PRIVACY POLICY

The priority of Today Legal Law Firm Wojciech Deja is to protect your privacy.

In this privacy policy, we describe how we collect and use your personal data, as well as outline your rights and the options available to you for controlling the data we hold.

Personal Data Controller

The Data Controller is Wojciech Deja, conducting business under the name Today Legal Kancelaria Prawna Wojciech Deja in Warsaw, address: Rondo Daszyńskiego 2b, 00-843 Warsaw, Tax ID (NIP) 5272545615.

The Data Controller has not appointed a Data Protection Officer. All correspondence regarding your personal data can be directed to the email address: wojciech.deja@todaylegal.pl.

What Data do We Collect?

Depending on the circumstances, we collect the following personal data:

1. Contact details: first name, last name, job title, position, company or organization name, phone number, email address, postal address, and, if applicable, contract number.
2. Business information: data related to matters in which you provide us with information or in which you are involved.
3. Publicly available information: e.g., from the National Court Register (KRS), the Central Register and Information on Economic Activity (CEiDG), LinkedIn, and similar professional social networks, directories, or online publications.
4. Investigation or legal proceedings information: where necessary for conducting investigations or legal proceedings.
5. Subscriptions/preferences: when subscribing to various legal communications, information, or newsletters to determine what type of information interests you.
6. Supplier data: contact details and other information related to you, your company, or your organization providing services to Today Legal Kancelaria Prawna Wojciech Deja.
7. Social media: posts, likes, and other interactions related to our presence on social media platforms.
8. Technical information: when a user accesses this website and our technological services – browser type and version (e.g., Internet Explorer, Firefox, Safari, etc.), time zone settings, browser plugins (types and versions), operating system (e.g., Windows, macOS, Linux, etc.), device type, hardware model, unique identifiers, and mobile network information.
9. Online data: when a user accesses this website and our technological services – information about visited websites, including URL, navigation path on our website (including date and time), user network details such as device data, nodes, configurations, connection speed, and web application performance; pages visited or searched, response times, download errors, visit duration, and interaction data (such as scrolling, clicks, and mouse movements), as well as information on whether links or emails have been opened by the user.
10. Criminal record data: where relevant and in compliance with national laws, such as information regarding committed offenses. This type of data is processed only when necessary for legal claims (e.g., proceedings before law enforcement authorities and courts).
11. Other information provided by you in communication with us.

Legal Ground for Processing Personal Data

The data is processed in accordance with Article 6 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter “GDPR”), or the provisions of the Act of 6 July 1982 on Legal Advisors, in compliance with the professional secrecy of a legal advisor.

Depending on the purpose for which personal data is processed, the legal basis for the Controller’s actions is:

1. Consent to the processing of personal data (Article 6(1)(a) GDPR) – e.g., in the case of direct marketing.
2. Performance of a contract concluded with the Controller or actions taken by the Controller at the request of the data subject prior to entering into a contract – including the transfer of personal data during telephone conversations or via email before placing an order (Article 6(1)(b) GDPR).
3. Obtaining personal data during business interactions (Article 6(1)(f) GDPR).
4. Compliance with legal obligations imposed on the Controller (Article 6(1)(c) GDPR) – e.g., tax and accounting obligations, obligations arising from the Act on Legal Advisors, etc.
5. Processing necessary for purposes arising from the legitimate interests pursued by the Controller or a third party (Article 6(1)(f) GDPR). A legitimate interest includes, among others, providing legal advice, managing our relationship with a client or their company/organization, understanding and responding to client inquiries and feedback, improving our services and solutions, ensuring the security of our systems and facilities, and securing the payment of outstanding debts.

Your Rights Regarding the Processing of Your Personal Data

In connection with our processing of your personal data, you have the right to:

1. Obtain information about how we process your personal data, including the purpose of processing, categories of processed data, legal basis for processing, planned data retention period, categories of recipients (including those in third countries), data sources, potential profiling and automated decision-making, as well as your rights related to data processing.
2. Access your personal data – upon your request, the Data Controller will inform you whether your data is being processed and provide details regarding the processing in accordance with Article 15 of the GDPR (to the extent corresponding to the information obligation when collecting data), as well as grant access to your data.
3. Data portability – you may request that we provide you with your personal data processed in electronic systems in a commonly used, machine-readable format or transfer this data to another Data Controller.
4. Rectify your personal data – if you believe that we are processing outdated or incorrect data, you may send us a request for correction of your personal data.
5. Request data deletion – if you believe there is no legal basis for us to process your data, you may request its deletion.
6. Restrict processing – you may request that we limit the processing of your personal data if you believe that:
   • The data we process is incorrect,
   • We are processing your data without a legal basis, but you do not want it to be deleted because you need it for legal claims,
   • You have objected to data processing, and restriction should apply until your objection is resolved.
   Restriction of processing means that your data will only be stored or processed in ways explicitly allowed by you.
7. Object to processing – if we process your data based on our legitimate interest or due to legal obligations imposed by national or EU law, you may object to the processing if you believe that your rights and freedoms override our interests. If we process your data based on our legitimate interest, we will no longer be able to process your data for that purpose once you have raised an objection.
8. Withdraw consent at any time – if your data is processed based on consent, you may withdraw it at any time. However, processing carried out before the withdrawal of consent will remain lawful.

Consent to Processing, Conditions of Lawfulness of Processing, and Obligation to Provide Personal Data

No one has the right to require you to consent to the processing of your personal data or to force such consent. Your consent to processing is always given voluntarily. At any time, if your data is processed based on your consent, you have the right to withdraw it. However, this does not affect the lawfulness of the processing carried out before the withdrawal.

In certain cases specified by law, we may be obligated to process your personal data. In some situations, providing your data may be necessary to achieve the purposes of processing, such as performing a service or fulfilling a contract.

Scope of Processed Data

To achieve the specific purpose for which we have obtained your personal data (e.g., providing legal advice, sending information, or exercising the rights of our clients), we must process the data to the extent necessary to fulfill that purpose (“purpose of personal data processing”). However, we always collect and process only the data that is essential for achieving this goal, in accordance with the principle of data minimization.

Entrusting Data Processing and Data Sharing

We do not share personal data with other data controllers for purposes unrelated to the processing purposes for which the data was collected. However, to achieve the purpose of processing, it is often necessary to entrust data processing to processors or share data with controllers with whom we cooperate in connection with fulfilling this purpose.

The categories of such entities include, among others: debt collection service providers, IT service providers and technical support, cloud computing service providers, email server providers, banks where we hold accounts, postal operators, courier companies, transportation companies, translation agencies, accounting service providers, and entities providing access to platforms that improve the administrator’s operations, if providing personal data is necessary for the platform’s functionality.

Transfer of Data to a Third Country

In certain cases, your data may be transferred to third countries, meaning outside the European Economic Area. However, this will only occur in locations where your rights are protected in accordance with the principles set out in the GDPR. This may happen, for example, when we use service providers offering cloud computing solutions or when it is necessary to fulfill your legal interest or the legal interest of our client.

In exceptional cases, your data may be transferred to foreign governmental authorities to facilitate the exercise of procedural rights of a party.

The Period for Which We Process Personal Data

The period for which your personal data is processed depends on the legal basis on which the processing is based. In the case of:

1. Your consent, we process the data until the consent is withdrawn or the processing purposes are achieved;
2. Contract performance, we process the data for the duration necessary to fulfill the contract;
3. Compliance with a legal obligation, we process the data for the period required by law;
4. Our legitimate interest, we process the data for the statute of limitations period and for the time necessary to demonstrate the proper processing of data;
5. Fulfillment of obligations imposed by law, for no longer than necessary to prove that these obligations have been properly fulfilled by the Law Firm;
6. Marketing purposes, for the duration of our relationship or until consent is withdrawn, if it has been provided;
7. Objection to processing, if you object to our processing of data based on our legitimate interest for marketing purposes, we will immediately cease processing for this purpose;
8. Improving the functionality and security of the website, for as long as the data is necessary to achieve this purpose;
9. Archiving and backup purposes, for the period determined in accordance with the Law Firm’s backup and archiving policy.

The Right to File a Complaint or Seek Legal Protection in Court in Case of Unlawful Processing of Personal Data.

If you believe that we are processing your personal data unlawfully, you have the right to file a complaint with the relevant supervisory authority, which is:

Urząd Ochrony Danych Osobowych
ul. Stawki 2, 00-193 Warsaw, Poland

Helpline: 606-950-000
Email: kancelaria@uodo.gov.pl

If the supervisory authority does not respond to your complaint, rejects or dismisses it in whole or in part, or fails to take action despite the necessity to protect your rights, you have the right to seek an effective legal remedy before a court.

Profiling and Automated Decision-Making

We do not process your data in this manner, nor do we engage in profiling that would result in automated decision-making.

Security

We will store and process your information securely, using physical, technical, and administrative security measures. However, the transmission of information over the internet is not entirely secure. While we will take reasonable steps to protect the information and personal data you provide, we cannot guarantee the security of the data you transmit, and any such transmission is at your own risk.

Direct Marketing – Newsletter

When subscribing to the newsletter, you provide your email address wojciech.deja@todaylegal.pl via the newsletter subscription form. Providing your email address is voluntary but necessary to subscribe to the newsletter. The data provided during the subscription process is used for sending the newsletter. The legal basis for processing this data is the user’s consent (Article 6(1)(a) GDPR) given at the time of subscribing to the newsletter.

The data will be stored for the duration of the newsletter’s operation unless the user unsubscribes earlier. The user’s data will still be stored in the Controller’s mailing system for the period necessary to ensure protection against potential claims related to the sending of the newsletter, particularly for demonstrating that the user consented to receive the newsletter, which constitutes the legitimate interest of the Controller (Article 6(1)(f) GDPR).

The recipients of the processed data include IT service providers (particularly hosting providers) with whom we have signed appropriate data processing agreements in accordance with Article 28 GDPR.

You may unsubscribe from receiving direct marketing communications from us at any time. To do so, you can withdraw your consent to direct marketing by clicking the “unsubscribe” link located at the bottom of each marketing message or by contacting us via email at wojciech.deja@todaylegal.pl.

Contact Form

When contacting the Controller via the contact form, you provide your email address, name, title, and the content of your inquiry. Providing this data is voluntary but necessary to establish contact. The data submitted through the contact form is used solely for the purpose of communicating with you.

The legal basis for processing this data is the user’s consent (Article 6(1)(a) GDPR) resulting from the initiation of contact, as well as our legitimate interest (Article 6(1)(f) GDPR) in responding to inquiries regarding our services and products.

After the communication has ended, the legal basis for further data processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR) in archiving correspondence to document its course in the future, particularly to demonstrate the user’s consent to contact and to defend against any potential claims from the user. The data will be stored until the purpose of the inquiry is achieved and for the necessary period to ensure this protection.

The recipients of the processed data include IT service providers (especially hosting providers) with whom we have signed appropriate data processing agreements in accordance with Article 28 GDPR.

Cookie Files

We use cookies that allow us to identify your browser. Cookies collect and store information about when you visited our website and how you interact with it. This information enables us to provide and analyze user data, ensuring better service and an improved browsing experience. Personal data collected through these technologies will also be used to manage your session.

More information about cookies and how they are used is available here:

What are Cookie Files?

A cookie is a file consisting of a string of letters and numbers that is placed in your web browser, on your computer’s hard drive, or on a mobile device.

There are three basic types of cookies:

1. Session cookies: These are specific to a particular visit and are limited to sending a so-called session identifier (a random string of numbers generated by the server). Session cookies are not permanently stored on your device and are deleted when you close your browser.
2. Persistent cookies: These store information about user preferences and are saved in the browser’s cache or on a mobile device.
3. Third-party cookies: These are placed by external entities and are used to collect data from multiple different websites or sessions.

What Cookie Files do We Use?

We use the following types of cookies:

1. Strictly necessary cookies – These cookies enable the use of the website and its core functionalities. The collected information relates to how users navigate and interact with the website.
2. Analytical cookies – These cookies collect information about how users interact with the website, such as which pages are visited most frequently, whether users encounter error messages, and how they found our website. The information gathered by these cookies is used solely to enhance the user experience on our website. Sometimes, these cookies are placed by external entities that provide web traffic and analytics services. We use Google Analytics tools.
3. Functional cookies – These cookies store user preferences, such as the selected language and other settings for specific website pages.
4. Advertising cookies – These cookies record visits to our website and track the pages that have been viewed. This information allows us to measure the effectiveness of marketing or informational activities. To achieve this specific purpose, we may share the collected information with third parties.

How to Block Cookie Files?

The default settings of most web browsers assume that consent for cookies has been given. To block or delete cookies, please refer to the Help section of your browser, where you will find instructions on how to block or remove cookies. More information on disabling cookies can be found on the websites of these providers and in their cookie policy guidelines.

Below are instructions on how to manage cookies in the most popular browsers:

• Microsoft Windows Explorer
• Google Chrome
• Mozilla Firefox
• Apple Safari

More information on managing cookies is available at www.youronlinechoices.eu or www.wszystkoociasteczkach.pl.