In view of the above, as the Administrators of your personal data within the meaning of the GDPR, we approach the issue of protecting your personal data responsibly.
The GDPR directly and comprehensively regulates the protection of personal data throughout the European Union. Its main objectives are focused on the implementation of the fundamental rights and freedoms of individuals, in particular the right to have one’s personal data protected. The GDPR not only gives new rights to the people it protects, it also strengthens existing requirements by introducing numerous responsibilities for administrators.
Important! In connection with the GDPR entering into force, it is not necessary to contact us; it is sufficient to read the information available on the following page.
We, as a reliable organisation, take this challenge extremely seriously and undertake to comply with the GDPR in respect of all the services we offer now and in the future. Our commitment to security is very important, therefore our clients can be sure that their data is properly protected. As part of this commitment, we want to let you know in a transparent and easy to understand way how we use personal data and what rights you have.
We are aware that both we and our clients have obligations resulting from the new regulations. Therefore, we provide security to our clients by conducting regular inspections, providing standard contractual safeguards, and sharing tools and necessary information.
As it has always been our goal to preserve the privacy and security of our clients’ personal data, and the control of its processing, in the near future we will provide you with updated contractual clauses that meet the requirements of the new regulations.
Please note that from this moment on we will be profiling your personal data, which means there will be an automated analysis of your expectations and needs as well as your preferences and behaviour. The aim of profiling is, above all, to optimise our commercial offering. We use your personal data obtained during the signing of contracts and the duration thereof for the following purposes:
- concluding and implementing agreements, including ensuring the quality of services provided during the agreement and the correctness of settlements made after its completion (Article 6 of the GDPR);
- to meet our legal obligations, such as
- issuing and storing invoices and accounting documents,
- responding to complaints on time and in the form provided for by law;
In view of the above, we will use your personal data:
- For the duration of performing our obligations under the agreement between you and us, for example issuing invoices (Article 6.1 par. 1c of the GDPR).
- For the time we required by applicable law to store personal data, e.g. for tax purposes (Article 6 par. 1c of the GDPR).
- For the time during which there is a risk of legal consequences of non-performance or improper performance of obligations resulting from the GDPR, e.g. the imposition of a fine by a controlling body (Article 6 par. 1f of the GDPR):
- detecting and preventing fraud for the duration of the agreement, and then for the period until the date when claims arising from such agreement are time-barred, and, in the case of enforcement of claims or notification to competent authorities, for the duration of those proceedings;
- establishing protection and pursuing claims – also in the case of the sale of claims under the agreement to another entity – for the period until the date when claims resulting from such agreement are time-barred;
- direct marketing – for the duration of the agreement or based of your consent, until it is withdrawn;
- creating statements, analyses and statistics for our internal needs, in particular reporting, marketing research, service development planning or development work in information systems, creating statistical models – for the duration of the agreement, no longer than for the period the date when claims resulting from an agreement are time-barred;
- service support, including by informing you about failures and complaints, as well as adjusting services based data about the service you are using – for the duration of the agreement.
- The right to correct your personal data.
- The right to have your personal data deleted.
- The right to restrict the processing of your personal data.
- The right to access your personal data.
- The right to transfer your personal data.
- The right to object to the processing of your personal data.
- The right to withdraw consent for the processing of your personal data.
- The right to make a complaint to a supervisory body.
- The right to correct your personal data – this right allows you to report to us the need to correct incorrect data or supplement incomplete data.
- The right to have your personal data deleted – this right allows you to request the deletion of your personal data. If the grounds for a request are justified, we will immediately delete the data.
- The right to restrict the processing of your personal data – this right allows you to request that data processing be restricted, e.g. questioning the correctness of the data being processed or the compliance of its processing with the law. If the grounds for a request are justified, the processing of the data will cease and we will only store it. The re-processing of data is possible when the basis for requesting that its processing is restricted is not possible. The foregoing does not apply in the event of establishing, asserting or defending the claims of the right holder, for example pursuing claims arising from the agreement.
- The right to access your personal data – this right allows you to obtain information about your data, and how and for what purpose it is processed.
- The right to transfer your personal data – this right allows you to request a transfer of data directly to another entity (data administrator), as well as to receive a copy of the data in a structured machine-readable format (for the purpose of transferring data to another administrator).
As an administrator of personal data we are required to keep a register documenting the most important activities related to the processing of your personal data, including how to protect it, and to keep a register of the recipients of this data. The register shows, in a reliable and responsible manner, the activities regarding your data that we hold in our data sets.
As an administrator we are required to re-evaluate the security of personal data processing. Ensuring security involves many activities, including the encryption or pseudonymisation of data (preventing the data subject from being identified).
Ecovis Milczarek i Wspólnicy Kancelaria Prawna Sp.k.
ul. Belwederska 9A, 00-761 Warsaw.
Data Protection Inspector:
Phone: +48 22 400 45 85