I. Who is the data controller?
Controller of personal data is an entity that collects and process your personal data and decides on the manner and the purpose of their use.
Controller of your personal data is: My Legal Solutions spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw (address: ul. Hrubieszowska 2, 01-209 Warsaw), entered in the business register of the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, XII Commercial Division with number 0000242123, NIP: 5252342010, share capital of PLN 50,000.00.
The controller has not designated a data protection officer.
If, on the conclusion of the Booking Agreement (as defined in the Regulations governing the provision of services by electronic means of communication onMyLegalStore portal, further the “Regulations”) you opt for Extra Services defined in §13 of the Regulations, we will provide your personal data to our Partner(s) that will implement those services,so theycan start working with you. For instance, opting for an Extra Service to amend the articles of the company you bought from us, requires the provision of personal data to one of our Partners (including contact data) of the company shareholders (e.g. yours) in order to prepare and hold the general meeting of shareholders.
A full list of our Partners can be found here.
II. How can you contact us?
You can contact us by one of the following means of communications:
1) by ordinary mail to the address: My Legal Solutions sp. z o.o., ul. Hrubieszowska 2, 01-209 Warsaw,
2) through a contact form to be found at www.mylegalstore.com, and
3) by e-mail to the address: email@example.com
III. Why do we collect and process your personal data?
The purpose of collecting your personal data is the correct provision of a service consisting in the execution and performance of the Booking Agreement (as defined in the Regulations) and, subsequently, the execution and performance of the Share Sale Agreement (as defined in the Regulations). We need your data to perform these agreements, to contact you and to comply with statutory obligations we are bound by such as regarding the counteracting of money laundering and terrorist financing.
If you opted for Extra Services, your personal data would be processed by us to implement these services. In such a case, we will provide your personal data to our Partner that will directly provide these services to you.
IV. On what basis do we process your personal data?
The basis for the processing of your personal data is that processing is necessary for the performance of a contract, i.e. provision of the service consisting in the execution of the Booking Agreement. This legal basis is set out in Article 6 paragraph 1 letter b) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”).
In addition, we may process your personal data for the purposes of pursuing our legitimate interests,in accordance with the legal basis set out in Article 6 paragraph 1 letter f) GDPR. Our legitimate interests which justify the processing of your personal data include:
1) direct marketing or providing information and communication which includes promotion of our services. Should this information be sent to you electronically, we will not send it unless we receive your consent before we act.It may therefore happen that at one point we will ask you to give such a consent. Absence of your consent will by no means affect our provision of services to you. In addition, you can at any time notify us that you no longer wish to receive any information or communication containing promotion of our services;
2) counteracting fraud related to the use of personal data, such as identity theft and counteracting hacker attacks;
3) transfer of your personal data to our Partners to pursue our internal administrative purposes. We have to say here that Partners whom we transfer your personal data are our affiliated companies. Together we form one group of undertakings;
4) ensure security of our networks and IT systems against data leakage or violation of integrity of those networks and systems (such as network intrusions). This may involve giving access to data to persons running safety tests of our networks and IT systems or to persons servicing those networks or systems;
Sometimes, we process your personal data under the legal basis set out in Article 6 paragraph 1 letter e) GDPR i.e. when processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. This may happen in a situation where we use your personal data to apply protective measures related to counteracting money laundering and terrorist financing.
Whenever we process your personal data to pursue our legitimate interests, we are guided by the principle of proportionality. It means that we process your data for the above purposes only when your interests in respect of data confidentiality are not more important. If, for any reasons, we would become aware of your sensitive data (such as data pertaining to your health status or your political opinions), we will not process those data in any way and we will immediately destroy all copies of such data.
V. What categories of your personal data do we process?
In connection with the provision of services to you, we process the following categories of your personal data:
1) name and surname;
2) e-mail address;
3) telephone number;
4) residing address;
6) PESEL number;
7) in absence of PESEL number – date of birth;
8) country of birth;
9) type of identity document;
10) series and number of identity document;
11) validity date of identity document;
12) IP number;
13) in the case of natural persons carrying out economic activity:
a. NIP number;
b. business name;
c. place of business.
The above categories of personal data are necessary to provide the service and to comply with public-law obligations imposed on us, especially as regards the counteracting money laundering and terrorist financing. The processing is necessary, among other things, to prepare appropriate powers of attorney, share sale agreement, notification to business register of the National Court Register and other public authorities, notification to banks operating accounts of the company you buy. We also need those data to contact you.
VI. How do we collect your personal data?
We collect your personal data in two different ways.
Primarily, we obtain your personal data from a person who registers with MyLegalStore (user). On registration, a user provides their data. Then, after selecting one of the available service packages, a user fills in electronic form where they provide personal data of persons to whom the company will be sold. Those buyers may be natural persons. In such a case, we process their personal data.
Another way we collect your personal data is through direct contact with you. This occurs when your personal data provided by the user is insufficient to provide you with the service consisting in the sale of a limited liability company.
VII. Is the provision of data obligatory?
Providing your personal data is discretionary, however, failure to provide us with your data will prevent us from providing you with the services.
VIII. For how long do we retain your data?
We retain your personal data for as long as necessary to implement the services and, if you opted for, Extra Services.
Also, due to the fact that data may give rise to our claims against you or yours against us, your personal data will be stored by the time any potential establishment, exercise or defence of claims have become barred by the statute of limitations. The basis for such processing is set out in Article 17 paragraph 3 letter e) GDPR.
If personal data are processed for direct marketing purposes, we process your personal data until you notify us that you no longer wish to receive any information or communication containing promotion of our services.
IX. Who are the recipients of your personal data?
If we provide you with Extra Services, your personal data are transferred to our Partners responsible for providing such services.
We do not transfer your personal data to any third countries (from outside of the European Union) or international organisations.
X. What are your rights resulting from the processing of your personal data by us?
In connection with the processing of your personal data, you have the following rights:
1) you may request that we provide you with an access to your personal data,
2) you may request that we restrict the processing, rectify or erase your data (‘right to be forgotten’),
3) you are entitled to request that we move your personal data to another controller,
4) you have the right to lodge a complaint against unlawful processing of your personal data by us. The competent supervisory authority is the President of the Personal Data Protection Office.
You can exercise the above rights by notifying us through the means of communications specified in item II (How can you contact us?).Your requests will be considered forthwith, no later than within 3 weeks of receipt. You will receive an answer by the same means you used when lodging your request.
XI. Are your data subject to profiling or other automated decision-making processes?
We do not use your personal data for profiling or automated decision-making processes.
Cookies are installed on your end devices (computers, tablets, smartphones etc). We can access them whenever you visit MyLegalStore.
Cookies indicate their originating website, their unique number and retention time on your end device.
By ticking ‘I agree’ option, you agree to us using the cookies. You may withdraw your consent by changing settingsofthe browser installed on your end device. If you do this, however, you may lose or change some functionalities of our website. You will no longer be constantly logged in and automatic logging will be disactivated.