GDPR

In connection with the entry into force of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), we hereby inform you that the Law Office of Attorney-at-Law Krzysztof Krawczyk processes, among others, the following categories of personal data:

  • clients who are natural persons;
  • in the case of clients of the Law Office who are legal persons or organizational units without legal personality – personal data of persons authorized to represent such entities, employees, and associates of such clients;
  • service providers who are natural persons, as well as employees and associates of service providers;
  • individuals contacting the Law Office for the purpose of obtaining legal advice provided by the Law Office, as well as individuals whose data were obtained in connection with the provision of such services to the Law Office’s clients;
  • individuals cooperating with the Law Office on a permanent or ad hoc basis in the provision of services by the Law Office, as well as parties and participants in proceedings.

In connection with the above, the Law Office provides you with essential information regarding the processing of personal data.

DATA CONTROLLER

The controller of personal data is Attorney-at-Law Krzysztof Krawczyk, Law Office, Rynek 5, 50-106 Wrocław, entered in the register of entrepreneurs, Tax Identification Number (NIP): 899-249-05-36.

CONTACT DETAILS OF THE DATA CONTROLLER

You may contact me:

PURPOSES OF DATA PROCESSING, LEGAL BASIS, AND LEGITIMATE INTERESTS

Your personal data will be processed where necessary for the following purposes:

  1. Conclusion and performance of a contract – pursuant to Article 6(1)(b) GDPR, including in particular a legal services agreement or a service agreement with the Law Office’s service providers;
  2. Compliance with legal obligations imposed on the data controller – pursuant to Article 6(1)(c) GDPR, arising from EU law or Polish law;
  3. Legitimate interests pursued by the controller or by a third party – pursuant to Article 6(1)(f) GDPR, which the controller considers to include, in particular: establishing, pursuing, and defending against claims, fraud prevention, ensuring IT environment security, applying internal control systems, monitoring the Law Office and recording entries and exits, identifying conflicts of interest and ethical breaches to prevent abuses, for archival and statistical purposes, as well as providing services to clients where the client’s interest prevails over the interests, rights, and freedoms of the data subject.

CATEGORIES OF PERSONAL DATA PROCESSED

The Law Office processes the following categories of personal data:

  • identity verification data such as full name, PESEL (personal ID number), ID card number, date of birth;
  • contact data such as telephone number, e-mail address, residential address;
  • tax identification data;
  • data concerning education and professional experience – where necessary for the services provided;
  • data concerning financial and property situation – where necessary for the services provided;
  • data concerning professional or business activity;
  • marital status data – where necessary for the services provided;
  • image – in the scope of the monitoring system implemented in the Law Office.

The Law Office may also process other categories of personal data if such data cannot be classified into any of the above groups, provided that processing is carried out for the purposes specified in this notice.

CATEGORIES OF DATA RECIPIENTS

Recipients of the data may include entities from the following categories:

  • cooperating attorneys, legal advisers, notaries, and other entities providing legal services and independently determining the purposes and means of data processing;
  • purchasers of the Law Office’s receivables;
  • entities authorized under applicable laws (in particular courts and public authorities);
  • credit information agencies;
  • entities providing:
    • IT and new technology services,
    • payment services,
    • accounting and financial services,
    • audit and control services,
    • debt collection services,
    • printing services,
    • document destruction services,
    • postal and courier services.

TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA

As a rule, the Law Office does not transfer personal data outside the European Economic Area. However, the Law Office may entrust certain IT services or tasks to providers established outside the European Economic Area. In such a case, data are transferred to a third country for which the European Commission has issued a decision confirming an adequate level of protection. You may at any time request further information and a copy of the relevant safeguards.

DATA RETENTION PERIOD

  • for the purpose of performing a contract/contracts – until their termination or expiration;
  • for the purpose of establishing, pursuing, or defending claims – until the limitation period expires or until an objection is raised;
  • for the purpose of fulfilling legal obligations imposed on the Law Office – until the expiry of obligations arising from applicable laws.

YOUR RIGHTS

You have the following rights:

  • the right of access to your personal data, rectification, completion, restriction of processing, and erasure;
  • the right to data portability – for data you have provided to the Law Office, i.e., the right to receive them in a structured, commonly used format and to transmit them to another controller. This right applies only when processing is based on consent or contract and is carried out by automated means.

To exercise the above rights, please contact the Law Office.

RIGHT TO LODGE A COMPLAINT

You have the right to lodge a complaint with the supervisory authority responsible for data protection if you believe that the processing of your personal data violates the GDPR.

RIGHT TO OBJECT

You may object to the processing of your personal data where such processing is based on legitimate interests pursued by the controller or a third party, i.e., pursuant to Article 6(1)(f) GDPR.

The reason for such an objection must be your particular situation. Upon receiving your objection, we will stop processing your data for the purposes to which the objection relates, unless we demonstrate compelling legitimate grounds for processing, overriding your interests, rights, and freedoms, or for the establishment, exercise, or defense of claims.

RIGHT TO WITHDRAW CONSENT

Where processing is based on your consent, you have the right to withdraw it at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

INFORMATION ON REQUIREMENT OR VOLUNTARINESS OF DATA PROVISION AND CONSEQUENCES OF FAILURE TO PROVIDE DATA

With respect to processing for the purpose referred to in point 2 above, providing data is a statutory requirement. In the case of processing for the purposes referred to in points 1 and 3, providing data is a contractual requirement. Providing personal data for all of the above purposes is voluntary but necessary for the conclusion and performance of a contract with the Law Office.