his Privacy Policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”), on the protection of personal data.
This Privacy Policy contains key information about how and why your personal data is processed. This applies to data collected through the website, contact form, postal and email correspondence, as well as data gathered or shared in connection with handling your matter or the day-to-day operation of the firm.
I. General information
- The data controller is: KANCELARIA IDUN Spółka z ograniczoną odpowiedzialnością, registered in Bielsko-Biała (43-300), ul. Cyniarska 36/103, KRS: 0000973842, NIP: 9372743676, REGON: 522115294, represented by the President of the Management Board – Konrad Tomkiewicz, hereinafter referred to as the “Controller”.
- The Controller can be contacted by:
- email: biuro@idunkancelaria.pl
- post: KANCELARIA IDUN Spółka z ograniczoną odpowiedzialnością, 43-300 Bielsko-Biała, ul. Cyniarska 36/103
- The Controller processes personal data including: first and last name, email address, phone number, residential or business address, information provided in correspondence, data relating to the performance of a legal services agreement or an ongoing matter, legal advice provided or pre-contractual information, data shared in connection with dealings with courts, law enforcement authorities, administrative bodies or public offices, and financial settlement data. You will be asked to provide personal and contact details when booking an appointment at the firm and when completing the contact form.
- Providing personal data is voluntary, but necessary in order to:
- respond to your enquiry,
- enter into and perform a contract,
- provide legal services.
- Personal data is processed for the following purposes:
- responding to contact made by phone, email or via the contact form,
- providing legal services,
- taking steps towards entering into a legal services agreement,
- performing a concluded contract,
- financial and accounting settlements,
- fulfilling obligations under contracts entered into on behalf of the firm,
- pursuing or defending legal claims.
- The legal basis for the Controller’s processing of personal data is:
- Art. 6(1)(a) GDPR – consent to the processing of personal data,
- Art. 6(1)(b) GDPR – performance of a contract or taking steps at the request of the data subject prior to entering into a contract,
- Art. 6(1)(c) GDPR – compliance with a legal obligation,
- Art. 6(1)(f) GDPR – legitimate interests pursued by the Controller.
- Personal data is retained for as long as necessary to fulfil the purposes set out in point I.5, and thereafter for the period required by law — in particular the period related to the limitation of claims or obligations, and as long as necessary to demonstrate that the Controller’s obligations have been properly fulfilled.
- Where processing is based on consent, data is retained no longer than until that consent is withdrawn.
II. Cookies and technical data
- The Controller collects and uses information about website users and their behaviour in the following ways:
- by storing cookies on users’ devices,
- by processing technical data such as IP addresses, used for purposes related to the proper functioning of the website and ensuring its security.
- Cookies are used to:
- ensure the website functions correctly,
- maintain user sessions,
- analyse website traffic,
- tailor content to user preferences.
- The following types of cookies are used on the website:
- essential (technical) cookies,
- analytical cookies,
- functional cookies.
- Most web browsers accept cookies by default. You can change your browser settings at any time, in particular to:
- delete existing cookies,
- block cookies from being stored in future, in whole or in part.
- Restricting the use of cookies may affect certain features of the website.
III. Google Analytics
- This website uses Google Analytics, a service provided by Google Ireland Ltd.
- Google Analytics uses cookies to analyse how users interact with the website.
- Information collected includes in particular:
- number of visits,
- time spent on the website,
- traffic sources,
- user behaviour on the website.
- IP addresses are anonymised before any further processing takes place.
- Data collected through Google Analytics is statistical in nature and is used solely to improve the functioning of the website.
- You can prevent Google Analytics from collecting your data by adjusting your browser settings or by installing the opt-out add-on available at: https://tools.google.com/dlpage/gaoptout
- In connection with the use of Google Analytics, data may be transferred to third countries (e.g. the United States), with appropriate safeguards in place as required by the GDPR.
IV. Data security measures
- The Controller ensures the confidentiality of all personal data provided and applies appropriate technical and organisational measures as required by law.
- Personal data is protected against unauthorised access and safeguarded against loss, destruction or unauthorised modification.
V. User rights and further information
- Under applicable law, you have the following rights in relation to the processing of your personal data by the Controller:
- the right to access your data, including obtaining a copy,
- the right to request rectification or correction of your data,
- the right to request erasure of your data,
- the right to data portability,
- the right to restriction of processing,
- the right to withdraw consent to processing,
- the right to lodge a complaint with the data protection supervisory authority — in Poland, this is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych),
- the right to object (to processing in general, to direct marketing including profiling, and on grounds relating to your particular situation where processing is based on the Controller’s legitimate interests).
- To exercise any of these rights, please contact the Controller by email at biuro@idunkancelaria.pl or by post at: KANCELARIA IDUN Spółka z ograniczoną odpowiedzialnością, 43-300 Bielsko-Biała, ul. Cyniarska 36/103.
- The Controller may share your personal data with other recipients where this is necessary to perform a contract concluded with you or to fulfil the Controller’s legal obligations. Recipients to whom the Controller may transfer personal data include in particular:
- IT and hosting service providers,
- email service providers,
- providers of IT tools and software,
- entities involved in delivering services,
- entities authorised to receive data under applicable law,
- other entities processing data on behalf of the Controller under data processing agreements.
- Your personal data is not used for automated decision-making, including profiling, that would produce legal effects or similarly significant effects for you.
- Personal data is not, as a rule, transferred outside the European Economic Area, with the exception of situations involving the use of analytical tools — in particular Google Analytics — which may involve transfers to third countries (e.g. the United States), subject to appropriate safeguards as required by the GDPR.
- For further information about the processing of your personal data, please contact the Controller at: biuro@idunkancelaria.pl.
VI. Changes to this Privacy Policy
The Controller reserves the right to amend this Privacy Policy, in particular in the event of changes to applicable law, technology, or the way the website operates.