Information about personal data
We are committed to protecting the privacy and security of our Customers. We hereby inform you about the way your personal is processed by Andersen (hereafter: “Andersen”) when we provide our services. For information about personal data processing in connection with the operation of the website pl.andersen.com, see our Privacy Policy.
Andersen complies with the personal data protection regulations and rules, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: “GDPR”). Andersen protects personal data as confidential, taking care of its safe processing using appropriate technical and organisational measures.
1. Personal Data Collected
The below information is addressed to natural persons.
In business relations (e.g. if you are employees of Andersen’s Clients), your personal data was collected directly, and in some situations it was provided by Andersen’s Clientsr (usually your employer). In the latter case, the data includes: first name and surname, position, contact information.
2. Purposes and Base for Processing
Andersen processes your personal data for the purposes of: providing legal and tax advice, respecting legal obligations, and, sometimes, for the purpose of sending invitations and information about events organized by Andersen (such as conferences or training), as well as for the establishment, exercise or defense of legal claims.
Andersen processes personal data insofar as it is required to accomplish the aforesaid purposes, and provided that a valid legal basis exists, i.e. the processing is necessary to (as appropriate): perform a contract, respect our legal obligations (especially the tax-related ones), pursue our legitimate interest as described above. As regards sending information about events organized by Andersen, the processing is based on your consent.
3. Data Recipients
We do not transfer your personal data without your prior consent. Sometimes your personal data may be transferred to recipients, namely:
- Providers of services and solutions to Andersen: when our proper operation and performance of a contract binding us with you requires services of various service providers, including those that enable the use of electronic mail. Before we use the services of such entities, we verify that they will meet our safety and security requirements and guarantee proper handling of information. This ensures the security of your personal data.
- Upon your consent – to legal advisors we cooperate with and other entities which support us in providing our services (e.g. translators and interpreters).
On some occasions, your personal data may be transferred outside the European Economic Area. If this is the case, your personal data will be transferred to trusted entities only, which guarantee the adequate level of data protection, approved by the decision of the European Commission or guaranteed by using other protection measures, including Standard Contractual Clauses adopted by the European Commission, published on its website at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.
4. How long we keep your information for
At Andersen your personal data will be kept for the time necessary to fulfil the purpose for which it was collected. Thereafter, your data will be securely destroyed.
As we informed in sec. 2, the main purpose for processing is for Andersen to provide legal and tax advice. In this situation, the retention period is governed by the law (the Act on Legal Counsels, the Law on Advocates, the Tax Advice Act). For the services of legal advice the period is 10 years, and for tax advice – 5 years. The period is counted from the end of the calendar year in which the relevant proceedings ended or the service was completed.
Where your personal data is processed for the purpose of sending information and invitations to events organized by Andersen to natural persons, the data will be kept for the period of three years from the last correspondence unless the consent to such contact is withdrawn.
5. Security
Andersen has implemented the relevant measures to secure your personal data and the information you provide. We apply state-of-the-art solutions and continuously monitor their effectiveness. If vulnerability is discovered, we adapt our activities to ensure adequate level of confidentiality.
Moreover, the SSL protocol is used to connect with our Website. This ensures that your activity is secured against hacking by unauthorized parties.
We have no control over all the information we receive from you. However, we recommend that the data you supply be adequately secured. The primary solution in this respect is the encryption of your messages, especially attachments, and sending the access key using a different communication channel.
6. Rights of natural persons
At Andersen we are committed to respecting privacy and to guaranteeing you the exercise of your rights.
For more detailed information about processing your personal data, please contact us using the below contact details. You have the right of access to your personal data, which includes the right to obtain a copy of the data, to rectify the data or to have incomplete data completed. In situations provided for in the law, you also have the right to lodge an objection against processing, to request erasure of your personal data and to limit the processing thereof.
Additionally, insofar as your data is processed based on your consent, you may withdraw the consent. This, however, shall not affect the lawfulness of processing based on the consent before its withdrawal, but it will prevent us from sending you information about training and conferences.
If your personal data is processed in breach of the applicable laws, you have the right to lodge a complaint with the President of the Personal Data Protection Authority (www.uodo.gov.pl).
Andersen’s Data:
If you have any questions about personal data processing, you may contact us by email or phone. We may also provide more information in writing. Our contact details are as follows:
| For Katowice Office | For Warsaw and Toruń Office |
| The Data Controller: Andersen Tax & Legal Srokosz i Wspólnicy sp. k. ul. Chorzowska 150, 40-101 Katowice Contact: Email: Magdalena.Patryas@pl.andersen.com Phone: +48 (32) 731 68 50 | The Data Controller: Andersen Tax & Legal Matyka i Wspólnicy sp.k ul. Puławska 2, 02-566 Warszawa Contact: Email: Aleksandra.Kalinowska@pl.andersen.com Phone: +48 (22) 690 08 88 |
7. Changes to this information:
If the above information changes, Andersen shall adapt this document to new circumstances. You shall be informed if the purpose of processing of your personal data changes or the data is processed for a new, different purpose.
8. Applicability
This information applies solely to personal data processed by Andersen in connection with the services we provide to our Customers. For information about data processing in connection with operation of the website, including the use of the contact form and cookies, see the Privacy Policy.