PRIVACY AND COOKIES POLICY
(hereinafter the "Policy")

1. Introductory Provisions:

  1. As part of my individual business activity under the name: Maciej Arczyński Kancelaria Radcy Prawnego (hereinafter the "Law Firm"), personal data is collected and processed. This Policy sets out the rules for dealing with personal data in the Law Firm.
  2. The Controller of personal data of all visitors and users (hereinafter "You", "Your" or "User") of the website www.arczynski-legal.pl, its subpages, blogs or social media profile (hereinafter collectively the "Website"), including all Users who follow the blog or profile on Facebook, LinkedIn, Twitter or on other domains or social media of the Law Firm is Maciej Arczyński attorney-at-law, running a business under the name: Maciej Arczyński Kancelaria Radcy Prawnego with its registered office in Wrocław, Tax ID: 7511703120 (hereinafter the "Controller").
  3. The Policy provides information on the processing of your personal data when you visit the Website, contact me, including using the contact form on the Website, in person, by phone, traditional mail or by e-mail, and when you are subscriber to the newsletter.
  4. Contact with the Controller is possible through:
    • e-mail address: office@arczynski-legal.pl,
    • contact form available on the Website www.arczynski-legal.pl,
    • postal address, identical to the address of the Controller's seat.
  5. The processing of personal data is carried out on the basis of the GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/we (general data protection regulation), other relevant provisions and on the basis of the provisions of this Policy.

2. For what purpose and on what basis do I process personal data:

I process your personal data for the following purposes and bases:

  1. responding to messages and inquiries, including for the performance of an agreement to which the User is a party or to take action at the request of the User, before concluding an agreement (Article 6 (1) (a), (b) and (f) of the GDPR),
  2. providing information via the newsletter (Article 6 (1) (a) of the GDPR),
  3. providing electronic services in the field of sharing content collected on the Website (Article 6 (1) (b) and (f) of the GDPR),
  4. ensuring the proper technical functioning of the Website and ensuring the appropriate quality of services (Article 6 (1) (f) of the GDPR),
  5. promoting products and services and building a positive image of the Law Firm (Article 6 (1) (f) of the GDPR),
  6. exercising and defending claims before courts and administrative authorities and outside of them (Article 6 (1) (f) of the GDPR),
  7. analysis of website usage statistics (Article 6 (1) (f) of the GDPR).

Providing personal data is necessary to use the Website, including following the Controller's profiles on social media and answering an inquiry or correspondence.

3. What personal data do I process:

  1. I will process such personal data that will be provided by you or are necessary to respond to your messages, or that I have in connection with the relationship between us, or collected from publicly available sources. I process these data due to the fact that they are necessary to fulfill the obligations arising from the above-mentioned provisions or to implement the legitimate interests of the Law Firm or the consent you have given. I process the following personal data:
    1. name, surname, e-mail address, telephone number and the content of the message you send (including the data contained therein), cookies, IP addresses - in relation to Users of the Website who decide to contact me via the form available on the Website,
    2. name, surname (or other identifying data), image (profile photo), ID associated with the social network, e-mail address and the content of the message you send (including the data contained therein) - in relation to Users visiting and using or observing the blog or profile on Facebook, LinkedIn or other domains / social media. In the case of social media, the amount and scope of shared data depends on the User and is regulated separately by contracts or regulations of social media owners.
  2. Furthermore, the personal data processed in connection with the provision of legal services depends on the specific case. In the event of cooperation, the relevant provisions regarding the processing of personal data are included in an agreement or in a separate information clause.
  3. As the Controller, I limit the collection and use of information about Users to the minimum that is necessary to provide them with services at an appropriate level or to achieve other purposes indicated in this Policy.

4. How long do I process and store data:

  1. Personal data are processed and stored for the periods specified by law or when it is necessary to provide the Controller's services and maintain the principle of accountability. I store the collected personal data for the following time:
    1. Users visiting and using the Website - if you decide to contact me, until the correspondence regarding the matter in which you made contact is completed, subject to point 2 below,
    2. Users who follow a blog or a profile on Facebook, LinkedIn or on other domains / social media - as long as you follow a profile or a blog,
    3. until a legally effective objection is lodged,
    4. until the consent is withdrawn, in the case of data processing based on the consent granted,
    5. in the case of establishing a relationship - for the duration of its existence,
    6. for the purpose of exercising and defending claims - until the prescription periods have lapsed for these claims,
    7. for the purposes of performing obligations imposed by law - no longer than necessary to demonstrate that these obligations were performed correctly.
  2. The data of completed cases are archived and secured. It is necessary due to the ability to demonstrate the scope and quality of the Law Firm's services for the purpose of settlements with the User or competent public authorities. Sensitive data or personal data in cases of special importance may be partially anonymized on the basis of separate agreements.

5. Recipients of personal data:

  1. I exercise due diligence in the selection of entities to which I transfer your data and in the case of such entities I require that they protect your data using appropriate technical and organizational measures.
  2. Personal data may be shared to a limited extent to:
    • third parties providing services to the Law Firm that are needed to achieve the purposes for which I process your data (e.g. IT, recruitment, accounting, electronic communication and data hosting services, marketing, legal advisers and consultants serving the Controller - to the extent that disclosure of data is necessary to use their services),
    • recipients whose disclosure is required by applicable law or a court or other authority order,
    • other recipients, if you consent to sharing your data with them or if the transfer of data is necessary to protect your vital interests or the vital interests of other entities,
    • operators of social networks (when using social media),
  3. Your personal data is, as a rule, not transferred to recipients in third countries, i.e. outside the European Economic Area (EEA). If a transaction is concluded with a contractor outside the EEA, it may be necessary to transfer personal data outside the EEA. The transfer of data outside the EEA will take place on the basis of standard contractual clauses, the content of which has been approved by the European Commission.
  4. In order to ensure a high level of privacy and secure processing, I use an e-mail service provider that enables End-to-End encryption. As a postal service provider, I use Proton AG based in Switzerland (outside the EEA) that manages the ProtonMail webmail. The Law Firm (as a business user) and ProtonMail are bound by a data processing agreement (DPA), which specifies in detail the specific rights and obligations of each party, in accordance with the requirements of the GDPR.
  5. To ensure the highest degree of confidentiality, it is suggested that the User use an e-mail account with End-to-End encryption. You can set up such an account free of charge, among others at: https://protonmail.com/ (ProtonMail). Other email services with End-to-End encryption are also available.
  6. In the event of cooperation between us, the relevant provisions regarding entities processing personal data on behalf or at the request of the Controller, are included in the agreement or in the information clause.
  7. All data, information and documents related to legal services are protected by the secrecy of an attorney-at-law ("An attorney-at-law may not be released from the obligation of professional secrecy in relation to facts which have become known to him or her while providing legal assistance or handling a case." - Art. 5 of the Act on attorneys-at-law, of July 6, 1982). Data related to legal services are made available only to persons who are bound by the same professional secrecy rules.

6. Your rights:

  1. In connection with the processing of personal data, you have the right to:
    1. requests for access, rectify, delete, restrict of processing, object to the processing or transfer of your personal data,
    2. if the processing of personal data is based on consent, the data subject has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal; in the event of withdrawal of consent and no other legal basis for the processing of personal data, the Controller will immediately delete the personal data of that person,
    3. to the extent to which personal data are processed in order to implement the legitimate interests of the Controller (Article 6 (1) (f) of the GDPR): the right to object to the processing of personal data,
    4. the right to file a complaint with the supervisory authority, i.e. the President of the Polish Personal Data Protection Office in Warsaw.
  2. In a more practical way, you have the right in particular to: disable cookies (in your web browser), exit the Website and clear cookies, resign from the newsletter services (direct contact with the Controller or the appropriate link in the newsletter), resign from following the Law Firm’s profile in social media etc.

7. Automated decision making:

I do not use any information provided by you for the purposes of automated decision making.

8. Cookies:

  1. I use cookies (“cookies”) and similar technology on the Website.
  2. Cookies are IT data saved on end devices, usually containing the website address, date of placement, expiry date, unique number and additional information in accordance with the purpose of the file. The Controller is the entity that places cookies on the User's end device and obtains access to them. The cookies I use can be divided into 2 categories:
    • statistical and analytical files that allow to understand how Users behave on the Website using aggregated and anonymous statistical information;
    • marketing and remarketing files that make it easier to inform about the products and services of the Law Firm or adjust the services and content of the Website to the expectations and needs of Users.
  3. I use social plugins and Google tools. This means that, depending on your device settings and your consent, information about the use of the Website may be combined with other information that you have provided to Google or social media or that has been collected through your use of Google or social media.
  4. You can disable saving cookies via the Website or directly on the device used to connect to the Website, in accordance with the browser manufacturer's instructions. Information on configuring and deleting cookies in web browsers can be found on the websites of their manufacturers.

9. Policy changes:

The provisions of the Policy may be amended, and its latest versions will be published on the Website each time and will be provided with the date of the last update.

Version valid from: 30/06/2021