GDPR

GDPR

The administrator of your personal data is Romuald Suszczewicz, conducting business under the name Romuald Suszczewicz “Patentbox” Patent Office in Poznań, at Piekary Street 6/17, 61-823 Poznań, with NIP number 7780104723, REGON 632116710, hereinafter referred to as the “Office”. Personal data means information about an identified or identifiable natural person (hereinafter referred to as “Personal Data”).

The Office has not appointed a Data Protection Officer.

For matters related to your personal data and privacy, you can contact the Office via email: kancelaria@patentbox.pl.

Your personal data is processed by the Office in compliance with the requirements of generally applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”).

The Office takes special care to protect your data, and in particular ensures that the data it collects is:

  • processed lawfully, fairly, and in a transparent manner for the data subject;
  • collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
  • accurate and, where necessary, kept up to date.

 

Purpose, scope, legal basis, and duration of personal data processing

Use of the contact form, email contact, and use of the Office’s services

In the case of filling out and sending the contact form available on the patentbox.pl website in the “contact” tab or choosing another way to contact the Office (e.g., via email to kancelaria@patentbox.pl or to an employee’s email address, or by phone) expressing your desire to use the services provided by the Office, personal data will be processed to the extent you provide it (e.g., name, email address, phone number). The purpose of processing is to take action before concluding a contract (Article 6(1)(b) GDPR).

When you decide to use the Office’s services, data will be processed to perform the contract, especially such as: name, company (if you are an entrepreneur or act on behalf of one), home address or registered office address, email address, phone number, NIP or REGON number (if you are an entrepreneur or act on behalf of one). The purpose of processing is to perform the contract and fulfill the legal obligations of the Office, e.g., in the field of taxes or accounting (Article 6(1)(b) and (c) GDPR).

Providing this data is voluntary, but failure to provide it will result in the inability of the Office to perform the contract.

If you decide to seek legal advice online in the form of a videoconference, the Office will process your image by displaying it (provided via camera) during the videoconference. Videoconferences are not recorded, so after the videoconference ends, we stop processing your personal data in the form of your image. The basis for processing in this case is your consent (Article 6(1)(a) GDPR). If you do not agree to the processing of your image during the videoconference, you can disable this option by turning off the camera in the videoconferencing software or by covering it. We can also provide legal advice in the form of a phone call. Lack of consent to the processing of the image does not affect the provision of services by the Office.

All data related to the case with which the Office’s performance of the contract is associated is covered by professional secrecy (e.g., attorney-client privilege).

Providing personal data is voluntary, but failure to provide it may prevent the achievement of the purposes mentioned above (except for personal data in the form of an image). Your personal data will be stored by the Office for the period necessary to achieve the given purpose, especially until the consent is withdrawn (if given), an objection to the processing of personal data is raised, or until the limitation period for claims between the parties or the limitation period related to the obligation to store data (e.g., mandatory accounting or tax records) expires, but no longer than required by generally applicable law.

 

Your rights related to the processing of personal data by the Office:
  • The right to access personal data,
  • The right to rectify personal data,
  • The right to delete personal data, with the reservation that some personal data may be retained to establish, pursue, or defend claims and to fulfill obligations imposed by applicable laws,
  • The right to restrict the processing of personal data, with the reservation that some personal data may be retained to establish, pursue, or defend claims and to fulfill obligations imposed by applicable laws,
  • The right to object to the processing of personal data,
  • The right to data portability,
  • The right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office,
  • The right to withdraw consent to the processing of personal data if it has been given, with the reservation that withdrawal of consent may prevent the provision of services that the Office can only provide with consent. Withdrawal of consent does not affect the lawfulness of data processing based on consent before its withdrawal.

Employees of the Office are authorized to process personal data to perform the contract.

 

Transfer of personal data to third parties

The administrator transfers personal data to the following third parties:

a) Based in the territory of the Republic of Poland:

  • Accounting office – to the extent necessary to fulfill obligations under accounting and tax regulations,
  • Hosting provider – for website maintenance,
  • Insurer – in case of policy execution,
  • Collaborating lawyers and patent attorneys – to the extent necessary to perform the contract, based on a data processing agreement,
  • Technical support (mainly IT) – only if technical support concerns an area where personal data is located.

b) Based in the territory of the European Union:

  • Toggl (Toggl OÜ, an Estonian private limited company, registered number 11346813, established and doing business at Toggl OÜ, Tornimäe 5, 2nd floor, Tallinn 10145, Estonia) – a program for managing the working time of the Office’s employees, used for internal organization. Type of processed data: name. This entity ensures privacy standards similar to this policy, as it is also subject to GDPR regulations. Link to the privacy policy: Toggl Privacy Policy.

c) Based outside the territory of the European Union:

  • Microsoft (Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399 USA) – for internal organization and contract execution. We use Microsoft 365 (e.g., Office, Outlook) and the Microsoft Windows operating system for these purposes. Link to Microsoft’s privacy standards: Microsoft Privacy Standards.
  • Toggl (Toggl Inc, a Delaware corporation, file number 5675394, established and doing business at Suite 403-A, 1013 Centre Road, Wilmington, DE 19805, USA) – a program for managing the working time of the Office’s employees, used for internal organization. Type of processed data: name. Link to the privacy policy: Toggl Privacy Policy.
  • Google (Google LLC, address: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – non-identifiable analytical data (e.g., Google Analytics for website statistics analysis). More information below in the “Third-party cookies” section.