Privacy policy

This Privacy Policy is intended to inform you about how the law firm Pogorzelec Jesiotr-Rejmanowska i Wspólnicy Radcowie Prawni i Adwokaci spółka komandytowa (hereinafter also: The ‘Law Firm’ or the ‘Data Administrator’) processes your personal data in accordance with Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (OJ EU L 119, 4.5.2016, p. 1 as amended), hereinafter also referred to as the ‘GDPR’.
We invite you to familiarise yourself with the general information that applies to all groups of data subjects, followed by the specific section on the particular group to which you belong.

1. GENERAL INFORMATION

1) Data Administrator. The administrator of your personal data is Pogorzelec Jesiotr-Rejmanowska i Wspólnicy Radcowie Prawni i Adwokaci Spółka komandytowa with its registered office in Warsaw at ul. Kiwerska 33A, 01-682 Warsaw, entered in the Register of Entrepreneurs of the National Court Register maintained by the District Court for the Capital City of Warsaw, XII Commercial Division of the National Court Register, under KRS number 0000955456, Tax Identification Number (NIP) 5252382914.

2) Contact. You can contact the Data Administrator:
• by telephone at +48 22 864 21 35,
• by e-mail to: kancelaria@pjrlegal.pl,
• in person or by sending correspondence to: Pogorzelec Jesiotr-Rejmanowska i Wspólnicy Radcowie Prawni i Adwokaci sp.k., ul. Kiwerska 33A, 01-682 Warsaw.

3) Restriction of storage of personal data. Personal data are stored for the period necessary to implement the purposes of processing for which they were obtained. We also store personal data for the period of the statute of limitations for claims, as defined by law. If we have no basis for data retention, we will delete or destroy the data in a secure manner.

4) Your rights. With regard to your personal data, you have the right to:
a) request access to your personal data, including to obtain information on what data we process and how we process it, and to obtain a copy of your data;
b) request the rectification of your personal data – if you believe that the data we process is inaccurate or outdated;
c) request the erasure of your data – if you believe that we have no grounds to process your data;
d) request the restriction of processing – if:
• you question the correctness of our processing of your personal data, upon your request to restrict processing, we will cease processing your data until we determine whether such processing was indeed incorrect,
• the processing is unlawful and the data subject objects to the erasure of the personal data and instead requests that processing be restricted,
• the data administrator no longer needs the personal data for the purposes of the processing, but you need it to establish, assert, or defend your claims,
• you have objected to the data processing – until we determine whether our legitimate grounds override those of your objection;
if it becomes apparent that we have the right to continue processing your data, you will be informed before we resume processing;
e) object to data processing – on grounds relating to your particular situation and only with respect to data we process as part of our legitimate interests – in which case, we are no longer allowed to process the data unless we demonstrate that there are compelling legitimate grounds for processing that override your interests, rights, and freedoms, or where there are grounds for establishing, pursuing, or defending claims;
f) request data portability – if the data processing is based on your consent or a contract, you have the right to:
• receive the personal data you have provided in a structured, commonly used, machine-readable format,
• transfer the aforementioned data, without hindrance on our part, to another data administrator to whom the personal data were provided,
• request that we send the aforementioned data directly to another data administrator, insofar as is technically possible;
g) you also have the right to file a complaint with the data protection supervisory authority in the Member State of your habitual residence, your place of work, or the location of the alleged infringement.
In order to exercise any of your rights, we invite you to contact us.

5) Data recipients. Your personal data may be made available to entities entitled to receive such data under the law (e.g., public authorities), as well as to the following entities with which we cooperate, including those providing IT, courier/postal, cloud, financial/accounting, security, and other services to us.

6) Transfers of data outside the European Economic Area (EEA). Your data may be transferred to, stored by, or shared with employees or suppliers in non-EEA countries. Regardless of location, we will require the same data protection safeguards as those in place within the EEA. A typical case of such a transfer is the use of cloud services and Microsoft Office 365 (Microsoft Corporation) or Google LLC services, whose servers are located in the United States. These services are certified by the Data Privacy Network Program, which assures that these entities provide an adequate level of data protection (similar to that provided in the EU).

7) Profiling/automated decision-making. Your personal data will not be subject to automated decision-making or profiling.

8) Providing data is voluntary. The provision of your personal data is voluntary; however, the failure to provide data may prevent implementation of the purposes of processing, such as the performance of a contract or the fulfilment of legal obligations.
Detailed information on the processing of your personal data can be found below.

2. SPECIFIC INFORMATION

2.1 INFORMATION FOR CLIENTS OF THE LAW FIRM AND PERSONS WHOSE DATA WE PROCESS IN CONNECTION WITH CLIENT AFFAIRS

1) Purposes and grounds for processing personal data. We process your personal data as part of providing legal services and assistance, including representation in judicial and administrative proceedings and before other authorities and third parties, for the following purposes:
a) to perform the contract with the Client, as well as to take action at the Client’s request prior to the conclusion of the contract (legal basis: Article 6(1)(b) of the GDPR);
b) to comply with the legal obligations incumbent upon us (legal basis: Article 6(1)(c) of the GDPR);
c) to act within the context of our legitimate interest in running our business, including taking action in handling client affairs, collecting the information and documents necessary to perform the tasks entrusted to us, and ensuring the correctness of our accounts, as well as to establish, investigate, or defend against possible claims (legal basis: Article 6(1)(f) of the GDPR).

2) Categories of personal data. We process the personal data of Clients who are individual natural persons, such as their names, surnames, telephone numbers, e-mail addresses, home and postal addresses, tax numbers (NIP), business registration numbers (REGON), personal identity numbers (PESEL) and bank account numbers. For Clients who are not individual natural persons, we process the personal data of their representatives, such as their names, surnames, personal identity numbers (PESEL), and addresses. We also process any other information relevant to the case, necessary to handle the case, or required by law – including special categories of data (i.e., sensitive data) to which the Law Firm has gained access while handling Clients’ cases.

3) Personal data retention period. With regard to court proceedings – records are kept for 10 years, counting from the end of the calendar year in which the proceedings ended. We are obliged to keep accounting records for five years, counting from the end of the calendar year in which the tax deadline expired. When a business relationship is terminated, we also retain the data for the period of the statute of limitations for claims, as defined by law.

4) Source of personal data. We obtain personal data directly from you or – with the help of the data you have provided to us – from other publicly available sources, such as public records. Data may also be obtained in connection with proceedings, including court proceedings, e.g., by consulting case files.

5) Transfer of data within the framework of cooperation with other entities. Your data may be shared with other entities, including other legal advisers and institutions with whom we cooperate in order to enable us to provide the best possible service.

6) Professional secrecy. Pursuant to Article 3 of the Legal Advisers Act and Article 6 of the Advocates Act, a legal adviser/attorney (and, respectively, an apprentice legal advisor/advocate), is obliged to keep secret everything he or she learns in connection with the provision of legal assistance. This obligation is indefinite, although it can be waived. At the same time, we stipulate that the exercise of the rights referred to in section 1.4 above may not result in a breach of the aforementioned secrecy.

2.2 INFORMATION FOR COUNTERPARTIES AND THEIR REPRESENTATIVES OR CONTACT PERSONS

1) Purposes and grounds for processing personal data. We process your personal data:
a) in order to perform our contract with a Counterparty, as well as to take action at the request of the Counterparty prior to the conclusion of the contract (legal basis: Article 6(1)(b) of the GDPR);
b) in order to comply with legal obligations incumbent on us (legal basis: Article 6(1)(c) of the GDPR);
c) to act within the context of our legitimate interest in running our business, collecting the information and documents necessary to perform the tasks entrusted to us, and ensuring the correctness of our accounts, as well as to establish, investigate, or defend against possible claims (legal basis: Article 6(1)(f) of the GDPR).

3) Personal data retention period. We are obliged to keep accounting records for five years, counting from the end of the calendar year in which the tax deadline expired. After the termination of a business relationship, we also retain the data for the period of the statute of limitations for claims, as defined by law.

4) Source of personal data. We obtain the data from you directly or from the Counterparty.

2.3 INFORMATION FOR THOSE WHO CONTACT US TO LEARN ABOUT OUR OFFER OR TO ESTABLISH A BUSINESS RELATIONSHIP

1) Purposes and grounds for processing personal data. We process your personal data in order to pursue our legitimate interests (Article 6(1)(f) of the GDPR), in the form of responding to your attempt to contact us in accordance with your request and to be able to remain in contact with you on this matter. If you have contacted us to learn more about our offer, we may contact you in the future in order to maintain a relationship with you. We emphasise that in this situation you have the right to object to our actions and we will take such objection into account immediately upon receiving it.

2) Categories of personal data. We process your data, such as your contact details and any other data you may provide to us, where necessary to fulfil your request and maintain contact with you. If you initiate contact via social media, we may also have access to the data contained in your user profiles. The above information does not apply to the processing of personal data by the administrators of social media platforms on which the Law Firm has profiles.

3) Personal data retention period. We will process your data for the duration of our mutual communication, and thereafter for the period and to the extent necessary to maintain the relationship (up to 12 months). We also retain the data for the period of the statute of limitations for claims, as defined by law.

4) Obligation to provide data. The provision of data is entirely voluntary; however, the failure to provide contact details may prevent us from responding to your enquiries and maintaining contact with you.

5) Source of personal data. We obtain the data directly from you.

2.4 INFORMATION FOR APPLICANTS FOR EMPLOYMENT OR COOPERATION ON ANOTHER LEGAL BASIS

1) Categories of personal data. Purposes and grounds for processing personal data. We process your data for:
a) carrying out the recruitment process, including assessing your qualifications, on the basis of:
• labour law – with regard to the following data: name(s) and surname, parents’ names, date of birth, home address (correspondence address), education, and previous employment history – legal obligation under the law (Article 22 (1) § 1 of the Labour Code in conjunction with Article 6 (1) (c) of the GDPR),
• Your consent – for data not required by law but provided by you, e.g., in your CV or cover letter, as expressed by providing such data (Article 6(1)(a) of the GDPR),
if the basis of employment is to be an employment contract;
• Your consent (Article 6(1)(a) of the GDPR), expressed by providing data to the Law Firm,
• the law firm’s legitimate interest in recruiting and seeking candidates for cooperation (Article 6(1)(f) of the GDPR),
if the relationship is to be based on a civil law contract;
b) to the extent and for the purposes necessary for the conclusion of the contract (Article 6(1)(b) of the GDPR) – for a candidate selected during the recruitment process;
c) possible future recruitment processes, only if you have expressly consented to the use of the information and application documents you have provided for this purpose (Article 6(1)(a) of the GDPR).

2) Personal data retention period. Candidates’ personal data will only be stored for the duration of the recruitment process; however, if we have received consent from a candidate to process their personal data for future recruitment processes, we will process this data for a maximum of 12 months from the date of submission of the application documents. In specific situations, the Law Firm may decide to extend the retention period for personal data; in this case, the Law Firm will separately inform the candidate of the additional purpose of the data processing.

3) Obligation to provide personal data. For persons who would be employed on the basis of an employment contract, it is mandatory to provide the data referred to in Article 22(1) § 1(1)-(3) of the Labour Code. With regard to the data listed in Article 22(1) § 1(4)-(6) of the Labour Code, their provision is mandatory if they are necessary for the performance of a specific type of work or for a specific position. The provision of other data is voluntary. As far as other persons are concerned, the provision of data is also voluntary, but may prevent us from fulfilling the contract and our legal obligations.

4) Source of personal data. We obtain personal data directly from you. We may conduct the recruitment process ourselves or through third parties, including recruiters. If we conduct the recruitment process ourselves, the Law Firm will be the administrator of the personal data you provide us as part of this process. If, on the other hand, we use third parties to send us applications (including documents) from candidates for recruitment purposes, initially, i.e., during the data collection phase, these third parties are separate administrators of your data, and we become the data administrator only when we receive the aforementioned applications. This Policy applies to the Law Firm from the moment we become the administrator of your personal data.

2.5 INFORMATION FOR EMPLOYEES/ASSOCIATES

1) Purposes and grounds for processing personal data. We process your personal data for the purpose of:
a) executing an employment contract or other civil law contract (legal basis: Article 6(1)(b) of the GDPR);
b) complying with our legal obligations, including tax and accounting obligations (legal basis: Article 6(1)(c) of the GDPR);
c) acting within the context of our legitimate interest in running our business, collecting the information and documents necessary to execute the contract, and ensuring the correctness of our accounts, as well as to establish, investigate, or defend against possible claims (legal basis: Article 6(1)(f) of the GDPR).

2) Categories of personal data. We process your data, such as your name, surname, telephone number, e-mail address, home and postal address, tax number (NIP), business registration number (REGON), personal identity number (PESEL), bank account numbers, and any other information necessary for the performance of the contract and our legal obligations. With respect to employees, we also process the data listed in the Labour Code (Article 22 (1) § 2), in accordance with the rules specified therein.

3) Personal data retention period. For data for which the legal basis for processing is: (i) performance of a contract – until the expiry of the statute of limitations for claims arising from that contract, (ii) performance of legal obligations – until such obligations are performed, within the time limits provided for by law, (iii) the Law Firm’s legitimate legal interest – until this basis for processing no longer applies, i.e., until the expiry of claims arising from the legal relationship between ourselves and our Clients, the termination of the Law Firm’s legal existence, or the final/legally binding determination or adjudication/satisfaction or defence of a claim or other entitlement of the Law Firm or an employee/associate in such proceedings.

4) Obligation to provide data. It is compulsory to provide only the data required by law (Article 22 (1) § 2 of the Labour Code). Provision of other data is voluntary; however, the failure to do so may make it impossible or difficult to execute the contract.

5) Data source. We obtain personal data directly from you.