Privacy and Personal Data Protection Policy


Niżankowska, Szumielewicz, Szuster – Adwokaci i Radcowie Prawni spółka partnerska with its registered office in Cracow (31-061), ul. Trynitarska 6/32, KRS 0000292603, REGON 120574410, NIP 6762362710 (‘Law Firm’) respects privacy and exercises due diligence in the scope of personal data protection.

It is important to us that every person who:
– visits our website at (‘Our Website’), or
– sends communications to us, or
– provides us with their Personal Data,
(‘User’) is fully aware of how to protect their privacy. Therefore, we encourage you to read our Personal Data Protection and Privacy Policy (‘Policy’). The Policy contains, among other things, information on the principles of Personal Data processing by the Law Firm.

Basic definitions

  1. Personal Data – any and all information about an identified or identifiable natural person, e.g. first and last name, phone number, address, ID card number, IP address or a photo. An identifiable person is a person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to the physical, physiological, mental, economic, cultural or social qualities of that person. Information is not considered to allow the identification of a person, if such identification would require excessive costs, time or actions;
  2. Personal Data processing – any operation performed on Personal Data, such as collection, recording, storage, adaptation, alteration, making such data available and erasing it, in particular operations performed in IT systems;
  3. personal data breach – a breach of security leading to the accidental or unlawful destruction, loss, alteration, disclosure of or access to Personal Data;
  4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;

Personal Data security

Our Law Firm ensures the necessary technical measures to:
– protect the Personal Data it is provided with against accidental or unlawful third party interference, loss, destruction or damage, and
– prevent any accidental or unlawful access to the provided Personal Data.

GDPR notice

  1. The Law Firm processes the Personal Data of:
    1. the Law Firm’s clients (‘Clients’) who are natural persons and of other natural persons, in particular:
      1. Clients’ representatives, such as attorneys-in-fact, registered attorneys, legal/statutory representatives, persons serving functions in the Client’s bodies; or
      2. Clients’ shareholders; or
      3. persons employed by Clients or cooperating with Clients, regardless of the legal basis and type of performed work/cooperation/services; or
      4. persons related to Clients, including those listed by Clients as persons for contact with the Law Firm; or
    2. natural persons whose Personal Data is processed in relation to Clients’ matters being handled by the Law Firm, including persons contacted by the Law Firm at the request or with the knowledge of its Clients; or
    3. natural persons who are former, future or current providers of products or services for the Law Firm, including Law Firm’s associates, regardless of the legal basis and type of work performed / services provided / cooperation (‘Cooperating Entities’); or
    4. natural persons who are former, future or current employees or associates, regardless of the legal basis and type of work performed /services provided by / cooperation with Cooperating Entities; or
    5. natural persons who are applying for an apprenticeship or internship at the Law Firm, or those who took part in the recruitment process at the law Firm; or
    6. employees of the Law Firm; or
    7. Users.
  2. The Law Firm is the controller of the Personal Data of persons indicated in item 1. The Law Firm can be contacted with regard to matters concerning Personal Data via email at, over the phone at + 48 12 424 93 90 or in writing by sending a letter to the Law Firm’s registered address.
  3. The Law Firm processes the Personal Data of people indicated in item 1 in order to:
    1. contact people, present its offer or allow the placement of an order for legal consultancy services with the Law Firm, including on the basis of or in order to conclude and perform a legal services agreement (‘Agreement’) by the Law Firm within a scope necessary to achieve these purposes – the legal basis for the processing of Personal Data is the fact that the processing is necessary for the performance of the Agreement whose party is the data subject or the performance of actions that the data subject requested prior to the conclusion of the Agreement;
    2. fulfil the legal obligations related to the performance of the Agreement, arising predominantly from the relevant legal regulations, including accounting regulations, tax regulations, provisions of the labour law (Article 221 to Article 221b of the Labour Code), the act on counteracting money laundering and financing of terrorism, and provisions related to administrative and court proceedings – the legal basis for the processing of Personal Data is the fact that the processing is necessary for the fulfilment of the Law Firm’s legal obligation;
    3. enable us to perform analytics, statistics or direct marketing to enhance the functionalities or services provided by the Law Firm, ensure the efficient functioning of the Law Firm and its Website, and to investigate circumstances of unauthorised use of Our Website – the legal basis for the processing of Personal Data is the fact that the processing is necessary for the pursuance of the Law Firm’s legitimate interest;
    4. for archive or evidentiary purposes, also to secure the Personal Data in case it is legally required to prove facts, including, in particular, to perform the Agreement and assert possible claims arising from the Agreement, or to defend against claims arising from the Agreement or any other legal events – the legal basis for the processing of Personal Data is the fact that the processing is necessary for the pursuance of the Law Firm’s legitimate interest;
    5. conduct the recruitment process and take actions at the request of the data subject prior to the conclusion of a contract on which the employment will be based – the legal basis for the processing of Personal Data is the fact that the processing is necessary for the pursuance of the Law Firm’s legitimate interest;
    6. send notifications, information or special materials made available by the Law Firm via email – based on the consent of the data subject.
  4. The Law Firm does not make automated decisions concerning data subjects, i.e. such decisions are not made without human participation; the Law Firm does not profile the data of data subjects..
  5. The Law Firm may transfer the Personal Data to processors that process the data at the request and on behalf of the Law Firm under Personal Data processing agreements, including to entities providing IT, accountancy or tax, HR, postal or courier, telecommunications or banking services to the Law Firm or performing online payment transactions and providing other services related to the Law Firm’s current activity. The Law Firm may also transfer the Personal Data to entities or bodies authorised to obtain such data under legal regulations (for example to courts, the public prosecutor’s office, the police), and, after obtaining the data subject’s consent, to other entities.
  6. The Law Firm may transfer the Personal Data outside of the European Economic Area (‘EEA’) with regard to:
    1. using IT services provided by entities which may store Personal Data on servers located outside of the EEA or transfer the Personal Data between servers located outside of the EEA, or
    2. cooperating with law firms or other entities established outside of the EEA, when the cooperation is necessary for the Law Firm to provide legal services to the Client or when it increases the quality of such services.

    The data may be transferred on the basis of a decision of the European Commission which confirms the relevant level of Personal Data protection or the application of relevant legal protection measures, which include, in particular, standard contractual clauses on Personal Data protection approved by the European Commission. Should the European Commission not issue a decision referred to above and should no appropriate protection measures be ensured, Personal Data may be transferred outside of the EEA based on one of the conditions listed in Article 49(1) of the GDPR, including, in particular, the express consent of the data subject (the data subject has the right to receive a copy of the Personal Data transferred outside of the EEA).

  7. The period of processing of the Personal Data of people listed in item 1 by the Law Firm depends on the purpose of processing which, unless a longer period is provided for in generally applicable legal regulations, including, in particular (i) the law on advocate’s profession or (ii) the law on attorneys-at-law, is as follows:
    1. for the duration of the Agreement or an agreement which the Law Firm concluded with a Cooperating Entity and after the expiry thereof – for a period of limitation of the Law Firm’s claims against the data subject or the claims of the data subject against the Law Firm that expire last; if the processing of such data is necessary to assert any possible claims or for the Law Firm’s defence against such claims – with regard to the data of persons listed in items 1.1, 1.2, 1.3, 1.4; or
    2. until the recruitment process is completed – with regard to the Personal Data of persons referred to in item 1.5; or
    3. a period defined in legal regulations on storage of personal files and payroll documentation (at present it is no longer than 50 years) – with regard to the Personal Data of people referred to in item 1.6;
    4. 10 years – with regard to the Personal Data of persons referred to in item 1.7;
    5. a period necessary to achieve the purpose of processing, if the data subject consented to such processing, but for not longer than until such consent is withdrawn or an objection is submitted.
  8. The provision of Personal Data that must be provided under legal regulations is mandatory; in other cases, the provision of Personal Data is voluntary, but necessary for the purposes of contact with the Law Firm, provision of the Law Firm’s offer or ordering the Law Firm’s legal services, which includes the conclusion and performance of the Agreement.
  9. Data Subjects whose data is processed by the Law Firm have the right to:
    1. request that the Law Firm:
      1. grants them access to their Personal Data, or
      2. rectifies, erases or limits the processing of the Personal Data, or
      3. withdraw their consent to the processing of their Personal Data (which shall not affect the processing before the withdrawal); or
      4. transfer the Personal Data to another controller, if the processing is automated and the transfer is technically possible; or
    2. object to the processing of their Personal Data, if the legal basis for processing is the fact that it is ‘necessary’ to achieve the legitimate interest of the Law Firm; or
    3. lodge a complaint to a supervisory authority in the European Union Member State of habitual residence of the person whose data is processed by the Law Firm (in Poland, it is the President of the Personal Data Protection Office) if it is deemed that the processing violates the GDPR; or
    4. use an effective judicial remedy against a legally binding decision of the supervisory authority referred to above or if the supervisory authority referred to above failed to consider the complaint or report the progress or effects of complaint consideration within three months (in Poland, it is filing of a complaint to the Provincial Administrative Court in Warsaw);
    5. use an effective judicial remedy against the Law Firm or the data processor that processes the Personal Data delivered by the Law Firm, if it is deemed that the rights of the data subject have been infringed due to processing of the Personal Data in violation of the GDPR.
  10. The rights listed in item 9 may be exercised provided that applicable legal regulations do not impose any restrictions or exemptions in this regard, in particular due to the legally protected advocate-client or attorney-client privilege.

Cookies Policy

  1. Our Website uses so-called cookie files (‘Cookies’). Our Website does not automatically gather any other information except for Cookies.
  2. Cookies are small text files which are stored on a User’s electronic terminal device such as a smartphone, computer, etc. (‘Device’) and on Our Website. More information about Cookies is available on Wikipedia in an article on “http cookie”.
  3. The Law Firm, which is the operator of Our Website, has access to Cookies.
  4. Cookies used by the Law Firm are safe for the Device. They enable individual adjustment of Our Website to the User’s requirements (they indicate what Users click on most often, when the traffic increases, etc.) In particular, it is not possible for viruses or any other malware to infect the Devices via Cookies.
  5. Our Website uses the following cookie types:
    1. performance Cookies, which render it possible to collect information on how Users use Our Website;
    2. functional Cookies, which register Users’ choices (e.g. language selection) on Our Website;
    3. strictly necessary Cookies, which allow you to use the services offered on Our Website (we are not offering any such services yet, but who knows…)
  6. Our Website only uses session Cookies, i.e. temporary files, which are stored on the Device and Our Website until you leave Our Website or turn off your software (Internet browser).
  7. Cookies do not alter the configuration of the Device, they are not used to install or uninstall any computer programs and they do not interfere with the User’s system or data integrity.
  8. Restricting the use of Cookies may impact some functionalities offered by Our Website.
  9. Usually, the default settings of Internet browsing software (the browser) enable the storage of Cookies on the Device. The User can change Cookie settings at any time. In particular, the settings may be changed to block Cookies from being automatically enabled or to notify the user each time cookies are saved on the Device. Detailed information on enabling and ways of using Cookies can be found in software (Internet browser) settings.
  10. If the User does not wish to receive Cookies, they can adjust their browser settings. Please note that disabling Cookies required for authentication, security and storage of the User’s preferences can make it difficult or, in extreme cases, render the use of Our Website impossible.

Server logs and Google Analytics

  1. Personal Data collected during the User’s browsing of Our Website may be stored in server logs.
  2. Collected logs are stored for an indefinite period of time as auxiliary material used for the purposes of Our Website’s administration. Information included in the logs is not disclosed to anyone except for persons authorised to perform server administration. The log files may be used to generate statistics which aid Our Website’s administration. Collective summaries in the form of such statistics do not include any features that could identify the Users.
  3. The Law Firm uses Google Analytics (a web analytics service) to gather and analyse information on how Our Website is used. Information gathered via Google Analytics is stored for 26 months. To enable us to use that service, the gathered information is transferred to Google, which has the EU-US Privacy Shield certification covered by a decision of the European Commission. Click HERE to disable Google Analytics. The link will take the User to a website offering a browser add-on which blocks Google Analytics.
  4. The Law Firm shall not be liable for the security of Cookies from external websites. We recommend that you read Google’s privacy policy to learn about the principles of using Cookies applied in statistics: Google Analytics Privacy Policy.

Amendments and updates of the Policy

  1. The Policy may be periodically updated to account for any changes in the Law Firm’s practices concerning the handling of Personal Data (e.g. enhancement of the Law Firm’s Personal Data security system).
  2. Significant changes in the Policy will be reported via clearly visible messages published on Our Website. The date of the last Policy update is placed on the top of Our Website’s Policy site.


  1. All the materials published on Our Website are provided for information purposes only and may not be treated as legal advice in any specific matter.
  2. Our Website contains links to other websites. The Law Firm shall not be liable for privacy principles applicable to those websites. We recommend that after going to another website you read the privacy policy of that website.

Intellectual property rights

Unless specified otherwise, all the materials published on Our Website (including texts, photos, graphics, logos and images of people) are protected under the provisions of the Civil Code, copyrights, rights of protection arising from trademark registration or other intangible property rights, which the Law Firm holds or is a licensee of, or to which it is entitled, as in the case of an image.