It is compliant with Data Protection Law – EU GDPR and meets requirements of national legislation.
This is the information that I am obliged to introduce to everyone.
I structured this document as a questions&answers form to make it easy to navigate and find information.
§ 1: Who is the controller of your personal information?
The controller of your personal information is Matras Law Firm, registered in Warsaw, Pl, ul. Erazma z Zakroczymia 21/28
§ 2: How can you contact me?
In case of any questions, concerns, or to claim your data protection rights, you can contact me directly via email: firstname.lastname@example.org
§ 3: What types of the personal information I collect?
I may collect and process the following types of personal data:
first name and last name, address, business address, email address, Phone number, other data included in emails, details of orders in website store, Bank account number, IP address, approximate location, image (profile photo), statistics related to received newsletters, interest in specific topics, the content of comments added on my website.
The exact list of collected personal data is different by the character of our business relationship. Collected personal data are various for each processing purpose. A detailed introduction of the types of data collected for each processing purpose is available within the description of the processing purposes in the following part of this policy.
Apart from that, I also use tools that collect some information related to your activities on my website:
information about the operating system and web browser, subpages viewed, time spent on the site, transitions between individual subpages, clicks on certain links, the source from which you entered my page, your age range, your gender, your approximate location (i.e., town), your interests.
The above pieces of information are referred to as “Anonymous Information.”
Anonymous Information does not allow me to identify you. I have included an explanation of this processing as a precautionary measure.
Anonymous Information is collected by external tools (Google Analytics, Facebook Custom Audiences, Facebook Connect, YouTube, SoundCloud, Disqus). Therefore it is also processed by tool providers under their regulations and privacy policies.
Anonymous Information is used for analytical, statistical, and marketing purposes (creating Custom Audience Groups on Facebook, setting, targeting, and targeting advertisements). Anonymous Information allows you to use the YouTube player, SoundCloud, and Disqus comments embedded on web pages.
Anonymous Information is necessary to provide and improve services, manage them, develop new services, measure the results of advertising, protect against fraud and abuse, and personalize the content and ads displayed on individual websites and applications.
§ 4: Where do I get your personal data from?
Most of the personal information I process is provided directly by you for one of the following reasons:
1. you have purchased product on my website,
2. you have made booking, purchase or appointment of my services,
3. you wish to attend or have attended my online event (challenge, webinar)
4. you subscribe to my newsletter,
5. you have added a comment on the website,
6. you contacted me via email,
7. you have made an information request
8. you follow my profiles on social media or interact with the content I post on social media.
Some information about you may also be automatically collected by the tools I use:
1. the website and newsletter system collects your IP address,
2. the newsletter system gathers information about your activity within the content of the newsletter, such as opening messages, clicking on links, etc.,
3. Facebook Custom Audiences, including Facebook Pixel, Google Analytics, Facebook Connect, YouTube, SoundCloud, collect Anonymous Information related to your activities on my website.
§ 5: Is your personal information safe?
I do care about the security of your personal information and implement appropriate security measures. I implemented: SSL certificate for transmission protection, encryption of personal data in the database, passwords are saved in the database as ‘hashes’. As the website owner, I regularly change my access passwords and make copies of the data provided on the website and I take care of regular software updates on my website.
§ 6: What are my lawful bases for processing personal data?
1. processing of orders in a web store- Art. 6 (1) (b) GDPR,
2. newsletter- Art. 6 (1) (a) GDPR and Art. 6 (1)( f )GDPR,
3. comments- Art. 6 (1)( f) GDPR,
4. handling correspondence- Art. 6 (1)(f)GDPR,
5. fulfilment of tax and accounting obligations- Art. 6 (1)(c) GDPR in connection with the relevant provisions of tax law,
6. online meetings- Art. 6 (1) (b) GDPR for appointmens in consclusion of existing contracts, 6 (1)( f ) GDPR for other online meetings (i.e. webinars)
7. creating an archive for the possible need to defend, establish or pursue claims, as well as update purchased documents – art. 6 (1)(f) GDPR,
8. creating groups of recipients on Facebook – Art. 6 (1)(f) GDPR,
9. social media – art. 6 (1) (f) GDPR,
10. analysis and statistics using only Anonymous Information – Art. 6 (1)(f) GDPR,
11. marketing using only Anonymous Information – art. 6 (1) (f) GDPR,
12. functioning of the website tools using Anonymous Information – Art. 6 (1) (f) GDPR.
Placing an order, you provide the data: email address, name, and surname, invoice data.
In addition, the system saves the IP number that you used when placing the order.
The system does save each order in the database, which means that your personal data assigned to the order is connected to other information about the order, such as the date and time of placing the order, order identification number, transaction ID, subject of the order, price, payment method and date, date and time of downloading the digital content.
The data collected in connection with the order are being processed for the following purposes:
1. performance of the contract concluded by placing an order (Article 6 (1) (b) of the GDPR),
2. issuing an invoice (Article 6 (1) (c) of the GDPR in connection with the relevant regulations on the invoices),
3. tax and accounting obligations (Article 6 (1) (c) of the GDPR in connection with the applicable provisions governing tax and accounting obligations),
4. archiving for the possible need to defend, establish or pursue claims, as well as ensure the update of documents, which is a legitimate interest of the administrator (Article 6 (1) (f) of the GDPR).
Data connected to the orders are processed for the time necessary to perform the order and until the end of the claims period.
After this, the data may still be stored for archival purposes or to update the purchased documents.
I am obliged to keep accounting records, which may contain your personal data, for the period required by law.
By subscribing to the newsletter, you submit your name and email address. Submitting this data is voluntary but necessary to subscribe.
The system used to handle the newsletter saves the IP number and determines your approximate location. I also have information about your activities within messages: whether you opened, clicked on links, etc.
The data submitted in connection with the subscription to the newsletter is used to send you the newsletter. The legal basis for their processing is your consent (Article 6 (1) (a) of the GDPR) expressed when subscribing to the newsletter.
In respect to the processing of information that does not come from you but was collected automatically by the mailing system, I have a legitimate interest (Article 6 (1) (f) of the GDPR) in analyzing the behaviour of the newsletter subscribers for optimization of mailing activities.
You can unsubscribe from the newsletter at any time by clicking on the dedicated link in each newsletter message or by contacting me directly.
Despite unsubscribing from the newsletter, I will still store your data in the database to identify the returning subscribers and proceed with claims related to the newsletter, in particular, to prove that I had your consent to receive the newsletter or document the moment of consent withdrawal. This is my legitimate interest referred to in Art. 6 sec. (1) (f) GDPR.
You can modify your data provided to receive the newsletter at any time by clicking on the appropriate link visible in each message of the newsletter or by contacting me.
When adding a comment, you provide the username that is assigned to the comment (the username may contain personal data) and an email address. Providing this data is voluntary, but necessary to add a comment.
Your comment, along with your data added in Disqus settings, will be visible on the blog. You can modify or delete a comment at any time.
The legal basis for processing your personal data for the use of the comment system is the legitimate interest of handling the comment system as referred to in Art. 6 sec. (1)(f) GDPR
By contacting me via email, you share your personal data included in the correspondence. It is typically an email address and name. Providing this data is voluntary but necessary to make contact.
Your data is then processed to contact you. The basis for processing is Art. 6 (1) (f) GDPR, my legitimate interest.
Further processing may be necessary to ensure the possibility of proving particular facts in the future, which is the legitimate interest to protect my business, in reference to (Article 6 (1) (f) of the GDPR).
You have the right to request a history of correspondence (if it was subject to archiving), as well as request its removal unless the archiving is necessary due to legitimate reasons, e.g., defence against potential claims.
Tax and accounting obligations
If I issue an invoice for you, it becomes a part of the accounting documentation, which will be kept for the time required by law. Your personal data is then processed to fulfil my tax and accounting obligations (Article 6 (1) (c) of the GDPR in conjunction with the relevant provisions governing tax and accounting obligations).
I use Zoom to conduct teleconferences, online meetings, video conferences or webinars. Zoom is a service of Zoom Video Communications, Inc., based in the USA.
Zoom can be used by downloading the software and creating personal account in this application or after entering the appropriate meeting ID and, if necessary, additional meeting access data directly in the Zoom application.
When using Zoom, different types of data are processed. The data volume also depends on what data is entered before or during the online meeting. The subject of processing may be the following personal data:
User data: name, surname, telephone number (if applies), email address, password (if Single-Sign-On is not used), profile picture (if uploaded), Meeting metadata: subject, description, user’s IP address, information about devices / hardware. Recordings- MP4-files of all video, audio and presentation recordings
During the online meeting it is possible to use the chat function, ask questions or complete a survey. In this regard, text entries are processed in order to be displayed and, if necessary, recorded in the online meeting. Using the Zoom application, you can turn off the camera yourself or mute the microphone at any time.
The intention to record a given meeting will be preceded by clear information – and, if necessary, a request for consent to be recorded. The recording information will also be shown in the zoom application.
In the case of webinars, I can also process the questions asked by the participants in order to provide them.
All data from online meetings (meeting metadata, webinar questions and answers, polls) remain stored in Zoom for one month.
Legal basis for data processing online meetings is:
Art. 6(1) (b) GDPR (contract performance) – as long as the meetings take place as part of online sevice and are conducted in order to conclude or perform the concluded contract.
Or, for other meetings:
Art. 6 sec. (1)(f) GDPR my legitimate interest that lies in the need to ensure the effective implementation of online meetings as a part of running my business.
Zoom is a service provided by a US provider. The processing of personal data takes place in a third country. An appropriate level of data protection is guaranteed by concluding the Standard Contractual Clauses
Audience groups – details
I may send your email address stored in the newsletter database or the website Shop database to Facebook to create a group of ad recipients.
When using this feature, the email address is hashed before being sent to Facebook. Facebook conducts a matching process to create the audience.
Facebook does not share the email address with third parties or other advertisers and deletes the email address when the matching process is completed.
Facebook has implemented processes and procedures to ensure the confidentiality and security of received email addresses.
Creating a group of recipients of Facebook ads using your email address is my legitimate interest, as referred to in Art. 6 sec.1(f) GDPR. You can object to the use of your email address for this purpose at any time.
Social media – details
If you follow my profiles on social networks or interact with the content I publish, I see publicly available data on your social profile. I process this data only within a given social networking site and only to manage this site, which is my legitimate interest referred to in Art. 6 sec. (1) (f) GDPR.
Your use of social networking sites is also subject to the regulations and privacy policies of the administrators of these sites.
I encourage you to consciously use social networking sites and take care of your privacy by carefully selecting public content and managing privacy settings.
Analysis and statistics – details
I carry out analytical and statistical activities using Google Analytics and Facebook Pixel. As a part of the analytical tools, I have access to Anonymous Information.
Anonymous information processing is my legitimate interest referred to in Art. 6 sec. 1 (f) GDPR. The legitimate interest lies in the creation, review, and analysis of statistics related to user activity on the website for subsequent website optimization
I introduced details related to Google Analytics in the section dedicated to this tool when describing cookies. Facebook Pixel operates within cookies – Facebook Custom Audiences, so details related to it are included in the section dedicated to Facebook Custom Audiences when describing cookies.
I cannot provide you with access to Anonymous Information about you, as I cannot assign any of the Anonymous Information to any specific user. From the level of Google Analytics and Facebook tools, I can only view a set of statistics and information not assigned to particular people.
However, you can object to the processing of Anonymous Information about you by disabling Google Analytics and Facebook Custom Audiences cookies in the cookie settings by clicking on the relevant link in the blog’s footer.
Marketing – details
I conduct marketing activities using Facebook Custom Audiences, including Facebook Pixel. Within these marketing tools, I have access to Anonymous Information.
Anonymous Information does not allow me to identify you, and I do not connect it with the personal data I hold.
Nevertheless, I include the explanation of this processing as a precautionary measure.
Anonymous information processing is based on the legitimate interest referred to in Art. 6 1 (f) GDPR. The legitimate interest consists in creating Custom Audience Groups based on Anonymous Information and targeting Facebook ads based on Anonymous Information, which are part of the marketing of my products and services.
Details related to Facebook Custom Audiences are presented in the section dedicated to this tool when describing cookies.
I can not provide you with access to Anonymous Information about you, as I cannot assign any of the Anonymous Information to any specific user. From the level of Facebook tools, I can only view a collection of statistics and information not assigned to particular people.
However, you can object to the processing of Anonymous Information about you by disabling Facebook’s Custom Audiences cookies in the cookie settings by clicking the link in the relevant content.
Website tools – details
I embed YouTube videos, audio recordings from SoundCloud on my website, as well as social plugins and Disqus comments. These tools process Anonymous Information – only so that YouTube player, SoundCloud, Disqus comments, and social plugins can work.
You can object to the processing of Anonymous Information about you by disabling YouTube, SoundCloud, Disqus cookies, and social plugins in the cookie settings by clicking the link in the blog’s footer. Please note that this will influence using the YouTube player, SoundCloud, Disqus, and social plugins on my website.
§ 7: How long I store your data?
Data retention periods are different for each of processing purposes. The personal data are stored for as long as there are rights of individuals to take legal actions to ensure that those rights are enforceable by providing the ability to evidence the actions taken regarding personal data.
§ 8: Do I share your data?
No online business can work without services provided by third parties. Providers might have access to your personal data.
External service providers that I use and that might receive your personal data are:
1. the hosting provider that stores data on the server,
2. cloud computing service provider, where files that may contain your personal data are stored,
3. mailing system provider, if you are a newsletter subscriber,
4. supplier of the invoicing system, where your data are held to issue an invoice,
5. maintenance services providers that have access to data, if the technical works are carried out in the areas in which personal data are located,
6. other subcontractors who gain access to data if the scope of their activities requires such access.
All entities listed above process your data based on personal data processing agreements and guarantee an adequate level of personal data protection.
Your personal data may also be transferred to fulfil legal, tax, billing, and accounting obligations. It refers to declarations, reports, statements, and other documents which may contain your personal data.
In some circumstances, I am legally obliged to share information. In this case, your personal data may be available to entities, bodies, or institutions authorized to obtain access to data, i.e., regulatory bodies, police, security services, courts, prosecutor’s offices.
Some website tools or plugins providers can also collect Anonymous Information. These providers are independent controllers of the data and may share this data on the terms specified in their own regulations and privacy policies. I include this information as a precautionary measure.
§ 9: Do I transfer personal information to other countries?
As an international entrepreneur located in the EU and offering services to clients worldwide, the personal data will be transferred to and from other countries.
In case the country to/from which the data is transferred is not a member or a part of an international agreement, those transfers would refer to Standard Contractual Clauses.
This website uses online tools and plugins that store personal data on servers located in other countries (including the USA). The providers of these tools guarantee an adequate level of protection of personal data through appropriate compliance mechanisms in compliance with GDPR, in particular by using Standard Contractual Clauses.
All processes are described in the dedicated parts of this document.
§ 10: Do I use profiling? Do I make automated decisions based on your personal data?
I do not make decisions for you based solely on automated processing, including profiling, which would have legal effects on you or similarly significantly affect you.
I use tools that can take specific actions depending on the information collected as part of the tracking mechanisms, but I believe that these actions do not have a significant impact on you because they do not differentiate your situation as a customer, and they do not affect the terms of the contract, which we can conclude.
By using certain tools, I can direct personalized advertisements to you based on previous actions taken by you on my website or suggest products that may be of interest to you. Detailed information, along with the ability to manage your behavioural advertising settings, can be found here.
Tools that I use do not have access to information that would allow your identification. The information I’m talking about here is, in particular:
information about the operating system and web browser, subpages viewed, time spent on the site, transitions between individual subpages, the source from which you go to the page, the age range you are in, your gender, your approximate location, your interests- based on your online activity.
I do not combine the information indicated above with your personal data, which is in my databases. This information is anonymous and does not allow me to identify you. This information is stored on the servers of the suppliers of individual tools, and these servers can most often be located all over the world.
§ 11: What are your data protection rights?
Under data protection law, you have rights I need to make you aware of:
1. the right to access your data and receive a copy thereof,
2. the right to rectification,
3. the right to erasure data (in certain circumstances),
4. the right to restriction processing (you can request that I limit the processing of data only to their storage or performance of activities agreed with you, if, in your opinion, I have incorrect data or process it unjustifiably),
5. the right to object to the processing of data (you have the right to object to the processing of data on the basis of a legitimate interest; you should indicate a special situation that, in your opinion, justifies the cessation of the processing covered by the objection; I will stop processing your data for these purposes, unless I demonstrate that the grounds for processing my data override your rights or that your data is necessary for us to establish, assert or defend claims),
6. the right to data portability (you have the right to receive the personal data in a structured, commonly used machine-readable format that you provided to me on the basis of a contract or your consent; you can commission me to send this data directly to another entity),
7. the right to withdraw consent to the processing of personal data, if you have previously given such consent,
8. the right to lodge a complaint with a supervisory authority (if you find that I am processing data unlawfully, you can file a complaint with the President of the Personal Data Protection Officer or another competent supervisory authority).
§ 12: What are cookies?
Similar to other commercial websites, my website uses a technology called “cookies” to collect information about how the website is used.
A cookie is a file that is downloaded to your terminal to store data that can be updated and retrieved by the entity responsible for its installation.
Cookies stored on your end device (e.g., computer, tablet, smartphone) that can be read by my ICT system are called own cookies. Cookies that can be retrieved by ICT systems of third parties called third-party cookies).
Some of the cookies I use are deleted after the end of the web browser session, i.e. after closing your browser (so-called session cookies). Other cookies are stored on your end device and make it possible to recognize your browser the next time you visit the website (persistent cookies).
§ 13: What are my lawful bases for using cookies?
§ 14: Can you manage cookie settings or disable cookies?
You can manage cookie settings within your web browser (disable all or selected cookies, disable cookies from specific websites, delete previously saved cookies)
Web browsers offer the ability to use incognito mode. You can use it if you do not want to save information about visited pages and downloaded files in your browsing and download history.
The tools to control cookies may also be provided by additional software, in particular anti-virus packages, etc.
There are also free internet tools that allow you to control certain types of cookies, i.e., here.
You can control cookies directly from my website. I have implemented a dedicated cookie management mechanism to disable cookies that you do not want.
Disabling cookies neither prevents viewing the pages on this website nor interferes with browsing but may prevent you from using some of the functions or cause difficulties in its performance. For example, if you disable cookies from social plugins- buttons, widgets, and social functions implemented on my website may not be available to you.
§ 15: What is the purpose of using ‘own’ cookies on this website?
Own cookies ensure the proper functioning of website mechanisms and their navigation.
Own cookies also store information about your ‘cookie settings’ defined in the cookie management mechanism prior to visiting my website.
§ 16: Do I use third parties cookies?
The following third party cookies are used on my website:
Facebook Custom Audiences,
Facebook Connect and other social plugins,
Details on individual third party cookies:
I use the Google Analytics tool provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA., to create statistics and analyze activities to optimize the website.
To use Google Analytics, I have implemented a special Google Analytics tracking code in the website code. The tracking code uses Google LLC cookies for the Google Analytics service. You can block the Google Analytics tracking code at any time by installing the browser add-on provided by Google.
Google Analytics automatically collects information about your activities on my website. The information is transferred to Google servers and stored there.
I do not collect any data that would allow me to identify you with this tool. The information I have access to as part of Google Analytics is, in particular:
information about your operating system and web browser, subpages you are browsing, time spent on the website and individual subpages, transitions between individual subpages, the source from which you entered my website, your approximate location.
Google Analytics and Google Analytics 360 services have been certified by the independent security standard ISO 27001. ISO 27001 is one of the most recognized standards in the world. It certifies compliance with the relevant requirements by systems that support Google Analytics and Google Analytics 360.
Facebook Custom Audiences
I use the Custom Audience Groups feature to target advertising messages to specific groups of users. The lawful reason for this processing is my legitimate interest in marketing my products or services.
Facebook Custom Audience is a part of the Facebook Ads- advertising system provided by Facebook Inc. It bases on creating lists of users that visited my website or performed certain activities on my website (i.e., interact with posts). Facebook Pixel- the tool embedded on my website tracks users’ activities and assigns them to groups. Pixel collects information about your activities on my website automatically. The information is transferred to Facebook servers, located worldwide, including in the United States of America (USA).
The information collected by Facebook’s Pixel is anonymous; it does not allow me to identify you. Depending on your activity on my website, you can be assigned to a specific audience group, but I do not identify individuals belonging to these groups in any way.
Facebook Pixel can track and record the following behaviours:
displaying the content of a specific page,
checkout in the web store,
finalizing the purchase as part of the web store,
filling out a specific form, i.e., subscribing to the newsletter.
My website uses plugins, buttons, and other social media tools hereinafter referred to as “plugins”. These tools are provided by social network sites such as Facebook, Instagram, Linked In, Twitter.
When displaying a website containing a plugin of a given social networking site, your browser sends information about the visit to the administrator of that social networking site. Since the plugin is a part of a social networking site embedded in my website, the browser sends information about a request to download the content of a given social networking website to my page.
The plugins collect certain information about you, such as user ID, website visited, date and time, and information about your web browser.
Social network administrators use some of this information to personalize your browsing. For example, when you visit a page with a “Like” button, the administrator of the social networking site needs to know who you are to show you which of your friends also follow my page.
The information collected by plugins may also be used by the administrators of social networking sites for their purposes, such as, i.e. improving their products, creating user profiles, analyzing and optimizing their activities, advertising targeting. The details of this processing can be found in the privacy policies of individual social networking sites.
Social network plugins collect and transfer information to the administrators of these websites even when you browse my website while logged out from your social network account. However, then the browser sends a more limited set of information.
If you have logged in to one of the social networking sites, the site administrator will be able to directly assign a visit to my site to your profile on a given social networking site.
If you do not want social networks to assign the data collected during your visit to my website to your profile on a given network, you must log out of this website before visiting my website. You can turn off the use of plugins on the website by using appropriate extensions for your browser, e.g. blocking scripts.
In addition, some plugins may share pieces of information as a part of your social profiles. For example, information about clicking the “Like” button may be available on your Facebook timeline. If you share content on your social media using plugins embedded on my website, this sharing will naturally be visible in your profile.
All the details related to the processing of data collected by social network plugins administrators, including your rights in this regard, can be found in the privacy policies of those service providers.
YouTube website widget allow you to play the recordings available on YouTube directly from my website. YouTube is operated by Google LLC.
Videos are embedded on the website in the privacy protection mode. Based on the information provided by YouTube, this means that no cookies are stored on your device, and Google does not collect any information about you until you play the recording.
If you do not want Google to assign data collected during video playback directly to your profile, you must log out of your account before playing the video. You can also completely prevent the loading of plugins on the website by using extensions for your browser, e.g. blocking scripts.
The information collected as part of cookies related to YouTube videos embedded on my website is used by Google to ensure the proper and safe functioning of the widget, to analyze and optimize the services provided by YouTube, as well as for personalization and advertising purposes. Please note, that while playing the recordings available on YouTube, you are using the services provided by Google LLC. Google LLC is an independent entity. Details and the rules of using YouTube, including privacy protection, can be found in documents provided directly by YouTube.
§ 17: Do I track your activities on my website?
Google Analytics and Facebook Custom Audiences collect information about your activity on my website. These tools are described in the third party cookie question
§ 18: Do I use targetting?
Facebook Ads allow me to target specific groups defined by various criteria such as age, gender, interests, profession, job, activities previously undertaken on my website. These tools are described in the third party cookie question # 16
§ 19: How can you manage your privacy settings?
The setup options within different tools/plugins are described above.
There are also external tools that allow you to manage your cookie settings globally. Please find a list of those tools below:
cookie settings within the web browser that you use,
browser plugins supporting the management of cookie settings, e.g. Ghostery,
additional cookie management software,
incognito mode in a web browser,
advertising settings tools, e.g. youronlinechoices.com.
established in 2001, We strive to provide Exceptional Service to our clients. we believe in a good and honest common market, and we will not stop at anything.