Privacy Policy

The following provisions constitute a privacy policy (the “Privacy Policy”), specifying the principles of collection and processing of personal data in connection with using the services provided by Małgorzata Czyrnek who operates a business under the name Małgorzata Czyrnek Kancelaria Radcy Prawnego, ul. Skwerowa 10, 30-317 Kraków, as well as her website https://www.mmckancelaria.pl/.

The controller of your personal data is Małgorzata Czyrnek who operates a business under the name Małgorzata Czyrnek Kancelaria Radcy Prawnego, ul. Skwerowa 10, 30-317 Kraków, entered into the Central Register of Business Activity, NIP (tax identification number): 7372230220 (the “Data Controller” or the “Law Office”).

If you have questions or doubts concerning any matters related to personal data protection, please contact the Law Office by sending an e-mail to biuro@mmckanclearia.pl or by writing to the following address: ul. Skwerowa 10, 30-317 Kraków

Data processing means any operation (activity) performed with respect to personal data, manually or in an automated manner. This covers in particular collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

The personal data collected by the Data Controller is processed in accordance with legal regulations, including but not limited to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GPDR”), the Polish Law of 10 May 2018 on Personal Data Processing, the Polish Law of 6 July 1982 on Attorneys-at-Law, and the other laws specified in this Privacy Policy. The Law Office maintains professional secrecy, as required of attorneys-at-law.

The Data Controller makes special efforts in order to protect the privacy of and the information concerning the users of the Data Controller’s website and the clients of the Data Controller.

The Data Controller processes the personal data required to carry out specific purposes, including but not limited to first name, last name, e-mail address, correspondence address, phone number, address of residence, NIP (tax identification number), REGON (statistical number), PESEL (Polish national identification number), name of employer, and official position, as provided in connection with the Data Controller’s activities.

The Data Controller process personal data for the following purposes:

1. contacting you at your request in order to present an offer that you can then accept (Article 6(1)(b) of the GDPR and Article 6(1)(a) of the GDPR);
2. performing an agreement, including an agreement for the provision of legal services, as specified in the Polish Law of 6 July 1982 on Attorneys-at-Law (Article 6(1)(b) of the GDPR);
3. handling the correspondence sent to the Law Office and contacting you (Article 6(1)(a) of the GDPR and Article 6(1)(f) of the GDPR);
4. carrying out obligations resulting from legal regulations, including those concerning the profession of an attorney-at-law, especially in terms of preventing conflicts of interests related to the provision of legal services (Article 6(1)(c) of the GDPR);
5. defending against potential claims or enforcing potential claims related to an agreement (Article 6(1)(f) of the GDPR);
6. analytical purposes (Google Analytics), on the basis of cookies (Article 173(2) of the Polish Telecommunications Law of 16 July 2004 (Journal of Laws of 2004, No. 171, item 1800, as amended) in conjunction with Article 6(1)(a) of the GDPR);
7. proper displaying of the Law Office’s website, i.e., security, network management, and availability, on the basis of cookies (Article 6(1)(f) of the GDPR).

Your personal data originate directly from you, your employer, or the entity you represent and its provision is voluntary.

However, considering the purposes described above and the nature of processing, if you do not provide your personal data, this may make it difficult or impossible to use the Law Office’s website, prevent or delay contact with the Law Office (including via the contact form), or prevent or delay the commencement of provision of legal services.

In each of the possible cases of data storage by the Data Controller, the retention period will not be longer than necessary, considering the prescription periods for the claims under the agreement executed with the Data Controller.

Personal data may be disclosed to and shared with the employees and contractors of the Data Controller, the entities that provide accounting, IT, and statistical services to the Data Controller, and postal operators and couriers.

Considering the use of Google services, your data may be transferred to outside of the European Economic Area, to the United States of America and Canada.

Personal data may also be shared with public and private entities if such an obligation follows from the applicable legal regulations.

Data subjects whose personal data is processed have, in principle, the following rights:

1/ the right to access personal data, as referred to in Article 15 of the GDPR, i.e., the right to receive a confirmation from the Data Controller as to whether your personal data is being processed; if so, then you have the right to obtain access to this data and to the information referred to in Articles 15(1) and 15(2) of the GDPR;

2/ the right to rectify personal data, as referred to in Article 16 of the GDPR, i.e., the right to demand that the Data Controller corrects your personal data if it is incorrect and supplements it if it is incomplete;

3/ the right to erasure of personal data, as referred to in Article 17 of the GDPR, i.e., the “right to be forgotten,” when at least one of the circumstances specified in Article 17(1) of the GDPR has occurred;

4/ the right to demand restriction of personal data processing, as referred to in Article 18 of the GDPR, when at least one of the circumstances specified in Article 18(1) of the GDPR has occurred;

5/ the right to object to personal data processing, including in the form of profiling, as referred to in Article 21 of the GDPR, i.e., you may, due to your particular situation, object to the processing of your personal data in connection with:
- processing necessary to perform a task carried out for reasons of public interest or in the exercise of official authority vested in the Data Controller;
- processing necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party;
- processing for the purposes of direct marketing;

6/ the right to personal data portability, as referred to in Article 20 of the GDPR, covering the right to receive your personal data from the Data Controller in a structured, commonly used and machine-readable format and the right to transmit this data to another controller without hindrance from the Data Controller to which the personal data has been provided if the circumstances referred to in Articles 20(1) and 20(2) of the GDPR have occurred;

7/ the right to withdraw consent—you may withdraw your consent to the processing of your personal data at any time. However, withdrawal of consent does not affect the lawfulness of data processing done before the withdrawal.

8/ the right to file a complaint with the supervisory authority referred to in Article 77 of the GDPR—if you believe that your data is being processed in violation of the GDPR, you may file a complaint with the supervisory authority. In the case of persons whose place of habitual residence, place of work, or place of the alleged violation is Poland, the supervisory authority is the President of the Polish Personal Data Protection Office.

In order to ensure that this Privacy Policy meets the current requirements that follow from legal regulations, the Data Controller reserves the right to amend it at any time. The above also applies if this Privacy Policy requires amendments in order to cover the new or modified services of the Law Office.

The Data Controller may embed, on his website, social media plugins, i.e., interactive elements marked with the icons of these social media. Social media plugins allow for redirecting you to the Data Controller’s profile in social media. However, the Data Controller is not responsible for the privacy policy of these websites. The Data Controller encourages you to have a look at them.

Cookies are computer files that contain IT data and are stored on the end user’s device (e.g. a computer, a laptop, or a smartphone); these most frequently are text files. Cookies usually contain the name of the website from which they originate, the duration of their storage on the end device, and a unique number.

Types of cookies used

– Session cookies

These cookies are used to save the choices made by the user, as well as e.g. login credentials. They remain on the user’s device until the user has logged out or closed the browser.

– Analytical cookies

These cookies allow for collecting data related to the use of the website, including the content clicked by the user when browsing the website.

- Use of cookies Cookies

Are used in order to save settings and adjust website content to the preferences of the user. They are also used to compile anonymized statistics that help understand how users use the website. This allows for improving the structure and content of the website. Cookies are not used to identify users and user identity is not determined on their basis.

Deletion of cookies

The method of blocking or deleting cookies differs depending on the browser used. More information about managing cookies is available at: 

- Internet Explorer
- Mozilla Firefox
- Google Chrome
- Opera

Please note that all of the links contained in this Privacy Policy redirect to external websites for the content of which the Data Controller is not responsible.