§ 1 General provisions

  1. This privacy policy (hereinafter: the „Policy”) governs the rules for the processing of personal data and other data received from customers, potential customers and business partners (including service providers or contractors) of the Law Office “Smolarek, Rogala, Caban – Adwokaci i Radcowie prawni Sp.p.”, a professional partnership with its registered office in Warsaw (hereinafter: the “Customers”), persons whose data are processed in connection with the provision of legal services (hereinafter: the “Parties”), as well as the users of its Internet service available at the web address (hereinafter: the “Service”) and of electronic and distance communication channels cooperating with the Service and social media supporting customer services.
  2. The data controller with respect to personal data obtained from the Customers is the company under its business name “Smolarek, Rogala, Caban – Adwokaci i Radcowie prawni Sp.p.” with its registered office in Warsaw, entered into the Register of Entrepreneurs of the National Court Register by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register, under the KRS number 0000245785, tax identification number NIP: 701-000-00-34, statistical identification number REGON: 140344774, phone: (+48) 22 630 30 80, email: (dalej: „SRC”).

§ 2 How we collect data from Customers

We collect data in the following way:

  • by way of their voluntary transfer in documents submitted to SRC in written, documentary or electronic form in connection with the provision of legal services; or
  • during face-to-face or telephone communication with the employees of SRC in connection with the provision of legal services and the processing of orders.

Certain data, to a limited extent, may also be collected:

  • via cookie files (so called “cookies”) recorded on terminal devices of users visiting our Service; or
  • via our web pages and channels in social media (such as LinkedIn).

§ 3       Purposes and legal grounds for data processing

  1. We process personal data collected by SRC from the Customers exclusively for those purposes for which they have been transferred to us, i.e. in the following situations:
    1. The processing of data is necessary for the performance of a contract with SRC, to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract (Article 6 sec. 1 b) of the GDPR):
      -The processing of the Customer’s data shall be lawful only to the extent that it is necessary for the performance of a contract. The performance of a contract should be understood as the exercise of any rights and obligations arising out of the contract or supplemental provisions for the contract. This legal basis includes the processing of data by SRC in connection with the provision of legal advice or the preparation of legal opinions. This legal basis will also be appropriate with respect to the processing of data of contractors and providers of goods or services necessary for the operation of the Law Office.
    2. The processing is necessary for compliance with a legal obligation to which SRC is subject (Article 6 sec. 1 c) of the GDPR):
      -The processing of data based on the above-mentioned legal grounds shall apply where it is necessary for compliance with a legal obligation to which SRC is subject. In the case of activities carried out by SRC, it is specifically about procedural provisions indicating the scope of data that should be given in connection with a specific step in the proceedings, for which the scope of data is explicitly defined in applicable provisions of law, such as – in particular – minimum requirements for procedural documents in different modes of proceedings.
    3. The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Article 6 sec. 1 c) of the GDPR):
      -The processing of data based on the above-mentioned legal grounds shall apply, in particular, in the case of personal data processing carried out in order to prevent fraud, to ensure the security of data or a possibility to pursue claims (e.g. data processing in order to contract out the collection of debts owed on an unpaid invoice to external entities).
    4. SRC may also process specific categories of personal data as part of legal services provided to the Customers whenever it is necessary for the establishment, exercise or defence of claims, or whenever courts are acting in their judicial capacity (Article 9 sec. 2 f) of the GDPR) in conjunction with Article 6 sec. 1 b), c) or f)), and where it is necessary to process such data as those relating to health, data revealing racial or ethnic origin, political views, trade union membership, religious or philosophical beliefs.
  2. No personal data are processed for the purposes of automated decision making, including the user profiling.

§ 4       Scope of collected data

  1. For the purpose of legal services to be provided by SRC, the following data, in particular, are collected:
    1. forename and surname;
    2. business name and details included in public registers and records, in particular, in the Central Register and Information on Economic Activity (CEIDG), the National Court Register (KRS), the National Criminal Register (KRK), including data from financial statements and economic information about the entrepreneur;
    3. contact details, such as a telephone number or e-mail address;
    4. possibly other categories of personal data provided by the Customer if needed for the performance of the legal service.
  2. If the Customer communicates via social media or with the use of means of distance communication, as well as in the course of the user’s activity in such media on web pages or in channels managed by SRC, certain additional categories of data thus voluntarily provided to SRC by the Customer (the content of private messages to SRC, messages in the SRC channel of a given medium – according to the functionality of a given service) can also be collected.

§ 5       How long we retain Data of Customers

  1. The retention period during which SRC will process personal data and specific categories of data which will be retained may vary according to the purpose of processing.
  2. Pursuant to Article 16c sec. 1 point 2 c) of the Law on Advocates and Article 5c sec. 1 point 2 c) of the Act on Attorneys-at-Law, the retention period with respect to personal data processed by advocates and attorneys-at law as part of pursuing their profession is 10 years from the end of the year of termination of the proceedings within the scope of which personal data were collected. After the expiry of that period, personal data shall be permanently deleted.
  3. The retention of data should be understood as the retention of procedural documents with personal data (in both paper and electronic form), as well as any other personal data, including those collected in connection with the provision of other forms of legal advice, recorded in computer systems and in paper format. They will also include drafts of letters and notes prepared by advocates and attorneys-at-law relating to the conducted cases.
  4. SRC also collects and processes personal data in cases not relating to legal proceedings, in particular, during the provision of legal advice, preparation of legal opinions, preparation of draft documents in professional dealings, conducting of negotiations, legal servicing of transactions, exchange of official correspondence connected with proceedings, legal risk management and audit and training activities.
  5. SRC warrants that personal data shall be processed not longer than it is necessary and required by law.

§ 6       Making data available and outsourcing of data processing

  1. In order to perform legal services, SRC may transfer personal data provided by the Customers to entities which support the provision of such services, such as postal operators, external service providers and advisers acting for the benefit of SRC, as well as to entities authorised under the generally applicable provisions of law.
  2. In the case of communication with SRC via social media, such as LinkedIn, the Customer provides his/her data also to controllers of those services. SRC is the co-controller of certain categories of thus provided data. The processing of such data, however, is regulated under separate privacy policies and service provision conditions by controllers of those services. We recommend careful reading of those regulations and relevant privacy policies made available in those services.

§ 7       Rights of Data Subjects

  1. Each person whose data are processed by SRC has the right:
    1. of access to his/her personal data and to receive their copies in a generally understandable format, providing that such access or receiving of copies cannot infringe the professional secrecy obligation of an advocate or an attorney-at-law in accordance with Article 16a sec. 1 of the Law on Advocates and Article 5a sec. 1 of the Act on Attorneys-at-Law;
    2. to the rectification of his/her personal data – by correcting inaccurate data or completing incomplete data taking into account the purposes of the processing;
    3. to the erasure of his/her personal data – if the processing of data is no longer necessary for the purposes for which they were collected or otherwise processed and where there are no other legal grounds for the processing, or if the data subject objects to the processing under his/her right to object to processing, and there are no overriding legitimate grounds for the processing (e.g. such as the establishment, exercise or defence of claims pursuant to Article 17 sec. 3 d) of the GDPR), or if the personal data have been unlawfully processed;
    4. to the restriction of processing of his/her personal data – in particular, if the accuracy of the personal data provided to SRC is contested by the data subject, for a period enabling SRC to verify the accuracy of those data, or if the data subject has objected to processing pursuant to Article 21 sec. 1 of the GDPR pending the verification whether the legitimate grounds of SRC override the grounds for objection;
    5. to object to processing of his/her personal data – if the data subject objects, on grounds relating to his/her particular situation, to personal data processing based on Article 6 sec. 1f) of the GDPR, SRC shall no longer process such personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject (in particular, the defence against claims);
    6. to the portability of his/her personal data – at the Customer’s request, SRC shall transmit to him/her or to another controller indicated by the Customer, where technically feasible, the personal data which he or she has provided to SRC, in a structured, commonly used and machine-readable format, where the processing was based on Article 6 sec. 1 b) of the GDPR.
  2. In order to exercise the above rights, please contact us by e-mail at the e-mail address:
  3. Furthermore, SRC informs that the Customer has the right to lodge a complaint to the supervisory authority, i.e. the President of the Personal Data Protection Office (UODO).

§ 8       Cookie files in Service

  1. Service uses cookie files.
  2. Cookie files (so called “cookies”) are small text files sent by the Website and stored in the computer of the user. Cookie files contain certain information concerning the use of the Service by the Customer.
  3. In Service, we use the following cookie files:
    1. necessary for the operation of the Service – such files enable the proper functioning of the Service and navigation within the Service. Blocking them, you may cause the Service not to work properly;
    2. statistical – enabling the collection of information on how our Service is used. The Service uses Google Analytics – a web analytics tool offered by Google, Inc.
    3. social – enabling the integration of social media (LinkedIn) with our Service.
  4. We use two types of cookie files: session cookies 4. and persistent cookies. 4. Session cookies are temporary files stored in the terminal device till the moment of leaving the Service or turning off the software (web browser). Z4. As regards persistent cookie files, they are stored in the terminal device for a period specified in the cookie parameters or until they are removed by the Customer.
  5. SRC informs that the web browser usually by default allows the storage of cookie files in the terminal device. The settings can be changed at any time. The web browser also allows you to delete previously placed cookie files. It is also possible to automatically block the operation of cookie files. For more details see the help or documentation of the web browser. SRC strongly encourages all the users of the Service to get acquainted with that information.

§ 9       Changes in Policy

The Policy is updated by SRC on a current basis in order to ensure the highest possible level of protection of privacy. Should any changes in the Policy be planned, SRC shall inform about it in the Service.

Leading Firm Legal 500 Emea 2024