projekt-bez-nazwy-2

Pursuing justice is our mission,
and defending your rights is our duty.

GDPR

I. General Provisions

The administrator of personal data collected within the Service is the law office “Kancelaria Adwokacka Adwokat Maria Ignaszak,” located at ul. Radwańska 4 lok. 1, 90-453 Łódź, Poland, Tax Identification Number (NIP): 6182199191, hereinafter referred to as the “Administrator.” The User’s personal data is processed in accordance with the Personal Data Protection Act of August 29, 1997 (Journal of Laws No. 133, item 883, as amended), the Act on the Provision of Electronic Services of July 18, 2002 (Journal of Laws No. 144, item 1204, as amended), and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons concerning the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) – referred to as “GDPR” or “GDPR Regulation.” The official text of the GDPR Regulation is available at: https://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679. Using the Service is voluntary. Similarly, providing personal data by a User using the Service is voluntary, with two exceptions: (1) Entering into agreements with the Administrator – Failure to provide personal data necessary to conclude and execute an agreement with the Administrator will result in the inability to enter into such an agreement. Providing personal data in such cases is a contractual requirement; if the data subject wishes to enter into an agreement with the Administrator, they are obligated to provide the required data. (2) Statutory obligations of the Administrator – Providing personal data is a statutory requirement resulting from universally applicable legal provisions imposing an obligation on the Administrator to process personal data (e.g., processing data to maintain tax or accounting records). Failure to provide such data will prevent the Administrator from fulfilling these obligations. The Administrator exercises particular care to protect the interests of individuals whose personal data is processed. In particular, the Administrator ensures that the collected data is: (1) processed lawfully; (2) collected for specified, legitimate purposes and not further processed in a manner incompatible with these purposes; (3) factually correct and adequate for the purposes for which it is processed; (4) stored in a form that permits identification of data subjects for no longer than necessary for the purposes of processing; (5) processed in a manner ensuring adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures. Considering the nature, scope, context, and purposes of processing, as well as the risk of violating the rights or freedoms of natural persons with varying likelihood and severity, the Administrator implements appropriate technical and organizational measures to ensure that processing complies with this Regulation and can demonstrate such compliance. These measures are reviewed and updated as necessary. The Administrator applies technical measures to prevent unauthorized persons from acquiring and modifying personal data transmitted electronically. The Service collects information about Users and their behavior in the following ways: 6.1. through information voluntarily entered into forms; 6.2. through the use of cookies stored on end-user devices.

II. Legal Basis for Data Processing

The Administrator is authorized to process personal data when, and to the extent that, at least one of the following conditions is met: (1) The data subject has given consent for the processing of their personal data for one or more specific purposes; (2) Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract; (3) Processing is necessary for compliance with a legal obligation to which the Administrator is subject; (4) Processing is necessary for the purposes of legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, requiring the protection of personal data, particularly if the data subject is a child. The processing of personal data by the Administrator always requires the existence of at least one of the grounds indicated in Section 2.1 of this privacy policy. Specific grounds for processing Users’ personal data are outlined in subsequent sections of the privacy policy, corresponding to the particular purposes of data processing.

III. Purpose and Scope of Data Collection

Each time, the purpose, basis, retention period, scope, and recipients of the personal data processed by the Administrator depend on the activities undertaken by a given User in the Service. The Administrator may process personal data within the Service for the following purposes, under the following legal bases, retention periods, and scopes:
Purpose Expand
Performance of a legal service agreement Show details
Legal Basis and Retention Period: Article 6(1)(b) GDPR (performance of a contract). Data is retained for the period necessary to execute, terminate, or otherwise expire the contract.
Scope of Data Processed: Full name; email address; phone number; delivery address (street, building number, apartment number, postal code, city, country), home/business address (if different). For non-consumer Users or Clients, the company name and tax identification number (NIP).
Direct Marketing Show details
Legal Basis and Retention Period: Article 6(1)(f) GDPR (legitimate interest of the Administrator). Data is retained for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims arising from the Administrator’s business activity.
Scope of Data Processed: Email address.
Newsletter Show details
Legal Basis and Retention Period: Article 6(1)(a) GDPR (consent). Data is retained until the consent is withdrawn by the data subject.
Scope of Data Processed: Name, email address.
Submission of Client Feedback on an Agreement Show details
Legal Basis and Retention Period: Article 6(1)(a) GDPR (consent). Data is retained until the consent is withdrawn by the data subject.
Scope of Data Processed: Email address.
Maintaining Tax Records Show details
Legal Basis and Retention Period: Article 6(1)(c) GDPR in conjunction with Article 86 §1 of the Tax Ordinance Act. Data is retained for the period required by applicable tax laws.
Scope of Data Processed: Full name; address of residence/business/registered office (if different from delivery address), company name, and tax identification number (NIP).
Establishing, Pursuing, or Defending Claims Show details
Legal Basis and Retention Period: Article 6(1)(f) GDPR (legitimate interest of the Administrator). Data is retained for the duration of the legitimate interest pursued by the Administrator.
Scope of Data Processed: Full name; phone number; email address; delivery address (street, building number, apartment number, postal code, city, country), home/business address (if different). For non-consumer Users or Clients, the company name and tax identification number (NIP).
The Administrator processes the following personal data: (1) Email address; (2) First name; (3) Last name; (4) Residential address, including street, building number, apartment number, city, postal code, and country; (5) Phone number; (6) Personal identification number (PESEL); (7) Identity card series and number. If a Client requests an invoice, the Administrator also processes the following additional data: (1) Company name; (2) Tax identification number (NIP); (3) Business address (street, building number, apartment number, city, postal code, and country).

IV. Information in Forms

  1. The Service collects information voluntarily provided by Users.
  2. The Service may additionally record information about connection parameters (e.g., timestamp, IP address).
  3. Data provided in forms is not disclosed to third parties without the User’s consent.
  4. Data provided in forms is processed for purposes resulting from the specific form’s function, such as business contact, marketing of the Administrator’s and its Partners’ products and services.
To ensure the proper functioning of the Service, including fulfilling concluded agreements, the Administrator utilizes the services of external entities (e.g., accounting firms, software providers, couriers, or payment processors). The Administrator collaborates only with processors that provide sufficient guarantees of implementing appropriate technical and organizational measures so that the processing complies with GDPR requirements and safeguards the rights of data subjects. Data sharing by the Administrator does not occur in all cases and is limited to the extent necessary to achieve a specific purpose. If recipients independently collect personal data (e.g., through their channels to offer products or services), they act as independent data controllers, bearing their own responsibility for processing such data.

V. Rights of the Data Subject

Each individual has the right to control the processing of their data, including the following rights: 1.1. Access, Rectification, Restriction, Erasure, or Data Portability – The data subject has the right to request access to, rectification, erasure (“right to be forgotten”), or restriction of their data processing and has the right to object to processing. They also have the right to data portability. The detailed conditions for exercising these rights are specified in Articles 15-21 of the GDPR. 1.2. Right to Withdraw Consent – Where processing is based on consent (Article 6(1)(a) or Article 9(2)(a) GDPR), the data subject may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. 1.3. Right to Lodge a Complaint – The data subject has the right to lodge a complaint with a supervisory authority in accordance with GDPR provisions and applicable national laws. In Poland, this is the President of the Personal Data Protection Office. 1.4. Right to Object – The data subject may object at any time, on grounds relating to their particular situation, to processing based on Article 6(1)(e) or (f) GDPR, including profiling. The Administrator may no longer process such data unless it demonstrates compelling legitimate grounds for processing that override the data subject’s interests, rights, and freedoms, or for establishing, exercising, or defending legal claims. 1.5. Objection to Direct Marketing – If data is processed for direct marketing purposes, the data subject may object to such processing at any time, including profiling related to such marketing. Withdrawal of consent does not entail negative consequences; however, it may result in the inability to use certain services requiring consent, such as receiving newsletters or invitations.

VI. Information on Cookies

  1. The Service uses cookies (small text files stored on the User’s end device). Cookies contain the website’s name, storage duration, and a unique identifier.
  2. Cookies serve purposes such as: 4.1. Creating statistics to improve the structure and content of the website; 4.2. Tailoring website content to user preferences; 4.3. Profiling Users to display personalized advertising.
The Service uses “session cookies” (temporary) and “persistent cookies” (stored for longer periods). Users may configure their browser settings to delete or block cookies. For more information, visit the browser’s help section.

VII. Final Provisions

This Privacy Policy is effective from November 19, 2023. The Administrator reserves the right to amend the Policy for the following reasons: (1) Expanding or modifying Service functionality; (2) Introducing new or modifying existing services; (3) Adjusting to technical requirements; (4) Aligning with legal or regulatory changes; (5) Correcting errors or discrepancies; (6) Reflecting administrative or judicial rulings; (7) Following best practices. Changes will be communicated via:
  • A notice after login with a link to the updated Policy;
  • Information on the Service website;
  • Email notifications to registered Users

Detailed Reasons for Policy Amendments

The Administrator recognizes the following specific scenarios where amendments to the Privacy Policy may occur:
  1. Extension or Modification of Service Functionality The Administrator may introduce new tools, features, or integrations that require updates to the Privacy Policy.
  2. Introduction of New Services or Modifications to the Scope of Existing Services Changes such as the addition of paid services, alterations to service delivery terms, or the removal of certain functionalities necessitate revisions to the Policy to ensure transparency.
  3. Adjustments to Technical Requirements for Service Operation Updates to accommodate new technologies, devices, or software may lead to adjustments in how the Service processes or protects data.
  4. Legal and Regulatory Compliance The Administrator must adapt the Privacy Policy to comply with evolving legal frameworks, regulations, and directives, particularly concerning personal data protection and electronic services.
  5. Correction of Errors, Inaccuracies, or Omissions Non-substantive changes may be made to rectify minor errors or improve the clarity of terms without altering the rights or obligations of Users.
  6. Adapting to Judicial or Administrative Rulings If courts or supervisory authorities issue rulings or guidance affecting the Service, the Privacy Policy will be updated to reflect these changes.
  7. Adoption of Industry Best Practices The Administrator aims to follow the highest standards of data protection and user service, which may lead to proactive updates to align with industry best practices.
  8. Changes to Administrator Contact Information Updates to the Administrator’s address, email, or other identifiers will be reflected promptly in the Privacy Policy.

Communication of Policy Changes

The Administrator will notify Users of amendments to the Privacy Policy through the following channels:
  1. Prominent Notification in the Service Interface Users will see a visible announcement upon logging into the Service, including a summary of changes and a link to the updated Privacy Policy.
  2. Update Published on the Service Website The revised Privacy Policy or a summary of changes will be made accessible in the designated Privacy Policy section of the Service website.
  3. Email Notification to Registered Users For Users who have registered with the Service, an email containing details of the changes or the revised Privacy Policy will be sent to the email address provided during registration.

User Acknowledgment and Acceptance of Changes

By continuing to use the Service after changes to the Privacy Policy are communicated, the User acknowledges and accepts the revised terms. If a User does not agree with the updated Privacy Policy, they have the right to discontinue using the Service.
For further clarification or inquiries regarding this Privacy Policy or its amendments, Users may contact the Administrator directly via the contact details provided in the Service.