RODO information clause

INFORMATION CLAUSE

REGARDING THE PROCESSING OF PERSONAL DATA IN ELECTRONIC CORRESPONDENCE

 

The personal data controller of your personal data is SPS TAX&LAW Szkudlarek i Wspólnicy sp. k. with its registered seat in Wrocław, ul. Świdnicka 36/12, 50-068 Wrocław, KRS 0000537068 („Company”).

The Company has not appointed a data protection officer.

For all matters concerning the processing of personal data, you can contact:

– by email to: rodo@spslaw.pl

– by sending traditional correspondence to the Company’s address indicated above (please add the reference: “personal data”).

The company declares that it strictly complies with the applicable legal provisions and has implemented appropriate organizational and technical measures to prevent breaches of the security of personal data processed in the Company’s e-mail systems.

The source of personal data may be:

  1. contact details provided by you in the contact forms;
  2. information provided directly by you when initiating contact with the Company by electronic means (including data identifying the e-mail user in the postal service, including the so-called metadata);
  3. information provided by you in the content of electronic correspondence (including identification data included in the signature);
  4. contact details publicly available on the official website of the organization (company, office, etc.);
  5. contact details published in a different way (e.g. data appearing in commercial and information folders);
  6. provisions in contracts concluded by the Company (contact details);
  7. contact details provided by other entities, including business partners.

All personal data in electronic correspondence, in particular contact details about senders and recipients of e-mail, data automatically generated by e-mail systems and personal data contained in the content of the correspondence will be processed by the Company for the following purposes:

  1. enabling e-mail contact with the Company and making contact with addressees,
  2. documenting arrangements made with various entities (i.e. customers, business partners, job applicants, employees, officials),
  3. accept and send letters, requests, demands, complaints, notifications, enquiries etc.,
  4. handling letters, requests, demands, complaints, notifications, enquiries etc.,
  5. implementing specific obligations towards offices,
  6. sending documents,
  7. managing human resources and other assets of the Company,
  8. sending commercial information, conducting promotional and informative campaigns, etc.,
  9. ensure the security of the Company, including the security of electronic mail systems,
  10. related to any claims against the Company,
  11. for other purposes resulting from the legitimate interests of the Company or third parties.

 

We would like to inform you that the Company processes personal data belonging to specific categories of data referred to in art. 9 GDPR (so-called sensitive data) as well as data on criminal records referred to in art. 10 GDPR. The Company applies appropriate security measures adapted to the data being processed.

The provisions of personal data in connection with the exchange of correspondence by electronic means is voluntary, but necessary to achieve the purposes for which digital communication is used.

As a rule, e-mail correspondence will be stored for a period of 6 years, counting from January 1 of the year following the year in which the exchange of correspondence took place. This period may be extended if the data are necessary in court proceedings or before a public administration body.

In the process of data processing in e-mail systems, the Company does not use automated decision making, including profiling.

The company may disclose personal data to the following third parties:

IT service providers – Provision of ICT services

Providers of specialized services – Entities providing marketing, consulting, auditing, etc. services

The company may transfer personal data to the third countries in particular to the Republic of Korea. The transfer of personal data to Korea is based on the decision of the European Commission of December 17, 2021, stating that the Republic of Korea ensures an adequate level of protection of these data.

In connection with the processing of your personal data, you have the right to:

  1. request access to personal data, including obtaining access and information about this data, on the terms set out in Art. 15 GDPR;
  2. request the rectification or supplementation of incorrect or incomplete data, on the terms specified in art. 16 GDPR;
  3. request the deletion of the data if the Company no longer has a legal basis for their processing or personal data are no longer necessary for the purposes of processing, on the terms set out in art. 17 GDPR;
  4. request the limitation of data processing on the principles set out in art. 18 GDPR;
  5. request the transfer of data provided on the basis of consent, in accordance with the principles set out in Article 20 RODO;
  6. object to the processing of data for the legitimate purposes of the Company, for reasons related to the special situation of the person, on the terms set out in art. 21 GDPR.

To exercise the above-mentioned rights, you should contact the Company in writing (or by sending an e-mail and inform us which right and to what extent you want to exercise.

At the same time, we would like to inform you that in the cases indicated in the GDPR, the Company may refuse to implement some of the above-mentioned rights, in particular if:

  1. processing is necessary to establish, assert or defend claims;
  2. the request comes from a person other than the data subject, unless that person is a duly authorized representative;
  3. the person submitting the application cannot be clearly identified.

If you claim that the personal data concerning you are being processed contrary to the applicable law, you have the right to lodge a complaint to the supervisory authority, i.e. the President of the Personal Data Protection Office (2 Stawki St., 00-193 Warszawa). Detailed information on the complaint procedure can be found on the website of this Office. However, before you officially lodge a complaint or take other legal steps, please contact us in order to clarify any doubts and/or objections regarding the processing of your personal data.