Privacy policy

The law firm is a controller of clients personal data, their contact persons and persons whose data are provided by clients if it is necessary for the performance of services. To the extent that the law firm processes such personal data to provide legal assistance, it becomes, by law, their controller.

We process data in connection with the offering and provision of our services, performance of concluded contracts, marketing and fulfilment of legal obligations. We do not process data in an automated manner. We do not profile users or customers.

The document provides information on how we protect and process your data.

  1. Personal data means any information about an identified or identifiable natural person. From 25 May 2018, the processing of personal data is governed by Regulation (EU) 2016/679 of the European Parliament and the Council of 27.04.2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”).

    We process personal data that you provide to us, for example, when entering into a contract or in connection with the provision of services.

    We may also obtain data from publicly available data sources, such as the CEIDG register and other entities, such as our Partners with whom we prepare joint services and promotions.

    According to GDPR, only data, which is necessary to achieve the purpose of data processing, can be processed. We process personal data only on the legal basis specified in the GDPR, which depends on the relationship between us and the people whose data is processed.

    Mostly this is the performance of a contract or consent given for the purpose specified therein but we have our own needs related to our business – reporting, analysis, verification, accounting with subcontractors and many others. We do this to deliver products and services, to continually improve the quality and to protect ourselves and our customers from data theft and impersonation fraud.
  2. spok. pat, adw. Bartosz W. Wojciechoski conducting business under the name BWW Kancelaria Adwokacka with its registered office in Poland, Dzierżoniów at Świdnicka Street no. 2 lok. 7 (58 – 200 Dzierżoniów), NIP: 8821760992, is the controller of personal data within the meaning of the Regulation of the European Parliament and the Council (EU) 2016/679 of 27.04.2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”). Requests, declarations and all correspondence regarding personal data should be addressed in writing to BWW Kancelaria Adwokacka, 2 Świdnicka St. lok. 7, 58 – 200 Dzierżoniów, by e-mail to:
  3. The controller has not appointed a data protection officer.
  4. Providing data is voluntary but is a prerequisite for the conclusion of the contract for the provision of advocacy services. Refusal to provide data prevents the conclusion of the contract and the use of services offered by the Administrator.
  5. Personal data are processed based on consent to:
    • a) take action before agreeing and for the purpose of its performance – based on Article 6(1)(b) of the GDPR,
    • b) comply with obligations arising from legal regulations – based on Article 6(1)(c) of the GDPR,
    • c) fulfilment of the Administrator’s or third party’s legitimate interests, such as marketing, debt collection, detection and elimination of irregularities in the process of concluding and performing the contract and training, internal purposes related to the provision of Services and business activities, including the purposes of proof – based on Article 6(1)(f) of the GDPR; or
    • d) processed based on a consent only for the purpose specified in the content of the consent granted, according to Article 6(1)(a) of the GDPR.
  6. Personal data can be transferred to the following categories of recipients: entities providing the Administrator with services necessary for the implementation of the above- mentioned purposes, which includes employees, contractors, entities providing technical, organisational and advisory support, other subcontractors in the field of the conclusion of contracts and customer service, billing and payment services, marketing, claim investigation, entities authorised by law, business information agencies, institutions established under Art. 105, paragraph 4 of the Act of 29 August 1997 – Banking Law, entities engaged in debt trading, entities providing legal and advocacy services.
  7. Personal data may be transferred to international organisations or countries outside the European Economic Area if such countries/organisations are deemed by the European Commission to provide an adequate level of protection of personal data to the level of protection in force in the European Economic Area or if adequate safeguards are applied, which may consist of the use of binding corporate rules, standard data protection clauses adopted by the European Commission, standard data protection clauses adopted by the President of the Data Protection Authority or contractual clauses authorised by the President of the Data Protection Authority, and copies of which may be obtained upon request as indicated in point 1 above.
  8. Personal data is processed during the term of the contract and after its termination or if the contract is not concluded in the period:
    • a) provided for the performance of the obligations arising from the provisions of the law relating to defence, state security and public safety and order, as well as from tax and accounting regulations,
    • b) the period of limitation of claims until the end of civil, enforcement, administrative and criminal proceedings requiring data processing, and in the case of the consent, until the purpose of consent is fulfilled or is revoked, whichever occurs first.
  9. You have the right to rectify data, access to data, erasure of data or restriction of data processing, and data portability provided to the controller.
  10. You have the right to object to the processing of personal data for direct marketing purposes.
  11. Concerning data processed based on consent – you have the right to withdraw consent at any time. Withdrawal of consent does not affect the legality of processing, which took place before the withdrawal of consent.
  12. The above requests and statements should be submitted in the manner indicated in point 2 above.
  13. A complaint regarding the processing of personal data may be lodged with a supervisory authority dealing with personal data protection. In the Republic of Poland, the supervising authority is the President of the Office for Personal Data Protection.
  14. The controller will not use the data for automated decision-making or profiling.

If you have any questions regarding the processing of personal data, contact the Administrator.