Privacy policy

In accordance with Regulation 2016/679 of the European Parliament and of the Council of the EU of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data, and repealing Directive 95/46/EC – the General Data Protection Regulation (Official Journal of the EU L 119 of 04.05.2016, p. 1, as amended announced in Official Journal of the EU L 127 of 23.05.2018, p. 2), (hereinafter: ‘GDPR’), we provide you with information regarding the processing of personal data. Notwithstanding the privacy obligations under the GDPR, we also comply with the obligations related to attorney-client privilege (Article 6 of the Act of May 26, 1982 – the Law on the Advocates’ Proffession) and defence secrecy (Article 178(1) of the Act of June 6, 1997. – Code of Criminal Procedure).

  1. Data controller

The controller of your personal data is attorney-at-law Piotr Sawicki conducting business activity under the firm name ‘Piotr Sawicki i Wspólnicy Kancelaria Adwokacka’, 7 prem. 2 Poznańska St., 00-680 Warsaw (hereinafter: ‘the Law Firm’, ‘the controller’ or ‘we’).

  1. Contact point 

In matters related to the processing of personal data, as well as in order to exercise your rights in connection with the processing, contact with the Law Firm is possible via e-mail at kancelaria@sawickiwspolnicy.pl or by phone at +48 22 400 33 44, +48 666 668 828.

  1. Personal data processing

Clients – if you are one of our clients, then:

  • We process your data for the purpose of entering or performing a contract (Article 6(1)(b) of the GDPR), and in certain cases for the purposes of legitimate interests (Article 6(1)(f) of the GDPR) consisting of establishing, investigating, defending against claims.
  • The categories of personal data processed may include identification data, contact data, contact details, as well as other personal data provided to the Law Firm for the purpose of realization of the legal services provided, data related to specific facts, contained in the documents, messages, etc. provided to the Law Firm.
  • The data will be stored for a period of min. 5 years from the end of the calendar year in which the deadline for payment of tax in connection with the agreement concluded has passed – however, the law may provide for a longer period of data storage, for the establishment, investigation, or defence against claims.
  • In connection with processing, you have the right to access and rectify data, the right to restrict processing, the right to object to processing, the right to lodge a complaint with the President of the Personal Data Protection Office.
  • Provision of data is a contractual requirement, and refusal to provide it may prevent the conclusion or execution of the contract.

 

Representatives, agents, contact persons – if you represent an individual or legal entity, you are a contact person:

  • We process your data for the purpose of providing, exchanging information (Article 6(1)(f) of the GDPR).
  • The categories of personal data processed may include identification data, contact data, as well as other personal data provided to the Law Firm contained in documents, messages, etc. provided to the Law Firm.
  • The data will be stored for the period necessary to respond, exchange information – however, the law may provide for a longer period of data storage, for the establishment, investigation, or defence against claims.
  • In connection with processing, you have the right to access and rectify data, the right to restrict processing, the right to object to processing, the right to lodge a complaint with the President of the Personal Data Protection Office.

 

Website visitors and those who contact us through the website – if you browse our website or contact us through the contact form provided on the website, then:

  • For each web page call, i.e., entry to the Law Firm’s website, the server automatically records only the so-called server logs, such as the name of the requested file, your IP address, the date and time of the call, the amount of data transferred and the requesting ISP (access data) and documents the page call. The data is analysed solely for the purpose of proper operation. This is due to our legitimate interest (Article 6(1)(f) of the GDPR) in presenting the services we provide.
  • If you contact us via the contact form available on our website, your data will be processed for the purpose of answering your question, presenting the services we provide (Article 6(1)(f) of the GDPR.
  • The categories of personal data processed include identification data, contact data, as well as other data provided by you in the contact form.
  • The data will be stored for the period necessary to answer your questions, present the legal services provided – however, the law may provide for a longer retention period, for the establishment, investigation, or defence against claims.
  • In connection with processing, you have the right to access and rectify data, the right to restrict processing, the right to object to processing, the right to lodge a complaint with the President of the Personal Data Protection Office.

 

Suppliers – if you are a supplier of certain products or services to the Law Firm, then:

  • We process your data for the purpose of entering or performing a contract (Article 6(1)(b) of the GDPR), and in certain cases for the purposes of legitimate interests (Article 6(1)(f) of the GDPR) of establishing, investigating, defending against claims.
  • Categories of personal data processed may include identification data, contact data, contact details.
  • Data will be stored for a period of min. 5 years from the end of the calendar year in which the deadline for payment of tax in connection with the concluded agreement expired – however, the law may provide for a longer retention period, for the establishment, investigation, or defence against claims.
  • In connection with processing, you have the right to access and rectify data, the right to restrict processing, the right to object to processing, the right to lodge a complaint with the President of the Personal Data Protection Office.
  • Provision of data is a contractual requirement, and refusal to provide it may prevent the conclusion or execution of the contract.

 

  1. Rights

In connection with our processing of your personal data, you may exercise the following rights in certain cases:

The right to access and obtain a copy of your personal data – pursuant to Article 15 of the GDPR, you are entitled to obtain confirmation as to whether we are processing your personal data and, if so, to obtain access to your data, including information on, among other things, the purposes of the processing or the recipients of your personal data.

The right to rectification of data – under Article 16 of the GDPR, you are entitled to request rectification of your personal data due to its incorrectness or incompleteness.

The right to erasure, including the ‘right to be forgotten’ – under Article 17 of GDPR, you have the right to request the erasure of your personal data in certain cases. If your data has been made public, we will take reasonable steps to inform other controllers processing your data of your request.

The right to restriction of processing – under Article 18 of the GDPR, you may request the restriction of processing of your personal data if you dispute its accuracy, if its processing is unlawful, if we no longer need your data for the purposes of processing, or if you have objected to the processing.

The right to data portability – under Article 20 of the GDPR, you may request the transfer of your personal data saved in a standard machine-readable file format. If your goal is to transfer them to another controller, we will send the file containing your personal data directly to them.

The right to object to processing – pursuant to Article 21 of the GDPR, you may request us to stop processing your personal data by filing an objection. It will be justified if you demonstrate that our lawful activities harm your interests, rights, or freedoms.

The right to withdraw consent at any time – in situations where we have asked you for your consent, you may withdraw that consent at any time. If we do not have a separate basis for processing, we will stop using your personal data for the purpose for which your consent was given.

The right to lodge a complaint with a supervisory authority – if you believe that your rights have been violated by our processing activities, you may file a complaint with the President of the Personal Data Protection Office.

The rights listed above may be limited in certain situations, such as when we can demonstrate that we are legally obligated to process your data. If you wish to exercise your due rights, all you need to do is to send an appropriate request using the contact information indicated in Section 1. or in Section 2.

  1. Sources of personal data

As a rule, most of the data that we process is information that you have provided to us independently, of your own free will. In some cases, we may process personal data that we are able to infer against you based on other information that you provide to us and that we obtain during our relationship. The Law Firm may also obtain personal data from publicly available sources, public records, and from its clients, attorneys of other litigants in connection with the legal services we provide, for the purpose of performing them. Pursuant to Article 14(5)(d) of the GDPR, the obligation to provide information when personal data is obtained in a manner other than from the data subject may be limited if the personal data must remain confidential in accordance with the obligation of professional secrecy under European Union law or the law of a Member State, including the statutory obligation of secrecy.

  1. Data recipients

Recipients of your personal data may be providers of accounting, IT, payment, auditing, consulting services. The indicated entities may be separate controllers of your personal data, or processors of personal data. If we outsource to another entity an operation, the essence of which is the processing of personal data, this will be done in accordance with Articles 28 and 32 of the GDPR, i.e., under the entrustment of personal data processing. Your data may also be disclosed to public authorities (administrative authorities, judicial authorities), however, in accordance with Article 4(9) of the GDPR, public authorities that may receive personal data in the context of a specific proceeding in accordance with European Union law or the law of a Member State are not considered recipients of personal data.

  1. International data transfer

As a rule, your personal data will not be transferred to countries outside the European Economic Area (EEA), where the law may not provide the same level of protection for your data.

However, if while processing your personal data will be transferred to recipients in third countries (outside the EEA), such as the United States, such transfers may be based on:

  • a decision finding an adequate level of protection (Article 45 of the GDPR),
  • subject to appropriate safeguards, including standard data protection clauses, an approved code of conduct or an approved certification mechanism (Article 46 of the GDPR),
  • using binding corporate rules (Article 47 of the GDPR),
  • subject to appropriate exceptions in specific situations (Article 49 of the GDPR).

 

  1. Cookies

Our website uses cookies. Cookies are pieces of information stored on your end device (desktop computer, laptop, tablet, smartphone) via your web browser. They are important because they allow the server on which our website is embedded to read the information when connected to a particular computer. As a rule, this information does not constitute personal data, but it can be used to provide certain functions, such as:

  • recognizing the device and displaying the website accordingly,
  • verification of the authenticity of the browser session,
  • personalizing the interface, e.g., regarding the selected language or region,
  • customizing website content to users’ preferences,
  • content recommendations, font size etc.

 

Cookies are encrypted in a way that prevents unauthorized access. Web browsers allow cookies to be placed on end devices by default – appropriate browser settings allowing the use of cookies are treated as consent to data processing (Article 173 of the Act of July 16, 2004, Telecommunications Law in conjunction with Article 6(1)(a) of the GDPR). People browsing our website can make the appropriate configuration of their browser to block automatic acceptance of cookies or obtain information about the transmission of such a file to their device. For more information about the handling of cookies and configurations, please refer to your browser settings. The level of restrictions on the use of cookies may affect the availability and functionality offered by our website, including the possibility to block its full operation.

In addition to the above-mentioned purposes related to the configuration and correct display of our website, we use cookies to monitor user activity on the site (inputs, ways of navigating the website) using tools provided by Google LLC (Google Analytics). You can find more information about the cookies used by Google LLC services here: https://policies.google.com/?hl=pl.

  1. Final provisions

We reserve the right to update this privacy policy, which may result from the need to adapt to changes in regulations, updates to privacy standards.

Privacy Policy – the official website of the Sawicki i Wspólnicy law firm