WEBSITE PRIVACY POLICY
Law firm of attorney-at-law Malwina Strecker – available at: https://strecker.pl (hereinafter referred to as the Website).
Dear User!
We care about your privacy and want you to feel comfortable using our services. Below, we present the most important information about how we process your personal data and the cookies used by our Website. Your data is processed in accordance with the Personal Data Protection Act of 10 May 2018 (consolidated text: Journal of Laws of 2019, item 1781), in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”), and the Act on the provision of electronic services of 18 July 2002 (consolidated text: Journal of Laws of 2020, item 344).
1. Personal Data Controller.
The controller of the personal data of users of the Website (hereinafter referred to as the “Controller”), i.e. the person responsible for ensuring the security of your personal data, is: Malwina Strecker, conducting business under the name: Kancelaria prawna radcy prawny Malwina Strecker, with its registered office at: ul. Chłodna 64 lok. 316, 00-872 Warsaw / PL, Tax Identification Number (NIP): 5272708106, National Business Registry Number (REGON): 147030286, email address: kancelaria@strecker.pl.
2. Basis for data processing.
1) The Controller is authorized to process personal data if at least one of the following conditions is met:
a) the data subject has consented to the processing of their personal data for one or more specific purposes,
b) processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract,
c) processing is necessary to comply with a legal obligation to which the Controller is subject,
d) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party.
2) The processing of personal data by the Controller always requires the existence of at least one of the grounds indicated above. The specific grounds for processing personal data of Website users by the Administrator are indicated below.
3. Purpose of data processing.
1) The purpose of data processing results from the actions undertaken by the Website user and the Controller.
2) The Controller processes personal data for the following purposes:
Article 6(1)(a) and (b) of the GDPR (the data subject has consented to the processing of their personal data, and/or processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract).
Data is stored for the period necessary for the performance, termination, or other expiration of the concluded contract, or until the consent is withdrawn.
Article 6(1)(f) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the Controller or a third party) and Article 6(1)(f) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the Controller or a third party). a) GDPR Regulation (the data subject has consented to the processing of their personal data by the Controller for marketing purposes).
Data is stored for the duration of the legitimate business interest pursued by the Controller. The Controller may not process data for direct marketing purposes if the data subject effectively objects to this. In the case of data stored based on consent, the data is stored until the data subject withdraws their consent to further processing of the data for the above-mentioned purpose.
Article 6, paragraph 1, letter f) GDPR Regulation (processing is necessary for the purposes of the Controller’s legitimate interests – consisting in operating and maintaining the Website).
Data is stored for the duration of the legitimate business interest pursued by the Controller, but no longer than the limitation period for the Controller’s claims against the data subject arising from the Controller’s business activities. The limitation period is specified by law, in particular the Civil Code (the basic limitation period for claims related to business activity is three years).
Article 6, paragraph 1, letter f) of the GDPR (processing is necessary for purposes arising from the Controller’s legitimate interests – consisting in maintaining statistics and analyzing website traffic to improve its operation and/or extending the range of services provided).
Data is stored for the duration of the Controller’s legitimate interest, but no longer than the limitation period for the Controller’s claims against the data subject arising from the Controller’s business activities. The limitation period is specified by law, in particular the Civil Code (the basic limitation period for claims related to business activities is three years).
Article 6, paragraph 1, letters c) and f) of the GDPR (processing is necessary to fulfill a legal obligation to which the Controller is subject and/or processing is necessary for purposes arising from the Controller’s legitimate interests).
Data is stored for a period of 5 years, counted from the beginning of the year following the financial year to which the data pertains and/or for the duration of the legitimate interest pursued by the Controller.
3) Providing data is voluntary, but in some cases it may be necessary to conclude a contract.
4) Failure to provide data may result in the inability to use all the functionalities of the Website, including:
a) the inability to register on the Website,
b) the inability to receive information about webinars, training courses, conferences, and promotions.
4. Data Recipients.
1) For the proper functioning of the Website, the Controller must use the services of external entities (e.g., software providers). The Controller only uses the services of processors who provide sufficient guarantees to implement appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and protects the rights of data subjects.
2) The Controller transfers data only when it is necessary to achieve the given purpose of personal data processing and only to the extent necessary to achieve it.
3) The personal data of Website Users may be transferred to the following recipients:
a) payment processors and entities ensuring order delivery – in the case of a User purchasing goods offered through the Website,
b) service providers providing the Controller with technical, IT, and organizational solutions. This includes providers of computer software for operating the Website, email and hosting providers, and providers of software for managing a company and providing technical support to the Controller,
c) providers of accounting, legal, and advisory services providing accounting, legal, or advisory support to the Controller. The Controller shares the collected User’s personal data with a selected provider acting on its behalf only if and to the extent necessary to achieve the given purpose of data processing consistent with this privacy policy.
5. Rights of the Data Subject.
1) The data subject has the right to request from the Controller access to their personal data, rectification, erasure, or restriction of processing, and the right to object to processing, as well as the right to data portability. Detailed conditions are set out in Articles 15-21 of the GDPR.
2) The data subject whose data is processed by the Controller pursuant to Article 6(1)(a) or Article 9(2)(b) of the GDPR. The data subject has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
3) The data subject whose data is processed by the Controller has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law. The supervisory authority in Poland is the President of the Personal Data Protection Office.
4) The data subject has the right to object at any time
a) for reasons relating to their particular situation – to the processing of their personal data based on Article 6(1)(f) of the GDPR (i.e., legitimate interests pursued by the controller), including profiling based on these provisions – if applicable,
b) if personal data are processed for direct marketing purposes, including profiling, to the extent that the processing is related to such direct marketing.
5) In order to exercise the rights referred to in this point of the privacy policy, you can contact the Administrator by sending an appropriate message in writing by e-mail to the Administrator’s address indicated at the beginning of the privacy policy.
6. Cookies on the Website
1) Cookies are small pieces of information in the form of text files sent by the server.
2) Our Website, like most websites, uses cookies. These files:
a) are saved in the memory of your device (computer, phone, etc.),
b) enable you, among other things, to use all the features of the Website,
c) do not change your device’s settings.
3) By using the appropriate options in your browser, you can at any time:
a) delete cookies,
b) block the use of cookies in the future.
4) Cookies are used on the Website for the following purposes:
a) remembering information about your session,
b) statistical purposes,
c) marketing purposes,
d) providing key features of the Website.
5) To learn how to manage cookies, including how to disable them in your browser, you can consult your browser’s help file.
6) If you do not disable the use of cookies in your browser settings, you consent to their use.
7) If you require additional information, you can contact the Administrator by sending a written message to the email address provided above.
