GDPR information obligation

In light of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”) taking effect on 25 May 2018, we hereby inform you of the following:

1. The Controller of your personal data discussed below is Magdalena Korobowicz, operating the business activity registered under the name of Kancelaria Notarialna Magdalena Korobowicz Marek Piwko Notariusze s.c., adres: ul. Solariego 4, 02-070 Warszawa, NIP:  7011182646, Regon: 527333251.

2. The Controller has not appointed a Personal Data Protection Inspector. In matters concerning personal data protection, please contact us by e-mail at notariusz@korobowicz.pl

3. Your personal data is processed for the following purposes:

a. actions taken upon your request associated with presentation of the offer and conclusion of the agreement with the Controller (pursuant to GDPR art. 6 section 1 point b))

b. performance of the agreement concluded with the Controller (pursuant to GDPR art. 6 section 1 point b))

c. marketing and promotion of the services provided by the Controller (pursuant to GDPR art. 6 section 1 point f)).

d. pursuing claims (pursuant to GDPR art. 6 section 1 point f))

e. internal administrative objectives of the Controller, including statistical objectives (pursuant to GDPR art. 6 section 1 point f))

4. Your personal data may be accessed to entities processing personal data on behalf of the Controller under personal data entrustment agreements.

5. Transferring personal data to third countries:

a. The Controller has the right to transfer your personal data required for performance of the service agreement to a third country or international organisation (Google, Facebook, etc.). Google and Facebook have entered the EU-U.S. Privacy Shield, and, pursuant to the decision of the European Commission of 12 July 2016 IP/16/2016, transferring personal data to entities seated in the United States, which have entered the aforementioned agreement, ensures appropriate protection of personal data in accordance with GDPR art. 45.

6. Your personal data will be processed in scope as follows:

a. offer preparation, conclusion and performance of the agreement concluded between you and the Administrator – for the time required for completion of the agreement, for the time and in scope required by provisions of the law or for purposes of securing potential claims and required by the tax law following completion of the agreement, and for 5 years counted from the end of the calendar year, in which a tax liability was created; if consent for data processing following expiration of the agreement is granted, until withdrawal of said consent.

b. direct marketing offered by the Administrator – until you file an objection towards processing for this purpose.

c. internal administrative purposes until fulfilment of the legitimate interests of the Administrator, which constitute grounds for said processing, or until you file an objection towards processing for this purpose.

7. You have the following rights: the right to access the content of your data, the right to request rectification of your data, the right to request deletion of your data, the right to restrict the processing of your data, the right to object to the processing of your data, the right to request transfer of your data, and the right to file a complaint to the supervisory authority.

8. If your data is processed based on your consent, you can withdraw said consent at any time. Please note that this has no effect on the legality of the data processed prior to the withdrawal of your consent.

9. Providing your personal data for purposes of processing associated with conclusion and performance of the agreement with the Administrator is strictly voluntary, but the agreement cannot be concluded and performed without this data.