Datenschutz-Grundverordnung – DSGVO
Due to the change of the provisions concerning processing of personal data in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “GDPR”), which is applied from 25 May 2018.
The controller of your personal data is UHY ECA S.A. seated in Warszawa, ul. Połczyńska 31A, 01-377 Warszawa and other companies belonging to UHY ECA network in Poland, i.e.: UHY ECA Audyt Spółka z ograniczoną odpowiedzialnością Sp. k., UHY ECA Audyt Sp. z o.o., UHY ECA Tax & Law Trawiński Sp. k., UHY ECA Podatki Sp. z o.o., UHY ECA Outsourcing Sp. z o.o., UHY ECA Szkolenia Sp. z o.o., UHY ECA Advisory Sp. z o.o. (hereinafter referred to as the “Controller” or “UHY ECA”).
Purpose and legal basis of personal data processing
Your personal data will be processed by the Controller in particular:
- pursuant to Article 6 (1) points (b) and (c) of GDPR in order:
- to take steps at the request of the data subject prior to entering into a contract or to perform a contract to which the data subject is party (data necessary to conclude a contract are indicated in the contract form),
- to comply with a legal obligation to which the Controller is subject,
- pursuant to Article 6 (1) point (f) of GDPR, i.e. for the purposes of the legitimate interests pursued by UHY ECA, i.e. for the purposes of:
- marketing of UHY ECA’s own products or services, including personalized ones based on the Customer’s profile,
- organizing and carrying out marketing campaigns,
- exercising or securing legal claims,
- pursuant to Article 6 (1) point (a) of GDPR, i.e. on the basis of a separate consent in order:
- to provide the Customer with information about suggested changes of the agreement, about the change of the name (the business name), the address or the seat of UHY ECA,
- to conduct direct marketing of products or services offered by the entities cooperating with UHY ECA; however, personal data of the Customer are not going to be disclosed to third parties.
The information will be provided by UHY ECA.
Activities in the scope of the direct marketing referred to in point b) above may be undertaken by UHY ECA by means of electronic communication (e-mail) or telecommunication means (e.g. telephone).
Recipients of personal data
Your personal data may be shared with the following categories of recipients:
- entities and bodies to which the Controller is obliged or authorized to disclose personal data on the basis of generally binding legal provisions, including entities and bodies entitled to receive personal data from the Controller or authorized to request access to personal data on the basis of generally binding legal provisions,
- entities providing the Controller with services, like accounting, HR and IT services, including suppliers of IT systems and solutions,
- other entities entrusted by the Controller with carrying out activities related to the Controller’s business activity, including law firms, notary offices, translation agencies, banks, providers of debt collection services, providers of postal and courier services, providers of archiving services,
- business partners,
- entities to which your personal data are made available on the basis of your consent.
Transfer of personal data to third countries
- Your personal data may be transferred outside the European Economic Area as part of the Controller’s use of services provided by the entities offering IT solutions and services due to the fact that these entities may store personal data on servers located outside this area (including the territory of the United States of America) or as part of the Controller’s provision of services related to its business activity – to the extent necessary to carry them out.
- Such transfer may be based on a decision of the European Commission confirming an adequate level of protection or on application of adequate legal safeguards which are in particular standard contractual clauses of personal data protection approved by the European Commission. In particular, in the case of transfer of personal data to the United States of America, the appropriate level of personal data protection, including through application of adequate safeguards, is ensured by the EU-US Privacy Shield established on the basis of an implementing decision of the European Commission as a set of rules guaranteeing adequate privacy protection.
- In the case of lack of the European Commission’s decision confirming an adequate level of protection or of lack of application of adequate legal safeguards, personal data may be transferred to a third country on the basis of one of the conditions enumerated in Article 49 (1) of GDPR, in particular on the basis of your consent. You have the right to obtain a copy of your personal data transferred to the third country.
Period of storage of personal data
Depending on the legal basis of processing of your personal data:
- Your personal data processed in order to enter into or to perform a contract as well as to comply with a legal obligation of the Controller will be kept for the duration of the contract and after its expiry for the period necessary::
- to provide the Customer service,
- to secure or exercise possible legal claims that UHY ECA would be entitled to,
- to comply with a legal obligation of the Controller (e.g. stemming from binding tax or accounting provisions).
- Your personal data processed for the purpose of marketing of UHY ECA’s own products or services resulting from the legitimate interests pursued by UHY ECA will be kept until you object to it.
- Your personal data processed on the basis of a separate consent will be kept until you withdraw your consent.
- All personal data will be deleted in accordance with the personal data archiving requirements.
Rights related to personal data processing
Due to the fact that your personal data are processed by the Controller, you are entitled to exercise the following rights:
- the right to obtain from the Controller confirmation as to whether or not the Controller processes your personal data, the right to access to the personal data being processed and to the information concerning such processing, on the basis of Article 15 of GDPR,
- the right to obtain from the Controller the rectification of personal data if the personal data processed by the Controller are inaccurate or incomplete, on the basis of Article 16 of GDPR,
- the right to obtain from the Controller the erasure of personal data, on the basis of Article 17 of GDPR,
- the right to obtain from the Controller restriction of personal data processing, on the basis of Article 18 of GDPR,
- the right to personal data portability, i.e. the right to receive personal data, previously provided to the Controller, and the right to transmit those personal data to another controller, on the basis of Article 20 of GDPR,
- the right to object to personal data processing for the purposes of the legitimate interests pursued by UHY ECA or to personal data processing for the purposes of direct marketing, on the basis of Article 21 of GDPR,
- the right to withdraw consent to personal data processing at any time (however, the withdrawal of consent shall not affect the lawfulness of personal data processing based on consent given before its withdrawal), on the basis of Article 7 of GDPR,
- the right to obtain human intervention from the Controller, to express your own standpoint and to question the Controller’s decision based solely on automated personal data processing, including profiling, on the basis of Article 22 of GDPR.
In order to exercise these rights, please contact the Controller by sending an e-mail to: firstname.lastname@example.org or by entering the website: http://uhy-pl.com/de/formular-zur-newsletter-anmeldung/
Moreover, you have the right to lodge a complaint with the Polish supervisory authority dealing with personal data protection, i.e. with the President of the Office for Personal Data Protection.
An independent member of UHY international