Privacy Policy

PRIVACY POLICY
OF LEGAL HORIZONS – ERNEST KOSA LAW FIRM

I. GENERAL PROVISIONS

In connection with its business activities, LEGAL HORIZONS – ERNEST KOSA LAW FIRM collects and processes personal data. The purpose of this Privacy Policy is to explain the rules under which your personal data is processed and to discuss your basic rights related to the processing of your personal data by us.

In this Policy, you will also find information on the use of cookies or similar technologies in connection with the use of the LEGAL HORIZONS – ERNEST KOSA KANCELARIA RADCY PRAWNEGO website, including information on the Administrator's use of analytical tools.

II. DEFINITIONS

Administrator – Ernest Kosa, conducting business activity under the name: LEGAL HORIZONS – ERNEST KOSA KANCELARIA RADCY PRAWNEGO with its registered office in Jabłonna (05-110), ul. Marmurowa 28/36, NIP: 5361931679.

Personal data – means information about an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of the natural person.

Policy – this Privacy Policy.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 2016 No. 119, p. 1, as amended).

Data subject – a natural person using the Website or any service or functionality described in the Policy.

Website – the Administrator's website, available at www.legalhorizons.pl.

III. DATA PROCESSING BY THE ADMINISTRATOR

The administrator of personal data is LEGAL HORIZONS – ERNEST KOSA KANCELARIA RADCY PRAWNEGO with its registered office in Jabłonna.

The Administrator can be contacted:

by post, at the following address: ul. Poematu 12/45, 04-993 Warsaw
by email, at the following address: kancelaria@legalhorizons.pl

IV. PURPOSES AND LEGAL BASIS FOR PROCESSING

The Administrator enables users to use the Website and the functionalities available therein. In this regard, the Administrator processes personal data for the following purposes:

to provide services electronically, i.e., to make the Website available to Data Subjects, including enabling them to view the content published on it and use the functionalities offered – the legal basis for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) of the GDPR),
conducting analyses and statistical research – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in improving the quality of services provided and functionalities delivered,
ensuring ICT security – the legal basis for processing is the legitimate interest of the Administrator(Article 6(1)(f) of the GDPR) consisting in ensuring the security of users of the Website,
establishing, investigating or defending against possible claims – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in defending its economic interests.

The Administrator prepares and delivers a newsletter to interested users. Sending the newsletter involves the processing of personal data of Data Subjects for the following purposes:

providing the newsletter service – the legal basis for processing is the necessity to perform the contract (Article 6(1)(b) of the GDPR),
providing marketing content about the Controller via the newsletter – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) consisting in sending marketing information to Data Subjects in connection with their consent.

The Administrator enables Data Subjects to contact him, including via the contact details provided on the Website. Correspondence by letter and e-mail involves the processing of personal data for the purpose of handling and resolving the matter. The legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) consisting in handling correspondence and responding to inquiries received. In the case of electronic correspondence, the legal basis for processing is additionally the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in ensuring the security of electronic communication, detecting threats, and counteracting fraud and abuse.

As part of the Administrator's activities consisting in the provision of legal services, personal data is processed for the following purposes:

performance of a contract or taking action prior to its conclusion at the request of the Data Subject or the organization that the Data Subject represents – in this case, the legal basis for the processing of Data Subjects acting as a party to the contract or a potential customer is the necessity of processing for the conclusion and performance of the contract (Article 6(1)(b) of the GDPR), and in the case of representatives – the legitimate interest of the Administrator consisting in establishing cooperation and performing the contract (Article 6(1)(f) of the GDPR),
establishing and maintaining business relationships – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) consisting in initiating business meetings and maintaining business relationships and building the brand,
sending notifications about interesting services (including marketing and image-building activities) – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in sending such notifications to interested persons, in connection with their consent,

fulfilling internal administrative purposes and managing customer relations – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in the effective management of the Administrator's business,
fulfilling the legal obligations incumbent on the Controller, including in the area of record keeping, compliance checks or controls and registration, for archiving and accounting purposes – the legal basis for processing is the relevant legal provisions imposing these obligations on the Controller (Article 6(1)(c) of the GDPR), including accounting and tax law provisions,
establishing, pursuing, or defending against possible claims – the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) of the GDPR) consisting in the defense of its economic interests.

The Administrator also provides a feature on the Website that redirects to its LinkedIn profile. To access the Administrator's profile on LinkedIn, select the LinkedIn icon available on the Website.

The Administrator processes the personal data of persons visiting the Administrator's profile on LinkedIn. These data are processed solely in connection with the maintenance of the profile, including for the purpose of informing about the Administrator's activities and promoting various types of events and services, as well as for analytical and statistical purposes. The legal basis for the processing of personal data is the Administrator's legitimate interest (Article 6(1)(f) of the GDPR) in promoting its own brand, analyzing the preferences and activities of users visiting the Administrator's profile in order to improve the functionalities used and the services provided.

The above information does not apply to data processing by the administrator of the Linkedin website. Information on the purpose and scope of data collection by the owner of this portal can be found at: https://www.linkedin.com/legal/privacy-policy?_l=pl_PL.

V. SCOPE OF PERSONAL DATA PROCESSING

The Administrator processes the personal data of persons using the Website to the extent necessary to enable the use of the Website or its individual functionalities, as well as data on the activity of Website users and related technical data, including data from cookies and other similar technologies.

The Administrator also processes the personal data of Data Subjects (e.g., customers who are natural persons, representatives of these customers, contact persons) in connection with its business activities. This data may include:

identification and contact details,
data resulting from contracts concluded with the Administrator,
data necessary for payment and settlement processing,
data necessary to handle communication with the Administrator,
data relevant to the legal advice we provide, including disputes, complaints, investigations, arbitration cases, or other legal advice requested by our customers.

As part of the provision of services, the Administrator may represent you or your organization in matters requiring the collection and use of your sensitive personal data, i.e.: information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical and mental health, details of offenses committed, or other sensitive data.

VI. PERIOD OF PERSONAL DATA PROCESSING

The period for which the Administrator processes personal data depends on the purpose for which the data is processed. As a standard, the Administrator processes data for the duration of the contract or service provision. If the basis for processing is the consent expressed by the Data Subject, the data will be processed until such consent is withdrawn.

If the Administrator processes data on the basis of a legitimate interest, the processing period lasts until an effective objection is raised.

After the expiry of the above periods, the data may be processed only if it is necessary for the defense or pursuit of claims, and also if the Administrator is obliged to process the data for the period specified by law (e.g., tax law).

VII. WHERE DOES THE PERSONAL DATA COME FROM?

The Administrator generally processes personal data obtained directly from the Data Subject (e.g., data provided in a submitted inquiry). Personal data may also be obtained from other sources (publicly available, e.g., CEIDG and KRS, or with limited access), including from persons granting power of attorney or indicating the Data Subject as a contact person.

VIII. TRANSFER OF PERSONAL DATA TO OTHER ENTITIES

Personal data may be disclosed to other persons (entities) in the following circumstances:

authorized employees or associates to the extent necessary to perform their assigned tasks, i.e., attorneys and legal advisors, consultants, mediators, experts, or other legal professionals;
to third parties entrusted with the processing of personal data on the basis of concluded agreements, i.e.: courier companies, IT service providers, translation agencies, marketing or recruitment agencies;
public authorities, i.e., courts, law enforcement agencies, regulatory authorities, attorneys, or other parties, when reasonably required for the purposes of establishing, investigating, or defending claims in various proceedings or for the purposes of alternative confidential dispute resolution.

IX. RIGHTS OF DATA SUBJECTS

Data subjects whose data we process have the right to:

withdraw their consent at any time if the legal basis for data processing is consent (withdrawal of consent will not affect the lawfulness of processing carried out prior to withdrawal);
access their data and receive a copy thereof;
rectify or supplement their data;
request the erasure of their personal data in cases provided for by law;
request restriction of personal data processing;
object to data processing based on the legitimate interest of the Controller – for reasons related to the specific situation of the Data Subject;
receive personal data from the Controller in a structured format and transfer personal data to another controller;
lodge a complaint with a supervisory authority (in Poland: the President of the Personal Data Protection Office with its registered office at ul. Stawki 2, 00-193 Warsaw);
not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or otherwise significantly affects them, unless the decision is necessary for the performance of a contract, is permitted by law, or has been expressly consented to

in advance, as well as:
to object to the processing of data for marketing purposes, if the processing is carried out in connection with the legitimate interests of the Administrator.

X. USE OF COOKIES OR SIMILAR TECHNOLOGIES

Cookies are small text files that are stored on the user's end device (e.g., laptop, tablet, smartphone) when visiting a website. They can be read by the Administrator and by systems belonging to other entities whose services the Administrator uses (e.g., Google). A cookie stores information that is generated in cooperation with a specific end device. This does not mean that the Administrator obtains information about the user's identity.

The Administrator uses technical, statistical, and marketing cookies on the Website.

The Administrator uses technical cookies to provide the user with content and functionality available through the Website and to improve the quality of these services. The legal basis for the processing of the user's personal data is the necessity to perform the contract for the use of the Website.

Statistical cookies are used by the Administrator on the Website only if the user agrees to their use. These files allow for the analysis of how users use the Website and are intended to improve the performance of the Website. The legal basis for the processing of users' personal data is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in improving the Website on the basis of analyses of its users' activity, in connection with the consent expressed by the user.

Marketing cookies are also used only if the user has given their prior consent to their use. The collection of information about the user through these files is intended to display advertisements to that person, personalize them, measure their effectiveness, and conduct marketing campaigns, including on external websites, such as websites belonging to the same advertising partner networks or on social networking sites. The legal basis for the processing of personal data is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in improving the Website and preparing content dedicated to users, in connection with the consent given by the user.

The user may give separate consent to the use of statistical and marketing cookies using the cookie consent mechanism (the “Manage cookie consent” pop-up displayed in the browser window) when visiting the Administrator's website. The user may manage the consents granted (i.e., withdraw them or express consents) by calling up the pop-up by clicking on the white banner available in the lower right corner of the Website.

Cookies usually contain the name of the website they come from, the storage time on the end device, and a unique number. More information about cookies can be found at allaboutcookies.org.

The user can also delete cookies at any time, depending on the browser, from its settings.

The Website uses Google Analytics. This means that when you use the Website, data related to your device and browser, IP address, and activities on the Website may be collected. Detailed information about Google Analytics can be found at https://support.google.com/analytics/answer/6004245.

It is possible to block the sharing of information about website activity with Google Analytics, for example by installing a browser add-on provided by Google Ireland Ltd. https://tools.google.com/dlpage/gaoptout?hl=pl . Information about data processing by Google Ireland Ltd. can be found in the Google Services Privacy Policy: https://policies.google.com/technologies/partner-sites.

XI. CHANGES TO THE PRIVACY POLICY

The policy is reviewed on an ongoing basis and updated as necessary.

The current version of the Policy is effective as of February 1, 2026.