or via e-mail.
The administrator of all personal data contained in all messages sent via the website www.3cm.pl, including such data, including name, surname, email address of their addressees is Paulina Żęgota-Bąk, running a business under the name Kancelaria Adwokacka Paulina Żęgota-Bąk.
We process your personal data in order to carry out ongoing correspondence and possible response to the content of the question provided to us. The basis for the processing of your personal data is our legitimate interest based on the possibility of communicating with you.
For each message, in accordance with the obligation arising from art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC, information on data protection is attached personal data with a link to this page where the information clause regarding the processing of personal data is published.
8. Information clause updates
This clause was updated on May 25, 2018 and may be subject to further changes. If it is required by law, any information regarding future changes or additions to the processing of personal data described in this clause, which may apply to your person, will be forwarded to you via the appropriate form of communication usually used by the Administrator in dealing with Contractors.