The purpose of this Privacy and Cookies Policy is to explain the rules on which your personal data is processed, why and how we collect your personal data, how we secure it and how we use it, and to discuss the basic rights related to the processing of your personal data by us.
The Privacy and Cookies Policy provide important information related to the activities undertaken in the processing of your personal data collected via the website, contact form, traditional or e-mail correspondence, as well as information collected or transferred in connection with the handling of your case.
The Privacy and Cookies Policy applies to all customers and visitors to our website who may or may not become our customers.
Cookies Policy takes into account the requirements that result from the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of the Directive 95/46 EC (General Data Protection Regulation), hereinafter referred to as "GDPR" or "GDPR Regulation"
Our Policy is compatible with the regulations on the processing and protection of personal data that are in force in countries outside the European Union, such as:
- United Kingdom of Great Britain and Northern Ireland - on June 28, 2021, the European Commission adopted two implementing decisions stating an adequate level of personal data protection in Great Britain. The first one with reference number C (2021) 4800 final , was issued on the basis of Regulation (EU) 2016/679 (GDPR) and the second with reference number C (2021) 4801 final , issued under Directive (EU) 2016/680); both decisions entered into force on June 28, 2021 and were issued for a fixed period of four years. This means that they will be valid until June 27, 2025; if during that time the United Kingdom continues to ensure an adequate level of protection of personal data, the European Commission may extend these decisions,
- Canada - here the European Commission issued a decision on the adequate protection of personal data, pursuant to which Canada is recognized as a country ensuring an adequate level of protection of personal data transferred from the Community
- Israel - here the European Commission issued a decision on the adequate protection of personal data, pursuant to which Israel is recognized as a country that ensures an adequate level of protection of personal data transferred from the Community,
- Australia
- South Africa
- United States of North and South America
The administrator of your personal data is Angelika Michalik-Tylek at Angelika Michalik-Tylek Kancelaria Radcy Prawnego correspondence address: ul. Kordylewskiego 7/40 31-542 Kraków, Poland, NIP: 6751330511 and Adrian Michalik at Polish Descent Ltd. Correspondence address Kordylewskiego 7/40, 31– 542 Krakow, Poland, NIP: 6751785950.
Contact details :
If you have any questions regarding the processing of personal data or the exercise of the rights referred to in this policy, please contact:
- at the address: ul. Kordylewskiego 7/40 31-542 Kraków, Poland.
- at the email address: rodo@polishdescent.com
The purpose of processing your personal data is the contract that we have concluded and are performing or performed on your behalf or because we are in contact with you in connection with the intention to conclude such a contract or its continuation, which is our legitimate interest under the GDPR.
In addition, we process the personal data of our clients' relatives in order to perform the contract with this client - and the processing of this data is necessary for the purposes of the legitimate interests of the Administrator, which is the ability to properly perform the service for the client.
In addition, the personal data provided are or may be processed for the following purposes:
(a) archival - which is the legitimate interest of the Administrator,
(b) evidence - in the event of a legal need to prove facts and in order to possibly establish, investigate or defend against claims, which is the legitimate interest of the Administrator,
(c) analytical and statistical, such as the selection of services to our clients, optimization of our services based on customer comments, optimization of service processes based on the course of providing legal assistance, which is the legitimate interest of the Administrator,
(d) sending information by electronic means and / or by phone - if a separate consent has been given in this regard,
(e) documenting the performance of the contract for tax and accounting purposes - where processing is necessary to fulfill the legal obligation incumbent on the Administrator,
(f) marketing - if a separate consent has been given in this regard.
In addition to the above-mentioned legitimate interest of the Administrator ( Article 6 (1) (c) of the GDPR) , the legal basis for the processing of your personal data is primarily the contract concluded ( Article 6 (1) (b) of the GDPR ) or the consent granted ( Article 6 (1) (b) of the GDPR). 6 (1) (a) of the GDPR ) as well as the legal provisions applicable to the Administrator ( Article 6 (1) (c) of the GDPR Regulation in connection with joke. 74 sec. 2 of the Accounting Act of January 30, 2018
(a) Personal data obtained in connection with the concluded contract - will be processed for the period of limitation of tax claims (e.g. 5 years, counting from the beginning of the year following the financial year to which the data relates) or civil law claims of the parties to the contract (e.g. the basic limitation period for claims related to running a business is three years, and the basic limitation period for claims against the Administrator is six years) - depending on which of these events occurs later,
(b) Personal data, the storage period of which is determined by applicable law (e.g. tax, corporate) - for the period specified in these provisions,
(c) Personal data related to the legitimate interest of the Administrator for the duration of the legitimate interest pursued by the Administrator, but not longer than for the period of limitation of the Administrator's claims against the data subject due to the business activity conducted by the Administrator .
(d) Personal data obtained in connection with the consent expressed - for the period of its validity. In the case of processing personal data based on your consent, all your consent to processing may be withdrawn at any time without affecting the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.
For the correct implementation of concluded Agreements, it is necessary for the Administrator to use the services of external entities. The administrator uses only the services of such processors who provide sufficient guarantees to implement appropriate technical and organizational measures so that the processing meets the requirements of the GDPR Regulation and protects the rights of the data subjects.
The transfer of data by the Administrator does not take place in every case and not to all recipients indicated in this Privacy Policy, but the Administrator provides data only when it is necessary to achieve a given purpose of processing and only to the extent necessary to achieve this purpose.
Your personal data may be transferred to the following categories of entities:
(a) state and public administration bodies,
(b) entities or bodies maintaining registers and archives
(c) a company providing IT support services and providing software and IT services,
(d) a company providing accounting and HR services
(e) associates, lawyers and legal advisers cooperating with us in the field of legal advice and representation in proceedings
(f) translation offices,
(g) courier and shipping companies
(h) payment service providers,
(i) marketing service providers
These are:
(a) Data of our clients
(b) Data of potential customers
(c) Data of our Clients' Relatives
(d) Visitor data on social media
Please be advised that in connection with the implementation of the objectives set out above, the provision of personal data may be of the following nature:
(a) contractual, which means that providing personal data is a condition for the conclusion of a contract and its implementation, and failure to provide personal data will result in the inability to conclude the contract and its performance,
(b) voluntary, where, for example, failure to provide data in the form of an e-mail or telephone will make it impossible to establish or maintain contact with you
(c) some data is necessary to fulfill our obligations under the law (tax regulations, accounting regulations, obligations resulting from corporate regulations, e.g. the act on legal advisers).
Personal data is obtained directly from the Customer (this applies to the data of the Customer and his relatives), a potential customer, the Administrator's contractors as well as from publicly available sources ( internet , offices, registers, archives) - in connection with the performance of the contract.
What are your rights in relation to the processing of personal data
(a) The right to access, rectify, limit, delete or transfer - the data subject has the right to request the Administrator to access his personal data, rectify it, delete or limit processing, and has the right to object to the processing, and has the right to transfer your data. Detailed conditions for the exercise of the above-mentioned rights are set out in Art. 15-21 of the GDPR Regulation.
(b) The right to withdraw consent at any time - a person whose data is processed by the Administrator on the basis of expressed consent (pursuant to art.6 par.1 lit.a) or art. 9 sec. 2 lit. a) of the GDPR Regulation), it has the right to withdraw consent at any time without affecting the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.
(c) The right to lodge a complaint to the supervisory body - the person whose data is processed by the Administrator has the right to lodge a complaint with the supervisory body in the manner and in the manner specified in the provisions of the GDPR Regulation and Polish law, in particular the Personal Data Protection Act. The supervisory body in Poland is the President of the Personal Data Protection Office.
As a rule, your personal data will not be transferred outside the European Economic Area (hereinafter: EEA). Only if it is necessary under a given contract, the Administrator may commission specific activities or send inquiries to entities operating outside the EEA (e.g. offices, archives or our associates), which may result in the transfer of your data outside the EEA, in particular to countries such as the United Kingdom, Australia, Canada, Israel, United Arab Emirates, USA, South Africa. Countries outside the EEA, such as Great Britain, Canada, Israel, in accordance with the decision of the European Commission, ensure an adequate level of personal data protection in accordance with EEA standards. However, in the case of their processing in the territory of the countries for which the European Commission has not found an adequate level of personal data protection (in accordance with EEA standards), in order to ensure an adequate level of this protection, the Administrator will conclude contracts with recipients of personal data based on standard contractual clauses issued by the European Commission pursuant to Art. 46 sec. 2 lit. c GDPR.
If you have any questions, please contact us at: rodo@polishdescent.com
Automated processing and profiling
The administrator does not make automated decisions based on personal data, including profiling.
Cookies (cookies) are small text information in the form of text files, sent by the server and saved on the side of the person visiting our website (e.g. on the hard drive of a computer, laptop or on the smartphone 's memory card - depending on which device the visitor uses.).
The administrator may process the data contained in cookies when used by visitors to our website for the following purposes:
(a) identifying people as logged in to our website and showing that they are logged in;
(b) remembering services in order to complete the order
(c) remembering data from completed order forms or login details
(d) adjusting the content of the website to the individual preferences of the client and optimizing the use of the website;
(e) keeping anonymous statistics showing how to use the website;
(f) remarketing , i.e. researching the behavior of website visitors through anonymous analysis of their activities (e.g. repeated visits to specific pages, keywords, etc.) in order to create their profile and provide them with service proposals tailored to their expected interests, also when they visit other websites of Google and Facebook.
Cookies are not harmful to the person visiting our Website or the computer / terminal device used by them, therefore we recommend that you do not disable them in your browser .
We use two types of cookies :
- session cookies (temporary): they are stored on the devices of the Visitors until the end of the browser session. After the session ends, the information is permanently deleted from the visitors ' device .
- permanent cookies : they are not deleted after closing the browser and may be used by the Administrator in the future.
Depending primarily on the purposes and legal basis for the processing of personal data collected by cookies , they may be stored for the time indicated above in the Privacy and Cookies Policy . Personal data collected by cookies concerning a visitor who is not a customer will be stored until an objection is raised. The administrator may delete personal data if they are not used for marketing purposes for 3 years, unless the law obliges the Administrator to process personal data for a longer period. Part of the personal data may be stored longer in the event that the visitor has any claims against the Administrator or for the purpose of pursuing claims by the Administrator or defending against claims (including third parties), for the period of limitation specified by law, in particular the Civil Code. In each case, the longer period of storage of personal data is decisive. The administrator may use Google Analytics, Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street , Dublin 4, Ireland). These services help the Administrator keep statistics and analyze traffic on the website. These data are collective. The administrator, using the above services, collects such data as the sources and medium of obtaining website visitors and the manner of their behavior on the website, information on devices and browsers from which they visit the website, IP and domain, geographic data and demographic data (age, sex) and interests. . The administrator may use the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square , Grand Canal Harbor, Dublin 2, Ireland). This service helps the Administrator find out what activities visitors to our website are taking. Detailed information about the operation of Facebook Pixel can be found at the following internet address: https://www.facebook.com/business/help/742478679120153?helpref=page_content .
Managing the operation of Facebook's Pixel is possible through the settings in your account on Facebook.com: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
The administrator takes special care to protect the interests of the persons whose data he processes. In particular, we ensure that the data collected by us are: (1) processed in accordance with the law; (2) collected for specified, lawful purposes and not subjected to further processing incompatible with these purposes; (3) factually correct and adequate in relation to the purposes for which they are processed; (4) stored in a form enabling the identification of persons to whom they relate, no longer than it is necessary to achieve the purpose of processing, and (5) processed in a manner ensuring adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage by appropriate technical or organizational measures.
Taking into account the nature, scope, context and purposes of processing as well as the risk of violating the rights or freedoms of natural persons with different probability and severity of risk, we have implemented appropriate technical and organizational measures so that the processing takes place in accordance with the GDPR Regulation and to be able to demonstrate it. These are, in particular, measures including safeguards against accidental or unlawful destruction, loss, alteration, unauthorized publication, unauthorized access and other unlawful and unauthorized forms of Processing, in accordance with applicable law. These measures are reviewed and updated as necessary. We work with entities we have checked, which also guarantee the proper protection of personal data.
Cookies Policy in the event of changes to the law, guidelines of state authorities, technology with which we process personal data, as well as in the event of changes in the methods, purposes or legal grounds for processing personal data by us.