• flaga
  • flaga
  • flaga

Privacy and Cookies Policy

PRIVACY AND COOKIES POLICYDPPA LEGAL GRZONEK ŚWIDNICKI SPÓŁKA KOMANDYTOWA WITH ITS REGISTERED OFFICE IN WARSAWIN CONNECTION WITH THE USE OF THE WEBSITE(“Policy”)

  1. General Provisions

    One of the priorities of the company under the name DPPA LEGAL GRZONEK ŚWIDNICKI spółka komandytowa, with its registered office in Warsaw (the “Controller“), is to ensure the compliance of data processing and privacy of persons (the “User“) visiting the website operated by the Controller and located at the link: http://www.dppa.eu/ and its sub-sites (the “Website“) with applicable laws, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (the “General Data Protection Regulation”) (“GDPR“). This Policy contains terms and conditions for the processing of Users’ personal data, information on Users’ rights in relation to such processing of personal data, as well as information on cookies and logs. The Policy applies to the Website, including data transmitted through it. By using the Website, the User agrees to the terms set out in this Policy.
  2. Personal Data Controller and Contact

    The Controller of the Users’ personal data is DPPA LEGAL Grzonek Świdnicki spółka komandytowa with its registered office in Warsaw, address: ul. Koszykowa 54, 00-675 Warsaw, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, XII Economic Division of the National Court Register under the KRS number 0000973021, having tax no. NIP: 7010282162. In matters related to the processing of personal data, the Controller may be contacted by directing correspondence to the address indicated above or to the e-mail address biuro@dppa.eu.
  3. Scope of Personal Data Collected and Source of Collection

    The Website allows the User to contact the Controller and provide them with personal data such as identification data (name and position), contact data (telephone number, e-mail address, mailing address), as well as other data contained in the content of the message to the Controller and its attachments that the User chooses to provide.

    Your personal data has been obtained by the Controller directly from you as a User, e.g. via a contact form on the Website or contact details of the Controller provided on the Website.

    Voluntary Provision of Personal Data
    Legal Basis for Processing Voluntary Provision of Personal Data
    User consent The provision of personal data is voluntary, but necessary for the specific purposes of the processing for which consent has been given.
    Fulfilment of a legal obligation to which the Controller is subject The provision of personal data is a statutory requirement.
    Legitimate interests pursued by the Controller or by a third party The provision of personal data is a statutory requirement.
    Necessity for the performance of a contract to which the User is party or to take action at the request of the User prior to entering into a contract The provision of personal data is voluntary, but necessary to conclude a contract with the Controller.
  4. Purpose and Legal Basis for Processing Personal Data

    Users’ personal data may be processed for the following purposes:
    1. to provide answers to enquiries, to transmit the requested offer and to conduct correspondence for the purpose of settling the matter, based on the User’s voluntary consent and the Controller’s legitimate interest in fulfilling the Users’ requests (Article 6(1)(a) and (f) GDPR);
    2. to inform about the Controller’s activities, relevant events, legislative changes, send newsletters and legal rulings, newsletter subscription preferences – on the basis of the User’s voluntary consent (Article 6(1)(a) GDPR);
    3. to inform about the Controller’s activities through the posting of information content on the Website, as well as to provide services by electronic means with regard to making the content collected on the Website available to the Users (Article 6(1)(b) and (f) GDPR);
    4. to establish a relationship with the User or the User’s employer/principal (Article 6(1)(b) and (f) GDPR);
    5. to carry out recruitment of persons interested in working or cooperating with the Controller, to assess qualifications for the position covered by the application, to invite to an interview (legal basis Article 221 of the Act of 26 June 1974 – Labour Code in the case of employment based on an employment contract and Article 6(1)(b) GDPR in the case of employment based on a civil law contract, Article 6(1)(a) GDPR) – in the case of voluntary consent to the processing of personal data for purposes necessary for future recruitment processes;
    6. to establish or assert possible claims or to defend against such claims (Article 6(1)(f) GDPR);
    7. to analyse web traffic, ensuring security on the Website, for statistical purposes and adapting content to users’ needs on the basis of the Controller’s legitimate interest (Article 6(1)(f) GDPR);
    8. to fulfil a legal obligation to which the Controller is subject, e.g. in connection with obligations concerning anti-money laundering and counteracting the financing of terrorism obligations (Article 6(1)(c) GDPR).
  5. Recipients of Personal Data

    The recipients of the User’s personal data may be – only when necessary and to the necessary extent – entities cooperating with the Controller within the scope of services provided to the Controller and supporting the Controller’s current business processes, in particular IT service providers, the Controller’s subcontractors within the scope of services provided. In cases required by law, data may be transferred to law enforcement authorities or other public administration bodies.
  6. Data Protection Rights Under the GDPR

    The Controller would like to ensure the Users are fully aware of all their data protection rights. Under the GDPR, as a User you have the rights indicated below.
    1. Right of access – the User is entitled to obtain confirmation from the Controller as to whether or not personal data relating to the User is being processed and, if it is, they are entitled to access it and the following information:
      1. processing purposes;
      2. categories of personal data concerned;
      3. information on the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
      4. as far as possible, the intended period of retention of personal data and, where this is not possible, the criteria for determining that period;
      5. information on the right to request from the Controller the rectification, deletion or restriction of the processing of personal data concerning the data subject, and to object to such processing;
      6. information on the right to lodge a complaint with a supervisory authority;
      7. if the personal data has not been collected from the User, all available information about its source;
      8. information on automated decision-making, including profiling as referred to in Article 22(1) and (4) GDPR, and, at least in those cases, relevant information on the modalities of such decision-making, as well as on the significance and the envisaged consequences of such processing for the data subject

        In addition, if personal data is transferred to a third country or an international organisation, the data subject has the right to be informed of the appropriate safeguards referred to in Article 46 of the GDPR relating to the transfer.

        For the second and any subsequent copies of personal data subject to processing, requested by the User, the Controller may charge a reasonable fee based on administrative costs. If the User, requests a copy by electronic means and unless otherwise indicated, the information shall be provided in a commonly used electronic form.
    2. Right to rectification – the User has the right to request the Controller to rectify any personal data concerning them that is inaccurate; Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by providing an additional statement.
    3. Right to erasure (the so-called “right to be forgotten”) – the User has the right to request the erasure of their personal data processed by the Controller, in principle, if:
      1. personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
      2. the User has withdrawn the consent on which the processing is based and there is no other legal basis for the processing;
      3. the User has objected to the processing in accordance with section 5.a. below and there are no overriding legitimate grounds for the processing or the User has objected to the processing in accordance with section 5.b. below;
      4. personal data was processed unlawfully;
      5. personal data must be erased in order to comply with a legal obligation under European Union or Polish law;
      6. personal data was collected in connection with the offering of information society services, as referred to in Article 8(1) of the GDPR.
    4. Right to restriction of processing – the User has the right to request that the Controller restrict the processing of their personal data in the following cases:
      1. the User questions the correctness of the personal data – for a period of time allowing the Controller to check the correctness of the data;
      2. processing is unlawful, and the User objects to the erasure of the personal data, requesting instead a restriction of its use;
      3. the Controller no longer needs the personal data for the purposes of the processing, but it is needed by the User to establish, assert or defend claims;
      4. the User has objected to the processing in accordance with section 5.a. below – until it is determined whether the legitimate grounds on the part of the Controller override the grounds for the User’s objection.
    5. Right to object to the processing
      1. The User has the right to object – on grounds relating to a particular situation – to the processing of personal data concerning the User based on Article 6(1)(e) or (f) GDPR (i.e. where, respectively, (i) the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller or (ii) the processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, including profiling under these provisions. The Controller shall no longer be allowed to process such personal data unless the Controller demonstrates the existence of compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or grounds for the establishment, exercise or defence of claims.
      2. Where personal data is processed for direct marketing purposes, the User has the right to object at any time to the processing of personal data concerning them for such marketing, including profiling, to the extent that the processing is related to such direct marketing.
    6. Right to data portability – the User has the right to request that the Controller transfer personal data relating to them that the User has provided to the Controller, and the User has the right to send that personal data to another controller without hindrance from the Controller, if:
      1. the processing is based on the User’s consent or on a contract between the Controller and the User; and
      2. processing is carried out by automated means.

        If a request is made, the Controller has one month to respond. If, as a User, you wish to exercise any of these rights, please contact the Controller as indicated in section II of the Policy.
  7. Right to Lodge a Complaint with a Supervisory Authority

    It is possible to lodge a complaint with a supervisory authority if you consider that your personal data is being processed unlawfully. On the territory of the Republic of Poland, the supervisory authority is: Prezes Urzędu Ochrony Danych Osobowych [President of the Office for the Protection of Personal Data] ul. Stawki 2, 00-193 Warszawa electronic mailbox available at: https://www.uodo.gov.pl/pl/p/kontakt
  8. Period of Processing of Personal Data
    Basis for processingPeriod of processing of personal data
    Consent given by the User (Art. 6(1)(a) GDPR)User’s personal data will be stored until the consent to process personal data for specific, explicit and legitimate purposes is withdrawn. Consent to the processing of personal data may be withdrawn at any time.The withdrawal of the consent to data processing is performed by contacting us at http://www.dppa.eu/ or by corresponding with us at the address indicated in section II of the Policy. The withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.In addition, the Controller indicates that if you consent to the processing of your personal data for the purposes of future recruitment, the Controller will keep your data for a period of 2 years from the moment it is collected, unless your consent is withdrawn earlier.
    Legitimate interest of the Controller or a third party (Article 6(1)(f) GDPR)The User’s personal data will be processed for no longer than is necessary for the purposes for which the data are processed or until the User objects to the processing of personal data for those purposes, on grounds related to the User’s particular situation, unless the Controller demonstrates the existence of valid legitimate grounds for the processing overriding the User’s interests, rights and freedoms or grounds for establishing, asserting or defending claims.
    Obligation of the Controller (Article 6(1)(c) GDPR)The User’s personal data will be processed for the period resulting from generally applicable legal provisions.
    Performance of a contract to which the User is a party / taking action at the User’s request prior to entering into a contract (Article 6(1)(b) GDPR)The User’s personal data will be processed for the duration of the contract, and thereafter for the period of limitation of possible claims under generally applicable law.
    After the processing period, personal data will be deleted or anonymised.
  9. Transfers of Data Outside the European Economic Area

    The Controller transfers personal data outside the European Economic Area only when necessary and with an adequate level of protection, and in particular by: i. cooperation with processors of personal data in countries for which a relevant decision of the European Commission has been issued regarding the determination of an adequate level of protection of personal data; ii. use of standard contractual clauses issued by the European Commission; iii. application of binding corporate rules approved by the competent supervisory authority.
  10. Automated Decision-Making

    The Controller does not make decisions in an automated manner in individual cases, in particular the User’s personal data will not be profiled.
  11. Security of Processing

    The Controller shall implement appropriate technical and organisational measures, taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and seriousness, to ensure a degree of security appropriate to the risk. Any incidents affecting the security of the transmission of personal data processing in connection with the operation of the Website may be reported to http://www.dppa.eu/.
  12. Other Provisions

    In the case of data shared or transferred to the Controller by the Client (directly or indirectly), the Client assures DPPA (including its subcontractors) that it processes, including shares, such personal data lawfully and that there are no circumstances that would prevent the Controller from lawfully processing such data.
  13. Cookies and System Logs
    1. The Controller uses cookies as part of the Website.
    2. The Controller hereby indicates that cookies are IT data, in particular small text files stored on the User’s device when using the Website and any other similar technologies used to collect information about the User’s activity on the Website. Cookies may originate from the Controller or from the Controller’s trusted partners.
    3. Cookies related to the use of the Website can be divided into:
      1. temporary (session) – stored on the User’s device until the User logs out of the website or switches off the Internet browser, and
      2. permanent – stored for a defined period of time, which is determined by a parameter contained in the cookie file. The User also has the option of manually deleting all or selected cookies.
    4. Cookies are mainly used to enable the User to access the Website and to facilitate the User’s use of the Website. These are essential cookies installed to provide the User with access to the Website, and without these cookies it is not possible to use the Website.In addition, the User may voluntarily consent to optional cookies, which may be used for analytical purposes, so that by using the Website, the User may receive cookies from third parties, i.e. analytical service providers.
    5. The Website uses a consent management platform […] to facilitate the User’s management of preferences in terms of cookies. This platform allows the User to change their cookies settings, obtain detailed information on the cookies used on the Website, express and withdraw their consent to the Controller’s use of cookies, as well as change their previously selected settings.
    6. Furthermore, it should be possible to change the settings regarding cookies from the User’s web browser in such a way as to allow the User to reject, delete or block certain cookies. As some cookies are necessary for the operation of the Website, as a result of changing the settings in accordance with the above sentence, some services of the Website may cease to function properly or even make it impossible to use the Website. You can find more information on how to change your cookie settings from your browser at the following links (links to popular web browsers):
      1. Google Chrome – https://support.google.com/chrome/answer/95647?hl=pl
      2. Internet Explorer – https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
      3. Firefox – https://support.mozilla.org/pl/kb/ciasteczka?esab=a&s=ciasteczka&r=0&as=s
      4. Safari – https://support.apple.com/pl-pl/guide/safari/sfri11471/mac
      5. Opera – http://help.opera.com/Windows/12.10/pl/cookies.html
    7. In connection with the User’s use of the Website, standard information appears in the Website’s system logs (a special computer programme used to keep a chronological record containing information about events and activities that relate to the information system used to provide the Controller’s services):
      1. information about the number (including IP),
      2. the type of User’s terminal equipment from which the User connects to the Website,
      3. information about the type of browser and the version used,
      4. User’s operating system,
      5. the date and time the Website was called up,
      6. websites from which the User’s system navigated to the Website,
      7. duration of the User’s connection to the Website,
      8. web pages that were called up by the User’s system via the Website,
      9. time zone,
      10. access status or http status code,
      11. browser language
      12. and other usage data relating to User activity.

        The aforementioned data is not linked to any personally identifiable information of the User. This data is processed primarily for the use of the Website, as well as for technical, administrative, information and information system security and management purposes and for the collection of general statistical information and for analytical purposes.
  14. Policy Update

    This Policy may be updated from time to time and any changes to the Policy will become effective when published on the Website. Material changes will be clearly indicated at the beginning of the updated Policy and will be available for a reasonable period of time thereafter.  This Policy was last updated on 06.11.2023.