Privacy policy

4. Basis of personal data processing

4.1 The processing of personal data by the Administrator takes place on the basis of legal provisions, i.e. in particular when:
4.1.1 it is necessary for the performance of a contract or to take steps prior to entering into a contract;
4.1.2 it is necessary for the purposes of the legitimate interests of the Administrator (e.g. taking action to provide legal services, pursuing claims in court proceedings);
4.1.3 (e.g. tax obligation, procedural obligations related to conducting court or administrative proceedings).
4.2 In addition, the processing of personal data by the Administrator may take place on the basis of the consent expressed by the Natural Person. In such cases, each Natural Person has the right to withdraw consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of the consent given before its withdrawal, nor does it affect the processing of personal data on the basis other than the consent of the Natural Person.

5. Personal data storage period

5.1 Personal data of Natural Persons will be stored for the period necessary to achieve the purposes for which they are processed, in particular for the period of:
5.1.1 needed to take action before concluding the contract, aimed at its conclusion;
5.1.2 performance of the contract concluded with the Administrator and the period in which the Natural Person or the Administrator has any rights or claims related to its performance, including for the period of limitation of claims;
5.1.3 implementation of statutory requirements imposed on the Administrator, in particular related to the obligation to maintain professional secrecy or resolving whether there is a conflict of interest between persons served by the Administrator;
for no longer than 10 years
5.2 After the expiry of the storage period of personal data, they will be immediately deleted by the Administrator.

6. Recipients of personal data

6.1 Personal data of Natural Persons may be transferred to the following categories of recipients:
6.1.1 persons authorized by the Administrator employed by the Administrator or cooperating with the Administrator on the basis of civil law contracts;
6.1.2 entities processing personal data on behalf of and on behalf of the Administrator and authorized persons employed in these entities (e.g. services of external companies, subcontractors, legal advisors, financial or accounting advisors, IT service providers, etc.);
6.1.3 state authorities or other public entities in order to meet legal requirements (including courts and administrative authorities conducting proceedings with the participation of the Administrator, including in particular proceedings in which the Administrator’s lawyers act as proxies).
6.2 Transferring or sharing personal data of Natural Persons is carried out with respect for the rights of Natural Persons and in accordance with applicable law. In particular, the transfer or sharing of personal data is carried out with respect for the principles of confidentiality and professional secrecy of legal advisers.

7. Personal data protection measures

7.1 The Administrator protects the personal data of Natural Persons against unauthorized access by third parties, as well as provides organizational and legal measures in accordance with applicable law, aimed at guaranteeing the confidentiality of personal data of Natural Persons and their use in a way that prevents access to this data by unauthorized persons.
7.2 The administrator implements and applies appropriate technical solutions to protect personal data. In particular, the Administrator uses technical and IT security as well as physical security.
/p>

8. Rights of Natural Persons regarding personal data

8.1 Each Natural Person may file a complaint regarding the processing of their personal data.
8.2 Each Natural Person also has the right:
8.2.1 to obtain from the Administrator confirmation whether personal data concerning him are being processed, and if this is the case, he is entitled to access them and information about:
(1) processing purposes;
(2) categories of personal data;
(3) about the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular about recipients in third countries or international organizations;
(4) as far as possible – about the planned period of personal data storage, and if this is not possible, the criteria for determining this period;
(5) the right to request the Administrator to rectify, delete or limit the processing of personal data concerning the data subject, and to object to such processing, and;
(6) the right to lodge a complaint to the supervisory authority;
(7) if the personal data have not been collected from the Natural Person – all available information about their source;
(8) automated decision-making, including profiling and relevant information on the rules for making decisions, as well as on the significance and expected consequences of such processing for the Natural Person;
8.2.2 lodging a complaint to the supervisory authority;
8.2.3 request the Administrator to immediately rectify their personal data that is incorrect; taking into account the purposes of processing, the Natural Person also has the right to request completion of incomplete personal data, including by submitting an additional statement;
8.2.4 not to be subject to automated decision – making, including profiling;
8.2.5 to object – for reasons related to their particular situation – to the processing of personal data concerning them in the cases specified in the regulations;
8.2.6 request the Administrator to immediately delete personal data concerning them (“the right to be forgotten”), if one of the following circumstances occurs:
(1) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
(2) the Natural Person has withdrawn the consent on which the processing is based and there is no other legal basis for the processing;
(3) the Natural Person objects to the processing and this objection is based on applicable regulations;
(4) personal data has been unlawfully processed;
(5) personal data must be deleted in order to comply with a legal obligation provided for in European Union law or the law of a Member State to which the Administrator is subject;
(6) the personal data has been collected in connection with the offering of information society services to a child in accordance with applicable regulations;
8.2.7 request the Administrator to limit the processing of personal data when:
(1) the Natural Person questions the correctness of personal data – for a period allowing the Administrator to check the correctness of this data;
(2) the processing is unlawful and the Natural Person opposes the removal of personal data, requesting the restriction of their use instead;
(3) the Administrator no longer needs personal data for the purposes of processing, but they are needed by the Natural Person to establish, pursue or defend claims;
(4) the Natural Person has objected to the processing in accordance with applicable regulations – until it is determined whether the legitimate grounds on the part of the Administrator override the grounds for the Natural Person’s objection;
8.2.8 request the Administrator to transfer in a structured, commonly used machine-readable format, personal data concerning him, which he provided to the Administrator, and to send this data to another administrator without any obstacles on the part of the Administrator, if:
(1) the processing is based on consent or on a contract; and
(2) the processing is carried out in an automated manner.

9. Complaints procedure

9.1 A complaint may be submitted:
9.1.1 in writing – to the Administrator’s address, i.e.: Wioletta Januszczyk, Kancelaria Radcy Prawnego Wioletta Januszczyk, ul. Pańska 96/83, 00-837 Warszawa;
9.1.2 in electronic form – to the e-mail address: kancelaria@rprwj.pl
9.2 It is recommended that the complaint contain at least:
9.2.1 an indication of how the personal data breach occurred and what the breach is about;
9.2.2 indication of data allowing to inform about the method of considering the complaint.
9.3 In the case of one of the requests specified in point 8.2 above, the complaint should include:
9.3.1 content of the request;
9.3.2 justification if necessary;
9.3.3 indication of data allowing to inform about the method of considering the complaint.
9.4 The Administrator may ask the complainant to provide additional information if it is necessary to consider the complaint or request.
9.5 If one of the requests specified in point 8.2 above is submitted, it is recognized in accordance with the provisions regarding the complaint procedure. In this case, the Administrator may ask the person submitting the request to prove their identity in order to verify whether they are authorized to submit this request.
9.6 The complaint is considered immediately, but not later than within 14 days from the date of notification.
9.7 If the complaint requires additional proceedings, the deadline for considering the complaint may be extended.
9.8 The applicant may at any stage obtain information from the Administrator about the status of his/her complaint.
9.9 Immediately after recognizing the complaint, the Administrator informs the applicant about the manner in which it was considered and about the actions that have been taken in connection with the complaint.
9.10 The administrator communicates with the person submitting the complaint in electronic form – to the e-mail address provided by the complainant. If the applicant fails to provide an e-mail address, the Administrator communicates with the applicant in writing.
9.11 No response to the complaint within 14 days from the date of receipt of the complaint means its consideration. If the Administrator does not take action in connection with the complaint of the Natural Person, then immediately – no later than within 14 days of receiving the request – the Administrator informs him about the reasons for not taking action and about the possibility of lodging a complaint to the supervisory body and using legal protection measures against court.
9.12 If, as a result of examining the complaint, it is determined that there has been a breach of personal data protection, the Administrator takes actions provided for in applicable regulations.

10. Changes to the Privacy Policy

10.1 This Privacy Policy is effective from October 1, 2022.
10.2 The Administrator reserves the right to change this Privacy Policy for an important reason, in particular in the case of:
10.2.1 the need to adapt the Privacy Policy to the law or decisions and judgments of courts or public authorities;
10.2.2 change of data, including names, addresses, identification numbers, included in the Privacy Policy;
10.2.3 improving the service for Natural Persons.
10.3 Natural Persons will be informed about the change of the Privacy Policy by a message posted on the Website or by sending a notification about the change to the Privacy Policy to the e-mail address of the Natural Person.
10.4 The change of the Privacy Policy does not affect the processing of personal data carried out before the change.

11. Final Provisions

11.1 All inquiries or issues related to the processing and protection of personal data should be addressed to the Administrator in writing, by e-mail or by phone, to the following details:
Wioletta Januszczyk
Kancelaria Radcy Prawnego Wioletta Januszczyk
ul. Pańska 96/83
00-837 Warszawa
e-mail: kancelaria@rprwj.pl;
phone: +48 606 634 408
11.2 The Administrator may place on the Website links enabling Natural Persons to go directly to other websites. This Privacy Policy does not cover websites operated by other entities independent of the Administrator, and the Administrator is not responsible for the processing of personal data by other entities operating other websites.
11.3 In the event of a conflict of this Privacy Policy with the provisions of generally applicable law on the protection of personal data, the Administrator takes steps to adapt the Privacy Policy to the requirements of applicable law – however, even in the period preceding such a change in regulations, the Administrator will apply the principles of personal data protection resulting from these provisions.