Discretion and trust are values that are particularly important in our daily consulting activities. Therefore we take good care of all information made available to us by our clients, co-workers and other persons we have contact with, and the safety of the processed personal data is of significance to us.
“MDDP’s Privacy Policy” (hereinafter referred to as: “Privacy Policy”) is a collection of key information on how we protect and process personal information. This information is divided into information that is common to all individuals we have contact with (hereinafter referred to as: “General Information”) and information that differs depending on which group of individuals it relates to.
General information
The controller of personal data of each of the following groups of persons, for the purposes indicated for each group, is MDDP Michalik Dłuska Dziedzic i Partnerzy Spółka doradztwa podatkowego spółka akcyjna with its registered office in Warsaw (00-082), address: Senatorska 18a, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, 12th Commercial Division of the National Court Register, under the number: 0000755371, NIP: 5213287732, REGON: 015699764, share capital: PLN 100,100.00 paid in full and entities from the MDDP group: MDDP Spółka z ograniczona odpowiedzialnością Finanse i Księgowość sp.k. (00-838 Warszawa, address: Prosta 69, KRS number 0000267836) (hereinafter referred to as “MDDP” or “Controller”). For all matters related to the protection of personal data, including the exercise of data subjects’ rights (these rights are described below), you can contact us by e-mail: biuro@mddp.pl or by post to the address of our registered office.
We process all personal data in accordance with the applicable laws, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)(hereinafter referred to as „GDPR”) and Act On The Protection Of Personal Data of 10.05.2018 (Dz.U. z 2018 r. poz. 1000).
We are responsible for the fact that every person whose personal data we process may exercise the rights granted to him/her by law, which include in particular:
- the right to have access to his/her personal data, to obtain their copies and to be informed, i.a, on the purposes of processing, categories, recipients and the duration of storage of such data;
- the right to request that we delete his/her personal data (also referred to as “the right to be forgotten”) in certain situations, including when processing of the data is unlawful, is no longer necessary for the purposes for which the data were collected or in the event of objection and absence of other legal grounds for processing;
- the right to demand that we restrict the processing of his/her personal data in specific situations, e.g. during the period of verification by the Controller of the correctness of personal data, which has been questioned, or until the verification of the objection raised;
- the right to transfer his/her personal data, i.e. to receive them in a structured, commonly used format and to be able to send them to another controller;
- the right to object to the processing of his/her data if it is executed for the performance of a task carried out in the public interest or for the performance of legitimate interests of the Controller – for reasons related to the specific situation of a person;
- the right to object to the processing of his/her if it is carried out for the purposes of direct marketing;
- the right not to be subject to a decision which is based solely on automated processing, including profiling;
- the right to lodge a complaint to the supervisory authority (President of the Office for the Protection of Personal Data) in the event that the our processing of personal data does not comply with the applicable regulations.
We make every effort to collect only the personal information that is necessary and appropriate for the purposes indicated below. We will store them as long as it will be necessary to achieve these purposes.
We may share personal information with third parties (recipients) which cooperate with us in the provision of our services and provide MDDP with services related to our day-to-day operations, in particular legal, tax, accounting, IT, marketing, debt collection, security and other services. All these entities are obliged to meet the highest standards of protection of data we provide them.
We would also like to inform that the personal data we process are not transferred outside of the European Economic Area (hereinafter referred to as “EEA”).
We know how important it is to protect children’s personal data on the Internet and we pay particular attention to this. Therefore this Privacy Policy does not provide for the collection and processing of personal data of children under the age of 16.
We would also like our Clients and potential Clients to know that…
personal data of our Clients or persons who contact us in order to make use of our legal and tax advisory services will be processed for the following purposes:
- promotion and advertising of the activity, products and services of entities belonging to the MDDP group in the event of obtaining appropriate consent – pursuant to Article 6(1)(a) of the GDPR and no longer than until withdrawal of the consent – the consent may be withdrawn at any time, but this will not affect the lawfulness of the processing performed on the basis of the consent before its withdrawal;
- preparation and conclusion of a contract for the provision of legal and tax advisory services and the exercise of the rights and obligations of the MDDP arising therefrom (pursuant to Article 6(1)(b) of the GDPR and no longer than until the expiry of claims in connection with the contract);
- fulfillment of obligations imposed on MDDP by relevant regulations, e.g. tax law, the Accounting Act (pursuant to Article 6(1)(c) of the GDPR and no longer than by the statute of limitations of claims for public-law receivables);
- pursuit of our legitimate interests (pursuant to Article 6(1)(f) of the GDPR), i.e. promotion and advertising of our activity, services and products (no longer than until objection), pursuit of possible claims, archiving for the purpose of protecting our legal interest (no longer than until the time these purposes are met). As far as archiving purposes related to the protection of our legal interest are concerned, we are entitled to process the data in an automated manner.
The provision of services by MDDP requires that we remain in constant contact with Clients and potential Clients, i.e. that we process personal data (name, surname, position, e-mail address, telephone number) of persons who contact us on behalf of Clients and potential Clients. Most often these data are transferred to us by themselves. We take the utmost care to ensure that these data are safe and are not made available to unauthorized persons.
Providing personal data by our Clients and potential Clients is voluntary but it is necessary for us to provide legal and tax advisory services – this will not be possible in case of a refusal to provide such data.
We would also like our business partners to know that…
their personal data are processed by us for the following purposes:
- promotion and advertising of the activity, products and services of entities belonging to the MDDP group (in case of obtaining appropriate consent – pursuant to Article 6(1)(a) of the GDPR and no longer than until withdrawal of the consent) – the consent may be withdrawn at any time, but this will not affect the lawfulness of the processing performed on the basis of consent before its withdrawal;
- conclusion and performance of the contract concluded with them for the provision of services to MDDP (pursuant to Article 6(1)(b) of the GDPR and no longer than until the expiry of claims in connection with this contract);
- fulfillment of obligations imposed on MDDP by relevant regulations, e.g. tax law, the Accounting Act (pursuant to Article 6(1)(c) of the GDPR and no longer than by the statute of limitations of claims for public-law receivables);
- pursuit of our legitimate interests (pursuant to Article 6(1)(f) of the GDPR), i.e. promotion and advertising of our activity, services and products (no longer than until objection), pursuite of possible claims, archiving for the purpose of protecting our legal interest (no longer than until these purposes are met). As far as archiving purposes related to the protection of our legal interest are concerned, we are entitled to process the data automatically.
Providing personal data by our business partners is voluntary, but necessary for the conclusion and performance of the contract for the provision of services to us – this will not be possible in case of refusal to provide them.
We would also like persons who apply for employment at MDDP to know that…
their personal data are processed by us for the following purposes:
- conducting the recruitment process for the position candidate applies for, including contacting him/her in order to organize and conduct a recruitment interview (pursuant to Article 6(1)(a) of the GDPR and no longer than by the end of the recruitment process);
- performance of obligations resulting from the applicable provisions of law, related to the employment process, in particular the Labour Code (pursuant to Article 6(1)(c) of the GDPR, no longer than it is necessary for the full implementation of the purposes of processing in connection with employment);
- the pursuit of our legitimate interests (pursuant to Article 6(1)(f) of the GDPR, i.e. the pursuit of possible claims, archiving for the protection of our legal interest (no longer than by the time these purposes are met).
Personal data of candidates that we process are included in their CV, cover letter and in any other documentation that will be provided to us in connection with the recruitment process. If a candidate decides to give us access to special categories of data in the documents sent to us, e.g. includes his biometric picture or information on his health or political views in his CV , we will only be entitled to process them if he/she includes in the document a clause with express consent to the processing of these data. Then the basis for our data processing will be Article 9(2)(a) of the GDPR.
In connection with the recruitment processes, MDPP requires provision of certain personal data only. However, if you provide other data that are not required by MDDP, we consider that you have given your consent to the processing of such data, provided that you can withdraw it at any time without affecting the lawfulness of the processing carried out prior to the withdrawal.
The provision of personal data by applicants for employment is voluntary but necessary to enable them to participate in the recruitment process – this will not be possible if they refuse access to such data.
We would also like visitors of our websites and blogs to know that…
their personal data are processed by us for the following purposes:
- sending our newsletter which may contain commercial information (in the case of appropriate consent – pursuant to Article 6(1)(a) of the GDPR and no longer than until the withdrawal of the consent);
- promotion and advertising of activity, products and services of entities belonging to the MDDP group (in case of receiving appropriate consent – pursuant to Article 6(1)(a) of the GDPR and no longer than until withdrawal of the consent);
- the pursuit of our legitimate interests (pursuant to Article 6(1)(f) of the GDPR), i.e. promotion and advertising of our activity, services and products (no longer than until objection), answering messages and enquiries sent to us, monitoring traffic on our websites and blogs, ensuring their proper functioning and adapting them to the needs and interests of specific visitors, pursuing possible claims, archiving in order to protect our legal interest (no longer than by the time these purposes are met). As far as archiving purposes related to the protection of our legal interest are concerned, we have the right to process data automatically, including by means of profiling in accordance with the principles described below.
Please note that if personal data are processed on the basis of consent, this consent may be revoked at any time, but this will not affect the lawfulness of the processing that was carried out on the basis of the consent prior to its revocation.
Personal data are usually collected by us when you browse our websites and blogs and sometimes sent to us directly to the e-mail addresses provided there or by contact forms.
Our profiling is based on the verification and adjustment of content to preferences on the basis of feedback from users.
The provision of personal data by visitors of our websites and blogs is voluntary, but necessary for the purposes mentioned above – this will not be possible in the event of a refusal to provide such data.
We would also like the representatives of the media we contact to know that…
their personal data are processed by us for the following purposes:
- promotion and advertising of the activity, products and services of entities belonging to the MDDP group (in case of obtaining appropriate consent – pursuant to Article 6(1)(a) of the GDPR and no longer than until withdrawal of such consent) – the consent may be withdrawn at any time, and this will not affect the lawfulness of the processing performed on the basis of the consent prior to its withdrawal;
- pursuit our legitimate interests (pursuant to Article 6(1)(f) of the GDPR), i.e. promotion and advertising of our activity, services and products (no longer than until objection), answering messages and enquiries sent to us, archiving for the protection of our legal interest (no longer than until these purposes are met).
Personal data of media representatives have been collected by us from themselves or through the media (websites, press), in which they publish their content, often indicating contact details.
Providing personal data by the representatives of the media we contact is voluntary, but necessary to achieve the abovementioned purposes – this will not be possible in case of refusal to provide them.
We would also like everyone who enters our office to know that…
we use a video surveillance system and registration of entrances and exits from the office to ensure the safety of persons, objects and confidential documentation. Therefore, for the abovementioned purpose, we also collect and process personal data (image) of persons who enter our office, which is our legitimate interest. The processing of such data therefore takes place on the basis of Article 6(1)(f) of the GDPR and no longer than it is necessary to protect the office.
As we have already mentioned, in all matters related to personal data protection, including the exercise of the rights of persons whose personal data are processed, please contact us by e-mail: biuro@mddp.pl or by post to the address of our registered office indicated at the beginning of our Privacy Policy.
Cookies Policy
Below please find information on how MDDP – the company under the business name of MDDP Michalik Dłuska Dziedzic i Partnerzy Spółka Doradztwa Podatkowego spółka akcyjna with its registered office in Warsaw (00-082), at Senatorska 18a, entered in the Register of Entrepreneurs of the National Court Register maintained by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register, under number: 0000755371, with NIP tax identification number: 5213287732, with REGON business identification number: 015699764, share capital: PLN 100,100.00 paid in full and entities from the MDDP group: MDDP Spółka z ograniczona odpowiedzialnością Finanse i Księgowość sp.k. (00-838 Warsaw, ul. Prosta 69, KRS National Court Register Number 0000267836) (“MDDP”) use Cookies on their website www.mddp.pl (“Website”).
- The Website shall not automatically collect any information, except for the information contained in Cookies. The above may be accepted or not accepted in the web browser settings.
- Cookies shall mean IT data, in particular in the form of text files, saved on the User’s computer disk using a web browser. Cookies shall not collect personal data, but information such as the name of the website the cookies originate from, the time of their storage on the end device and the unique number.
- MDDP shall be the entity placing Cookies on the User’s end device and accessing them. Cookies shall be used only by MDDP.
- Cookies on the Website shall be used:
- to adapt the content of the Website pages to the User preferences and to optimize the use of websites; in particular, they allow the device of the Website User to be recognized and the website to be properly displayed in a manner adapted to one’s individual needs.
- to create statistics which shall help to understand how Website Users use the pages, which allows their structure and content to be improved;
- to maintain the Website User session (after logging in), thanks to which the User shall not have to re-enter the login and password on each subpage of the Website.
- Within the Website, two main types of Cookies are collected: Persistent Cookies which shall be stored in the User’s end device for the time specified in the cookie file parameters or until they are deleted by the User and session cookies which shall be stored in the User’s end device until logging out, leaving the website or turning off the software (web browser).
- The website collects by default strictly necessary Cookies – i.e. ones which shall be necessary to enable the User to navigate the webpages and use their functions, such as gaining access to protected webpages. Registration and logging services could not be provided without them. These types of cookies shall not collect any information about the User that could be used for marketing purposes, nor shall they remember sites visited by the user on the Internet.
- In addition to Cookies, which shall be necessary for the operation of the Website, we can use the following types of cookies to ensure the convenience of using MDDP services:
- functional cookies – they shall remember the options selected by the user (such as user name, language preferences or region of origin) and provide options tailored to the user. They shall be used to remember changes made by the user in terms of font size and type, as well as other parts of websites that the user can adapt to one’s needs. They can also provide such services that the user shall need like watching movies or commenting on a blog. The information they collect may be retained as anonymous. These files cannot track other websites viewed by the user.
- performance cookies – they shall collect information about how the User uses websites, for example which pages one visits most often or whether he receives error messages. They shall not collect user identification information. Any and all collected information shall ne anonymous. Their task shall be to improve the efficiency of websites.
- cookies for targeting advertisements – they shall be used to present advertisements or messages tailored to the user and one’s interests. Sometimes, cookies for targeting advertisements shall be linked to other websites, such as Facebook.
- In many cases, the software used to browse websites (web browser) shall by default allow cookies to be stored in the User’s end device. Users can change their Cookie settings at any time. These settings can be changed in particular in such a way as to block the automatic handling of Cookies in the settings of the web browser or to provide information every time they are placed in the User’s device.
- More information about Cookies shall be available in the help menu of any browser or for the most popular browsers at the following addresses:
- Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
- Google Chrome: http://support.google.com/accounts/bin/answer.py?hl=pl&answer=61416
- Internet Explorer: https://support.microsoft.com/pl-pl/help/17442
- Safari: https://support.apple.com/kb/index?page=search&type=organic&src=support_searchbox_main&locale=en_US&q=cookies
- Opera: https://help.opera.com/pl/latest/web-preferences/#cookies
- Website Users may independently and at any time change their cookie settings, specifying the conditions of their storage and their access to the device. Changes to the settings referred to above may be effected by the Users via the web browser settings or by means of service configuration.
- Please be advised that any restrictions on the use of cookies may affect some of the functionalities available on the Website.
- Cookies placed in the User’s end device may also be used by companies from the MDDP group for the purposes indicated above.