Personal Data Protection

PERSONAL DATA CONTROLLER

MCK LEGAL Kancelaria Radcy Prawnego Małgorzata Cyrul-Karpińska (“MCK LEGAL”) acts as the controller of the processed personal data within the meaning of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).

The Controller may be reached by the following means of communication:

via traditional mail, sent to MCK LEGAL, al. gen. W. Sikorskiego 11/110, 02-758 Warszawa,

via email, at mck@mck-legal.com.pl,

on the phone, at  +48 22 253 05 20.

THE PURPOSE AND LEGAL BASIS OF THE PROCESSING OF PERSONAL DATA

MCK LEGAL processes personal data only in cases and under conditions specified by law. In particular, MCK LEGAL processes personal data where the processing is necessary:

  • for the performance of a contract, in particular, a contract for the supply of legal services;
  • in order to take steps prior to entering into a contract;
  • for compliance with a legal obligation imposed on MCK LEGAL;
  • for the purposes of the legitimate interests pursued by MCK LEGAL, including but not limited to the creation and maintenance of databases of business and professional contacts and the exercise or defence of legal claims.

As an entity processing personal data as part of or in connection with the provision of legal services, MCK LEGAL primarily collects personal data directly from its clients and from other sources, including but not limited to publicly available records and registries and marketing materials, business information, and from data subjects.

The categories of personal data processed by MCK LEGAL include but are not limited to:

  • personal and contact details;
  • official contact and organisational details.

The personal data processed by MCK LEGAL as part of and in connection with the provision of legal services including but not limited to the personal data of actual or prospective contracting parties or legal adversaries of our clients, as well as the personal data provided in connection with the statements of facts communicated for the purposes of provision of legal services are subject to the obligation of professional secrecy imposed on the members of the Polish legal professions, adwokaci and radcowie prawni. As regards personal data covered by the obligation of professional secrecy and obtained from sources other than the data subjects concerned, MCK LEGAL is under no obligation to inform the data subjects about the principles and purposes of the processing of such personal data or about the collection or processing of such data.

If data subjects transfer personal data to MCK LEGAL, such data are deemed to be provided on a voluntary basis, unless it has been expressly indicated that the data must be provided in accordance with a statutory or contractual obligation. Refusal to provide personal data results in MCK LEGAL being unable to offer or provide a service, or conclude or perform a contract.

DURATION OF PERSONAL DATA PROCESSING

MCK LEGAL stores data only for the duration necessary to achieve the purposes of the processing and thereafter until the end of the limitation period for claims related to the purpose of the processing.

RIGHTS

To the extent provided for by law and taking into account the purposes of the processing, subjects of data processed by MCK LEGAL may exercise their right to:

  • access to their personal data;
  • request rectification of their personal data;
  • request the erasure of their personal data, unless the personal data are processed for the purpose of establishing, exercising or defending legal claims, or for the purpose of performance of legal obligations that require the processing of data;
  • restrict the processing of their personal data, unless the personal data are processed in order to protect the rights of another natural or legal person or for the purpose of establishing, exercising or defending legal claims;
  • transfer their personal data, but only if the data are processed by automated means and based on consent or a contract.

If the data are processed based solely on the data subject’s consent, such consent may be withdrawn at any time, which does not affect the lawfulness of processing based on consent before its withdrawal.

Persons whose data are processed by MCK LEGAL may file complaints with the President of the Personal Data Protection Office if they believe that the processing of their personal data is unlawful.

CATEGORIES OF DATA RECIPIENTS

The recipients of personal data processed by MCK LEGAL are, always on a need-to-know basis, the employees and associates of MCK LEGAL, public authorities, entities processing personal data on behalf of MCK LEGAL (e.g. providers of IT, accounting or marketing services) and suppliers of services supporting the business of MCK LEGAL.

THE MANNER OF PERSONAL DATA PROCESSING

MCK LEGAL makes every effort to secure personal data against unauthorised disclosure or interception, illegal processing or alteration, loss, damage or destruction, and to respect the privacy of all subjects of the processed data. Notwithstanding any applicable data protection laws, MCK LEGAL processes personal data in strict confidence, as required by the obligation of professional secrecy imposed on the members of the legal professions in Poland, applying appropriate technical and organisational measures to ensure the greatest possible security of personal data processed.

MCK LEGAL does not use automated decision-making, including profiling, as referred to in Article 22(1)(4) GDPR.

Access to the personal data is given to MCK LEGAL and its employees, associates and suppliers, acting with written authorisation. The above-mentioned persons may access the personal data only for the purpose and within the scope specified by MCK LEGAL. Persons who have been authorised to process the data are obliged to keep the personal data and measures taken to secure the data in strict confidence.

DATA TRANSMISSION OUTSIDE THE EU AND EEA

MCK LEGAL does not transfer the personal data outside the European Economic Area or to international organisations. MCK LEGAL uses services of Microsoft Corporation, which is certified by the EU-US Privacy Shield Program covered by the European Commission Decision on the adequacy of the protection provided by the EU-US Privacy Shield. In addition, Microsoft Corporation uses contractual clauses approved by a decision of the European Commission.