Privacy policy


I. Definitions

  1. Administrator– Dobrzański, Bzymek – Waśniewska, Sroka – Maleta Kancelaria Radców Prawnych s.c.,   Wilhelma Feldmana 4/12 , 31-130 Kraków;
  2. Personal data– information about a natural person identified or identifiable by one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity, including image, voice recording, contact details, location data, information contained in correspondence, information collected through recording equipment or other similar technology;
  3. Policy – the present Privacy Policy;
  4. GDPR– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC;
  5. Service / Site – the website operated by the Administrator under the address;
  6. User – any natural person visiting the Website or using one or more of the services or functionalities described in the Policy;
  7. Data Subject– the natural person to whom the personal data processed by the Administrator refers;

II. Data processing by the Administrator

  1. In connection with its business activities, the Administrator collects and processes Personal Data in accordance with the relevant legislation, including in particular the GDPR, and the rules on the processing of Personal Data provided for therein.
  2. The Administrator shall ensure transparency in the processing of Personal Data, in particular he shall always inform about the processing at the time of its collection, in particular about the purpose and the legal basis of the processing, unless he is not obliged to do so on the basis of separate regulations.
  3. The Administrator shall ensure that the data are only collected to the extent necessary to fulfil the specific purpose and are only processed for as long as necessary.
  4. When processing Personal Data, the Administrator shall ensure its security and confidentiality and that data subjects have access to information about the processing. Should a breach of the protection of Personal Data (e.g. a “leakage” of data or a loss of data) occur despite the security measures in place, the Administrator will inform the Data Subjects of such an event in accordance with the regulations.
  5. If the User posts any Personal Data of other persons (including their name, address, telephone number or e-mail address) on the Website, they may only do so on condition that they do not infringe the law or violate the personal rights of such persons.

III. Contact with the Administrator

Contact with the Administrator is possible via e-mail:, by phone: +48 12 410 05 25 or by post: ul. Wilhelma Feldmana 4/12, 31-130 Kraków.


In connection with the User’s use of the Website, the Administrator collects data to the extent necessary to provide the individual services offered, as well as information on the User’s activity on the Website. The detailed principles and purposes of the processing of Personal Data collected during the use of the Website by the User are described below.

V. Purposes and legal bases of data processing


  1. Personal data of all persons using the Website (including IP address or other identifiers and information collected through cookies or other similar technologies), are processed by the Administrator:

a) in order to provide services electronically in terms of providing Users with access to content collected on the Website – in which case the legal basis for the processing is the necessity of the                processing for the performance of the contract (Article 6(1)(b) GDPR);

b) for analytical and statistical purposes, in which case the legal basis of the processing is the Administrator’s legitimate interest (Article 6(1)(f) GDPR), consisting of conducting analyses of                    Users’ activities, as well as of their preferences in order to improve the applied functionalities and services provided;

c) for the purposes of possible establishment and investigation of claims or defence against claims – the legal basis of the processing is the Administrator’s legitimate interest (Article 6(1)(f)                    GDPR) in protecting one’s rights.

2. The User’s activity on the Website, including their Personal Data, is recorded in system logs (a special computer program used to store a chronological record containing information on                     events and activities that relate to the IT system used to provide services by the Administrator). The information collected in the logs is processed primarily for the purposes of providing                     services. Administrator also processes them for technical, administrative purposes, for the purposes of ensuring the security of the IT system and the management of this system, as well                     as for analytical and statistical purposes – in this regard, the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) GDPR).

3. For more information on cookies, please see the Cookie Policy.


  1. Subscribing to the legal newsletter by a Service User involves the processing of their Personal Data. The provision of data is required in order to accept and process the order, and failure to do so will result in the order not being processed.
  2. The provision of an email address constitutes consent to receive the newsletter. Consent can be withdrawn at any time by unsubscribing from the newsletter, without affecting the lawfulness of the processing carried out prior to withdrawal.
  3. Personal data shall be processed:

a) for the purpose of providing the newsletter mailing service – the legal basis for the processing is the necessity of the processing for the performance of the contract (Art. 6(1)(b) GDPR);

b) in the case of directing marketing content to the User as part of a newsletter – the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) GDPR) in connection                     with the consent to receive the newsletter;

c) for the purposes of possible establishment and investigation of claims or defence against claims – the legal basis of the processing is the Administrator’s legitimate interest (Article 6(1)(f)                    GDPR) in protecting his rights.

VI. Recipients of data

  1. In connection with the performance of activities that require processing, Personal Data is disclosed to external entities that process it on behalf of the Administrator, e.g. subcontractors or service providers, including in particular providers responsible for the operation of IT systems. Your data may also be shared with the Administrator’s consultancy service providers and contractors.
  2. The Administrator reserves the right to disclose selected information concerning the Data Subject to the competent authorities or to third parties who request such information on the appropriate legal basis and in accordance with the provisions of the applicable law.

VII. Transfers of data outside the EEA

  1. The level of protection of Personal Data outside the European Economic Area (“EEA”) differs from that provided by European law. For this reason, the Administrator transfers Personal Data outside the EEA only when necessary and with an adequate level of protection, primarily by:

a) cooperation with processors of Personal Data in countries for which an adequate level of protection of Personal Data has been ascertained by a relevant decision of the European                                  Commission;

b) the use of standard contractual clauses issued by the European Commission;

2. Part of the processing of your personal data may involve its transfer to third countries. The Administrator transfers personal data to third countries in connection with the use of tools that                 store personal data on servers located in third countries, in particular in the USA. The providers of these tools guarantee an adequate level of protection of personal data through the                           relevant compliance mechanisms provided by the GDPR, in particular through the use of standard contractual clauses.

3. The Administrator always informs you of its intention to transfer Personal Data outside the EEA at the stage of collection.

VIII. Processing period for Personal Data

  1. The duration of data processing by the Administrator depends on the type of service provided and the purpose of the processing. The time period for processing may also result from legislation when it is the basis for processing. In case of processing on the basis of the legitimate interest of the Administrator (e.g. for security reasons), the data shall be processed for a period of time allowing the fulfilment of this interest or until an effective objection to the processing is raised. If processing is based on consent, data are processed until the consent is withdrawn. When the basis for processing is the necessity for the conclusion and performance of the contract, the data are processed until the contract is terminated.
  2. The processing period may be extended if the processing is necessary for the establishment or assertion of claims or the defence against claims, and thereafter only if and to the extent required by law.


Data subjects have the following rights:

the right to information about the processing of personal data – on this basis, the Administrator shall provide the individual making the request the information about the data processing, including in particular the purposes and legal grounds for the processing, the scope of the data held, the entities to which the data are disclosed and the planned date of data erasure;

the right to obtain a copy of the data – on this basis, the Administrator shall provide a copy of the data processed concerning the individual making the request;

the right of rectification – The Administrator is obliged to rectify any inconsistencies or errors in the Personal Data processed and to complete it if it is incomplete;

the right to erasure of data – on this basis, you may request the erasure of data the processing of which is no longer necessary for any of the purposes for which it was collected;

the right to restrict processing – In the event of such a request, the Administrator shall cease to carry out operations on the Personal Data – with the exception of those operations to which the data subject has given their consent and the storage of the data, in accordance with the retention rules adopted – or until the reasons for the restriction of the processing cease to exist (e.g. a decision is issued by a supervisory authority authorising further processing);

the right to data portability –on this basis, to the extent that the data are processed by automated means in connection with a contract concluded or consent given, the Administrator shall issue the data provided by the data subject in a computer-readable format. It is also possible to request that this data be sent to another entity, provided, however, that the technical capacity exists for this on the part of both the Administrator and the designated entity;

the right to object to the processing of data for marketing purposes – The Data Subject may object at any time to the processing of Personal Data for marketing purposes, without having to justify such an objection;

the right to object to other purposes of the processing – The Data Subject may object at any time – for reasons related to their particular situation – to the processing of Personal Data that is carried out on the basis of a legitimate interest of the Administrator (e.g. for analytical or statistical purposes); the objection in this respect shall contain a justification;

the right to withdraw consent – if the data are processed on the basis of the consent given, the Data Subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before the withdrawal;

the right to lodge a complaint– In the event that the processing of Personal Data is considered to be in breach of the provisions of the GDPR or other provisions relating to the protection of Personal Data, the Data Subject may lodge a complaint with the supervisory authority for the processing of Personal Data having jurisdiction over the Data Subject’s habitual place of residence, place of work or place where the alleged breach has been committed. In Poland, the supervisory authority is the President of Personal Data Protection Office.

A request for the exercise of Data Subjects’ rights can be made:

  1. in writing to the following address: ul.Wilhelma Feldmana 4/12 , 31-130 Kraków;
  2. by e-mail to:;

Personal data security

In order to ensure data integrity and confidentiality, the Administrator has implemented procedures to allow access to Personal Data only to authorised persons and only to the extent that this is necessary for their tasks. The Administrator applies organisational and technical solutions to ensure that all operations on Personal Data are recorded and performed only by authorised persons.

In addition, the Administrator shall take all necessary measures to ensure that also its subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process Personal Data on behalf of the Administrator.


The Administrator may obtain data of persons interested in cooperating with the Administrator, as well as of persons applying for employment and internships and apprenticeships.

Information about the possibility of starting cooperation with the Administrator will be provided on the Site in the Career tab.

More information on the processing of data of persons willing to start cooperation with the Administrator is included in the information clause for candidates, placed each time in the offer available on the website, in the Career tab.

XII. Social media

The Administrator processes the Personal Data of Users who visit the Administrator’s profiles maintained on social media (Facebook, LinkedIn). This data is processed exclusively in connection with the running of the profile, including in order to inform Users of the Administrator’s activities and to promote the various types of events that we organise or participate in, to promote our products and services, as well as to communicate with the User through the functionalities available.

As Administrator has a profile on Facebook and LinkedIn, the administrator of the User’s data is also Facebook Inc. or LinkedIn Ireland Unlimited Company, who, depending on the regulations and consents that have been provided by the User, may act differently. In order to find out the data administration rules of these administrators, please visit the website of these entities (Facebook, LinkedIn).

For more information on the processing of data of social media users, please refer to the information clause for individuals whose data is processed through social media, available at this link.


The policy is continuously reviewed for effectiveness and is supplemented and modified on the basis of compliance with the Regulation, the practice of the supervisory authority developed after the entry into force of the Regulation and other legislation related to the protection of personal data.

The current version of the Policy was adopted on 29.04.2022.