1.1. Controller – Rymarz, Zdort, Maruta, Wachta, Gasiński, Her i Wspólnicy Sp.k. with its registered office in Warsaw (00-850), ul. Prosta 18, entered in the Register of Business Entities of the National Court Register under KRS No. 0000026546, NIP 5252191456, REGON 016435665.
1.2. Personal Data – any information relating to an identified or identifiable natural person who can be identified by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, including the IP of a device, location data, Internet identifier and information collected through cookies and other similar forms of technology.
1.4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
1.5. Website – an online service operated by the Controller at rzmlaw.com
1.6. User – each natural person visiting the Website or using one or several of the services or functionalities described in the Policy.
PROCESSING OF DATA IN CONNECTION WITH THE USE OF THE WEBSITE
2.1. In connection with the use of the Website by the User, the Controller will collect data within the scope necessary for the rendering of the specific services on offer and collect information about the User’s activities while using the Website. The detailed rules for and purposes of the processing of Personal Data collected during the use of the Website by the User are described below.
PURPOSES AND LEGAL BASIS FOR DATA PROCESSING
USE OF THE SERVICE
3.1. The Personal Data of all of the persons using the Website (including the IP address and other identifiers and information collected through cookies or other similar forms of technology) will be processed by the Controller:
3.1.1. for the rendering of services electronically in terms of providing Users with the content of the Website – in this case, the legal basis for processing Personal Data is that such processing is necessary for the performance of contracts (Article 6(1)(b) of the GDPR;
3.1.2. for analytical and statistical purposes – in this case, the legal basis for the processing of Personal Data is that the Controller is pursuing its legitimate interests (Article 6(1)(f) of the GDPR), i.e. conducting analyses of the activities of Users as well as their preferences to improve the applied functionalities and services rendered; and
3.1.3. for the establishment, if any, and pursuit of claims or defence against claims – in this case, the legal basis for the processing of Personal Data is that the Controller is pursuing its legitimate interests (Article 6(1)(f) of the GDPR), which is represented by the protection of its rights.
3.2. Personal Data, which is shared by the User in email correspondence addressed to the Controller, and is not related to the services provided or other existing contracts, is processed only for the purpose of communication and addressing the matter to which the correspondence relates.
3.3. The legal basis for the processing of Personal Data by the Controller for this purpose is that the Controller is pursuing its legitimate interests (Article 6(1)(f) of the GDPR) involving sending out replies to email correspondence received in connection with its business.
3.4. The Controller only processes Personal Data relevant to the matter to which the relevant correspondence relates. The entire correspondence will be stored in a manner ensuring the security of Personal Data (and other information) contained therein, and such data will only be disclosed to authorised persons.
COOKIES AND SIMILAR TECHNOLOGY
4.2. The Controller uses necessary cookies primarily to provide Users with the services and functionalities of the Website that the User wishes to use. Required cookies may only be installed by the Controller through the Website.
4.3. The legal basis for the processing of data in connection with the application of the required cookies is that such processing is necessary for the purposes of performing contracts (Article 6(1)((b) of the GDPR).
4.4. Analytical cookies enable information to be obtained such as the number of visits and the sources of traffic on the Website. They are used to establish which pages are more and which are less popular as well as to understand how Users navigate the Website by collecting statistical data concerning traffic on the Website. The data is processed to improve the efficiency of the Website. The information collected by analytical cookies is aggregated and the purpose thereof is not to determine a User’s identity. Analytical cookies may be installed by the Controller and its partners through the Website.
4.5. The legal basis for the processing of Personal Data in connection with the use of functional and analytical cookies by the Controller is that the Controller is pursuing its legitimate interests (Article 6(1)(f) of the GDPR), which involves ensuring the highest standard of services rendered on the Website.
4.6. The processing of Personal Data in connection with the use of analytical cookies depends on securing the User’s consent for the use of analytical cookies through a platform for managing consent for cookies. Such consent may be withdrawn at any time through that platform.
ANALYTICAL TOOLS USED BY THE CONTROLLER
5.1. The Controller and its partners, such as Google, apply various solutions and tools used for analytical purposes. Basic information regarding such tools is described below. For more detailed information on the use of such tools, please refer to the data privacy settings and the privacy policies of the relevant partner.
5.2. Cookies of Google Analytics are files used by Google to analyse Users’ habits in regard to using the Website and to create statistics and reports concerning the functioning of the Website. Google does not use the collected data for User identification and does not combine such information to allow for the identification of Users. Detailed information about the scope and the terms of collecting data in connection with such services is available at: https://www.google.com/intl/pl/policies/privacy/partners.
TIMEFRAME FOR PERSONAL DATA PROCESSING
6.1. The timeframe for processing Personal Data by the Controller depends on the purpose of such processing. In principle, Personal Data should be processed during the time of rendering services until the withdrawal of consent to the processing of Personal Data or the submission of an effective objection against the processing of Personal Data in cases where the legal basis for the processing of such data is the Controller pursuing it legitimate interests.
6.2. The timeframe for the processing of Personal Data may be extended if the processing is required to establish and to enforce any claims or to defend against any claims, and after such time, only in the event, and to the extent, that it is required by law. After the lapse of the timeframe for processing Personal Data, such data will be irrevocably deleted or anonymised.
7.1. The User has the right to access their Personal Data and demand its rectification, erasure and restriction of processing, the rights to data portability and to object to the processing of the data, as well as the right to lodge a complaint with the supervisory authority responsible for the protection of Personal Data.
7.2. To the extent that the User’s data is processed on the basis of consent, such consent may be withdrawn at any time by contacting the Controller by email at IOD@rzmlaw.com.
7.3. The User has the right to object to the processing of data for marketing purposes if the processing is carried out in connection with the Controller pursuing its legitimate interests, and – for reasons related to the User’s particular situation – in other cases where the legal basis for the processing is the Controller pursuing its legitimate interests (e.g. in connection with analytical and statistical purposes).
8.1. In connection with the performance of services, Personal Data will be disclosed to third parties, including specifically to suppliers responsible for servicing IT systems.
8.2. The Controller reserves the right to disclose selected information concerning Users to the relevant authorities or third parties that submit requests for such information, on the relevant legal basis and in accordance with applicable laws.
TRANSMISSION OF DATA OUTSIDE THE EEA
9.1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from the level secured pursuant to EU law. For this reason, the Controller will transfer Personal Data outside the EEA only if it is necessary and with the assurance of an adequate level of protection, mostly through:
9.1.1. cooperating with the entities processing Personal Data in countries with respect to which the relevant decision of the European Commission was issued concerning the assurance of an adequate level of protection of Personal Data;
9.1.2. applying standard contractual clauses set forth by the European Commission; and
9.1.3. applying binding corporate rules approved by the relevant supervisory authority.
9.2. The Controller will always inform about the intention to transfer Personal Data outside the EEA at the stage of data collection.
SECURITY OF PERSONAL DATA
10.1. The Controller carries out a risk analysis on an ongoing basis to ensure that Personal Data is processed in a secure manner – ensuring, in particular, that only authorised persons have access to such data and only to the extent that this is necessary for the performance of the Controller’s duties. The Controller ensures that all operations conducted in connection with Personal Data are recorded and performed only by authorised employees and contractors.
10.2. The Controller will take all necessary actions to ensure that its subcontractors and other cooperating entities also apply appropriate security measures whenever they process Personal Data on behalf of the Controller.
11.1. The Controller may be contacted by email: IOD@rzmlaw.com or at the office address: Rymarz, Zdort, Maruta, Wachta, Gasiński, Her i Wspólnicy sp.k., ul. Prosta 18, 00-850 Warsaw.
11.2. The Controller has appointed a Data Protection Officer who may be contacted by email: IOD@rzmlaw.com in any matter concerning the processing of Personal Data.
12.1. This Policy will be verified on an as-needed basis and updated, if required.
12.2. The existing version of this Policy has been adopted and has been in force as of 1 January 2023.