Privacy policy

I. General Information

 

Ladies and Gentlemen

We kindly inform you that the controller of your personal data is WBW Weremczuk Bobeł & Wspólnicy Kancelaria Radców Prawnych sp. p. with its registered office in Poznań (address: ul. Promienista 15, 60-288 Poznań), KRS: 0000851120 (hereinafter referred to as “Data Controller”). You can contact the Data Controller by e-mail to the following email address: office@wbwlegal.pl .

In accordance with Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (hereinafter the “Regulation” or “GDPR”), we hereby provide you with all the information concerning the processing of your personal data, as well as your rights in connection with such processing.

The Data Controller attaches particular importance to respecting the privacy of both the visitors of the www.wbwlegal.pl website and the persons with whom the Data Controller conducts correspondence, as well as the employees and persons representing the Data Controller’s Clients.

The processing of personal data at the Controller is carried out in accordance with the principles set out in the Ordinance, as well as in accordance with Article 23 of the Code of Ethics for Legal Advisors. The Controller has implemented appropriate procedures and safeguards to ensure the security, confidentiality and integrity of the personal data processed. Access to the data has been entrusted only to authorised persons to the extent necessary for the performance of the commissioned tasks.

In addition, the Data Controller shall take all necessary measures, including technical and organisational solutions, to ensure that the security measures applied are appropriate to the risks identified.

If you have any doubts, we will be happy to provide you with any additional information.

 
II. Categories of persons whose personal data is processed by the Data Controller.

 

The Data Controller processes personal data of:

(a) natural persons, including those engaged in business activities, to whom legal services are provided by the Data Controller (“Data Controllers Clients“);

(b) persons affiliated with the Data Controller’s Clients and affiliated with entities to which the Data Controller provides legal services and which are not natural persons (“Data Controller’s Corporate Clients“), whereby affiliated persons shall be deemed to include, in particular, representatives, employees and associates, other persons acting on behalf of the Data Controller’s Clients/Corporate Clients (“Affiliated Persons“);

(c) the Data Controller’s business partners, e.g. other law firms, tax firms, auditors, entities in which the Data Controller is affiliated (“Data Controllers Business Partners“);

(d) persons who contact the Data Controller by mail, e-mail, telephone and instant messaging (“Third Parties“);

(e) persons who are participants in a dispute in which the Data Controller is representing the Data Controller’s Client (“Opposing Party“);

(f) visitors to the Data Controller’s profile on LinkedIn available at https://pl.linkedin.com/company/weremczuk-bobel-&-partners (“LinkedIn Profile“), including those contacting the Firm via the LinkedIn Profile;

(g) visitors to the website www.wbwlegal.pl operated by the Data Controller (theWebsite”);

(h) persons interested in cooperating with the Data Controller in recruitment processes (“Candidates“).

 
III. Type of data processed and purposes of personal data processing

 

A. DATA CONTROLLER’S CLIENTS

The personal data of the Data Controller’s Clients is processed for the following purposes:

  1. the provision of legal services under a concluded contract (Article 6(1)(b) of the GDPR);
  2. communication by e-mail or other forms of communication, including snail mail (Article 6(1)(a) and (b) of the GDPR);
  3. the conclusion of new contracts (Article 6(1)(b) of the GDPR);
  4. Fulfilling the Data Controller’s obligations towards state institutions under the law, including those arising from tax law and accounting regulations (Article 6(1)(c) of the DPA);
  5. maintenance and development of the Data Controller’s business, understood as internal reporting, compilation and marketing activities (Art. 6(1)(f) of the GDPR);
  6. pursuing the rights of the Data Controller’s Clients or protecting them against claims (Article 6(1)(f) of the GDPR).

The Data Controller may collect the following personal data of the Data Controller’s clients:

  • name and surname,
  • e-mail address:
  • telephone number,
  • address,
  • PESEL [personal identification no.]:
  • company name, NIP – tax identification no. or REGON [business statistical no.], registered office address;
  • details of the dispute and other information and documents relating to the performance of the legal service,
  • other personal data voluntarily provided to the Data Controller.

The provision of personal data, to the extent expected by the Data Controller and justified by the scope of the order, is voluntary but necessary to cooperate with the Data Controller.

B. AFFILIATED PERSONS AND BUSINESS PARTNERS OF THE DATA CONTROLLER

Sources of receipt of personal data of Persons affiliated with the Data Controller’s Clients and the Data Controller’s Business Partners:

  • personal data of Affiliated Persons and Business Partners of the Data Controller may be provided by the Data Controller’s Client, the Data Controller’s Corporate Client or the Data Controller’s Business Partner,
  • personal data may be provided directly by the person concerned to the Data Controller in connection with the conclusion or performance of a contract between the Data Controller’s Client and the Data Controller or between the Data Controller’s Corporate Client and in connection with the relationship with the Data Controller’s Business Partners, in particular in order to fulfil the obligations arising from the legal relationship or partnership and to ensure ongoing contact.

The Data Controller may collect the following personal data of Affiliated Persons and Business Partners of the Data Controller:

  • name and surname,
  • e-mail address:
  • telephone number,
  • position/function

Personal data of Affiliated Persons and Business Partners of the Data Controller is processed for the purpose of:

  1. concluding and performing a contract between the Data Controller and the Data Controller’s Client or a contract between the Data Controller and the Data Controller’s Corporate Client or for the purpose arising from the relationship with the Data Controller’s Business Partner, including ongoing contact via email or other forms of communication, in connection with the performance of the contract (Art. 6(1)(f) of the GDPR);
  2. maintenance and development of the Data Controller’s business, understood as internal reporting, compilation and marketing activities (Art. 6(1)(f) of the GDPR);
  3. pursuing the rights of the Data Controller’s Clients or the Data Controller’s Corporate Clients or protecting them against claims (Article 6(1)(f) of the DPA).

The provision of personal data, to the extent expected by the Data Controller and justified by the scope of cooperation, is voluntary but necessary to cooperate with the Data Controller.

C. PERSONAL DATA OF THIRD PARTIES

The personal data of Third Parties who contact the Data Controller or with whom the Data Controller contacts via the communication channels used by the Data Controller are processed for the purpose of:

  • communication and correspondence and, in particular, answering questions presented to the Data Controller (Article 6(1)(f) of the GDPR),
  • communication and correspondence in connection with the provision of legal assistance to the Data Controller’s Client or the Data Controller’s Corporate Client (Article 6(1)(f) of the GDPR),
  • establishing a business relationship with that person or an entity he or she represents or with which he or she cooperates (Article 6(1)(f) of the GDPR),

The Data Controller may collect the following personal data of Third Parties:

  • name and surname,
  • e-mail address:
  • telephone number,
  • position/function

The provision of personal data, to the extent expected by the law firm and justified by the type of communication channel chosen, is voluntary but necessary to make contact with the law firm.

D. PERSONAL DATA OF THE OPPOSING PARTY

In the case of the processing of data of other natural persons whose data is processed in connection with the handling of the affairs of the Data Controller’s Clients (provision of legal services), Article 14(5)(d) of the GDPR applies. Due to the statutory obligation of professional secrecy of legal advisors, as provided for by Polish law, the disclosure requirement provided for in Article 14(1) to (4) of the GDPR has been waived.

With regard to the profession of legal advisor, Article 15 of the Code of Ethics for Legal Advisors stipulates that a legal advisor is obliged to keep secret all information concerning the client and his/her affairs disclosed to the legal advisor by the client or otherwise obtained in connection with the performance of any professional activities by the legal advisor, regardless of the source of the information and the form and manner in which it was recorded.

E. PERSONAL DATA OF LINKEDIN USERS VISITING A LINKEDIN PROFILE MAINTAINED FOR THE DATA CONTROLLER

The Data Controller processes the personal data of LinkedIn users who are individuals in connection with their actions taken with regard to the LinkedIn Profile such as, in particular, observing, posting comments, responding to content in the form of ‘likes’, ‘recommendations’, etc. or contacting via the messaging function.

The Data Controller may collect the following personal data of LinkedIn users:

  • the name of the user’s profile (including name, position, function within the organisation),
  • image,
  • identification and other data published by the user of the profile, including his/her experience, skills, interests,
  • contact details (telephone number, email address),
  • the content of the comments left by the LinkedIn user and the content of the conversation held with a given individual by the Firm via LinkedIn;
  • statistical data on visits to and observations of the LinkedIn Profile.

The personal data in the LinkedIn Profile is processed in order to operate the LinkedIn Profile under the terms and conditions set by the LinkedIn operator and to inform via the LinkedIn Profile about activities, services, events, knowledge sharing, as well as to build and maintain a community and to communicate via the available LinkedIn functionalities (Article 6(1)(f) of the GDPR).

The above information does not apply to the processing of personal data by the LinkedIn data controller.

F. DATA OF VISITORS TO WBWLEGAL.PL

The Data Controller may process the personal data of visitors to the Website in cases where:

1. the visitor decides to subscribe to a newsletter issued by the Data Controller using the form available at: https://wbwlegal.pl/en/newsletter/

The data of newsletter subscribers is processed:

  • in order to subscribe the user to a newsletter and, consequently, send the newsletter to the subscribed user. The basis for the processing of your personal data is your consent to subscribe to the newsletter (Article 6(1)(a) of the DPA),

The Data Controller collects the following personal data in order to subscribe to the newsletter:

  • Name:
  • Email address

The provision of the above personal data is voluntary but necessary to subscribe to the newsletter issued by the Data Controller.

2. A visitor to the Website, as a Candidate, will use the recruitment form available at: https://wbwlegal.pl/en/career/, with the information about the processing of the Candidate’s personal data covered under letter G below.

G. CANDIDATES’ PERSONAL DATA

The personal data of applicants in the recruitment processes is processed for the purpose of examining the application and carrying out the recruitment process, in relation to the submitted application (the legal basis for the processing is Article 6(1)(a) of the GDPR – the candidate’s consent expressed by sending the application documents or Article 9(2)(a) of the GDPR when the application documents contain personal data of a special category as defined in Article 9(1) of the GDPR).

Personal data may also be processed for the purpose of examining your application in future recruitment processes on the basis of your separately given consent (Article 6(1)(a) of the DPA), if such consent is apparent from the application documents submitted.

The Data Controller processes the personal data indicated by the applicant in the application documents, in particular name(s) and surname, date of birth, contact details indicated by the applicant, as well as information on education, professional qualifications and previous employment history.

 

IV. Therm of personal data processing

 

Personal data will be retained for the period necessary to fulfil the purposes for which the data is processed, with the Data Controller retaining the data until the obligation to retain the data under the law expires.

If the basis for processing is the law firm’s legitimate interest, the data will be processed until this legitimate interest is fulfilled or until an effective objection is made – whichever comes first.

Candidates’ personal data will be kept for the entire duration of the recruitment process and, if the Candidate has consented to participate in future recruitment processes and to the processing of his/her data for the purposes of such processes, the personal data provided will be processed for a period of 2 years from granting a consent.

To the extent that the processing of the Data is based on a consent, the Data will be processed until the consent is withdrawn, but no longer than the expiry of the above periods.

If necessary and reasonable, the Data will be kept for the period necessary to establish, assert or defend against claims.

Information contained in private messages sent to the Firm via LinkedIn will be retained for the retention period of the message as determined by the LinkedIn operator.

In the case of information held by the Firm as part of comments provided by an individual, it will be available on the LinkedIn Profile until the individual removes it or the Firm removes the material in question from the LinkedIn Profile. Personal data collected by the LinkedIn operator, i.e. post history, activity history and messages sent, are subject to storage under the terms of LinkedIn’s terms and conditions.

Personal data processed by solicitors, barristers in the course of their profession shall be retained for 10 years from the end of the year in which the proceedings in which the personal data was collected.

 

V. Recipients of data and transfer of data outside the EEA

 

Personal data processed by the Data Controller may be disclosed to the following entities: employees and associates of the Data Controller, entities providing accounting services, other service providers related to the processing of personal data and Business Partners, IT service providers, translators, notaries, entities and authorities authorised to process under the law, including courts, enforcement authorities or public administration bodies.

If, for the proper performance of the contract with the Data Controller’s client, it is necessary to use the services of a Law Firm Business Partner located outside the EEA, the Law Firm may transfer the personal data it processes to countries outside the European Economic Area. Any transfer of data outside the EEA will only take place if it is necessary for the purposes of the processing and the transfer will take place in accordance with the provisions of the GDPR .

 

VI. Rights of persons in relation to personal data processing

 

With regard to your personal data processed by the Data Controller, you have the following rights:

The right to withdraw the consent granted (Article 7(3) of the GDPR):

Where the processing of your personal data is based on your consent, you have the right to withdraw it at any time, as long as the data is processed on the basis of your consent. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal. Withdrawal of consent has effect from the time of the declaration of withdrawal.

It should be noted that the withdrawal of the consent granted for the processing of personal data may result in the impossibility for the Data Controller to fulfil its obligations, which may in fact make it impossible for the Data Controller to act for the purposes for which it obtained the data.

The right of access to your data (Article 15 of the GDPR):

You have the right to access the content of all your personal data, together with the right to access information about the data, among other things the purposes of processing, the categories of data processed, the recipients or the duration of processing. The Data Controller will provide a copy of the personal data being processed upon your request. In the absence of any other form of transmission indicated, the data will be provided electronically. The preparation and delivery of the first copy of the data is free of charge. The Data Controller may charge a reasonable fee based on administrative costs for any subsequent requests in this respect.

The right to request the rectification of your personal data (Article 16 of the GDPR):

You have the right to rectify your data processed by the Data Controller if it is incorrect. You also have the right to supplement incomplete personal data (taking into account the purposes of the processing), including by providing an additional statement.

The right to request the erasure of your personal data (Article 17 of the GDPR):

You have the right to be forgotten, under which you can request that the Data Controller erase your personal data and request that the Data Controller inform other controllers to whom your data to be erased has been made public of the need to erase links to, copies of or replication of that data. The above rights are subject to the occurrence of any of the following situations:

  1. the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  2. consent to the processing of personal data, which is the only legal basis for data processing, has been withdrawn;
  3. an objection has been lodged on grounds relating to your particular situation against the processing of personal data in the so-called legitimate interests pursued by the Data Controller and there will be no overriding legitimate grounds for the processing;
  4. an objection has been raised to the processing of personal data for direct marketing;
  5. the personal data has been unlawfully processed;
  6. the deletion is necessary to comply with a legal obligation under European Union or Polish law;

The right to request the restriction of the processing of your personal data (Article 18 of the GDPR):

You have the right to restrict processing in the following cases:

  1. the accuracy of the personal data is contested – for a period enabling the Data Controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  3. the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
  4. you have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the Data Controller override those of the data subject.

It should be noted that a request for restriction of the processing of personal data may result in the inability of the Data Controller to comply with its obligations, which may in fact prevent the Data Controller from acting on your behalf.

The right to transfer of your personal data (Article 20 of the GDPR):

You have the right to transfer of your personal data processed by the Data Controller by automated means or on the basis of consent or contract, under which you may request to:

  1. receive your personal data provided to the Data Controller on the basis of consent or a contract or in connection with a request for pre-contractual action and data that the Data Controller processes by automated means;
  2. send the above data without hindrance;
  3. transmission by the Data Controller of the aforementioned data to another controller, insofar as this is technically possible;

The above right entitles you to receive the above data in a structured, commonly used machine-readable format.

The right to object to the processing of your personal data (Article 21 of the GDPR):

You have the right to object to:

  1. the Data Controller’s processing of personal data for marketing purposes,
  2. the Data Controller’s processing of personal data for purposes arising from the so-called legitimate interest pursued by the Data Controller. The objection must be based on reasons relating to your particular situation. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

It should be noted that the expressing an objection to the processing of personal data may result in the Data Controller’s inability to comply with its obligations, which may in fact prevent the Data Controller from acting on your behalf.

 

Right to lodge a complaint with a supervisory authority

 

You have the right to lodge a complaint with the President of the Data Protection Authority if you think that the processing of personal data concerning you violates the provisions of the Regulation.

 

VII. Changes to the privacy policy and acceptance of terms and conditions

 

The Data Controller reserves the right to change or update the Privacy Policy at any time. In this case, a notice will be made available on www.wbwlegal.pl.

By using this site, you agree to the terms of the Privacy Policy. Otherwise, please do not use www.wbwlegal.pl. Continued use of the site will imply acceptance of the above conditions.

Office in Poznań

Promienista 15
60-288 Poznań

OFFICE IN WARSAW

Gdańska 49a
01-633 Warsaw

Menu

Privacy policy
Legal disclaimer

© 2024 WBW Weremczuk Bobeł & Partners 
Law Firm

Website: interactive agency adStone / Poznań