The data controller of your personal data is advocate Grzegorz Leśniewski, conducting business activity under the name “Grzegorz Leśniewski Kancelaria Adwokacka”.
We treat all information about you responsibly and in accordance with applicable law – in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
Our contact details: al. Solidarności 119/125 lok. 67, 00-897 Warszawa; e-mail address: email@example.com.
What is the purpose and legal basis of processing your personal data?
We may process your personal data in the following situations:
- when you are our prospective or current client, supplier or contractor;
- when you are interested in our business activities (e.g. as the media);
- when you are acting on behalf of one of the persons/entities mentioned above, including when you are its employee or associate.
Therefore, your personal data can be processed in connection with many cases:
- when you have provided us with your personal data through various communication channels (e.g. by sending an inquiry / offer via e-mail or telephone);
- as part of our cooperation when signing or performing the contract, including when your personal data have been disclosed to us as a contact for the purpose of execution of the contracts;
- when we have obtained your personal data from other sources (e.g. from the company which you cooperate with and which is our contractor / client, or from publicly available industry websites).
The scope of personal data we process depends on the information that is vital for a given relationship – it primarily encompasses the content of documents, as well as of our correspondence/communication, along with other information we have obtained from publicly available professional sources (e.g. industry websites). This data in particular includes:
- name and surname,
- information regarding professional activity, including place of employment, position and/or department, qualifications;
- contact details, including correspondence address, telephone number, e-mail address or other contact information.
Therefore, we may obtain the above personal data directly from you or from other people, e.g. from your employers / clients or from public sources.
If we are processing your personal data in conjunction with a contract that is being concluded with you, the purpose for the processing of your personal data is taking steps in order to conclude that contract and its performance. The legal basis for such processing in accordance with this purpose will be Art. 6(1)(b) GDPR (it is necessary for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract).
If you are contacting us on your own behalf, including when e.g. you have given us your business card with a request to forward particular information, we process your data in order to respond to your query or request or to perform other actions, which you have agreed to. The legal basis for the processing of your personal data in accordance with this purpose will be your consent (Art. 6(1)(a) GDPR).
In case of processing your personal data based on your consent, please be reminded that you can withdraw your consent at any time without affecting the lawfulness of the processing that has already been made on this basis.
If you are acting on behalf of our client, supplier, or another entity, we process your data in order to make a contact with you in the context in which you are acting on behalf of that entity, as well as for the conclusion and/or performing a contract with that third party and/or conducting a joint project. The legal basis for processing your personal data in accordance with this purpose will be our legitimate interest (Art. 6(1)(f) GDPR) – building and maintaining relations with the third party on whose behalf you are acting, including the conclusion and performance of relevant contracts with that party, as well as the intention of building our positive image.
Regardless of the foregoing, your personal data, that is, in particular, your first name and last name, as well as correspondence address and/or e-mail address, may be used by us in order to contact you from time to time (e.g. to say thank you, or to send holiday season greetings).The legal basis for processing your personal data in accordance with this purpose will be our legitimate interest (Art. 6(1)(f) GDPR) – maintaining relations and building a positive image.
Additionally, with regard to the processing of your personal data in order to:
- defend against potential claims, as well as for the purpose of potential directing claims, the legal basis for processing of your personal data will be our legitimate interest (Art. 6(1)(f) GDPR);
- fulfil the legal obligations of the data controller (e.g. tax, accounting), the legal basis for processing of your personal data will be the necessity for compliance with a legal obligation to which the controller is a subject (Art. 6(1)(c) GDPR).
Your submission of personal data is voluntary, but sometimes it may be necessary for purposes related to our cooperation, e.g. in order to conclude or execute the contract or to respond to your query or to conduct further correspondence. This means that failure to provide data may constitute grounds for our refusal to enter into cooperation, or to take legal measures to terminate possible contract.
We are processing your personal data only for such period that is necessary for the purposes for which it was initially collected. After that time, it will be deleted or archived, except for cases in which we are obliged to process such data for a longer period in order to meet legal obligations.
If you are our prospective or current client, or an employee/contractor thereof, we will store your personal data for the duration of the contract or the period necessary for its conclusion, and then for a maximum of:
- for current clients: 10 years from
- for prospective clients: 2 years since the last contact/end of negotiations.
Personal data processed on the basis of your consent will be stored until such consent is revoked or the purpose for which it was given is fulfilled.
The above periods may be extended, as appropriate, in the event of any claims and court proceedings – for the duration of these proceedings and their settlement, and also if the legal provisions, in certain situations, oblige us to process them for a longer period.
Who has access to your personal data?
Your personal data will only be accessed by our duly authorized employees or associates, to the extent necessary to perform duties by them. All these persons are bound by professional secrecy – legal privilege – which is one of the strongest legal mechanisms protecting the confidentiality of information about you, as well as imposing appropriate obligations of confidentiality.
Data regarding our settlements are processed by professional accounting company.
To the limited extent, we may also use some tools for managing work and documentation, such as Trello, DropBox or shared calendars, as well as our e-mail hosting. All these tools ensure adequate level of security for the scope of data that we process with their use, based on appropriate agreements and safeguards. If any servers are located outside the European Economic Area (EEA), we apply all required legal mechanisms in order to ensure the security of transferred data (clauses adopted pursuant to decisions of the European Commission, Privacy Shield program, etc.).
Your rights related to processing of your personal data
For the effective exercise of your rights, please send any requests to the e-mail address: firstname.lastname@example.org, from the contact address you have provided, along with the title “GDPR Request”. In the e-mail please specify, which right(s) you wish to exercise. To the extent resulting from the GDPR and Polish regulations, you have the following rights:
Access to your personal data – you may ask us to provide information regarding:
- whether we are processing your personal data or not;
- for what purpose;
- what categories of data we are processing;
- who is the recipient of your data;
- wherever possible – what is the planned duration of processing, and when it’s not possible – the criteria for determining that duration;
- if the personal data has not been given by you – all available information about the source of the data.
You can also receive access to all of your personal data that we are processing.
Data rectification – if information about you is or has become inaccurate, you have the right to demand its rectification.
Revocation of consent – you can revoke your consent to the processing of your personal data at any time, however without affecting the legality of processing performed prior to such revocation.
Erasure of data – in certain situations, GDPR gives you the so-called “right to be forgotten.” You can exercise this right if we are still processing your personal data, particularly in the following cases:
- the data is no longer vital for the purposes for which it was collected or otherwise processed;
- you have revoked consent to the processing of your personal data and there is no other legal basis for continuing such processing;
- you have objected to the processing of your personal data while there are no overriding, legitimate grounds for processing;
- you have objected to the processing of your personal data for marketing purposes;
- your data is processed in a manner that violates the law;
- the law requires erasure of your personal data.
Restriction of processing – in certain situations, you can demand, that we limit our activities basically only to storing information about you, when:
- you question the correctness of personal data that we are processing – for a period of time that allows us to determine the correctness of that data;
- the processing of your personal data violates the law, but you prefer restriction of processing rather than erasure of the data;
- we no longer need your personal data for the purposes of processing, but you need it for establishing, pursuing, or defending your legal claims;
- you have objected to the processing of your personal data – only until such time as it is determined whether your interests take precedence over our legitimate interests.
Data portability – you have the right to receive your data in a commonly-used format that can be read by a computer, and also to have your data sent to another data controller, if:
- processing is based on your consent or a contract; and
- processing is done in an automated manner.
Objection – for special reasons related to your personal situation, you have the right to object to some operations we perform on your personal data, particularly in the following cases:
- when our processing is based on our legitimate interest;
- when we process your personal data for purposes related to scientific or historical studies, or for statistical purposes.
Remember, however, that when despite of your objection we conclude that there are important, legitimate grounds for processing that override your interests, rights and freedoms, or for establishing, pursuing or defending claims, we will continue to process your personal data, which were subject of your objection, to the necessary extent. If you disagree with such an assessment of the situation, you can exercise your right to file a complaint with the relevant public authority (more information below).
Complaints to the relevant public authority – in connection with our actions as the data controller, you have the right to file a complaint to the relevant public authority, which in Poland is the President of the Personal Data Protection Office (PUODO).
A detailed description of the complaint procedure is available at: https://uodo.gov.pl/pl/83/155.
Of course, if you have any inquiries about how we process your personal data, we encourage you to contact us at email@example.com.