of the DPPW Legal and Tax Office Website
This Privacy Policy is for informational purposes and sets out the rules for the processing and protection of personal data of Users of the Website and services provided by the Law Firm, in particular tax advisory and accounting services (flat-rate package) and the online booking system.
The Policy complies with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR).
Who is responsible for your data?
The controller of Users' and Customers' personal data is:
DPPW Legal and Tax Office Tax Advisor Piotr Wójtowicz
ul. Teofila Aleksandra Lenartowicza 8 / 3, 43-300 Bielsko-Biała
NIP: 9372774955, REGON: 542929561
Email address: kancelaria@dppw.pl
Phone number: +48 881 738 079
The administrator acts as a contact point for the exercise of the rights of data subjects. All requests regarding data processing should be sent to the e-mail address indicated above.
Why and how do we process your data?
| Purpose of Data Processing | Scope of Data Processing | Legal Basis | Retention Period |
|---|---|---|---|
| Performance of the Agreement for the provision of tax, accounting, and legal advisory services | Identification data (first name, last name, company name, tax identification number, personal identification number, statistical number), contact details (address, e-mail, telephone number) and financial and accounting data necessary for the performance of the service. | Art. 6(1)(b) (Necessary for the performance of the contract) | For the duration of the contract. |
| Compliance with legal obligations (tax, accounting, reporting) | All accounting and tax documentation (invoices, VAT records, declarations). | Art. 6 sec. 1 lit. c (Legal obligation) resulting from the Accounting Act and the Tax Ordinance. | 5 years from the end of the calendar year in which the tax payment deadline expired (for a given settlement period). |
| Determination, investigation or defense against claims | Identification data, financial data, correspondence, contract records. | Art. 6(1)(f) (Legitimate interest of the ADO) | Until the expiry of the limitation period for claims arising from the contract or civil law provisions (usually 3 or 6 years). |
| Purpose of Data Processing | Scope of Data Processing | Legal Basis | Retention Period |
|---|---|---|---|
| Handling consultation appointment bookings and pre-contractual activities | Name and surname, e-mail address, telephone number, selected date/time, description of the case/issue. | Art. 6(1)(b) (Pre-contractual measures taken at the request of the data subject). | 1 year from the date of booking, if no contract for the Law Firm's services has been concluded, or until the claims related to the booking process become time-barred. |
| Unintentional acquisition of Sensitive Data (Art. 9 of the GDPR) | Information voluntarily disclosed by the User in the “Case description” field (e.g., health data related to benefits). | Art. 9(2)(f) (Investigation, establishment or defense of claims) or Art. 9(2)(a) (Explicit consent of the User, if necessary to handle the case). | For the period necessary to achieve the legal purpose. |
NOTE REGARDING THE “CASE DESCRIPTION” FIELD: When using the “Case description” field in the booking form, the User is asked to minimize the scope of data disclosed, and in particular not to provide special category data (sensitive data referred to in Article 9 of the GDPR), unless it is absolutely necessary for an initial understanding of the problem. If such data is disclosed, the Law Firm will process it solely for the purpose of performing the order or on the basis of explicit consent.
Who may have access to your data?
Personal data may be transferred to the following categories of recipients:
Can your data leave the EEA?
The Law Firm strives to minimize the transfer of personal data outside the EEA.
The website uses external services that may require a one-time transfer of your IP address outside the EEA (e.g., to the US), in particular the interactive Google Maps located in the contact section.
Legal basis for transfer: The transfer is necessary for the purposes of the legitimate interests pursued by the Controller (Article 6(1)(f) of the GDPR), consisting in providing Users with the possibility to quickly verify the location of the Law Firm and plan their journey.
The Controller ensures that the transfer is carried out in compliance with all legal safeguards, in particular through the use of Standard Contractual Clauses (SCC) approved by the European Commission.
What rights do data subjects have?
Every data subject has the right to:
If the data subject considers that the processing of personal data violates the provisions of the GDPR, they have the right to lodge a complaint with the supervisory authority in Poland:
President of the Personal Data Protection Office (UODO)
ul. Stawki 2, 00-193 Warsaw
How do we protect your data?
The administrator uses appropriate technical and organizational measures to ensure the security of the personal data being processed, including connection encryption (SSL certificate) and protection against unauthorized access and loss.
The Law Firm does not use automated decision-making or profiling that has legal effects on Users.
The Privacy Policy may be changed in the event of modifications to the law or changes in the scope of business activities. Users will be informed of any significant changes in advance.
If you have any questions about this privacy policy or the processing of your personal data, please contact us.
