This Privacy Policy contains information regarding the processing of personal data collected via this website. Detailed information on the use of cookies and similar technologies is provided in the Cookie Policy available below.

Pursuant to Articles 13(1) and (2) and Articles 14(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter: “GDPR”), we hereby present information concerning the processing of your personal data.

We may process your personal data for the following purposes:

1. Ongoing contact not related to legal services if you are the sender of correspondence not related to the performance of any agreement concluded with the Controller, for the purpose of resolving or finalising the matter to which the correspondence relates (legal basis: Article 6(1)(f) GDPR).

Data are processed based on the legitimate interest of the Controller consisting in communication with website users. Data will be processed until an objection is raised or the business purpose ceases. Provision of data is voluntary but necessary for communication. Data may also be archived for internal purposes based on the legitimate interest of the Controller until an objection is raised or the business purpose ceases.

2. Conclusion and performance of contracts including pre-contractual communication related to the provision of legal services (Article 6(1)(b) GDPR).

3. Establishment, exercise, or defence of claims based on the legitimate interest of the Controller (Article 6(1)(f) GDPR).

4. Compliance with legal obligations including tax, accounting, and archiving obligations, and obligations arising from the Act on Legal Advisers and the Act on the Bar (Article 6(1)(c) GDPR).

Data necessary for the conclusion and performance of a contract will be processed for the duration of the contract, including the period necessary to exercise rights arising therefrom (Article 6(1)(b) and (f) GDPR). Providing such data is voluntary but necessary for the conclusion and performance of the contract. Additional data provided, inter alia, to facilitate contract performance, will be processed no longer than until an objection is raised or the business purpose ceases, on the basis of the legitimate interest consisting in client service (Article 6(1)(f) GDPR).

The data will be processed for the limitation periods of claims resulting from applicable provisions, including Article 118 of the Polish Civil Code, and thereafter for an additional period of 12 months based on the legitimate interest of the Controller for the purpose of defence against claims and for establishing and pursuing claims (Article 6(1)(f) GDPR).

Where legal obligations are fulfilled, the data will be processed for the period required by generally applicable law. Where personal data are necessary for the fulfilment of legal obligations incumbent on the Controller (e.g. issuing and storing invoices, archiving obligations), the data retention period is 5 years from the end of the calendar year in which the tax obligation arose, unless regulations provide otherwise (Article 6(1)(c) GDPR). In the case of personal data processed in connection with the practice of the profession of legal adviser or advocate by the Controller, the data retention period is 10 years from the end of the year in which the proceedings in which the data were collected were concluded, unless regulations provide otherwise (Article 6(1)(c) GDPR).

The data may also be archived for internal and statistical purposes until an objection is raised or the business purpose ceases, on the basis of the legitimate interest of the Controller (Article 6(1)(f) GDPR).

5. Provision of marketing/commercial information (hereinafter: “Marketing Information”).

The data will be processed on the basis of the legitimate interest of the Controller consisting in marketing of the Controller’s services (Article 6(1)(f) GDPR).

Pursuant to Article 398 of the Electronic Communications Law, your consent is required to maintain commercial/marketing communication. You may withdraw it at any time by contacting us at the address indicated above, in the case of email communications.

Providing the data is voluntary but necessary to receive Marketing Information. Withdrawal of consent will prevent the provision of Marketing Information.

Your data may also be archived for the purpose of potential establishment, assertion, or defence of claims, including to demonstrate that marketing activities were conducted lawfully, pursuant to Article 6(1)(f) GDPR. Data processed on this basis will be processed no longer than until an objection is raised or the business purpose ceases, whichever occurs first.

6. AAdministration and management of the website and social media profiles (including LinkedIn).

The data will be processed only if you decide to follow the profile, join a LinkedIn group, or otherwise provide your data on the platform, e.g. by posting content, comments, or reactions. The data will be processed for the duration of the existence of the profile/group or until an objection is raised, which may occur by unfollowing the profile, leaving the group, deleting a comment/post, or otherwise as provided for within LinkedIn, or by contacting us. The rules governing the profile/fanpage/group are determined by its administrator, while the rules governing the use of LinkedIn are determined by the entity managing that platform.

7. Analytical and statistical purposes

Processing of data for analytical and statistical purposes consists in particular of analysing data obtained automatically when using the website, including cookies. The data are processed on the basis of the legitimate interest of the Controller consisting in adapting the website content to user preferences and optimising website use, as well as generating statistics that help understand how users use the website, enabling improvement of its structure and content (Article 6(1)(f) GDPR).

8. Promotion and marketing

Where you provide us with your data, in particular in the form of opinions regarding services, including image data, such data will be processed on the basis of the legitimate interest of the Controller consisting in marketing, for the purpose of improving service quality and promoting the Controller’s services. The data will be processed for the period necessary to achieve business purposes or until an objection is raised. Providing the data is voluntary.

9. Collection of special categories of data

Special categories of data are collected for the purpose of contract performance and its proper execution, on the basis of your informed and voluntary consent (Article 9(2)(a) GDPR), until the business purpose ceases or consent is withdrawn. Providing such data is voluntary but necessary for proper contract performance. In the case of personal data processed in connection with the practice of the profession of legal adviser or advocate by the Controller, the retention period is 10 years from the end of the year in which the proceedings in which the data were collected were concluded, unless regulations provide otherwise (Article 6(1)(c) GDPR).

10. Recruitment

The data may be processed for the period necessary for the recruitment process and contract conclusion (Article 6(1)(b) and (c) GDPR), and in the case of additional data voluntarily provided – on the basis of your consent. They may also be used for future recruitment purposes on the basis of your consent for a maximum period of 3 years, calculated from the end of the year in which the application was obtained. Providing personal data is voluntary; however, failure to provide certain data may prevent recruitment or contract conclusion.

You are entitled to: 

1. the right of access to your data and to obtain a copy thereof, insofar as it does not violate professional secrecy obligations under Polish law;
2. the right to rectification (Article 16 GDPR);
3. the right to erasure (Article 17 GDPR);
4. the right to restriction of processing (Article 18 GDPR);
5. the right to data portability (Article 20 GDPR);
6. the right to object (Article 21 GDPR), except where Article 21(1) GDPR does not apply;
7. the right to withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal.

These rights are not absolute and do not apply to all processing activities.

You also have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO).

In matters not regulated herein, applicable provisions of law shall apply, including EU law (in particular the GDPR).

The Website does not automatically collect any information, except for information contained in cookies. These data are collected in a manner that does not allow the identification of the User, i.e. so-called anonymous data.

Cookies (so-called “cookies”) constitute IT data, in particular text files, which are stored on the Website User’s end device and are intended for use of the Website. Cookies usually contain the name of the website from which they originate, the time of storage on the end device, and a unique number.

Cookies are used to adjust the content of the Website to the User’s preferences and to optimise the use of the Website and to create statistics that help understand how Users use the Website, which enables improvement of its structure and content.

Depending on various circumstances, cookies may differ in terms of their purpose, the entities that use them, and their duration.

Cookies may be divided according to:

• their functionality:  

1. functional cookies – necessary for the proper functioning of the website;
2. statistical cookies – counting visits or other circumstances of website use;
3. analytical cookies – analysing website use, in particular analysing the manner and intensity of use of individual content or functionalities;
4. marketing cookies – used to analyse what the User has previously done on a given website or outside it and, on this basis, to display variable content on the website;
5. profiling cookies – used to develop complex User profiles containing various information about Users and enabling their categorisation and assignment to different groups;
6. lead tracking, affiliate cookies, etc. – used to determine from which external service Users arrive at a given website or to which service they are redirected.

• their storage period on the User’s end device: 

1. session cookies – valid only for a given session, i.e. the time during which the User uses the website, until all website tabs are closed;
2. persistent cookies – remaining on the User’s device until deleted by the User or until the expiry date specified for the cookie; this period may range from several days to several years; in some cases, the cookie provider does not specify an expiry date;

• their origin: 

1. first-party cookies – placed by the website provider;
2. third-party cookies – placed by third parties.

Detailed information regarding cookies, including their types, is available after entering the Website in the cookie notification. As a rule, we collect only essential cookies, unless otherwise indicated in the cookie notification.

You may independently modify your cookie settings. In many cases, internet browsers allow cookies to be stored on the User’s end device by default. Detailed information on the possibility and methods of handling cookies is available in the browser settings. Failure to consent to cookies may limit the operation of certain functionalities of the Website.

The website uses plugins and tools provided by platforms such as Google and LinkedIn. Data processing rules are governed by the respective providers.

Data processed within the LinkedIn platform are jointly controlled by the Controller and LinkedIn Ireland Unlimited Company, address: Legal Dept. (Privacy Policy and User Agreement), Wilton Place, Dublin 2, Ireland, hereinafter referred to as the Joint Controller.

Detailed rules concerning joint controllership of data, including information on the rights vested in data subjects, are described on the Privacy Policy page. The Controller processes the data on the basis of the legitimate interest of the Controller, consisting in conducting analyses of Users’ activity and their preferences, for the purpose of improving the applied functionalities and the services provided. In matters concerning personal data, you may contact both the Controller and the Joint Controller.

This Privacy Policy is effective as of October 10, 2025.