PRIVACY POLICY

§1

Identity of the data controller

The controller of personal data provided when using the Website operated under the name www.brudnoch-legal.com is Aleksandra Brudnoch, conducting business activity under the name Kancelaria Radcy Prawnego Aleksandra Brudnoch, ul. Wyzwolenia 114/43, 85-790 Bydgoszcz, Poland.

The data is processed in accordance with the currently applicable provisions of law, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: GDPR), the Act of 10 May 2018 on the protection of personal data, and the Act of 18 July 2002 on the provision of electronic services.

The following Privacy Policy covers the rules for processing the data of Website Users, as well as persons entering into contracts with the Data Controller, and data collected through contact with the Data Controller (by e-mail or telephone) or traditional correspondence.


§2

Definitions used

The following definitions apply in this policy:

Website – the website available at www.brudnoch-legal.com through which the User can: view its content, contact the data controller, arrange a consultation or visit. 

Personal data controller – an entity that determines the purpose and means of data processing; in this policy, this refers to: Kancelaria Radcy Prawnego Aleksandra Brudnoch, ul. Wyzwolenia 114/43, 85-790 Bydgoszcz, Poland.

User – a natural person to whom the data relates and who uses the services available on the Website.

Personal data – any information that, without excessive time and cost, can lead to the identification of a natural person, including their identification, address and contact details.

Third countries – countries outside the European Economic Area (EEA).


§3

Purposes of personal data processing

The personal data controller processes personal data only when permitted by current legislation, including for the purposes of:

  • documenting the performance of contracts, including issuing bills or invoices, maintaining accounting and tax records, pursuant to Article 6(1)(c) of the GDPR, i.e. in order to comply with the legal obligations incumbent on the personal data controller
  • taking action at the request of the data subject, including responding to questions asked by electronic means of communication or for the purpose of handling traditional correspondence, and such processing is carried out on the basis of Article 6(1)(b) of the GDPR,
  • marketing of the Data Controller's own products and services by traditional means, pursuant to Article 6(1)(f) of the GDPR, i.e. for the purposes of the legitimate interests pursued by the data controller or the data subject,
  • the pursuit of rights and claims by the Data Controller or the data subject, pursuant to Article 6(1)(f) of the GDPR, and is carried out for a legitimate purpose.

The provision of personal data is necessary for the performance of a distance contract, including the issuance of an accounting document, the pursuit of claims, and the provision of answers to questions. The provision of personal data in other respects is voluntary.

Failure to provide the required data makes it impossible to perform a distance contract, issue a bill or invoice, or contact the data subject at their request.


§4

Methods of data collection

The User's personal data is collected directly from the data subjects, i.e. by:

  • filling in a form with contact details when submitting an enquiry via the form on the website,
  • providing data for the preparation and conclusion of a contract,
  • direct contact with the data controller using the contact details available on the Website or in traditional form at the place of business.


§5

Scope of data processing

The scope of personal data processing has been limited to the minimum necessary to provide services in the following areas:

  • submitting an enquiry via the contact form or using the contact details available on the website: e-mail address, telephone number, first or last name;
  • preparation and conclusion of a contract and issuance of a bill or invoice: first and last name or name of the entity, registered office address, tax identification number or identity card number, etc.

§6

Data processing period

The data processing period depends on the purpose for which the data was collected and is as follows:

  • conclusion and performance of a sales contract, including distance selling – for the period necessary to document the performance of the contract, including the issuance of a bill or invoice – 5 years from the end of the calendar year in which the tax payment deadline expired,
  • for the period necessary to respond to a question asked via the contact form or by telephone, but no longer than 6 months, unless the person decides to conclude a contract with the Personal Data Controller,
  • for the purpose of pursuing claims, pursuant to Article 118 of the Act of 23 April 1964 – Civil Code. Unless a specific provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activity – three years.

§7

Data recipients

The User's personal data may be entrusted to other entities for the purpose of performing services on behalf of the data controller, in particular to entities in the field of:

  • website hosting,
  • service and maintenance of IT systems in which data is processed, including for the purpose of automation, invoicing, order processing, etc.,
  • accounting services,
  • office services,
  • courier services.

The User's personal data may also be made available to entities supporting the Data Controller, including entities providing courier and postal services and online payment services.

The User's personal data is not transferred to third countries or international organisations.

The User's personal data will be processed by providers whose registered offices and/or servers are located in a third country, i.e. in the United States of America (USA). The transfer of data to the USA is based on the European Commission's decision of 10 July 2023, which confirms the adequate level of personal data protection provided by the so-called 'EU-US Data Privacy Framework' in relation to providers listed by the US Department of Commerce, such as Google LLC. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; Meta Platforms, Inc., Menlo Park, California, USA.

§8

Rights of data subjects

Data subjects have the right to:

  • access their personal data, including receiving the first copy of their personal data free of charge,
  • correct their data,
  • have their data deleted, unless other legal provisions oblige the data controller to archive the data for a specified period of time,
  • the right to transfer data, unless the basis for data processing is a contract or consent of the data subject, and data processing is carried out automatically,
  • to withdraw consent to the processing of personal data – if the basis for such processing was the consent of the data subject. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal,
  • to object to the processing of data - for reasons related to a particular situation with regard to the processing of personal data based on Article 6(1)(e) or (f) of the GDPR, as well as the right to restrict processing,
  • not to be subject to automated profiling if the data controller would make decisions based solely on automated profiling and having legal effects on the data subject or similarly affecting them,
  • the right to control the processing of data and information about who the data controller is, as well as to obtain information about the purpose, scope and method of data processing, the content of the data, the source of the data, and the method of disclosure, including the recipients or categories of recipients of the data,

In order to exercise the right to information, access to data content, correction of data, and other rights, you may contact the Data Controller.

The data subject also has the right to lodge a complaint with the Personal Data Protection Office (UODO) if the processing of data violates the provisions of the General Data Protection Regulation (GDPR). The complaint may be lodged in electronic or traditional form at the following address: Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.


§9

Final provisions

In the event of a change in the current privacy policy, in particular when required by technical solutions or changes in the law regarding the privacy of data subjects, appropriate modifications will be made to this Privacy Policy, which will be effective within 14 days of their publication on the Website.