Privacy Policy

PRIVACY POLICY WWW.HANGLUNG-LAW.COM

  1. DEFINITIONS
    • Controller – Hanglung Law Biernat & Kossacki Spółka Partnerska Radcy Prawnego i Adwokata with its registered office in Warsaw, at ul. Wrzesińska 12/17, 03-713 Warszawa, tax identification number NIP: 7011030132, the National Official Business Register Number KRS: 000089253.
    • Personal Data – information relating to a natural person identified or identifiable directly or indirectly, including through one or several specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity, including a device IP, location data, an online identifier and information collected through cookies and other similar technology.
    • Privacy Policy – this privacy policy.
    • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; OJ L 119, 4.5.2016).
    • Website – a website located at the address www.hanglung-law.com. The website is managed by the Controller.
    • User – any natural person using the Website, including for the purpose to order one of the services or functionalities.
  1. PROCESSING OF PERSONAL DATA – BASIC INFORMATION
    • The Personal Data Controller is Hanglung Law Biernat & Kossacki Spółka Partnerska Radcy Prawnego i Adwokata with its registered office in Warsaw, at ul. Wrzesińska 12/17, 03-713 Warszawa, tax identification number NIP: 7011030132, the National Official Business Register Number KRS: 000089253.
    • The Controller shall process Personal Data in accordance with the provisions of GDPR.
    • The essence of the privacy policy is to indicate the purposes, rules and methods of processing Personal Data within the Website as well as to fulfil the Controller’s obligation arising out of the provisions of GDPR to provide information.
  1. CONTACT DETAILS

3.1 The User may contact the Controller in any and all issues relating to Personal Data, including any requests, conclusions or inquiries (including these regarding the User’s rights) in one of the following methods:

3.1.1 via traditional mail at the address: ul. Wrzesińska 12/17, 03-713 Warszawa.

3.1.2 via e-mail at the e-mail address: office@hanglung-law.com.

  • A submission should, as far as possible, precisely indicate the issue, i.e. specifically:

3.2.1 indicate the nature of the correspondence;

3.2.2 indicate the right one wants to exercise (e.g. the right to receive a copy of data, the right               to delete data, etc.);

3.2.3 indicate the process of processing involved in the case (e.g. the use of a specific service, activity on a specific website, etc.);

3.2.4 indicate the purposes of processing concerning a given case (e.g. marketing purposes, analytical purposes, etc.).

3.3 Where the Controller is unable to identify a natural person based on the User’s submission, the Controller will ask the applicant for additional information. Providing such data is not mandatory, however, failure to provide such information may result in a refusal to process the submission or an inability to process the submission.

3.4 A reply to the submission should be provided within one month from the date of its reception. Where it is necessary to extend this period, the Controller shall inform the User about the reasons for taking that action.

3.5 The Controller shall provide a reply in the form identical to the form of receiving the submission unless the applicant requested another form of reply in the content of the submission.

  1. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING ON THE WEBSITE

4.1 The Controller shall process Personal Data in connection with the use of the Website by the User as well as in connection with the provision of individual functionalities and services on the Website. The Controller shall collect Personal Data in connection with and to the extent necessary to use the Website or to provide each offered service as well as information about the User’s activity on the Website. Detailed information about the scope and categories of Personal Data processed within the Website can be found hereinbelow.

USE OF THE WEBSITE

4.2 Personal Data of all persons using the Website (including IP addresses or other identifiers and information collected via cookie files or other similar technologies) are processed by the Controller:

4.2.1 to provide services of making available the content collected on the Website to the Users via electronic means of communication – the legal basis for processing is the necessity of processing to perform the agreement (Article 6(1)(b) of GDPR) and in the scope of the optionally provided data – the legal basis for processing is a consent (Article 6(1)(a) of GDPR);

4.2.2 for analytical and statistical purposes – then the legal basis for processing is a legitimate interest pursued by the Controller (Article 6(1)(f) of GDPR) consisting of conducting analyses of the Users’ activity as well as their preferences in order to improve the provided functionalities and services;

4.2.3 to handle submissions and complaints – then the legal basis for processing is the necessity of processing to perform the agreement (Article 6(1)(b) of GDPR);

4.2.4 to possibly determine and pursue claims or defend against claims – the legal basis for processing is a legitimate interest pursued by the Controller (Article 6(1)(f) of GDPR) consisting of the protection of his rights.

4.3 Activity of each Website user, including his Personal Data, is recorded in the system logs
(a special computer program used to store a chronological record containing information about the events and activities that relate to the IT system used to provide services by the Controller). The information collected in the logs is processed primarily for purposes related to the provision of services via electronic means of communication (use of the Website). The Controller shall also processes it for technical and administrative purposes, to ensure security of the IT system and to manage that system as well as for analytical and statistical purposes – in this respect, the legal basis for processing is a legitimate interest pursued by the Controller (Article 6(1)(f) GDPR).

4.4 If the User publishes any Personal Data of other persons on the Website (including their name, address, telephone number or e-mail address), he may do so only on the condition that the provisions of law and personal rights of these persons are not violated.

CONCLUSION OF AGREEMENTS FOR THE PROVISION OF VERIFICATION SERVICES ON THE WEBSITE (REPORTS)

4.5 To the extent of concluding a Verification Service Agreement (reports) with the Controller by the User, his Personal Data are subject to processing. Providing the data is required for the proper provision of the Verification Service (reports) as well as other potential agreements between the Controller and the User resulting from the need to properly perform the ordered Verification Service (reports). Failure to provide information may result in an inability to perform such agreements.

4.6 Personal Data provided under this category of data may include: name, surname, e-mail address, bank details, address details as well as other data disclosed in the process of the service provision by the User himself (including these provided as part of the attached documents or completed forms).

4.7 To this regard, the personal data may be transferred outside the EEA if it is necessary for the proper performance of the Verification Service. Then they will be transferred to the Controller’s partner (a partner law firm) in the People’s Republic of China. The Controller informs that the European Commission has not issued a decision confirming the provision of an adequate level of protection of Personal Data in China, and the provision of an adequate level of protection of Personal Data in the relationship in question takes place based on the Agreement and appropriate contractual clauses linking the Controller with his partner (to whom the Controller will transfer the data).

4.8 Personal Data are processed:

4.8.1 to identify the Users and perform agreements concluded with the Controller, including in particular, the proper performance of a Verification Agreement – the legal basis for the processing of the User’s Personal Data is the necessity of processing to perform the agreements (Article 6(1)(b) of GDPR); in regards to Personal Data of the Users who are employees and associates of the User the legal basis for processing is a legitimate interest pursued by the Controller (Article 6(1)(f) of GDPR) consisting in ensuring a possibility of performing the agreements concluded between the Controller and the User;

4.8.2 to fulfil the statutory obligations incumbent on the Controller resulting, in particular, from tax regulations and accounting regulations (e.g. issuing an invoice, accepting a payment) – the legal basis for processing is the legal obligation (Article 6(1)(c) of GDPR);

4.8.3 for analytical and statistical purposes – the legal basis for processing is a legitimate interest pursued by the Controller (Article 6(1)(f) of GDPR) consisting in conducting analyses of the Users’ activity on the Website as well as the Users’ shopping preferences to improve the used functionalities;

4.8.4 to possibly determine and pursue claims or defend against claims – the legal basis for processing is a legitimate interest pursued by the Controller (Article 6(1)(f) of GDPR), consisting in the protection of the Controller’s rights.

SERVICE – FIND A START-UP/ FIND AN INVESTOR – CONTACT FORMS

4.9     The User’s Personal Data are processed to the extent that the User provides the Controller with his data as part of the “Find a Start-up/Find an Investor” functionality and the contact forms indicated therein. Providing the data is required for the proper provision of the service of finding an entity for investment or an investor/external financing as well as other potential agreements between the Controller and the User resulting from the need to properly perform the service of connecting business partners. Failure to provide the information may result in an inability to perform such agreements.

4.10 Personal Data provided under this category of data may include: name, surname, e-mail address, registration data, contact and address details as well as other information constituting Personal Data that are provided by the User as part of filling out the forms, transferring files or cooperation with the Controller.

4.11 This scope of Personal Data can be transferred outside the EEA to a potential other Party to the investment relationship, to which the User agrees and about which he will be informed. For the transfer in question is the essence of maintaining contact with the Controller and transferring data to the Controller. Thus, it is necessary for the proper performance of the ordered service. In particular, Personal Data may be transferred to entities that are the Controller’s partner for whom the Commission has not issued a decision confirming the provision of an adequate level of protection (e.g. based in China, Singapore or Australia). Ensuring an appropriate level of protection of Personal Data in the relationship in question takes place based on an effective agreement and appropriate contractual clauses connecting the Controller with the entity to which the data is transferred.

4.12 Personal data are processed:

4.12.1 to perform agreements concluded with the Controller – the legal basis for the processing of the User’s Personal Data is the necessity of carrying out the processing to perform the agreement (Article 6(1)(b) of GDPR); in regards to Personal Data of the Users who are employees and associates of the User the legal basis for processing is a legitimate interest pursued by the Controller (Article 6(1)(f) of GDPR) consisting in ensuring a possibility of performing the agreements concluded between the Controller and the User;

4.12.2 to fulfil the statutory obligations incumbent on the Controller resulting in particular from tax regulations and accounting regulations – the legal basis for processing is the legal obligation (Article 6(1)(c) of GDPR);

4.12.3 for analytical and statistical purposes – the legal basis for processing is a legitimate interest pursued by the Controller (Article 6(1)(f) of GDPR) consisting in conducting analyses of the Users’ activity on the Website as well as the Users’ shopping preferences to improve the used functionalities;

4.12.4 to possibly determine and pursue claims or defend against claims – the legal basis for processing is a legitimate interest pursued by the Controller (Article 6(1)(f) of GDPR), consisting in the protection of the Controller’s rights.

NEWSLETTER

4.13 The Controller shall provide the Newsletter service to persons who have provided their data for that purpose. Providing data is required to provide the Newsletter service, and failure to provide the data results in an inability to provide the Newsletter.

4.14 Personal Data provided under this category of data may include: name, surname and e-mail address.

4.15 Personal data are processed:

4.15.1 to provide the newsletter service, including sending it following the submitted order – the legal basis for processing is a legitimate interest pursued by the Controller (Article 6(1)(f) of GDPR) in connection with the consent given to receiving the Newsletter.

4.15.2 in the case of sending marketing content to the User as part of the newsletter – the legal basis for processing is a legitimate interest pursued by the Controller (Article 6(1)(f) of GDPR) in connection with the consent to receiving the newsletter;

4.15.3. for analytical and statistical purposes – the legal basis for processing is a legitimate interest pursued by the Controller (Article 6(1)(f) of GDPR) consisting in conducting analyses of the Users’ activity on the Website to improve the used functionalities;

4.15.4 to possibly determine and pursue claims or defend against claims the legal basis for processing is a legitimate interest.

  1. COOKIE FILES AND SIMILAR TECHNOLOGY

5.1 Cookie files are small text files installed on a device of the User who browses the Website. The cookie files collect information facilitating the use of the Website, e.g. by remembering the User’s visits to the Website and activities performed by the User.

5.2 What are cookie files? A cookie file is a file composed of a string of letters and numbers that is placed in a web browser, on the hard drive of a computer or a mobile device.

5.3 There are three basic types of cookie files:

5.3.1 session cookies: specific to a specific visit, limited to sending the so-called session ID (a random string of numbers generated by the server). Session files are not permanently stored on the device and are deleted after the browser is closed;

5.3.2 persistent cookies: files that save information v that are stored in the cache of the browser or a mobile device; and

5.3.3 third party cookies: placed by third parties to collect data from many different websites or sessions.

What cookie files do we use?

The Controller uses the so-called service cookies primarily to provide the User with services provided electronically and to improve the quality of these services. Therefore, the Controller and other entities providing analytical and statistical services to him use cookies by storing information or getting access to the information already stored on the User’s telecommunication end device (computer, telephone, tablet, etc.).

We use the following cookie files:

  • strictly necessary cookies, e. cookies that enable the use of the Website and its functions. The collected information relates to how the website is used.
  • analytical cookies. These are cookies that collect information on how the Users use the Website, e.g. which pages they visit most often, whether they receive error messages and how they got to our website. The information collected by these cookies is only used to improve the user’s experience of the website. Sometimes these types of files are placed by third parties that provide web traffic and analytic services (e.g. Google Analytics).
  • functional cookies. Cookie files that make it possible to remember the choices made, e.g. the selected language and other parameters of the Website.
  • advertising cookies. The files record a visit to the Website. This information allows us to measure the effectiveness of marketing or informative activities. We may share information with third parties for this specific purpose.

Types of cookie files that we use.

Name of cookie file Reason for using the file Expiry date
_ga Google Analytics tracking cookie 369 days
_ga_GXXX Assignment of the GA Service ID 369 days
_gid Assignment of the GA Service ID 366 days
pll_language Setting the language version of the site 12 months

 

How to block cookie files?

Default settings of most browsers assume that a consent to cookie files has been given. This consent may be withdrawn at any time. Permission is not required only in the case of the cookie files, the use of which is necessary to provide telecommunication services (data transmission to display content).

To block or delete cookie files read the content in the browser help tab, where instructions on how to block or delete cookies are provided. For more information on disabling cookie files, please refer to these entities’ websites and their cookie policies.

Below you will find information on how to manage cookie files in the most popular browsers:

Microsoft Windows Explorer

Google Chrome

Mozilla Firefox

Apple Safari

Opera

 

More information on the cookie files management (including verification of the privacy settings status for the used browser) is available at the address www.youronlinechoices.eu or www.wszystkoociasteczkach.pl\

ANALYTICAL AND MARKETING TOOLS USED BY THE CONTROLLER OR HIS PARTNERS

6.1. The Controller and his Partners use solutions and tools used for analytical and marketing purposes. Basic information concerning the tools is provided hereinbelow. Detailed information in this regard can be found in the privacy policy of a given partner.

6.2 In some cases, the Controller shall use profiling to carry out marketing activities. This means that the Controller assesses selected factors concerning natural persons to analyse their behaviour or create a prediction for the future by using an automatic data processing.

GOOGLE ANALYTICS

6.3 Google Analytics cookies are files used by the Google company to analyse the User’s method of use of the Website and to create statistics and reports on the functioning of the Website. Google does not use the collected data to identify the User nor combine these pieces of information to enable identification. Detailed information on the scope and principles of data collection in connection with this service can be found at the following link: https://www.google.com/intl/pl/policies/privacy/partners

6.4 The User’s Personal Data may be transferred to the United States, where Google servers are located, and also made further available by Google (e.g. to American services) following the privacy policy applicable at Google.

  1. PERSONAL DATA PROCESSING PERIOD

7.1 The period of time for which the Controller processes data depends on the provided type of service and the purpose of processing. As a rule, data are processed for the duration of the service, until the consent is withdrawn or an effective objection to the data processing is submitted in cases where the legal basis for data processing is a legitimate interest pursued by the Controller.

7.2 The period of time for which the data is processed may be extended if the processing is necessary to determine and pursue any claims or defend against claims, and after that time, only if and to the extent required by law. Once the period of time for processing elapses, the data is irreversibly deleted or anonymized.

  1. USER’S PERMISSIONS

8.1 Data subjects have the following rights:

8.1.1 the right to obtain information about the processing of personal data – on this basis the Controller provides the natural person submitting a request with information about the processing of data, including in particular information about the purposes and legal grounds for the processing, the scope of the possessed data, entities to which the data are disclosed and the planned date of the data removal;

8.1.2 the right to obtain a copy of the data – on this basis the Controller provides a copy of the processed data concerning the natural person submitting the request;

8.1.3 the right to rectification – the Controller is obliged to remove any inconsistencies or errors in the processed Personal Data and supplement them if they are incomplete;

8.1.4 the right to delete data – on this basis you can request the deletion of data, the processing of which is no longer necessary to achieve any of the purposes for which they are collected;

8.1.5 the right to limit processing – in the event of such a request, the Controller ceases to perform operations on Personal Data – except for operations to which the data subject has consented – and their storage according to the adopted retention rules or until the reasons for limiting the data processing cease to exist (e.g. a decision of a supervisory authority is issued allowing for further data processing);

8.1.6 the right to transfer data – on this basis, to the extent that the data is processed in an automated manner in connection with the concluded agreement or consent, the Controller issues the data provided by the Data Subject in a format that can be read by a computer. It is also possible to request that these data are sent to another entity, however, provided that both the Controller and the indicated entity possess technical possibilities in this respect;

8.1.7 the right to object to the processing of data for marketing purposes – the Data Subject may object to the processing of his Personal Data for marketing purposes at any time, without the need to justify such an objection;

8.1.8 the right to object to other purposes of data processing – the Data Subject may at any time object, for reasons related to his particular situation, to the processing of his Personal Data, which is carried out based on a legitimate interest pursued by the Controller (e.g. for analytical or statistical purposes or reasons related to property protection); the objection in question should contain a justification;

8.1.9 the right to withdraw consent – if the data are processed based on a given consent, the Data Subject has the right to withdraw such consent at any time, however, that does not affect the lawfulness of the processing carried out before the consent is withdrawn;

8.1.10 the right to complain – if it is found that the processing of Personal Data infringes the GDPR provisions or other provisions regarding the protection of Personal Data, the Data User may submit a complaint with the authority supervising the processing of Personal Data, competent for the place of habitual residence of the Data User, his place of work or place of committing the alleged infringement. In Poland, the supervisory authority is the President of the Personal Data Protection Office.

  1. DATA RECIPIENTS

9.1 The recipients of personal data are the authorized staff of the Controller, entities providing services to the Controller (including in particular entities operating and providing IT systems and technical support, entities providing accounting, tax and courier services) and persons cooperating with the Controller who must have access to the data to perform their duties (including persons from the Controller’s capital group). Where necessary, Personal Data may also be transferred to banks, entities handling shipments as well as state authorities authorized in this respect, in particular the tax offices.

9.2 The Controller reserves the right to disclose selected information about the User to competent authorities or third parties who submit a request for such information based on an appropriate legal basis and following the provisions of the applicable law.

  1. TRANSFER OF DATA OUTSIDE THE EEA

10.1 The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by the European law. For this reason, the Controller shall transfers Personal Data outside the EEA only when it is necessary and with assurance of an appropriate level of protection, primarily through:

10.1.1 cooperation with entities processing Personal Data in countries for which an appropriate decision of the European Commission on the confirmation of assurance of an adequate level of protection of Personal Data has been issued;

10.1.2 the use of standard contractual clauses issued by the European Commission;

10.1.3 the application of binding corporate rules approved by the competent supervisory authority;

10.1.4 in the event of transferring data to the USA – cooperation with entities participating in the Privacy Shield program approved by the decision of the European Commission.

10.2 The Controller shall always inform about an intention to transfer Personal Data outside the EEA at the stage of their collection.

  1. PERSONAL DATA SAFETY

11.1 The Controller shall conduct a risk analysis on an ongoing basis to ensure that Personal Data are processed by him in a safe manner – ensuring, above all, that only authorized persons have access to the data and only to the extent it is necessary due to the tasks they perform. The Controller shall make sure that all operations on Personal Data are registered and performed only by authorized employees and associates.

11.2 The Controller shall take all necessary actions to ensure that his subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process Personal Data at the request of the Controller.

  1. ENTRY INTO FORCE AND CHANGES TO THE PRIVACY POLICY

12.1 This Privacy Policy is effective from March 15, 2023.

12.2 The Privacy Policy is subject to constant revision and update if necessary.

Home