Privacy policy

last updated: 1 February 2020

[Definitions] In order to ensure transparency and precision of the Privacy Policy, we use the following definitions:

Privacy Policy: this privacy policy that meets your information obligations under Articles 13 and 14 of the GPDR.

Data: Personal data, in regard to which the obligation to provide information is fulfilled by making the information contained in the Privacy Policy available on an ongoing basis;

You: You, therefore the person whose Data we process in accordance with our Privacy Policy;

We or Controller: Wiktor Rainka operating a business activity registered in CEIDG under the company name “Wiktor Rainka”, based in Warsaw, NIP: 5242602521 – an entity providing Privacy Policy, being at the same time a Data Controller; 

GDPR: Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC 

[Data] We may receive your Data: (a) directly from you (e.g., if we are in collaboration where one or both parties provide certain services, such as legal services) and/or (b) from third parties, such as your service providers or recipients, if they also work with us. In particular, but not always, Data may include: contact information such as: name, surname, email address, registered or postal address, registration or verification data (where applicable, e.g. for cloud services); information necessary for tax and accounting purposes as specified by applicable law; or other data you choose to provide us with.

[Purposes] Performance of contracts for the provision of legal services concluded with clients as part of legal activities.

Performing other contracts, including contracts with service recipients or service providers. 

In case of providing online services by the Controller: execution of the agreement concerning registration, logging in and use of such services, and security of services, in particular – preventing hacking attacks.

[Legal basis] Article  6 (1) (b) GDPR (processing is necessary for the performance of a contract) 

Statistical measurements:

Article 6 (1) (b) GDPR ( processing is necessary for the performance of a contract to which the data subject is party), or in case the measurements are not necessary for the performance of the contract, article 6 (1) (f) GDPR (legitimate interests pursued by the controller).  

Own marketing

article 6 (1) (f) GDPR (legitimate interests pursued by the controller)


article 6 (1) (f) GDPR (legitimate interests pursued by the controller)

Maintaining business relations and informing former and current clients about new services:

article 6 (1) (f) GDPR(legitimate interests pursued by the controller)

Tax, accounting and other purposes resulting from the Administrator’s legal obligations:

Article 6 (1) (c)  GDPR  ( processing is necessary for compliance with a legal obligation of the controller). 

[Retention Period]: We only process data as long as necessary. Once the purpose for which the Data has been processed has been achieved, it will be deleted or anonymised, unless we are required by law to retain some or all Data. Depending on the legal basis of the processing, Data may be processed for the following time:

when the basis for processing is the necessity to perform the contract – for the duration of the contract, until the limitation period for claims related to it;

if the basis for processing is a legitimate interest of the Controller – until an effective objection is raised; 

if the basis for processing is the Controller’s fulfilment of a legal obligation imposed on the Controller – to the extent and for the period necessary to fulfil such obligations, in accordance with the law;

if the basis for processing is consent – until its withdrawal.

[Data Recipients] Recipients of particular categories of Data may be: authorities before which proceedings are pending or which request access to such Data (subject to the data subject to attorneys’, attorneys-at-law’, patent agents’ or other providing more severe processing conditions), attorneys, attorneys-at-law’, patent agents’ or other experts cooperating with us, including from a foreign jurisdiction, to the extent and for the purpose agreed with you. In addition, recipients may be persons providing services to us, including but not limited to IT services, accountants, etc., and carriers and couriers. We do not anticipate at this moment that we will transfer Data to third countries, i.e. countries outside the EEA (European Economic Area). However, if this were to happen, we will make sure that all the requirements of the applicable law are kept. 

[Your rights] GDPR, as the case may be, grants you a number of rights related to the processing of your Data. There are, among others: (a) right of access by the data subject, (b) right to rectification, (c) right to erasure, (d) right to restriction of processing, (e) right to withdrawal of consent, (f) right to data portability, (g) right to object to processing of personal data, (h) the right to lodge a complaint with the supervisory authority – Prezes Urzędu Ochrony Danych Osobowych (President of the Personal Data Protection Office)

[Update of Information] As this Privacy Policy constitutes current information about the processing of personal information, its content may change to reflect the actual state of affairs regarding our processing of your Data. 

[Contact] If you have any concerns about your Data processing, please contact us by sending an e-mail to