act legal covers all major European business centres.
Warsaw | Amsterdam | Bratislava | Bucharest | Budapest | Frankfurt | Milan | Prague | Vienna
meet us at


Privacy Policy

Privacy Policy (“Privacy Policy”)

Latest updated as of: 31.01.2022

In connection with your use of our website (“Website”) we can process your personal data.

Protection of your personal data is of crucial importance to us. In this Privacy Policy, pursuant to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”), we hereby inform you about data that we collect and how we process it. Please read this Privacy Policy to make the use of the Website more transparent to you.


  1. Data Controller

The party responsible for controlling the processing of your personal data on the website within the meaning of Article 4(7) of the GDPR is:

act Bieniak Smołuch Wielhorski Wojnar i Partnerzy. Adwokaci, Radcowie Prawni i Doradcy Podatkowi sp. p.| National Court Register (KRS) number: 0000892054 | Tax ID number NIP: 7010487556 | REGON: 361645591 | Chmielna 73 | 00-801 Warsaw | E-mail: |Tel: +48 22 420 59 59 (“Controller”).

You may contact the Controller with the use of contact details provided below.

  1. Purposes of personal data processing

2.1 Visiting our website

If you visit our Website, through the web browser that you use, information is automatically sent to our servers and it is temporarily stored in the log files. The following information is processed and stored until automatically deleted after 14 days from the date of its obtaining:

  • IP address,
  • date and time of the request,
  • time zone difference compared to Greenwich Mean Time (GMT),
  • content of request (specific page),
  • access status/HTTP status code,
  • data volume transmitted,
  • website from which the request emanates,
  • web browser that you use,
  • operating system and its interface,
  • browser software language and version.

We process the above data to ensure a smooth connection setup and user-friendly application of our Website, to guarantee network and information security, to analyse system security and stability and also for administrative purposes which is our legitimate interest pursuant to Art. 6(1)(f) of the GDPR. The data indicated above is obtained automatically, when you enter the Website and accept the corresponding cookies.


2.2 Contact with the Controller

If you contact us by mail, telephone or email e.g. to obtain an offer, we may process the following data:

  1. full name,
  2. content of the request,
  3. email address/telephone number/address from which you sent the letter.

We process your personal data to reply to your message and thus, to provide the relevant service which is our legitimate interest pursuant to Article 6(1)(f) of the GDPR. If a given request does not lead to the conclusion of an agreement with the Controller, personal data will be processed for the period resulting from the storage functionality of the electronic mailbox of the Controller.

You provide all information voluntarily. If you fail to provide your contact details, processing of your request may prove impossible.

2.3 Direct marketing

If you give consent to receive our newsletter, publications or invitations to events via direct marketing, we will process your first name, last name, name of an entity with which you cooperate, position and email address in order to provide you with information which you are interested in by email. The data is provided voluntarily, but a failure to provide it may result in the inability to send you the information you are interested in. The basis for processing is your consent on the basis of Article 6(1)(a) of the GDPR, whereas your data will be processed until the moment you withdraw your consent at the latest.

2.3 Recruitment process

If you want to apply for a specific job offer and send us your application, during the recruitment process we may process the following categories of personal data from you:

  1. identification data (name, address, date of birth),
  2. contact details (such as address, e-mail, telephone number),
  3. data on professional career and acquired skills (including e.g. education and training, qualifications, work experience).

Data indicated above is processed in the scope specified in Article 221§ 1 of the Labor Code – in the scope in which it relates to applicants, therefore, the Controller processes it in connection with its legal obligation under Article 6(1)(c) of the GDPR. In the scope that they relate to applicants who are to cooperate under a civil law agreement, provision of this data is necessary to take actions at the request of the data subject, before conclusion of the agreement, therefore, the basis for personal data processing is Article 6(1)(b) of the GDPR. To the extent that you provide additional data, other than indicated above, the basis for processing will be also Article 6(1)(b) of the GDPR.

Provision of the aforementioned data is voluntary. However, if you fail to provide the above data, it may render it impossible to process your application in the recruitment process, incl. due to an inability to contact you.

Data referred to above is processed for the time related to the given recruitment process.

If you send your application without indicating a job offer, the basis for processing of personal data will be your consent given voluntarily in accordance with Article 6(1)(a) of the GDPR. If you give your consent, we may retain your data included in the application for a specific offer for the purposes of future recruitment processes. In any case your data will not be processed longer than for one year.


  1. Personal data recipients/categories of recipients

Your personal data may be shared with the entities supporting the Controller in business processes (so called processors) such as the companies providing hosting services or tools e.g. to organise webinars (ClickMeeting). Your personal data may be also provided to the cooperating law firms as part of the ACT Legal Group (link:, if this results from the content of your request or you will participate in events jointly organized by ACT Legal Group, or you will agree to such a transfer.

Where we process personal data in a third country (i.e. outside the European Union (EU) or European Economic Area (EEA)), where this is done whilst using third-party services or when disclosing or transmitting personal data to third parties this will only be done so as to fulfil the conditions specified in Article 44 et seq. of the GDPR.


  1. Rights of data subjects

You have the right:

  • to ask for information about your personal data processed by us – under and in the scope specified in Article 15 of the GDPR;
  • to rectify inaccurate personal data processed by us or the supplement personal data processed by us – under and in the scope specified in Article 16 of the GDPR;
  • to delete your personal data – under and in the scope specified in Article 17 of the GDPR;
  • to restrict processing of your personal data – under and in the scope specified in Article 18 of the GDPR;
  • to transfer your data – under and in the scope specified in Article 20 of the GDPR;
  • to lodge a complaint with a competent supervisory authority – if you believe that your data is processed by the Controller in violation of applicable laws. The competent supervisory authority in Poland is the President of the Personal Data Protection Office | ul. Stawki 2, 00-193 Warsaw.

If personal data is processed on the basis of the consent, such consent may be withdrawn at any time with an effect for the future, which shall not affect the lawfulness of the previous processing of personal data.

  1. Right to object

Where your personal data is processed for the purpose of legitimate interests under Article 6(1)(f) of the GDPR, you have the right under Article 21 of the GDPR to object to the processing of your personal data on grounds relating to your particular situation or where the objection is levelled at direct marketing. In the latter case you have a general right to object which will be implemented by us without a particular situation having to be specified.


  1. Data security

We inform that we apply appropriate technical and organisational security measures to protect your personal data, in particular against partial or complete loss, destruction or unauthorized access by third parties.

When our website is visited, we use the SSL method (Secure Socket Layer) in conjunction with the highest level of encryption that is supported by your browser. This will generally be 256-bit encryption. If your browser should not support 256-bit encryption, we will have to recourse to 128-bit v3 technology. You can see whether a particular page of our Website is transmitted encrypted from the closed-form display of the key or padlock icon in the bottom status bar of your browser.


  1. Cookies

Cookies are small, simple text files that your computer or mobile device stores when you use our Website. Because we guarantee your privacy and want to improve the user-friendliness of your visit or visits to our website, we think it is important that you know why we use cookies.

They help us to understand how you use the Website and how we can make the Website more user-friendly. Cookies (from third parties) are also used for marketing or analysis purposes.

Session cookies are automatically deleted when you exit the Website. Whereas permanent cookies are stored beyond the individual session.

With regard to their function, a distinction is made between cookies:

  • Necessary for the functioning of the Website:  Cookies necessary for the functioning of the Website. These cookies ensure that the basic functions and security features of the Website work;
  • Analytical and statistical cookies: Analytical cookies are used to understand how visitors interact with the Website. These cookies help provide information about visitor rates, rejection rates, traffic source, etc.;
  • Performance cookies: Performance cookies are used to understand and analyse key performance indicators of the Website which allows to ensure better user experience.

Any use of cookies that is not absolutely technically necessary is only permitted with the express and active consent of the user in accordance with Article 6(1)(a) of the GDPR. You can give your consent through a notification that will be displayed to you when you first view the Website. By clicking “settings”, you may also check the name of the file and the period of its storage.

Cookies necessary for the proper functioning of the Website are processed under Article 6(1)(f) of the GDPR, due to the legitimate interest of the Controller which is to maintain the Website and enable its browsing.