1.INTRODUCTION
1.1. Rymarz, Zdort, Gasiński, Her i Wspólnicy Spółka Komandytowa with its registered office in Warsaw (address: 00-850 Warsaw, ul. Prosta 18) (the “Firm”) is the Controller of the Personal Data of its employees, clients, clients’ employees, suppliers and other natural persons, and it stores and processes such Personal Data for various purposes.
1.2. This Personal Data protection policy (the “Policy”) determines how the Firm will comply with its obligations arising from applicable Personal Data Laws and regulates how Personal Data will be handled in connection with your use of the Website maintained by the Controller.
1.3. If you have any questions or comments regarding this Policy, please contact the Firm.
2.DEFINITIONS
2.1. For the purposes of this Policy, it is essential to understand the meaning of the following terms:
2.1.1. Controller: means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union or the national law of the relevant EU Member State, the controller or the specific criteria for the nomination of such controller may be set forth by the European Union or the national law of the relevant EU Member State.
2.1.2. Personal Data Laws: means all relevant laws regarding the processing, protection and use of the Personal Data applicable to the Firm, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation) (the “GDPR”), and all national laws, regulations and implementing rules adopted in the territory of the Republic of Poland. The Firm will also take into account all guidelines, codes of practice and procedures issued by the competent Supervisory Authority within the scope of the Personal Data Laws (regardless of whether the above-mentioned guidelines or codes have legal force or not).
2.1.3. Website: means the rymarz-zdort.com website.
2.1.4. Personal Data: means all of the Personal Data, as defined in the GDPR, that the Firm receives, obtains, stores, has access to or processes in connection with providing services via the Website and that relates to natural persons who are directly or indirectly identifiable, such as job applicants, current and former employees, contractors or other staff, clients, suppliers, agents and marketing contacts.
2.1.5. Supervisory Authority: means an independent public authority established by a Member State in accordance with Article 51 of the GDPR, i.e. the President of the Personal Data Protection Office.
3.LAWFUL AND FAIR PROCESSING OF PERSONAL DATA
3.1. The Firm is required to process the Personal Data in a lawful and fair manner and in compliance with the rights of natural persons. In principle, this means that the Firm should not process the Personal Data unless:
3.1.1. the person whose Personal Data it processes has consented to such processing (e.g. by subscribing to our legal newsletter); and
3.1.2. the processing
(a) is necessary for the purposes of performing legal obligations or exercising rights, or
(b) for other reasons, constitutes the Firm’s legitimate interest and does not excessively infringe a natural person’s right to privacy.
3.2. In most cases, the situations described in Sections 3.1.1. and 3.1.2. (a) and (b) will apply to the purposes for which the Website is used.
4.ACCURACY AND RELEVANCE
4.1. The Firm will ensure that the Personal Data processed thereby will be accurate, adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed. The Personal Data collected for one purpose will not be processed by the Firm for another unrelated purpose unless the data subject has consented to such processing or would reasonably expect such processing to occur.
4.2. The persons whose Personal Data is stored by the Firm are required to take the relevant steps to ensure that such Personal Data is accurate, relevant and updated in accordance with applicable requirements.
5.RIGHTS OF NATURAL PERSONS
5.1. In specific circumstances, natural persons have certain rights regarding the manner in which their Personal Data is managed. For more detailed information or in the event of receiving an enquiry regarding such rights, please contact the Firm. In summary, the rights of natural persons in the above regard include:
5.1.1. the right to obtain information about the manner in which their Personal Data is processed;
5.1.2. the right to access their Personal Data;
5.1.3. the right to correct their incorrect Personal Data;
5.1.4. the right to request that their Personal Data is erased (also known as the right to be forgotten);
5.1.5. the right to restrict the processing of their Personal Data;
5.1.6. the right to the portability of their Personal Data;
5.1.7. the right to withdraw consent to the processing of their Personal Data (e.g. by changing the browser cookie settings or withdrawing consent to the sending of information about events and newsletters to their email addresses, which will not affect the lawfulness of the processing of their data conducted prior to such withdrawal);
5.1.8. the right to object to the processing of their Personal Data unless such Personal Data is necessary for the purposes for which it has been collected; and
5.1.9. the right to file a complaint with the Supervisory Authority.
5.2. Additionally, the data subject has the right to obtain confirmation as to whether or not his or her Personal Data is being processed.
6.TRANSFER OF DATA TO THIRD PARTIES
6.1. The purpose for which the Firm transfers the Personal Data to third parties is to support the Firm in performing its services. Any written rules applied by the Firm to third parties processing the Personal Data are intended to ensure that each such third party processes the Personal Data only at the request of the Firm and for the purpose indicated by the Firm, and that it will apply the appropriate organisational, technical and security measures with regard to the Personal Data.
6.2. The data will be disclosed in particular to suppliers responsible for the operation of IT systems, postal operators providing shipping services, and entities providing hosting services.
6.3. The Firm may be subject to a legal obligation to disclose the Personal Data to public authorities or entities performing public tasks or acting at the direction of public authorities, to the extent and for the purposes arising from generally applicable laws.
6.4. The Firm also reserves the right to transfer the Personal Data of persons whose Personal Data is stored as a result of a merger, takeover, sale of assets, bankruptcy or other transaction.
7.TRANSFER OF DATA OUTSIDE THE EEA
7.1. The Firm may transfer the Personal Data as part of contractual relations with countries outside the European Economic Area (the "EEA"). In such case, the Firm will apply all of the appropriate contractual measures to ensure an adequate level of protection of the Personal Data, including the following:
7.1.1. the Firm will transfer the Personal Data to entities outside the EEA only when a relevant decision of the European Commission has been issued in relation to the third country, territory or specific sector or sectors in which the entity is located, stating that an adequate level of protection of Personal Data is ensured;
7.1.2. the Firm will apply standard data protection clauses adopted by the European Commission; and
7.1.3. the Firm will apply binding corporate rules in accordance with Article 47 of the GDPR.
8.DIRECT MARKETING
8.1. The Firm may use the Personal Data of a natural person to provide marketing content to such a person through remote channels, including by email or by phone. Such activities are undertaken by the Firm only if the natural person has consented to direct marketing activities. A natural person may withdraw such consent at any time.
8.2. The Firm is required to fulfil the request of a natural person that his or her Personal Data not be used for direct marketing purposes.
8.3. The request should be sent to the Firm at office@rymarz-zdort.com (email address) or ul. Prosta 18, Warsaw, 00-850 (correspondence address).
9.COOKIES
9.1. When you visit the Website, we automatically collect, store and use technical information about your equipment and your use of the Website by means of cookies.
9.2. More information on cookies and how to disable them can be found in the cookie policy at: https://rymarz-zdort.com/en/cookies-policy/
10.DATA RETENTION
10.1. In order to ensure fair conditions for the processing of the Personal Data, the Firm will take actions to ensure that the Personal Data will be stored in a form that allows the identification of the data subject. In addition, the Firm will not retain any Personal Data for longer than is reasonably necessary for the purposes for which such data was originally collected or for which the data was further processed, or longer than necessary to comply with a legal obligation regarding the period of storing such Personal Data.
11.DATA SECURITY
11.1. The Firm applies the appropriate technical security measures to prevent the accidental disclosure of the Personal Data stored by the Firm to unauthorised persons or deliberate access to Personal Data by such persons.
12.REPORTING OF BREACHES
12.1. All employees and business partners of the Firm are required to immediately report any actual or potential non-compliance with the data protection regulations or violations of the provisions of this Policy to the person responsible for the protection of the Personal Data in order to enable the Firm to take the appropriate steps to counteract and limit the effects of the breach and to meet the legal and regulatory requirements imposed on the Firm, including, but not limited to, notifying insurance companies, as appropriate.
13.MONITORING OF EFFECTIVENESS AND REVIEW OF POLICY PRINCIPLES
13.1. This Policy will be subject to review. The Firm will analyse the effectiveness of its provisions on an ongoing basis to verify whether it meets its objectives and will update it as necessary.
13.2. The Policy was adopted on, and is effective as of, 1 January 2022.
14.CONTACT DETAILS:
Rymarz, Zdort, Gasiński, Her i Wspólnicy Spółka Komandytowa with its registered office in Warsaw
Prosta 18; 00-850 Warsaw
TEL: +48 22 520 4000
FAX: +48 22 520 4001
EMAIL: office@rymarz-zdort.com