Top searches

The Privacy Policy and Cookie Policy

I. General information

  1. This privacy policy (hereinafter as the “Policy”) determines the rules of processing of personal data of the users of the online service (hereinafter as the “Users”) at: https://b2rlaw.com/ (hereinafter as the “Service”) and other categories of persons indicted in the Policy by B2R Law Jankowski, Stroiński, Zięba i Partnerzy, Adwokacka Spółka Partnerska with its registered office in Warsaw at Rejtana 17/18 (02-516 Warsaw), registered in the Register of Business Entities under KRS No 0000669367, REGON (Business Id.): 366884060, NIP (Taxpayer Id.): 5213773823. The Policy also includes basic rules related to the use of cookies in the Service.

II. Processing of Personal Data

Who processes personal data and for what purposes?

  1. The controller of your personal data is B2R Law Jankowski, Stroiński, Zięba i Partnerzy, Adwokacka Spółka Partnerska with its registered office in Warsaw at Rejtana 17/18 (02-516 Warsaw), registered in the Register of Business Entities under KRS No 0000669367, REGON (Business Id.): 366884060, NIP (Taxpayer Id.): 5213773823 (hereinafter as the “Firm”), a service provider of the Service, in the following scope: 
DATA SUBJCET LEGAL BASIS FOR PROCESSING OF PERSONAL DATA
Service User
  • Execution of an agreement for the provision of services by electronic means through the Service pursuant to Point (b) of Article 6(1) of Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (general data protection regulation), hereinafter as “GDPR”;
  • analytical and statistical purposes aimed at improving the applied functionalities and services provided through the Service, ensuring efficient functioning of the Service and explaining the circumstances of unauthorized use of the Service, which result from legally justified interests pursued by the Firm, pursuant to Point (f) of Article 6(1) of GDPR.
Newsletter Subscriber
  • informing about the Firm’s activity, significant events, legislative changes and rulings in the field of law – in the case of granting voluntary consent to the processing of data pursuant to Point (a) of Article 6(1) of GDPR.
Natural person being a sole trader, who concluded an agreement with the Firm or actions were taken against such person before the conclusion of the agreement at his/her request
  • the necessity for the performance of the agreement concluded by this person with the Firm or to take action at this person’s request, prior to the conclusion of the agreement pursuant to Point (b) of Article 6(1) of GDPR;
  • the necessity to fulfil the legal obligations binding to the Firm, in particular those resulting from the tax law and accounting regulations pursuant to Point (c) of Article 6(1) of GDPR;
  • objectives arising from the legitimate interests of the Firm, in particular to ensure that this person is contacted prior to the conclusion of the agreement and during the term of the agreement, as well as establishing, investigating or defending against possible claims pursuant to Point (f) of Article 6(1) of GDPR.
Person applying for employment in the Firm / cooperation with the Firm
  • the necessity to carry out the recruitment process pursuant to Article 22(1) of Act of 26 June 1974v Labour Law (Journal of laws of 2018, item 917, consolidated text, as amended) – for employment under a contract of employment;
  • the necessity to carry out the recruitment process and to take action at the request of the data subject prior to the conclusion of the agreement pursuant to Point (b) of Article 6(1) of GDPR- for employment under a civil-law contract;
  • the necessity to carry out future recruitment processes pursuant to Point (a) of Article 6(1) of GDPR – in the case of voluntary consent to the processing of personal data for the purposes necessary to carry out future recruitment processes.
Person applying for an internship in the Firm 
  • the necessity to carry out recruitment process and to act at the request of the data subject prior to the conclusion of an agreement pursuant to Point (b) of Article 6(1) of GDPR;
  • the necessity to carry out future recruitment processes pursuant to Point (a) of Article 6(1) of GDPR – in the case of voluntary consent to the processing of personal data for the purposes necessary to carry out future recruitment processes.

How can you contact us on data protection issues?

  1. In the matters related to processing of personal data, you can contact the Firm in electronic form at [email protected]. 

To whom personal data will be transferred?

  1. The recipients of the personal data may be – only in cases when it is necessary and to the necessary extent – entities cooperating with the Firm in relation to the services provided to the Firm and support of current business processes of the Firm, in particular entities providing IT, accounting, postal and delivery services.

How long will we process your personal data?

  1. If personal data processing is based on voluntary consent, the personal data will be stored until the consent to the processing of personal data for specific, explicit and legitimate purposes has been withdrawn. Your consent to the processing of personal data may be revoked at any time. Withdrawal of consent to the processing of personal data shall be made by contacting the Firm in the way described in Chapter II point 2 above  . Withdrawal of consent shall not affect the lawfulness of the processing based on consent prior to its withdrawal.
  2. If personal data processing is necessary for the performance of an agreement or to take action at request of the person whose data are being processed, prior to the conclusion of the agreement, the personal data will be processed for the duration of the agreement and after that period, for the period of limitation of any claims arising from the generally applicable law.
  3. If personal data processing is necessary to fulfil a legal obligation binding to the Firm, the personal data will be processed for a period of time resulting from generally applicable law.
  4. If personal data processing is necessary for purposes resulting from legitimate interests pursued by the Firm or by a third party, the personal data will be processed for no longer than is necessary for the purposes for which the data are processed or until you object to the processing of personal data for these purposes, for reasons related to a particular situation of the data subject, unless the Firm demonstrates the existence of valid legitimate grounds for processing, overriding interests, rights and freedoms of the data subject, or grounds for establishing, pursuing or defending claims.

Is it mandatory to provide personal data? 

  1. If personal data are processed on the basis of the data subject’s consent, the provision of personal data is voluntary. Failure to provide personal data will result in the impossibility of achieving a given object, if the consent is a condition for achieving a given object.
  2. If personal data are processed for the purposes necessary for the performance of an agreement to which the data subject is a party or to take action at the request of the data subject prior to the conclusion of the agreement, the provision of personal data is voluntary, but necessary for the conclusion of an agreement with the Firm.
  3. If the processing of personal data is necessary to fulfil the legal obligation of the Firm, the provision of personal data is a statutory requirement.
  4. If personal data are processed for purposes resulting from legitimate interests pursued by the Firm or by a third party, the provision of personal data is voluntary but necessary for these purposes.

What rights does the data subject have with regard to processing of personal data? 

  1. The data subject has a right to:
    1. have access to his/her personal data, including the right to obtain confirmation as to whether his/her personal  data are being processed and, if applicable, the right to obtain access to them, the information indicated in Chapter III, Clause 8 of the Policy and to receive copies of the processed personal data;
    2. correct your personal data, including the right to demand from the Firm to promptly correct any of your personal data that are incorrect;
    3. delete your personal data;
    4. limit processing of your personal data;
    5. transfer your data, including the right to receive data and send them to another collector or request, if technically possible,  to send these data directly to another collector – with regard to processing of data on the basis of the consent and for the purposes necessary for the performance of the agreement and the processing of data in an automated manner;
    6. raise an objection to the processing of your personal data with regard to the processing of data for the purposes justified by legitimate interests of the Firm pursuant to Point (f) of Article 6(1) of GDPR, unless the Firm demonstrates the existence of valid legitimate grounds for processing, overriding the interests, rights and freedom of the data subject, or grounds for establishing, pursuing or defending claims;
    7. submit a complaint to the supervisory authority with regard to personal data protection – the President of the Office for Personal Data Protection, if finds the processing of data contrary to the law.

How do we secure the personal data we process?

  1. In order to prevent unauthorized or unlawful access to personal data, its accidental loss, damage or destruction, the Firm uses appropriate technological solutions and security measures in accordance with the requirements established by the GDPR and other generally applicable laws.
  2. Access to personal data is available to the Firm and persons authorized by the Firm, who have undertaken to maintain the confidentiality of such personal data.
  3. The Firm maintains a register of persons authorised to process personal data.

What actions do we take in case of personal data breach?

  1. In the case of a personal data protection breach, which may involve a risk of infringement of the rights and freedoms of a natural person, the Firm shall, without undue delay, and if possible not later than 72 hours after the breach is detected, report the breach to the competent supervisory authority (President of the Office for Personal Data Protection). If a personal data protection breach may result in a high risk of infringing a natural person’s rights and freedoms, the Firm shall also, without undue delay, notify such a person of the breach, as required by the GDPR.
  2. The Firm documents all breaches of personal data protection, including the circumstances of the breach, its effects and remedial actions taken.

III. Exercising the Data Subject’s Rights

    1. Any natural person (hereinafter as the “Requesting Party”) may request the Firm to exercise the rights indicated in Chapter II Clause 12 of the Policy.
    2. The aforementioned requests will be implemented by the Firm taking into account the provisions of GDRP. The above means that in the cases listed in the provisions of GDRP, the rights indicated in Chapter II, Clause 12 of the Policy may not be vested in the data subject or the request will be executed at a payment in order to cover the costs of its execution.
    3. The request should be submitted as indicated in Chapter II, point 2 of the Policy.
    4. If the Firm does not process the personal data of the Requesting Party (with the exception of the processing of personal data for the purposes of the request itself), the Requesting Party will be informed about it and the data of the Requesting Party obtained as a result of the request will be immediately deleted.
    5. Immediately after receiving the request, the Firm will inform the Requesting Party about this fact and include information about the request in its records.
    6. The Firm is entitled to verify the identity of the Requesting Party. Failure to effectively verify the identity of the Requesting Party for reasons for which the Requesting Party is responsible may result in the Firm’s impossibility to process the request, of which the Requesting Party will be informed immediately.
    7. The Firm shall provide the Requesting Party with a response to the request within one (1) month from the date of its receipt at the latest. In case of objectively complicated cases (i.e. requiring a large amount of the Firm’s work), the above deadline may be extended to 2 (two) months, of which the Requesting Party will be informed immediately.
    8. In exercising the right of access to the personal data, the Requesting Party will be informed of the personal data to be processed, to the extent requested in the request, and of the following information:
      1. the purpose of processing;
      2. the categories of personal data to be processed; 
      3. recipients and categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
      4. if possible, the planned period of storage of personal data, or, if this is not possible, the way in which this period is determined;
      5. information on automated decision-making, including profiling, and relevant information on the modalities of such decision-making, as well as on the relevance and expected consequences of such processing for the data subject;
      6. the right to request the Firm to correct, delete or limit the processing of personal data and to object to such processing (if such right applies);
      7. if personal data has not been collected from the data subject, any available information about its source;
      8. the right to file a complaint with the supervisory authority.
    9. If the right of access and the right to transfer the data is exercised, a copy of the personal data of the Requesting Party in commonly known and accessible machine-readable formats shall be attached to the reply given to the Requesting Party.
    10. Any complaint relating to the implementation of this procedure should be submitted in a written or electronic form, as indicated in Chapter II point 2 of the Policy.
    11. The complaint will be considered immediately, however, not later than within 7 (seven) days from the date of its delivery, of which the Requesting Party will be informed immediately. The Requesting Party will also be informed about the fact of receiving the complaint. Information on the complaint is included in the register kept by the Firm.

IV. Cookies and system logs

  1. When the User connects to the Service, the system logs of the Service will get the  information about the number (including IP) and type of the User’s device from which the User connects to the Service. In accordance with the applicable law, the Firm will also process data concerning the number (including IP) and type of the User’s device, as well as the time of connection of the User to the Service and other exploitation data concerning the User’s activity. These data are processed in particular for technical purposes and to collect general statistical information.
  2. The Service may use cookies (i.e. small text files sent to the User’s device, identifying him/her in a manner necessary to simplify or discontinue a given operation) in order to collect information related to the use of the Service by the User. Cookies enable, in particular, to maintain the User’s session, to adjust the operation of the Service’s websites to preferences and needs of the User, creating statistics on the viewing of subpages of the Service.
  3. The user can change the settings for cookies at any time. In order to do this, you need to change the settings of your browser regarding cookies. These settings may be changed, in particular, in such a way as to block the automatic handling of cookies in the settings of the Internet browser or to inform about each time they are placed on the User’s device. Detailed information about the possibility and ways of making changes in the settings concerning cookies in the most popular web browsers can be obtained at the following addresses:
    1. Google Chrome  https://support.google.com/chrome/answer/95647?hl=pl;
    2. Firefox   https://support.mozilla.org/pl/kb/ciasteczka?esab=a&s=ciasteczka&r=0&as=s;
    3. Internet Explorer   https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies;
    4. Microsoft Edge https://support.microsoft.com/pl-pl/help/4027947/microsoft-edge-delete-cookies;
    5. Opera  http://help.opera.com/Windows/12.10/pl/cookies.html;
    6. Safari  https://support.apple.com/pl-pl/guide/safari/sfri11471/mac. 

V. Other provisions

  1. The Firm will make every effort to ensure a high level of security for Users in the use of the Service. Any events affecting the security of information transmission should be reported as indicated in Chapter II point 2 of the Policy.
  2. The Firms reserves the right to disclose certain information about the User to the competent authorities or third parties who request such information, on an appropriate legal basis and in accordance with applicable law.
  3. Except the events indicated in the Policy, personal data will not be disclosed to any third party or body without the consent of the data subject.
  4. The Firm reserves the right to change the Policy, of which the Users will be informed via the information on the website: https://b2rlaw.com/ at least 3 days before the change comes into force.

Get in touch

Not sure who to contact? Let us help you find the right lawyer.

This site uses cookies to improve your experience More information.

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close