Get legal advice

Privacy Policy

§1. Data controller

  1. The data controller is Karolina Jankowska under the name Kancelaria Adwokacka Adwokat Karolina Jankowska with its registered office in (61 – 873) Poznań, ul. Królowej Jadwigi 58/9, entered into the Central Register and Information on Economic Activity of the Republic of Poland, with the tax identification number NIP 7792304215 and REGON identification number 3024711600. Users’ personal data is protected in compliance with the requirements of European law, in particular the General Data Protection Regulation, known as the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).
  2. Contact with data controller is possible via the e-mail address: kancelaria@karolinajankowska.eu
  3. Data controller, in accordance with art. 32 GDPR, implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, mainly to avoid unauthorized management or unlawful access to personal data processed in connection with the conduct of business.
  4. Providing personal data is voluntary, but necessary to conclude any contract with data controller.
  5. Data controller processes personal data to the extent necessary to conclude and execute any contract with data controller and provide legal services.

§2. Purpose and basis for processing of users’ personal data

Data controller shall processe users’ personal data for:

  1. preparation of a commercial offer in response to the interest of a given person, which is the legitimate interest of the data controller,
  2. concluding and executing contracts with Clients, based on previously concluded contracts,
  3. handling the complaint process, on the basis of the data administrator’s obligation for compliance with Polish law,
  4. accounting related to issuing and accepting documents, pursuant to the provisions of applicable tax law,
  5. fulfillment of other legal obligations incumbent on the Law Firm,
  6. data archiving for possible determination, investigation or defense against claims or the need to prove facts, which is the legitimate interest of the data controller,
  7. telephone contact or via e-mail and / or the Zoom.us application, in particular in response to inquiries addressed to the data controller, which is the legitimate interest of the data controller.

§3.Data recipients. Data transfer to third countries or international organisations

  1. The recipients of personal data processed by the data controller may be entities cooperating with the data controller when it is necessary for the performance of the contract concluded with the Client.
  2. The recipients of personal data processed by the data controller may also be subcontractors – entities whose services are used by the data controller when processing data, e.g. accounting offices, law firms, entities providing IT services (including hosting services provided by home.pl).
  3. The data controller may be required to provide personal data on the basis of applicable law, in particular to provide personal data to authorized state authorities or institutions.
  4. The data controller uses tools that store personal data on servers located in third countries, in particular in the USA, and therefore part of the processing of your personal data may involve their transfer to third countries. The providers of these tools guarantee an adequate level of protection of personal data through appropriate compliance mechanisms provided for by the GDPR, in particular through the use of standard contractual clauses.
  5. The data controller uses the Calendly application (for booking and arranging videoconferences) and the Zoom.us application (for providing legal advice). Calendly LLC ensures an adequate level of protection of personal data by applying the compliance mechanisms provided for by the GDPR, including the compliance mechanisms used, such as certification programs or standard contractual clauses. Zoom.us ensures an adequate level of protection of personal data through the use of compliance mechanisms provided for by the GDPR.

§4. Retention period for personal data

  1. Personal data shall be processed for the period of maintaining current relations (e.g. answers to questions, presenting offers, exchange of correspondence, execution of contract concluded), and after its termination for purposes related to the pursuit of claims related to the contract, the performance of obligations under applicable law, but for no longer than the limitation period in accordance with the provisions of the Civil Code (i.e. Journal of Laws [Dz.U.] of 2017, item 459, as amended);
  2. Personal data on accounting documents shall be processed for the period of time specified by the provisions of applicable tax law
  3. Data controller stores personal data for purposes other than those indicated above for a period of one year, unless the consent to data processing has been withdrawn and the data processing may not be continued on a basis other than the consent of the data subject.

§5. Rights of the users’ data

Each user who is a data subject has:

  1. the right of access –  obtaining from the data controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, the existence of the right to request from the data controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing, the right to lodge a complaint with a supervisory authority.
  2. the right to receive a copy of personal data undergoing processing. The first copy is free of charge. 
  3. the right to rectification – the data subject has the right to request the rectification of inaccurate or supplement of incomplete personal data concerning him or her.
  4. the ‘right to be forgotten’ – the data subject has the right to obtain from the data controller the erasure of personal data concerning him or her where the provisions of Article 17 of GDPR apply. 
  5. the right to restriction of processing – the data subject has the right to obtain from the controller restriction of processing where the provisions of Article 18 of GDPR apply. 
  6. the right to data portability – the right to receive the personal data concerning him or her, which he or she has provided to the data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller where the processing is based on consent or is carried out by automated means.
  7. the right to object – the right to object to the processing of his or her personal data for the legitimate purposes of the data controller, for reasons related to his or her particular situation. Then the data controller assesses the existence of valid, legitimate grounds for processing, overriding the interests, rights and freedoms of data subjects, or the grounds for establishing, investigating or defending claims. If, according to the assessment, the interests of the data subject are more important than those of the data controller, the data controller will stop processing data for these purposes.
  8. In order to exercise the above-mentioned rights, the data subject contacts the data controller using the contact details provided in Privacy Policy and inform her about which right and to what extent he or she wants to exercise.
  9. The data subject has the right to file a complaint with the supervisory authority, which is the President of the Personal Data Protection Office.

§6. Profiling

The data controller does not make decisions based solely on automated processing, including profiling, that have legal effects on data subjects or have a similar significant impact on them. The data controller uses tools that can take specific actions depending on the information collected as part of the mechanisms, e.g. Google Analytics, but these activities do not have a significant impact on data subjects, because they do not differentiate situation of data subjects as clients and do not affect the terms of the contract, which may be concluded with the data controller.

The website maintained under the domain karolinajankowska.eu uses cookies for its proper operation, uses analytical tools (Google Analytics), social plugins (LinkedIN, Twitter), video player (YouTube) and podcast player (SoundCloud). Details can be found in the Cookies tab.