GDPR

The Personal Data Administrator is Khanzadyan Lewandowski i Partnerzy Sp. p. with its registered office in Warsaw, ul. Kłopot 4, apt. 50 (postal code 01-066), entered into the National Court Register under number 0000724379, using tax identification number NIP 5272844074, and possessing REGON 369763309 (hereinafter referred to as the Administrator or the Law Firm).

For matters related to the processing of personal data by the Law Firm, you can contact:

1. By phone: +48 575 115 050, on business days between 9:00 a.m. and 5:00 p.m.;
2. By email: kancelaria@bklaw.pl
3. In person at the Law Firm’s registered office.

The Administrator, based on Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as GDPR), processes personal data:

1. For the purpose of concluding or performing a contract, including, in particular, a legal service agreement, pursuant to Article 6(1)(b) of the GDPR;
2. To fulfill a legal obligation incumbent on the Administrator, pursuant to Article 6(1)(c) of the GDPR;
3. To pursue the legitimate interests of the Administrator or a third party, pursuant to Article 6(1)(f) of the GDPR. The Administrator considers the following as legitimate interests: pursuing, establishing, and defending against claims; preventing fraud; ensuring the security of the IT environment; determining conflicts of interest and ethical violations to the extent necessary to prevent abuse; for archival and statistical purposes; and for communication via email or traditional correspondence.
4. When processing is necessary for reasons of substantial public interest, based on European Union or Polish law, pursuant to Article 9(2)(g) of the GDPR.

The recipients of personal data processed by the Administrator may include entities from the following categories:

1. Lawyers, legal advisors, notaries, and other entities collaborating with the Law Firm that provide legal services and independently determine the purposes and means of data processing;
2. Entities authorized under applicable legal regulations (in particular courts and state authorities);
3. Credit information bureaus;
4. Entities providing services such as IT and new technologies, payment processing, accounting and financial services, auditing and control, debt collection, printing, document destruction, postal, and courier services.

Personal data may be transferred to a third country, i.e., outside the European Economic Area. However, this will occur only to the extent permitted by law, particularly based on a decision of the European Commission confirming an adequate level of protection or standard contractual clauses. In any case, the Administrator ensures the possibility of obtaining further information regarding appropriate safeguards.

The Administrator processes personal data for the period necessary to fulfill the task for which the data was collected, and then for the period of limitation of claims, as specified by applicable laws, or until the expiration of the period for the retention of documents required by accounting regulations or regulations concerning legal professional corporations.

The Administrator ensures the following rights for individuals whose personal data is processed:

1. The right to access personal data and the right to obtain a copy of personal data (Article 15 GDPR);
2. The right to rectification (correction) of personal data (Article 16 GDPR);
3. The right to erasure of personal data (the “right to be forgotten”), if the data is no longer necessary for the purposes for which it was collected or otherwise processed (Article 17 GDPR);
4. The right to restrict the processing of personal data (Article 18 GDPR);
5. The right to data portability (Article 20 GDPR);
6. The right to object to the processing of personal data based on the legitimate interest of the Administrator (Article 21 GDPR).

Individuals whose personal data is processed by the Administrator can exercise the above rights by contacting the Administrator (contact details provided in point 1).

Furthermore, individuals whose personal data is processed by the Administrator, in case of believing that the processing of personal data violates the provisions of the GDPR or other data protection regulations, have the right to lodge a complaint with the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.

In the case of processing personal data for the purposes mentioned in points 2.2 and 2.4 above, the provision of data is a statutory requirement. On the other hand, in the case of processing data for the purposes mentioned in points 2.1 and 2.3, the provision of data is a contractual requirement— in this case, providing personal data is voluntary, but it is necessary to conclude and execute the agreement with the Law Firm.

Personal data may be processed by the Administrator in an automated manner, including profiling. However, decisions regarding an individual person related to such processing will not be automated.