Author: kancelaria

Updated MoF methodology – due diligence in VAT transactions

Posted on by kancelaria

Recently (April 2019), the Ministry of Finance published updated “Evaluation methodology for due diligence compliance by purchasers of goods in domestic transactions”. The document explains what MoF considers in their evaluation of “due diligence”, when you unwittingly participate in a transaction aimed at VAT fraud or abuse, to exclude or limit your liability.

The document in full is available HERE

What is the methodology

The methodology determines guidelines for taxable persons on how to safely commence and continue business collaboration with counterparties to avoid problems with deducting input tax. It indicates two types of criteria, formal and transactional, that the taxpayer should consider in counterparty verification process.

Formal criteria – status of the counterparty

“Formal” steps that should be included in the process preceding dealings with new counterparties (or in appropriate extent repeated periodically in case of regular business) include:

  • Verification whether the entity is registered in relevant commercial register, like KRS or CEIDG, and also as a taxable person for VAT purposes (HERE);
  • Verification whether the counterparty is recorded in the list kept by The Head of the National Tax Authority of entities deleted from the register as taxable persons, or entities that  not been registered, or entities that had been re-registered (list available HERE);
  • Verification of any licence or permit required, etc. (in the context of the goods or services sold by the counterparty);
  • Verification of authorisations of the counterparty’s representatives (for example, on the basis of data in KRS or CEIDG registers – links above).

It is worth to make a memo and printouts / print screens / obtain relevant validation to confirm the actions undertaken, in particular in case of material or repeated transactions.

Transactional criteria – types of transactions and circumstances that should raise doubts of the taxpayer

Special caution should be exercised in the following circumstances:

  • Transaction was conducted without economic risk;
  • Payment is made in cash or has been divided in such way that individual parts of the price are below PLN 15,000;
  • Payment is made by bank transfer to two separate bank accounts, account of a third party, or an account abroad;
  • Price of the goods is considerably different than the market price without economic justification;
  • Goods offered are from an industry different than the usual industry of the supplier and had not been purchased before by the taxpayer if the change of the business profile is not economically justified;
  • Contact with the supplier or their representative was not appropriate considering the circumstances of a given transaction;
  • The supplier has registered office or a place of business at the address where there is no sign of actual business activity;
  • Payment terms are shorter than the terms offered by other suppliers from the same industry without economic justification;
  • Terms of the transaction are considerably different than those applied in the given industry to guarantee safe trading;
  • The supplier delivers goods that are non-compliant with the quality requirements of applicable laws;
  • The transaction is not documented by a contract, purchase order or other confirmation of its terms;
  • Share capital of the counterparty is disproportionally low considering the transaction’s circumstances;
  • The counterparty has no organisational and technical resources appropriate for the type and scale of the business;
  • The counterparty has no website (or is not present in social media) with information appropriate to the scale of its operations, despite the fact that it is common in the industry.

You know the criteria – what’s next?

The Ministry of Finance suggests that all criteria are just non-binding guidelines and compliance with them is not a determinant of positive outcome of potential tax audit, but it significantly increases the probability of finding that the taxpayer exercised “due diligence”.  In the case of material or “doubtful” transactions you should consider the use of the split payment mechanism.

What is important, every taxpayer may comply with due diligence requirements in a different way than by following the guidelines provided in the methodology. However, it is important to consider the above criteria when you develop internal procedures of counterparty selection or approval. In the age of broadly applicable compliance, it will be an “added value”.

Author:
Natalia Wojciechowska – legal adviser

Grzegorz Leśniewski – attorney at law

Brexit and GDPR

Posted on by kancelaria

Brexit will bring numerous political and social effects, but will also impact legal matters. It will also directly affect personal data controllers. If you as a data controller use services of companies that store/ process personal data in the United Kingdom, you should check whether your data processing agreement is ready for Brexit.

Despite Brexit postponement, it is still the most likely scenario – especially considering the results of the European Parliament election. Whether the deal determining the terms of the United Kingdom’s departure from the EU will be made or not is still a big unknown.

In the case of no deal Brexit, the UK will be given the so called “third country” status upon leaving the EU. This means that personal data transfer to the UK will require the application of:

  • Standard or ad hoc data protection clauses in the existing data processing agreements;
  • Binding corporate rules should data transfer occur within a group of associated entities;
  • Codes of conduct (with certification mechanisms);
  • Other special instruments available to public authorities.

Obviously in most cases the easiest solution seems to be amendment of the existing processing agreements with UK entities (as processors) with appropriate additional data protection clauses.

In terms of data transfer in the other direction, from the UK to EEA, based on the communication of the European Data Protection Board, according to the UK government, free data flow will be still possible

Author:
Grzegorz Leśniewski – attorney at law

What GDPR compliance means for my business?

Posted on by kancelaria

[vc_row][vc_column offset=”vc_col-xs-12″][vc_column_text]GDPR is a legal act which regulates personal data protection and basically grants people a set of rights. This allows them to limit, cease or modify processing of their personal data by data controllers and data processors. What does it mean though and how to be GDPR compliant?

Personal data

GDPR states that any and all data which allows to identify, either directly or non-directly, a natural person, is personal data. Some of such data might be name and surname, e-mail address, a phone number, IP address. Nowadays, a lot is considered as personal data – even so called “metadata” or some of the “cookies”. Thus, you need to carefully analyze what information that you collect falls under the definition.

Do I “process” personal data?

Processing data is, pretty much, everything you can do with it: managing, storing, collecting, modifying and deleting. But are you a data controller or data processor? Data controllers decide what is the data collected and used for and with what means. They have main interest in processing data. However, sometimes they ask other entities to do some processing activities for them. For example you may use a hosting provider to store your databases or an external IT support to manage servers. Such external companies that perform certain tasks with an access to or responsibility toward personal data are data processors.

When should I worry about GDPR compliance?

Basically, GDPR is usually applicable if the processing is done for business purposes at least partly by any automated means (for example data will be stored on a computer) and:

1. data controller is based within the EU; OR

2. processing concerns data subjects who are in the EU in the context of offering them goods or services (even for free) or monitoring their behavior (if the behavior takes place in the EU.

So if you are a data controller or a data processor and GDPR is applicable based on the above, you must take necessary steps.

How to become GDPR compliant?

Seems like you need to be GDPR compliant even if you are not from the EU? The first step is to ensure that you have a legal basis to process data. Most of data controllers other than public authorities base their actions on a consent of a person whose data is being processed (data subject), performance of a contract with a data subject and/or their legitimate interest. Whenever a data processor is involved, a data processing agreement (DPA) must be signed. GDPR specifies what must be included in a DPA.

When correct legal basis for processing is identified, you need to check if you provide the data subject with information on the scope of the processing and some other details regarding yourself. This is one of the key obligations you may have because GDPR is all about transparency – the idea is to make sure that people understand who and how processes their personal data and what are their rights.

The above might have sounded a little overwhelming, however, to be honest, this is just the beginning. GDPR sets a number of rules on how much data you can collect and what can you do with it. Moreover, there are public authorities in each country of the EU that can enforce GDPR. They can not only require you to stop processing activities that are not GDPR compliant, but also to show proper documentation or to pay huge fines.

What also is the fact, GDPR can be used as an opportunity to way to improve the quality of data you are processing and security levels within your company. You can call it a pain, or an opportunity, but in any case, make sure you are compliant 😉

Author:
Grzegorz Leśniewski – attorney at law [/vc_column_text][/vc_column][/vc_row]

Contact

Any questions?see phone number+48 663 683 888
see email address

Hey, have you
signed up to our newsletter yet?

    Check how we process your personal data here

    Ustawienia Prywatności

    Zdecyduj, które ciasteczka chcesz włączyćMożesz zmienić ustawienia w dowolnym momencie. Pamiętaj, że ograniczenie ciasteczek może zablokować korzystanie z niektórych funkcji. Aby uzyskać informacje na temat usuwania plików cookie, skorzystaj z funkcji pomocy w swojej przeglądarce.Dowiedz się więcej o używanych przez nas plikach cookie.

    Za pomocą suwaka można włączać i wyłączać różne typy plików ciasteczek:

    • Zablokuj wszystkie
    • Elementy zasadnicze
    • Funkcjonalne
    • Analityczne
    • Reklamowe

    Ta strona będzie:

    • Remember which cookies group you accepted

    Ta strona internetowa nie będzie:

    • Remember your login details
    • Essential: Remember your cookie permission setting
    • Essential: Allow session cookies
    • Essential: Gather information you input into a contact forms newsletter and other forms across all pages
    • Essential: Keep track of what you input in a shopping cart
    • Essential: Authenticate that you are logged into your user account
    • Essential: Remember language version you selected
    • Functionality: Remember social media settings
    • Functionality: Remember selected region and country
    • Analytics: Keep track of your visited pages and interaction taken
    • Analytics: Keep track about your location and region based on your IP number
    • Analytics: Keep track of the time spent on each page
    • Analytics: Increase the data quality of the statistics functions
    • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies.
    • Advertising: Gather personally identifiable information such as name and location

    Ta strona będzie:

    • Essential: zapamiętaj ustawienie uprawnień do plików cookie
    • Essential: Zezwalaj na pliki cookie sesji
    • Niezbędne: zbieraj informacje, które wprowadzasz do formularza kontaktowego, biuletynu i innych formularzy na wszystkich stronach
    • Essential: Śledź, co wkładasz do koszyka
    • Essential: Uwierzytelnij się, że jesteś zalogowany na swoje konto użytkownika
    • Essential: Zapamiętaj wybraną wersję językową

    Ta strona internetowa nie będzie:

    • Zapamiętaj swoje dane logowania
    • Funkcjonalność: Zapamiętaj ustawienia mediów społecznościowych
    • Funkcjonalność: Zapamiętaj wybrany region i kraj
    • Analytics: śledź odwiedzane strony i podejmowane interakcje
    • Analytics: śledź swoją lokalizację i region w oparciu o Twój numer IP
    • Analytics: Śledź czas spędzony na każdej stronie
    • Analytics: Zwiększ jakość danych funkcji statystycznych
    • Reklama: dostosuj informacje i reklamy do swoich zainteresowań na podstawie np. treść, którą odwiedziłeś wcześniej. (Obecnie nie używamy plików cookie służących do kierowania lub kierowania
    • Reklama: gromadzenie informacji umożliwiających identyfikację osoby, takich jak imię i nazwisko oraz lokalizacja

    Ta strona będzie:

    • Essential: zapamiętaj ustawienie uprawnień do plików cookie
    • Essential: Zezwalaj na pliki cookie sesji
    • Niezbędne: zbieraj informacje, które wprowadzasz do formularza kontaktowego, biuletynu i innych formularzy na wszystkich stronach
    • Essential: Śledź, co wkładasz do koszyka
    • Essential: Uwierzytelnij się, że jesteś zalogowany na swoje konto użytkownika
    • Essential: Zapamiętaj wybraną wersję językową
    • Funkcjonalność: Zapamiętaj ustawienia mediów społecznościowych
    • Funkcjonalność: Zapamiętaj wybrany region i kraj

    Ta strona internetowa nie będzie:

    • Zapamiętaj swoje dane logowania
    • Analytics: śledź odwiedzane strony i podejmowane interakcje
    • Analytics: śledź swoją lokalizację i region w oparciu o Twój numer IP
    • Analytics: Śledź czas spędzony na każdej stronie
    • Analytics: Zwiększ jakość danych funkcji statystycznych
    • Reklama: dostosuj informacje i reklamy do swoich zainteresowań na podstawie np. treść, którą odwiedziłeś wcześniej. (Obecnie nie używamy plików cookie służących do kierowania lub kierowania
    • Reklama: gromadzenie informacji umożliwiających identyfikację osoby, takich jak imię i nazwisko oraz lokalizacja

    Ta strona będzie:

    • Essential: Remember your cookie permission setting
    • Essential: Allow session cookies
    • Essential: Gather information you input into a contact forms, newsletter and other forms across all pages
    • Essential: Keep track of what you input in a shopping cart
    • Essential: Authenticate that you are logged into your user account
    • Essential: Remember language version you selected
    • Functionality: Remember social media settings
    • Functionality: Remember selected region and country
    • Analytics: Keep track of your visited pages and interaction taken
    • Analytics: Keep track about your location and region based on your IP number
    • Analytics: Keep track of the time spent on each page
    • Analytics: Increase the data quality of the statistics functions

    Ta strona internetowa nie będzie:

    • Zapamiętaj swoje dane logowania
    • Reklama: wykorzystuj informacje do dostosowanej reklamy ze stronami trzecimi
    • Reklama: pozwala łączyć się z serwisami społecznościowymi
    • Reklama: Zidentyfikuj urządzenie, z którego korzystasz
    • Reklama: Zbierz dane osobowe, takie jak imię i nazwisko oraz lokalizację

    Ta strona będzie:

    • Essential: Remember your cookie permission setting
    • Essential: Allow session cookies
    • Essential: Gather information you input into a contact forms, newsletter and other forms across all pages
    • Essential: Keep track of what you input in a shopping cart
    • Essential: Authenticate that you are logged into your user account
    • Essential: Remember language version you selected
    • Functionality: Remember social media settings
    • Functionality: Remember selected region and country
    • Analytics: Keep track of your visited pages and interaction taken
    • Analytics: Keep track about your location and region based on your IP number
    • Analytics: Keep track of the time spent on each page
    • Analytics: Increase the data quality of the statistics functions
    • Advertising: Use information for tailored advertising with third parties
    • Advertising: Allow you to connect to social sitesl Advertising: Identify device you are using
    • Advertising: Gather personally identifiable information such as name and location

    Ta strona internetowa nie będzie:

    • Zapamiętaj dane logowania
    Zapisz i zamknij