Rules for processing your personal data

We take the security of and our legal responsibilities around your personal data with due seriousness. This statement explains relevant information about our processing of your personal data.

In accordance with Articles 13 and 14 of Regulation (U) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter GDPR) please be informed that:


  1. Data Controller

The joint controllers of your personal data (hereinafter jointly Controller, Mazars or we) are:

-       Mazars Polska Sp. z o.o. seated in Warsaw, registered in the Register of Entrepreneurs of the National Court Register under KRS no. 0000083094, NIP: 5260019051, REGON: 010381827, share capital PLN 300,000.00, and

-       Mazars Audyt Sp. z o.o. seated in Warsaw, registered in the Register of Entrepreneurs of the National Court Register under KRS no. 0000086577, NIP 5260215409, REGON 011110970, share capital: PLN 1,268,000.00.

Contact with us is possible via e-mail:, by phone at +48 22 255 52 00 or through the enquiry form on the Mazars website at

  1. Purpose and basis of processing

Mazars collects and processes only your personal data, the processing of which is justified by one or more of the purposes described below and only if there is an appropriate legal basis for such processing from among those listed below.

Your personal data, as the case may be, is processed by us on the following legal grounds and for the following purposes:

1)     the Controller’s legitimate interest (point (f) of Article 6(1) GDPR), consisting of:

                          i.     providing information and contacts necessary to conduct business, including establishment and implementation of cooperation with the entity on whose behalf you are acting (hereinafter the Entity), including preparation of proposals for offers to the Entity, as well as management of this relationship, as well as handling and implementation of activities undertaken by you,

                         ii.     conducting activities to coordinate and streamline work within the Controller's organization, including operating the Controller's office, maintaining internal records (e.g., recording correspondence), conducting analytical and statistical activities, exercising rights and duties of an administrative, accounting and corporate nature, maintaining and using IT systems, managing access to Mazars's offices and ensuring security, quality, and developing the Controller's operations and services,

                        iii.     establishing, pursuing, enforcing or defending against claims, including in proceedings before courts and other public authorities,

                       iv.     taking actions by the Controller to improve functionality of services provided electronically and to facilitate the use of these services, including adaptation of the website to users' preferences,

                        v.     direct marketing - transmitting to you, according to your specified preferences, marketing and informational communications related to activities carried out by Mazars, in order to promote and develop our services and provide information that we think will be of interest to you, including in particular newsletters and invitations to workshops, conferences, seminars and other events. In any case, we will give you the opportunity to opt-out of our direct marketing services. You can unsubscribe either by replying by selecting one of the unsubscribe options found in the information we send you, or by using the "contact us " button on the Mazars website;

2)     compliance with a legal obligation to which the Controller is subject (point (c) of Article 6(1) GDPR), consisting of:

                          i.     keeping the Controller's accounts, resulting in particular from the Tax Ordinance Act of August 29, 1997, the Accounting Act of September 29, 1994, the Goods and Services Tax Act of March 11, 2004, including maintenance of accounting records relating to cooperation with the Entity,

                         ii.     ensuring compliance with legal, regulatory or organizational requirements to which we belong – in particular, data and document archiving, as we are required to retain certain records to demonstrate that our services are provided in compliance with legal, regulatory or professional obligations, and said records may contain personal data,

                        iii.     performing information duties (responding to letters and requests, providing information on how data is processed, etc.);

3)     processing is necessary for entering into and performing a contract with us, as well as for taking – at your request – other actions prior to entering into the contract (point (b) of Article 6(1) GDPR), including sending answers to your questions, making arrangements relating to the terms of cooperation, processing submitted applications for job offers at Mazars for the purpose of recruiting new employees, ensuring participation in events (including webinars) to which you have subscribed, handling any complaints;

4)     your consent (point (a) of Article 6(1) GDPR), given in particular by checking relevant function boxes, which in particular refers to the processing of your e-mail address and telephone number for the purpose of receiving commercial information from the Controller (including newsletters and information about the Controller's offers, about industry events and trainings organized by the Controller) and for analytical and statistical purposes related to their sending, as well as data provided by you voluntarily other than those necessary for the purposes specified in points 1-3 above.

Provision of data is voluntary, but failure to do so will result in the inability to carry out cooperation with you or the Entity.

  1. Scope of the processed data and its collection

Your personal data we process includes your contact details and data confirming your identity (which may be, in particular, your name, address, mailing address, email address, telephone number, date of birth, document number used to confirm your identity), as well as information concerning your function in the Entity, or other relationship between you and the Entity. As the case may be, we obtained this data directly from you or received it from the Entity.

For human resources management purposes, in particular for purposes of ongoing recruitment and subsequent employment, in addition to your contact and identification data, we also process your educational data, information about your work experience, professional authorizations held, and any other data you provide that is necessary or useful for recruitment processes and for employment at Mazars.

For accounting and payment-related purposes, we process payment processing data, in particular bank account numbers.

In addition, we process those information that is relevant to the services we provide, including personal data as: name, e-mail address, company name, position, country, and as far as this information is concerned, the controller of the personal data is exclusively Mazars Audyt Sp. z o.o. or Mazars Polska Sp. z o.o., depending on which company provides the services (i.e., in this case, there is no joint controllership).

We also process personal data that you have provided to us through our website The personal data we process as a result of your visiting our website depends on the data you provide to us.  If you access our site but do not interact further with us, we will only process the data contained in cookies which are necessary to be able to run our site (see ‘Cookies’ in section X below for more info).  Should you decide to interact with us by, for example, submitting a request form we will process the data you provide for the purposes stated on the form.  Some fields are mandatory as without them we will be unable to make further contact with you to answer your request. When you contact us we make certain fields of data mandatory to enable us to process your request. You may choose to provide us with additional personal data, including special category Personal Data.  Where you provide us with any special category Personal Data you give us your consent to process the same.

  1. Transfer of data to other entities

The Controller may provide your personal data only for the purpose of performing its tasks and to the extent necessary to do so to the following entities:

-       to authorized personnel of the Controller,

-       to entities belonging to the same capital group as the Controller, as well as other entities belonging to the Mazars network (in Poland and worldwide) within the meaning of the Act of May 11, 2017 on auditors, audit firms and public supervision in connection with close cooperation between these entities concerning joint implementation of business ventures, performance of organizational and administrative activities, service in the field of accounting, bookkeeping, human resources and IT services, as well as delegation of employees or associates to perform specific activities for the benefit of other entities. Should you make an enquiry through our website which concerns one of Mazars member firms we will forward the request to them on your behalf. Detailed information on Mazars network companies can be found at,

-       to entities engaged in providing services to the Controller (including its subcontractors), such as entities engaged in handling processes carried out in order to perform the activities for which the personal data are transferred, in particular to conduct a customer satisfaction survey and analyze its results, as well as entities providing IT and technical support services, cooperating legal and tax law firms, marketing companies, external auditors, postal services, couriers, insurers, banks, shipping companies, all of which must have access to your data in order to perform their duties,

-       to entities or bodies authorized under the law, in particular tax offices.

In connection with cooperation with other companies in the Mazars network, your personal data may also be transferred to so-called "third countries" (i.e. outside the European Economic Area covering the European Union, Norway, Liechtenstein and Iceland) to other companies in the Mazars network, which guarantee a high level of data protection with regard to compliance with requirements set forth by the relevant legislation.

When we transfer data outside the EEA, we will only transfer such personal data (i) to a country which the European Commission considers to have adequate data protection laws; or (ii) where we have put in place an appropriate data transfer mechanism, such as EU Standard Contractual Clauses, to ensure that your personal data is adequately protected.  

  1. Period of data processing

Your personal data will be stored for the period of carrying out activities for which they were collected, no longer than for the period necessary for implementation and settlement of cooperation, as well as until expiration of periods arising from the relevant legislation, i.e. until expiration of the statute of limitations for tax liabilities associated with accounting records, which may, where appropriate, be extended by the statute of limitations for civil law claims, unless the Controller is required under generally applicable laws to store such data for a longer period (in particular in connection with archiving obligations imposed on audit firms).

To the extent of your consent, your personal data will be processed for the period of presentation of the marketing offer, but no longer than until you withdraw your consent. You may withdraw your consent to present this offer at any time by sending an e-mail to:

After the expiration of the retention period, your personal data will be deleted or anonymized.

  1. Your rights related to data processing

In connection with our processing of your personal data, you have a number of rights related to it. You can:

-       access the personal data we hold about you;

-       ask us to correct any of your personal data we hold which are inaccurate;

-       request to have your personal data deleted;

-       put in place restrictions on our processing of your personal data;

-       ask us to transfer your data to another controller (data portability).

Furthermore, where data processing is carried out on the basis of:

1)     legitimate interest of the Controller – you have the right to object at any time to processing of your personal data for reasons related to your particular situation,

2)     legitimate interest of the Controller consisting of direct marketing – you have the right to object at any time to processing of your personal data,

3)     the consent you have given for processing of personal data – you have the right to withdraw it, but despite the withdrawal, the Controller will not be able to remove your data from the materials (including analyses) produced during validity of the consent.

Should you wish to exercise any of your data subject rights or have any questions in connection with the information we have provided, please contact us as described in section I of this statement.

If you believe that our processing of your personal data violates provisions of GDPR, you have the right to file a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw, phone +48 22 531 03 00, e-mail:

  1. Automated processing

Your data will not be subject to automated decision-making and profiling.

  1. Data security

We ensure appropriate technical and organisational controls are in place to protect your personal data from loss, misuse, alteration and unintentional destruction, such as the use of anti-virus, firewalls, secure servers, hard disk encryption software, password protection, physical access controls, two-factor authentication, intrusion and anomaly detection.

Our personnel who have access to your personal data have been trained to maintain the confidentiality of such data.  They will only be granted access to your personal data to the extent that they need this information to perform their duties properly. The persons who can consult your data are also bound by strict professional discretion.

Conditions to protect data to at least the same standard as we do are cascaded to all our contractors, (sub) processors and suppliers. 

Regular monitoring and testing of our security defence is carried out to ensure they continue to be effective against the latest threats.

Data transferred over the internet by us and through this website are protected using encryption technologies. No transaction carried out over the internet can ever be guaranteed to be secure.

  1. Children and our website

Mazars understands the importance of protecting children's privacy, especially in an online environment. Our sites are not intentionally designed for or directed at children. We do not knowingly collect or maintain information about anyone under the age of 16 through our website. If you are under 16 years of age you must obtain the consent of a parent or guardian to submit information via our website. Please ask them to review this information before you communicate with us.

  1. Cookies

Navigation on our website will result in cookies being placed on your computer. Cookies are small text files that are placed on your computer by the websites that you visit. For further details, please consult our Cookie Policy available at