Privacy policy




  1. We place great value on protection of privacy and security of personal. Therefore, we take care to properly safeguard personal data and to transparently define the principles relating to the use of such data.


  1. This privacy policy (hereinafter, the “Privacy Policy”) implements the obligations to provide information imposed upon a personal data controller under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter, “GDPR”) and under the Polish regulations issued in connection with GDPR, including the Polish Act on Protection of Personal Data of 10 May 2018.


  1. The controller keeps personal data confidential and safeguards the same against unauthorised access by third parties on terms and conditions set forth under the above legal regulations and the Privacy Policy.




Mr Leszek Małecki, a sole trader operating under the trading name of Leszek Małecki – Kancelaria Radcy Prawnego w Warszawie, address: ul. Wiejska 17/7, 00-480 Warszawa, Poland, NIP Tax Number 838-173-00-00, (hereinafter, the “Controller”) is the personal data controller.




The Controller has not appointed the data protection officer. Should you have any questions or concerns regarding the means, form, or scope of personal data processing, please contact us at the following e-mail address: and by letter at the following mailing address: ul. Wiejska 17/7, 00-480 Warszawa, Poland.




  1. While providing your personal data is voluntary, failure to provide them may result in the inability or restrict the ability to provide legal assistance services to the extent that such services cannot be provided without such personal data.


  1. The personal data is processed by the Controller for the purposes and on the grounds set forth below:


  • to perform an agreement for provision of legal assistance covered by a power of attorney/request for services, on terms and conditions laid down under Article 5 GDPR and Article 6 of the Polish Law on Advocates of 26 May 1982 and Article 3 the Polish Act on Legal Advisors of 6 July 1982, on the basis of the consent of the data subject and at the data subject’s request prior to concluding the agreement (Article 6.1(a) and (b) GDPR);


  • in order to fulfil legal obligations the Controller is subject to, including obligations arising under tax regulations, accounting regulations, or regulations on counteracting of money laundering and financing of terrorism and to examine a conflict of interest (Article 6.1(c) GDPR);


  • to the extent necessary for the purposes of legitimate interests pursued by the Controller, that is ensuring the ability to pursue and defend against claims, marketing services, and ensuring ICT security of the website (Article 6.1(f) GDPR);


  • to recruit individuals interested in working or collaborating with the Controller (Article 6.1(c) and Article 6.1(a) GDPR).


  1. The personal data processed by the Controller are not subject to profiling as one of the forms of automated personal data processing.




  1. The personal data is processed over a period necessary for: satisfactory performance of the agreement for provision of legal assistance, discharge by the Controller of its legal (tax) obligations, fulfilment of the Controller’s legitimate interests, including without limitation no longer than for 10 years from the end of the year in which the proceedings in which personal data has been collected as part of the performance of the legal agreement (Article 5c.2(c) of the Polish Act on Legal Advisors of 6 July 1982; Article 16c.2(c) of the Polish Law on Advocates of 26 May 1982) has been concluded.


  1. After the expiry of the period set forth above, the data are deleted unless their processing is necessary on any other legal grounds. In the case of legal alerts, personal data are processed until the data subject objects to further processing of the personal data for the purpose of distribution of legal alerts or until the consent to sending such messages is revoked.


  1. The personal data is not transferred to third countries (i.e. outside the European Economic Area). In the event of transfer of personal the data to third countries outside the EEA, the Controller shall apply the appropriate measures to ensure security of such data.




  1. The Controller may entrust the processing of the personal data to legal advisors, trainee legal advisors, advocates, trainee advocates, upon whom legal regulations impose the obligation of confidentiality, in order to enable them to substitute for a legal advisor or advocate in charge of the relevant legal case, or to employees of the Controller, who are authorised in writing to process the personal data and who are responsible for any violation of the principles relating to data processing.


  1. The Controller may also entrust the processing of the personal data to entities processing personal data at the request of the Controller, such as: Controller’s hosting provider, e-mail provider, IT staff, telephone operator, accountants, statutory auditors, suppliers of invoice management and working time recording systems, cooperating tax advisors, civil-law notary, patent attorney, government services, courts, courier services, and postal service operators.


  1. The personal data processed by the Controller may also be provided to the relevant government authorities at their request based on the applicable legal regulations or to other individuals and entities, in the cases provided for under law.


  1. Provision of the personal data to unauthorised entities under this Privacy Policy may only take place with the voluntary consent of the data subject.




  1. Each data subject has a right to:


  • access their data and receive a copy of them;


  • rectify (correct) their data;


  • demand erasure, restriction, or object to their processing;


  • data portability;


  • lodge a complaint with the supervisory authority (President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warszawa, Poland);
  • withdraw the Controller’s consent at any time without affecting the lawfulness of the processing before such withdrawal.




  1. The Controller warns all the users of the website (hereinafter, the “Users”) that using the Internet and providing their personal data by electronic means may be at risk of malicious software (malware) penetrating the User’s ICT system and device, as well as being at the risk of unauthorised access to the User’s data by third parties.


  1. In order to minimise the above risks, the User should apply appropriate technical security measures, such as the use of password management software, anti-virus software, safe Internet browsers, and software protecting identification on the Internet.




  1. The Controller advises the Users that the website operated by it uses the web cookie mechanism (hereinafter, “Cookies”). Cookies are text files that are stored on the User’s electronic device. Cookies may include without limitation: the IP address assigned to the User’s computer or the external IP address of the Internet provider, domain name, browser type, access time, type of operating system. Cookies used by the Controller are safe for the User and allow the website to be individually adapted to the User’s requirements.


  1. The Controller uses the following types of Cookies:


  • internal – placed and read from the User’s end device by the website’s IT system;


  • external – placed and read from the User’s end device by the ICT systems of the websites of the Controller’s partners, service providers, or service recipients;


  • session – placed and read from the User’s end device by an external website or websites during one session of the relevant end device (following expiry of the session, Cookies are deleted from the User’s device);


  • persistent – placed and read from the User’s end device by an external website or websites until they are manually deleted (Cookies are not deleted automatically following expiry of each device session unless the User’s device has been set do so).


  1. The Controller works with the following external Platforms that may place Cookies on the User’s devices: Google Analytics, Twitter, LinkedIn, Facebook.


  1. The Controller is not responsible for the security of any Cookies originating from external platforms.


  1. The Controller has the right to use Cookies to improve and facilitate access to the website. The Controller may use Cookies to store data about the User’s preferences and settings in order to enhance, improve, and speed up the operation of the website. The Controller and external platforms use Cookies to collect and process statistical data such as, for example, visit statistics, User device statistics, or User behaviour statistics.


  1. The User has an option to limit or disable access to Cookies on their device. Such changes to the settings can be made by the User using the web browser settings. Restricting the use of Cookies may affect some of the functionalities available on the website The User may at any time delete Cookies using the functions available in the web browser that they use.




The Privacy Policy becomes effective upon its posting. The Privacy Policy is reviewed on a regular basis and updated as necessary. The Controller reserves the right to amend this Privacy Policy at any time.



© Copyright Małecki Legal