1. DEFINITIONS
Controller
Pniewski Zeuschner Legal Adwokaci i Radcowie Prawni spółka partnerska with its registered office in Warsaw (01-209), at ul. Hrubieszowska 6a I/A, entered in the register of entrepreneurs of the National Court Register maintained by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register, under KRS number: 0000859908, NIP tax identification number: 5252835847, REGON statistical number: 387035518
GDPR
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation (GDPR)), consolidated text: OJ L No. 119, p. 1
Website
Website operated by the Controller at the following URL: https://pz.legal/
2. INTRODUCTION
Pursuant to Articles 13 and 14 of the GDPR, we have an obligation to inform you about our processing of your personal data. We invite you to read the following information that implements this obligation.
3. DATA CONTROLLER
The controller of your personal data shall be the company under the business name of Pniewski Zeuschner Legal Adwokaci i Radcowie Prawni spółka partnerska with its registered office in Warsaw (00-681), at ul. Hoża 61 lokal 3, piętro I, entered in the register of entrepreneurs of the National Court Register maintained by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register, under KRS number: 859908, NIP tax identification number: 525-28-35-847, REGON statistical number: 387035518.
4. CONTACT THE PERSONAL DATA CONTROLLER
You can contact the Controller regarding any matter concerning your personal data by writing to the registered address disclosed in the register of entrepreneurs of the National Court Register, to the following address: administrator.danych@pz.legal, or using the contact form available on the Controller’s website at the following URL: https://pz.legal/kontakt/.
5. PURPOSES AND BASIS FOR PERSONAL DATA PROCESSING
Your personal data is processed by the Controller for the following purposes:
5.1 If you are our client or contractor or a representative of our client or contractor
(a) For the purpose of providing legal services to you or the entity, on whose behalf you are acting – on the basis of Article 6(1)(b) of the GDPR, where our client is an individual, and the processing is necessary for the performance of the legal services agreement concluded with such a person, or to take action at the request of such a person, prior to the conclusion of the agreement, or on the basis of Article 6(1)(f) of the GDPR, where the client is a body corporate or an organizational unit without legal personality, and the data concerns its representative.
(b) For the purpose of performing an agreement under which we are the recipient of our contractor’s services – on the basis of Article 6(1)(b) of the GDPR, where our contractor is an individual, and the processing is necessary for the performance of an agreement concluded with such a person, or to take action at the request of such a person, prior to the conclusion of the agreement, or on the basis of Article 6(1)(f) of the GDPR, where the contractor is a body corporate or an organizational unit without legal personality, and the data concerns its representative.
(c) For the purpose of complying with the legal obligations incumbent on the Controller or on individual advocates and attorneys-at-law, arising, in particular, from the regulations on information protection and security, the Attorneys-at-Law Act and the Law on the Bar, Anti-Money Laundering and Combating the Financing of Terrorism Act, or tax and accounting regulations, including for the maintenance of tax and accounting records – on the basis of Article 6(1)(c) of the GDPR.
(d) For the purpose of pursuing or defending against claims relating to the concluded legal services agreement – on the basis of Article 6(1)(f) of the GDPR.
(e) For archival and evidentiary purposes to secure information in case of a legal need to use it – on the basis of Article 6(1)(f) of the GDPR.
In this regard, the Controller may process, among other things, the following categories of personal data: name, function or position held, e-mail address, telephone number, address details, financial information, information required in order to meet the Controller’s legally binding obligations, as well as other information provided to the Controller in connection with the provision of legal services, necessary for the proper performance of such services (the types of information depend on the nature of the legal assistance provided).
Providing the Controller with personal data to the extent required by law is mandatory, and failing to do so will result in the inability to perform the agreement. Provision of other personal data is voluntary, but refusing to provide them will also result in the inability to perform the agreement, either in part or in full.
5.2 If you are a visitor to the website operated by the Controller at the following URL: https://pz.legal/
(a) for the purposes of providing electronic services, in terms of the Controller’s provision of content collected on the Website – on the basis of Article 6(1)(b) of the GDPR.
(b) for analytical purposes, consisting in conducting analyses of the activity of the Website users, as well as their preferences in order to improve the applied functionalities and provided services – on the basis of Article 6(1)(f) of the GDPR.
In this regard, the Controller may process, among other things, the IP address or other identifiers and information collected through cookies or other similar technologies. Your personal information is recorded in system logs (a special computer program used to keep a chronological record containing information about events and activities that pertain to the information system used to provide services by the Controller as part of the Website).
5.3 If you are an employee, an associate, or a project team member of one of our clients or contractors
(a) For the purposes of pursuing the legitimate interest of the Controller and our client or contractor, consisting in the correct and effective performance of the agreement concluded with the client or contractor – on the basis of Article 6(1)(f) of the GDPR.
(b) For archival and evidentiary purposes to secure information in case of a legal need to use it – on the basis of Article 6(1)(f) of the GDPR.
Accordingly, the Controller may process, for example, the following categories of personal data: name, function or position held, and business contact information.
Provision of personal data is voluntary, but refusing to provide them will also result in the inability to perform the agreement concluded by the Controller with our client or contractor, either in part or in full.
5.4 If you are another individual whose data is processed by the Controller in connection with the conduct of clients’ affairs (e.g., a notary, bailiff, party to proceedings, attorney, expert, or witness).
(a) For the purpose of complying with the legal obligations incumbent on the Controller or on individual advocates and attorneys-at-law, arising, in particular, from the regulations on information protection and security, the Attorneys-at-Law Act and the Law on the Bar, Anti-Money Laundering and Combating the Financing of Terrorism Act, or tax regulations – on the basis of Article 6(1) (c) of the GDPR.
(b) For the purposes of pursuing the legitimate interest of the Controller and our client, consisting in the correct and effective performance of the agreement concluded with the client – on the basis of Article 6(1)(f) of the GDPR.
(c) For archival and evidentiary purposes to secure information in case of a legal need to use it – on the basis of Article 6(1)(f) of the GDPR.
Accordingly, among others, the Controller may process the following categories of personal data: name, function or position held, profession, contact information, and role in the proceedings.
If the data originates from you, the obligation to provide it may arise from the law.
5.5 If you have provided the Controller with personal data as part of e-mail or traditional correspondence sent
For the purposes of the correspondence in question and the resolution of the matter covered by the correspondence – on the basis of Article 6(1)(f) of the GDPR.
Accordingly, the Controller may process the personal data contained in the correspondence, if they are relevant to the resolution of the matter to which the correspondence relates.
Provision of the data is voluntary, but refusal to provide it will result in the inability to respond to the correspondence sent to us.
5.6 If you have provided the Controller with personal data as part of a contact form
For the purposes of a given communication, identification of the recipient and resolution of the matter covered by the communication – on the basis of Article 6(1)(a) of the GDPR.
Accordingly, the Controller may process the personal data contained in the contact form, if they are relevant to the resolution of the matter to which the correspondence relates.
Provision of the data is voluntary, but refusal to provide it will result in the inability to respond to the correspondence sent to us.
5.7 If you have provided the Controller with your data in the course of establishing business relationships
For the purposes of initiating and maintaining business relationships, in connection with the Controller’s operations and networking – on the basis of Article 6(1)(f) of the GDPR.
Accordingly, among others, the Controller may process the following categories of personal data: name, function or position held, profession, contact information.
Provision of the data is voluntary, but refusal to provide it will result in the inability to maintain a business relationship.
6. COOKIES
The Controller uses cookies to enhance the user experience and ensure the proper functioning of the Website. Accordingly, the Controller and other entities that provide analytical and statistical services to the Controller use cookies, storing or accessing in the process information already stored in the telecommunications end device of a user of a website operated by the Controller (computer, phone, tablet, etc.). Through this communication and device recognition, cookies enhance the user experience of the Website and allow the Controller to collect statistical data related to its operation.
In addition to cookies, the Controller uses the information contained in system logs (e.g., the IP address) resulting from the general rules of connection carried out on the Internet. This information is used for technical purposes related to the administration of the Controller’s servers. Additionally, IP addresses are used to collect general, statistical, demographic data (e.g., about the region from which the connection is made).
7. TYPES OF COOKIES USED
In managing the Website, the Controller uses its own cookies, as well as those from its partners. The Website generally uses two types of cookies:
(a) session cookies – temporary files stored on the device you are using until you leave the website or close your web browser;
(b) persistent cookies – files stored on the device you are using for the time specified in their parameters or until they are deleted from the device; closing the browser does not affect their further storage.
Among the above types, the following categories of cookies used by the Website may be distinguished:
(a) Files necessary for the operation of the Website – they are necessary to allow you to properly navigate the Website. Without them, it would be impossible to activate some of the functions, without which it would be impossible to use all the capabilities of the Website. In addition, they help the Controller secure it and are responsible for the intended functionality.
| Name of the cookie | Purpose of the cookie | Retention period |
| cookieyes-consent | CookieYes sets this cookie to remember users’ consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal data of visitors to the site. | 1 year |
(b) Statistical and analytical files – they identify the number of users visiting the Website, where they come to the Website from, or what sub-pages they view, etc. Thanks to those files, the Controller may determine which parts of the Website are the most popular, which parts do not display properly, and on which parts error messages appear. Analytics and statistics help to understand how users use the Website, which enables the Controller to improve its structure and content.
| Name of the cookie | Purpose of the cookie | Retention period |
| _ga
| Google Analytics sets this cookie to collect visitor, session, and campaign data and track users’ use of the site for the analytics report. The cookie stores anonymized information and assigns users a randomly generated number to identify visitors. | 1 year 1 month 4 days |
(c) Functional cookies – functional cookies enable saving the selected settings and personalizing the interface, e.g., with regard to the selected language or region of the visitor of the Website, font size, the appearance of the Website.
| Name of the cookie | Purpose of the cookie | Retention period |
| pll_language | Polylang sets this cookie to remember your selected language when you revisit the site and to obtain language information when it is not available from another source. | 1 year |
8. HOW TO MANAGE COOKIES?
You can block automatic acceptance or delete stored cookies in your web browser settings. Such action may negatively affect the functionality of the Website.
Under the links below, you will find a description of how you can change the cookie management settings in the most popular browsers:
| Browser | Link to a description of how to change the cookie management settings |
| Chrome: | https://support.google.com/accounts/answer/61416?co=GENIE.Platform&hl=pl&dark=0 |
| Firefox: | https://support.mozilla.org/pl/kb/W%C5%82%C4%85czanie%20i%20wy%C5%82%C4%85czanie%20obs%C5%82ugi%20ciasteczek |
| Microsoft Edge: | https://support.microsoft.com/pl-pl/microsoft-edge/usuwanie-plików-cookie-w-przeglądarce-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09 |
| Safari: | https://support.apple.com/pl-pl/guide/safari/manage-cookies-and-website-data-sfri11471/mac |
| Internet Explorer: | https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies |
9. ADDITIONAL OPTIONS FOR MANAGING ANALYTICAL COOKIES
In addition to disabling or deleting cookies through appropriate browser settings, you can disable or delete analytical cookies from the vendors used by the Controller by using the tools found at the following URL: https://tools.google.com/dlpage/gaoptout?hl=pl. This is a tool provided by Google to disable Google Analytics; for more information about Google Analytics, please visit the following URL: http://www.google.com/analytics/learn/privacy.html.
Some of the cookie preference management tools may not have the intended result if the web browser you are using does not accept cookies. If you change your device or browser, as well as if you completely delete the cookies stored in your browser, you may need to repeat the steps described in this section.
Furthermore, the above tools (websites) are not the property of the Controller, nor is the Controller involved in their development, therefore the Controller does not assume any liability for their content, nor is the Controller not able to guarantee their proper operation and the achievement of the expected results.
10. ENTITIES TO WHOM WE MAY TRANSFER YOUR PERSONAL DATA
The Controller may transfer your personal data to the following entities:
(a) subcontractors, i.e., entities whose services the Controller uses for processing (entities providing accounting services, services relating to the disposal or archiving of documentation, IT services, including hosting and data server maintenance services, and providers of the software used by the Controller);
(b) providers of postal, shipping, or logistics services.
11. TRANSFER OF YOUR PERSONAL DATA OUTSIDE OF THE EUROPEAN ECONOMIC AREA
Your personal data may occasionally be transferred to entities with their seat in a third country, i.e., a country that is not a member of the European Union or the European Economic Area. The Controller shall transfer personal data outside of the European Economic Area only when it is necessary due to the purposes of the processed data. Whenever your personal data is transferred to a third country, the Controller does so based on a decision by the European Commission that the country in question provides a guarantee of an adequate level of protection for your personal data. However, if the European Commission has not issued the decision referred to in the preceding sentence, the Controller provides adequate safeguards for your personal data by requiring data recipients to use standard contractual clauses approved by the European Commission.
The Controller will provide you with copies of the standard contract clauses upon request.
12. THE PERIOD OF PERSONAL DATA PROCESSING
The retention period of your personal data depends on the type of services provided by the Controller or another purpose of the processing.
(a) If the processing is carried out on the basis of your consent, then the personal data will be processed until the consent is withdrawn or until the Controller deems it obsolete or the purpose of its processing has been exhausted.
(b) If the processing is carried out for the purpose of providing legal services involving participation in civil, criminal, or administrative proceedings, then the personal data shall be retained for 10 years from the end of the year when the proceedings in which the personal data was collected ended unless specific legislation requires the Controller to retain it for a longer period.
(c) If the processing is carried out for the purpose of providing legal services, other than as indicated in item (b) above, then the data will be retained until the expiration of the statute of limitations for claims unless specific legislation requires the Controller to retain it for a longer period.
(d) If the processing is carried out in order to comply with the Controller’s legal obligations, then the data will be retained for the period prescribed by law.
(e) If the processing is carried out on the basis of a legitimate interest, then the data will be retained until an objection is made to the processing (provided that it cannot be made with respect to data obtained by an advocate or an attorney-at-law in connection with the provision of legal assistance) or if the Controller decides that the data has become obsolete or our legitimate interest in processing it has been exhausted.
13. RIGHTS RELATED TO PERSONAL DATA PROCESSING
Under the GDPR, you have a number of rights with respect to your personal data.
13.1 The right to withdraw consent to the processing of personal data
If the Controller processes your personal data based on the consent you have given us, you have the right to withdraw it. The Controller will stop processing your personal data if there is no other basis for the processing. The withdrawal of consent does not affect the processing of your personal data performed before the withdrawal of the consent.
13.2 The right to access personal data
At any point in time, you may request information from the Controller regarding what personal data it processes and the purposes they are used for. Pursuant to Article 15(1) of the GDPR, this information will include at least:
(a) the purposes of the processing;
(b) the categories of the relevant personal data;
(c) information about the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular, any recipients in third countries or international organizations;
(d) where possible, the planned retention period of personal data, and when this is not possible, the criteria for determining this period;
(e) information about the right to request the Controller to correct, erase, or restrict the processing of your personal data and to object to such processing;
(f) information about the right to lodge a complaint with the supervisory authority;
(g) if the personal data has not originated from you – any available information about its source;
(h) information about automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR, and, at least in these cases, relevant information about the principles of their decision-making, as well as the significance of the and the anticipated consequences of such processing for you;
– insofar as the foregoing information does not violate the attorney-client privilege.
13.3 The right to correct your personal data
If your personal data is inaccurate (e.g., incorrect or incomplete), you may at any time request that it be corrected or supplemented (taking into account the purposes of the processing).
13.4 The right to delete personal data
You have the right to request the deletion of your personal data if:
(a) processing of your personal data by the Controller is no longer necessary to achieve the purposes referred to above;
(b) the Controller processes the personal data on the basis of your consent, and you choose to withdraw such consent, and there is no other basis for the processing of your personal data;
(c) you have exercised your right to object to the processing of your personal data, but only if the Controller processes your personal data (i) in order for the Controller or another person to pursue a legitimate interest and (ii) your rights and freedoms will override such legitimate interest, provided that an objection may not be made with respect to the data obtained by an advocate or an attorney-at-law in connection with the provision of legal assistance;
(d) the Controller processes your personal data unlawfully;
(e) the Controller’s obligation to delete your personal data arises from a legal obligation to which the Controller is subject.
If the data whose deletion you request has been made public by the Controller, the Controller will take reasonable measures, taking into account the available technology and the cost of implementing such measures, to inform other controllers that you wish your personal data, their copies, or replications to be deleted.
You may not have the right to request deletion of your personal data if the Controller processes the personal data for the purpose of performance of a legal obligation of the Controller, the performance of an agreement, or for the purpose of establishment, pursuit, or defence of claims.
13.5 Right to restrict the processing
You may request that the Controller restrict our processing of your personal data if:
(a) you believe that the personal data processed by the Controller is incorrect (for the duration of the verification of the correctness of such data);
(b) the processing of your personal data by the Controller is unlawful, but you do not wish the Controller to delete it;
(c) the Controller no longer needs your personal data, but you need it to establish, pursue, or defend your claims;
(d) you have exercised your right to object to the Controller’s processing of your personal data, but only if the Controller processes your personal data (i) in order for the Controller or another person to pursue a legitimate interest and (ii) your rights and freedoms will override such legitimate interest, provided that an objection may not be made with respect to the data obtained by an advocate or an attorney-at-law in connection with the provision of legal assistance;
– insofar as the foregoing request does not violate the attorney-client privilege.
13.6 Right to data portability
You have the right to receive, in a structured, commonly used, machine-readable format, the personal data that you have provided to the Controller and to send this personal data to another controller without hindrance from us, if you have provided us with this personal data and if the processing is based on your consent (Article 6(1)(a) of the GDPR) or on an agreement (Article 6(1)
(b) of the GDPR) and if the processing is automated.
13.7 Right to object
You have the right to object to the processing of your personal data on the basis of our or a third party’s legitimate interest. If you point out to the Controller a specific situation that you believe constitutes a reason for the Controller to cease the processing of your personal data, the Controller will comply with such a request unless the Controller demonstrates that the grounds for their processing of your personal data override your rights or that your data are necessary to establish, pursue or defend claims. The Controller would like to point out that an objection may not be made with respect to the data obtained by an advocate or an attorney-at-law in connection with the provision of legal assistance.
13.8 THE RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY
If you believe that the Controller is violating any of your rights relating to the processing of your personal data, you may lodge a complaint with the President of the Personal Data Protection Office, located in Warsaw, at ul. Stawki 2, 00-194 Warsaw. Detailed information on how to lodge a complaint can be found at the following URL: https://uodo.gov.pl/pl/83/155.
13.9 PROFILING AND AUTOMATED DECISION-MAKING
The Controller will not use any of your personal data for profiling or any automated decision-making.
* * *
Updated on: 1 February 2024