Cookie Policy
PRIVACY POLICY
OF THE LAW FIRM WKB
GENERAL PROVISIONS
- In connection with its activities, the law firm WKB collects and processes personal data. This Privacy Police is intended to explain the principles on which your personal data is processed and describe your basic rights in relation to our processing of your personal data.
- You will also find information in this Policy on the use of cookies or similar technologies in connection with the use of the WKB website, including information on the Controller’s ability to use analytical tools.
DEFINITIONS
- Controller – the law firm WKB Wierciński, Kwieciński, Baehr sp. k., with its registered office in Warsaw (00-066) at Plac Stanisława Małachowskiego 2, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division, under KRS No.: 0000948075, with taxpayer identification number (NIP): 5262740108 and statistical number (REGON): 015636440.
- Personal Data – means information relating to an identified or identifiable individual, i.e., a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Policy – this Privacy Policy.
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1, as amended).
- Data Subject – an individual who uses the Service or any service or functionality described in the Policy.
- Service – the Controller’s website, available at wkb.pl.
DATA PROCESSING BY THE CONTROLLER
- The personal data Controller is the law firm WKB Wierciński, Kwieciński, Baehr sp. k., with its registered office in Warsaw.
- The Controller may be contacted:
- by post, addressed to: Plac Stanisława Małachowskiego 2; 00-066 Warsaw
- electronically, by email to: office@wkb.pl
PURPOSES AND LEGAL BASIS OF PROCESSING
- The Controller enables the use of the Website, and functionalities available therein, to users. Therefore, the Controller process Personal Data for the following purposes:
- the electronic provision of services, i.e., making the Website available to Data Subjects, including allowing them to familiarise themselves with the content published therein and to make use of the available functionalities – the legal basis for the processing is that such processing is necessary for the performance of a contract (Article 6(1)(b) GDPR),
- to carry out analyses and statistical research – the legal basis for the processing is the pursuit of the the Controller’s legitimate interests (Article 6(1)(f) GDPR) which interests are improving the quality of the services provided and functionalities made available,
- to ensure the security of information and communications technologies – the legal basis for the processing is the pursuit of the Controller’s legitimate interests (Article 6(1)(f) GDPR) which interests are ensuring the users’ security when using the Service,
- to establish, pursue, or defend against potential claims – the legal basis for the processing is the pursuit of the Controller’s legitimate interests (Article 6(1)(f) GDPR) which interests are defending its business interests.
- The Controller prepares a newsletter and distributes it to interested users. The distribution of said newsletter involves the processing of Data Subjects’ Personal Data for the following purposes:
- providing the newsletter service – the legal basis for the processing is that such processing is necessary for the performance of a contract (Article 6(1)(b) GDPR),
- delivering marketing content relating to the Controller via the newsletter – the legal basis for the processing is the pursuit of the Controller’s legitimate interests (Article 6(1)(f) GDPR) which interests are the supply of marketing information to Data Subjects based on their consent.
- The Controller shall enable Data Subjects to contact them via, among others, the contact details provided on the Service. Engaging in postal or email correspondence involves the processing of personal data for the purpose of handling and resolving the matter in question. The legal basis for the processing is the pursuit of the Controller’s legitimate interests (Article 6(1)(f) GDPR) which interests are handling correspondence and responding to questions received. In respect of electronic correspondence, the legal basis for the processing is the pursuit of the Controller’s legitimate interests (Article 6(1)(f) GDPR) which interests are ensuring the security of electronic communications, detecting threats, and preventing fraud and abuse.
- As part of the Controller’s business of providing legal services, personal data shall be processed for the following purposes:
- performance of a contract or to take steps, at the request of the Data Subject or the organization represented by the Data Subject, prior to entering into a contract – in such case, the legal basis for the processing of the personal data of a Data Subject being party to a contract or a potential client is that such processing is necessary for the conclusion and performance of a contract (Article 6(1)(b) GDPR); in the case of representatives, the legal basis for the processing is the pursuit of the Controller’s legitimate interests (Article 6(1)(f) GDPR) which interests are to enter into business relations and perform a contract.
- establishing and maintaining business relations – the legal basis for the processing is the pursuit of the Controller’s legitimate interests (Article 6(1)(f) GDPR) which interests are to initiate business meetings and maintain business relations as well as to strengthen its brand,
- sending notifications about services of interest (including engaging in marketing and brand building activities) – the legal basis for the processing is the pursuit of the Controller’s legitimate interests (Article 6(1)(f) GDPR) which interests are sending such notifications to interested persons, based on their consent,
- performing internal administrative activities and engage in customer relations management – the legal basis for the processing is the pursuit of the Controller’s legitimate interests (Article 6(1)(f) GDPR) which interests are the effective management of the Controller’s business,
- compliance with the Controller’s legal obligations, including with respect to record-keeping , compliance, or audit and registration, and for archiving and accounting purposes – the legal basis for the processing are the applicable laws imposing such obligations on the Controller, including accounting and tax laws (Article 6(1)(c) GDPR),
- establishing, exercising, or defending against potential claims – the legal basis for the processing is the pursuit of the Controller’s legitimate interests (Article 6(1)(f) GDPR) which interests are defending its business interests.
- The Controller makes available a ‘Career’ tab on the Service, by way of which it gives notice of current recruitment processes. Each announcement published in this tab contains a link redirecting users to an external Service, where interested candidates may submit an application. The Controller does not collect candidates’ personal data through the Service. Information regarding the Controller’s processing of personal data in connection with a given recruitment process can be found on the application form available after clicking the redirecting link.
- The Controller also makes available a functionality on the Service that redirects users to its Linkedin profile. To access the Controller’s Linkedin profile, select this site’s icon where made available on the Service.
- The Controller processes the personal data of visitors to the Controller’s Linkedin profile. Such data is processed exclusively in connection with maintaining said profile, including for the purpose of providing information about the Controller’s activities and promoting various events and services, as well as for analytical and statistical purposes – the legal basis for such processing of personal data is the pursuit of the Controller’s legitimate interests (Article 6(1)(f) GDPR) which interests are promoting its own brand, analysing the preferences and activities of users visiting the Controller’s profile in order to improve the functionalities implemented and services provided.
- The information above does not apply to the processing of personal data by the controller for the Linkedin site. Information regarding the purposes and scope for which the owner of said site collects personal data can be found at: https://www.linkedin.com/legal/privacy-policy?_l=pl_PL.
SCOPE OF PERSONAL DATA PROCESSING
- The Controller processes the personal data of persons using the Service to the extent necessary to enable the use of the Service or individual functionalities thereof, as well as data on Service user activity and related technical data, including data derived from cookies and other similar technologies.
- The Controller also processes the personal data of Data Subjects (e.g., clients being natural persons, representatives of such clients, contact persons) in connection with its business activities. Such data may include:
- identity and contact data,
- data contained in contracts entered into with the Controller,
- data necessary to handle payments and settlement of accounts,
- data necessary to handle communication with the Controller,
- data relevant to the legal advice provided, including in respect of disputes, complaints, investigations, arbitration, or other legal advice requested by our clients.
- Within the services provided, the Controller may represent you or your organisation in matters requiring the collection and use of your sensitive personal data, i.e., information on your racial or ethnic origin, political opinions, religious beliefs, or trade union membership, data concerning physical or mental health, details of offences committed, or other data of a sensitive nature.
DURATION OF PROCESSING OF PERSONAL DATA
- The duration for which the Controller processes personal data [depends / results from] the purpose for which such data are processed. Normally, the Controller shall process data for the duration of a contract’s term or the duration of service provision. If the basis for the processing is the Data Subject’s express consent, the data shall be processed until such consent is withdrawn.
- Where the Controller processes data on the basis of its legitimate interests, the duration of such processing shall continue until an objection is effectively raised.
- After the periods referred to above expire, data may be processed only if necessary for the defence or exercise of claims, as well as where the Controller is obliged to process data for a given duration by operation of law (e.g., tax law).
WHAT ARE THE SOURCES OF PERSONAL DATA?
- In principle, the Controller processes personal data obtained directly from the Data Subject (e.g., data provided in enquiries submitted). Personal data may also be obtained from other sources (publicly accessible, e.g., CEIDG or KRS, or restricted access), including from persons granting power of attorney or indicating the Data Subject as a contact person.
TRANSFER OF PERSONAL DATA TO OTHER ENTITIES
Personal data may be disclosed to other persons (entities) in the following circumstances:
- authorised employees or associates to the extent necessary for the performance of tasks entrusted to them, i.e., advocates and attorneys-at-law, consultants, mediators, experts, or other legal specialists,
- third parties entrusted with the processing of personal data on the basis of contracts concluded with them, i.e., courier companies, IT service providers, translation agencies, marketing or recruitment agencies,
- public authorities, i.e., courts, law enforcement agencies, regulatory authorities, proxies, attorneys or other parties where reasonably required for the purposes of establishing, exercising, or defending claims in various proceedings or for the purposes of an alternative confidential dispute resolution process.
RIGHTS OF DATA SUBJECTS
Data Subjects are entitled to:
- withdraw their consent at any time where the legal basis for the processing is their consent (the withdrawal of consent will not affect the lawfulness of processing before its withdrawal),
- access and receive a copy of the data,
- have the data rectified or completed,
- request the erasure of their personal data as provided for by law,
- request the restriction of processing of their personal data,
- object, on grounds relating to the Data Subject’s particular situation, to the processing of their personal data based on the Controller’s legitimate interests,
- receive their personal data from the Controller in a structured format and have such personal data transferred to another controller,
- lodge a complaint with a supervisory authority (in Poland: President of the Personal Data Protection Office, with its registered office at ul. Stawki 2, 00-193 Warsaw);
- not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision is necessary for the performance of a contract, is authorised by law, or prior express consent has been granted.
as well as:
- object to processing personal data for marketing purposes, if the processing is based on the Controller’s legitimate interests.
USE OF COOKIES OR SIMILAR TECHNOLOGIES
- Cookies are small text files that are stored on your terminal device (e.g., laptop, tablet, smartphone) when you visit a website. They can be read by the Controller or by systems belonging to other entities whose services the Controller uses (e.g., Google). Cookies store information that is created in conjunction with a specific terminal device. This is not equivalent to the Controller obtaining information about a user’s identity.
- The Controller uses technical, statistical, and marketing cookies on the Service.
- The Controller uses technical cookies to provide users with content and functionalities available on the Service and to improve the quality of such services. The legal basis for the processing of users’ personal data is that such processing is necessary for the performance of the contract on the Service’s use (Article 6(1)(b) GDPR).
- The Controller uses statistical cookies on the Service only if a user grants prior consent to their use. These cookies allow the Controller to analyse how users use the Service and are intended to improve the Service’s performance. The legal basis for the processing of users’ personal data is the pursuit of the Controller’s legitimate interests (Article 6(1)(f) GDPR) which interests are improving the Service based on the analysis of user activity, based on their consent.
- Marketing cookies are also used only if a user grants prior consent to their use. Information on the user through these cookies is collected for the purpose of displaying advertisements to that person, personalising such advertisements, measuring their effectiveness, and running marketing campaigns, including on external websites, such as those belonging to the same network of advertising partners or on social networks. The legal basis for the processing of personal data is the pursuit of the Controller’s legitimate interests (Article 6(1)(f) GDPR) which interests are improving the Service and preparing dedicated content for users, based on their consent.
- Users may grant their consent to the use of statistical and marketing cookies separately by using the cookie consent mechanism (the ‘Manage cookie consents’ pop-up, displayed in the browser window) during their visit to the Controller’s website. Users can manage consents given (i.e., withdraw or grant consent) by calling up the pop-up by clicking on the white banner displayed at the bottom right corner of the Service.
- Cookies typically contain the name of their website of origin, the length of time they are stored on a terminal device, and a unique number. For more information on cookies, please visit: org.
- Users can also delete cookies at any time, depending on the browser, through its settings. Information on how to do this on various browsers can be found at:
- The Service uses the Google Analytics tool. This means that, when using the website, data concerning your device and browser, IP address, and your activities on the website may be collected. Detailed information on Google Analytics can be found at: https://support.google.com/analytics/answer/6004245.
- It is possible to block Google Analytics from being given information about your activity on the website by, for example, installing the browser add-on provided by Google Ireland Ltd. (available at: https://tools.google.com/dlpage/gaoptout?hl=pl). Information on data processing by Google Ireland Ltd. can be found in the Google services privacy policy (available at: https://policies.google.com/technologies/partner-sites).
CHANGES TO THE PRIVACY POLICY
- The Policy is reviewed on an ongoing basis and updated as necessary.
- The current version of the Policy is effective as of 10 June 2024.