Privacy Policy
I. Definitions
Capitalized terms in this Privacy Policy shall have the meanings:
- Controller – the law firm Barta & Partners sp. k. with its registered office in Kraków, Aleja Słowackiego 64, 30-004 Kraków;
- Client – the client for whom the Controller provides services;
- Privacy Policy – this privacy policy;
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
- Website – the website available at the domain: https://barta.pl;
- User – the natural person using the Website.
II. Controller
The law firm Barta & Partners sp. k., Aleja Słowackiego 64, 30-004 Kraków is the data Controller. For inquiries regarding the processing of personal data, you may reach us at biuro@barta.pl or send correspondence to the address listed above.
III. Basis and purposes for the processing of personal data on the Website
The Controller processes personal data:
- to supply the services by electronic means of communication by making content available to Users on the Website. The basis for processing is the necessity of processing for the performance of a contract – Article 6(1)(b) of the GDPR;
- to handle inquiries and manage correspondence. The basis for processing is the legitimate interests of the Controller, which is responding to inquiries directed to the Controller – Article 6(1)(f) of the GDPR;
- to improve the Website and tailor content to Users’ preferences. The basis for processing is the legitimate interests of the Controller, which is developing the Website and customizing content according to Users’ preferences – Article 6(1)(f) of the GDPR;
- to ensure security and pursue claims. The basis for processing is the legitimate interest of Controller, which involves ensuring the security of Website Users and asserting their rights – Article 6(1)(f) of the GDPR;
- to send commercial information, if you have subscribed to our newsletter. The basis for processing is the consent of the data subject – Article 6(1)(a) of the GDPR;
IV. Basis and purposes for the processing of personal data in business relations and recruitment processes
You can learn how we process your personal data if you participate in our recruitment process or if you have sent us your application even though there is no open recruitment, here.
The Controller also processes personal data in business relations, such as providing services to Clients, maintaining contact with individuals acting on behalf of the Client, and establishing business relationships with potential Clients or suppliers. You can learn more about how we process your personal data here.
V. Data retention period
The duration of data processing by the Controller depends on the purpose for which the data is processed. Personal data is processed for the duration of the service, until consent is withdrawn, or until an effective objection to processing is raised in cases where the legal basis for processing is the legitimate interest of the Controller.
After the main purpose of processing has ceased, personal data may be retained if processing is necessary for establishing and pursuing potential claims or defending against claims. Once the retention period has expired, personal data will be deleted.
VI. Recipients of personal data and transfers outside the EEA
The Controller may transfer processed personal data to entities providing services on its behalf based on data processing agreements or disclose it to such entities as independent controllers. Transfers or disclosures of personal data may occur to: IT service and tool providers, accounting firms, and courier companies.
Personal data processed by the Controller will not be transferred to third countries or international organizations.
VII. Rights as a data subject
Individuals whose personal data is processed by the Controller have the following rights:
- right of access, including receiving one free copy of the data;
- right to rectification;
- right to restriction of processing;
- right to erasure;
- right to data portability when personal data is processed based on consent or when processing is necessary for the performance of a contract and is carried out by automated means;
- right to withdraw consent at any time, with the understanding that withdrawal does not affect the lawfulness of processing carried out before its withdrawal;
- right to object, when data is processed based on the legitimate interests of the Controller;
- right to lodge a complaint with a supervisory authority (President of the Personal Data Protection Office).
VIII. Cookies
The Controller uses cookies on the Website. These are small (usually text) files stored on the User’s device. Information collected via cookie technology may include data about the User’s visit to the Website (such as logs and events), including the date and time of the visit.
Data collected through cookies is used to improve the Website and tailor content to Users’ preferences.
Users can disable cookies, regardless of the browser type, either for a specific website or for all websites visited.
IX. Final provisions
The Privacy Policy is regularly updated.