Skip to content
Home » Lex Corporation Data Protection Policy

Lex Corporation Data Protection Policy

1. Introduction

Lex Corporation (“Lex”, “we”, “us”, or “our”) is committed to protecting the privacy and security of personal data (“Personal Data”) in accordance with applicable data protection laws and regulations, including:

  • The General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”)
  • The Polish Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws of 2018, item 1000, as amended) (“PDPA”)
  • And other relevant legislation
    This document outlines Lex Corporation’s data processing principles and practices regarding the collection, use, disclosure, and storage of Personal Data.

2. Data Controller

The data controller within the meaning of the GDPR and the PDPA is Lex Corporation, with its registered office at [Address].

3. Categories of Personal Data Processed

Lex Corporation may process the following categories of Personal Data:

  • Identification Data: Name, date of birth, place of birth, nationality, ID/Passport number, etc.
  • Contact Data: Email address, phone number, postal address.
  • Employment Data: Resume, CV, work experience, education, skills, etc. (if applicable)
  • Financial Data: Bank details, payment information (if applicable).
  • Immigration Data: Visa applications, residency permits, work permits, etc. (if applicable).
  • Legal Case Data: Information related to legal cases, such as court documents, correspondence with authorities (if applicable).
  • Other Data: Any other information that may be necessary to provide the requested services.

4. Purposes of Processing Personal Data

Lex Corporation processes Personal Data for the following purposes:

  • Providing legal services, including legal advice, representation in court, and assistance with legal proceedings.
  • Providing immigration services (if applicable).
  • Providing recruitment services (if applicable).
  • Providing HR services (if applicable).
  • Marketing and communication, including sending newsletters, updates, and information about Lex Corporation’s services (with prior consent).
  • Complying with legal and regulatory obligations, including anti-money laundering regulations.
  • Protecting the legitimate interests of Lex Corporation, such as preventing fraud and ensuring the security of its systems.

5. Legal Basis for Processing Personal Data

Lex Corporation processes Personal Data based on the following legal grounds:

  • Performance of a contract: Processing is necessary for the performance of a contract to which the data subject is a party or for the taking of pre-contractual steps at the request of the data subject.
  • Legitimate interests: Processing is necessary for the purposes of the legitimate interests pursued by Lex Corporation, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
  • Legal obligation: Processing is necessary for compliance with a legal obligation to which Lex Corporation is subject.
  • Consent: Processing is based on the freely given, specific, informed, and unambiguous consent of the data subject.

6. Data Security

Lex Corporation implements appropriate technical and organizational measures to ensure the security of Personal Data and to protect it against unauthorized access, use, disclosure, alteration, or destruction. These measures include:

  • Data encryption: Employing encryption technologies to protect data during transmission and storage.
  • Access control: Implementing access controls to restrict access to Personal Data to authorized personnel on a need-to-know basis.
  • Regular security audits: Conducting regular security audits and assessments to identify and address potential vulnerabilities.

7. Data Retention

Lex Corporation retains Personal Data for the period necessary to fulfill the purposes for which it was collected or as required by applicable law.

  • Specific retention periods may vary depending on the nature of the Personal Data and the purpose of processing.

8. Data Subject Rights

Data subjects have the following rights under the GDPR and the PDPA:

  • Right of access: The right to obtain confirmation as to whether or not Personal Data concerning them is being processed, and, where that is the case, access to the Personal Data and certain information.
  • Right to rectification: The right to obtain the rectification of inaccurate Personal Data concerning them.
  • Right to erasure (“right to be forgotten”): The right to obtain the erasure of Personal Data concerning them under certain circumstances.
  • Right to restriction of processing: The right to obtain restriction of processing of Personal Data concerning them under certain circumstances.
  • Right to data portability: The right to receive the Personal Data concerning them, which they have provided to Lex Corporation, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller.
  • Right to object: The right to object, on grounds relating to their particular situation, to processing of Personal Data