Privacy Policy

This Privacy Policy is for informational purposes and outlines the rules for collecting, processing, and using personal data of users of the website https://transakcjeoze.pl/ and also includes information about the use of Cookies and analytics tools on the Website.

DEFINITIONS

Controller – HWW Hewelt Wojnowski Lindner i Wspólnicy limited partnership with its registered office in Warsaw,  Łucka 18, 4/L, 00-845 Warsaw, entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court for the capital city of Warsaw in Warsaw, XIII Commercial Division of the National Court Register, under KRS number: 0000713665, NIP: 1132960039, REGON: 369257204.

personal data – any information relating to an identified or identifiable natural person by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person, including location data, device IP address, internet identifier and information collected through Cookies and other similar technologies.

PKE – The Polish Electronic Communications Law of July 12, 2024 (Journal of Laws, item 1221, as amended).

Policy – this Privacy Policy.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individual persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Website – the Controller’s website: https://transakcjeoze.pl/

User – any person visiting the Website or using one or more services or functionalities available on the Website.

GENERAL PROVISIONS

  1. The controller of personal data is HWW Hewelt Wojnowski Lindner i Wspólnicy limited partnership with its registered office in Warsaw, Łucka 18, 4/L, 00-845 Warsaw, entered into the Register of Entrepreneurs of the National Court Register (Krajowy Rejestr Sądowy) maintained by the District Court for the capital city of Warsaw in Warsaw, XIII Commercial Division of the National Court Register, under KRS number: 0000713665, NIP: 1132960039, REGON: 369257204. 
  2. Personal data on the Website is processed by the Controller in accordance with applicable law, in particular in accordance with the GDPR.
  3. The use of the Website, the conclusion of any agreements and the related provision of personal data by the User using the Website is voluntary, subject to the following:
    1. failure to provide personal data necessary to use the contact form will result in the inability to perform this action,
    2. the Controller’s statutory obligations – the provision of personal data is a statutory requirement resulting from generally applicable laws imposing on the Controller the obligation to process personal data and failure to provide such data will prevent the Controller from performing these obligations.
  4. The Controller takes special care to protect the interests of persons whose personal data it processes and in particular is responsible for and ensures the data it collects is processed lawfully; collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes; factually accurate and adequate in relation to the purposes for which they are processed; stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. 

THE RIGHTS OF DATA SUBJECTS 

In connection with the processing of personal data, the User has the following rights: 

  1. The right to access User’s data and obtain information about the processing of its personal data. 

Users have the right to obtain confirmation from the Controller as to whether it processes User’s personal data, the right to request access to this data and the right to obtain information from the Controller regarding the purposes of processing and the categories of personal data processed, information about the recipients or categories of recipients to whom the personal data are disclosed, the planned period of storage of personal data, source of the data if they were not collected from the data subject, and information on whether the Controller makes automated decisions regarding the data subject, including on the basis of profiling. Users also have the right to obtain a copy of the data. 

  1. The right to rectify data when it is incorrect.
  2. The right to request the deletion of data. 

The right to deletion of data applies when the User’s data is no longer necessary for which it was collected by the Controller; Users withdraw their consent to the processing of data; Users object to the processing of their data; the User’s data is processed unlawfully; the data must be deleted in order to comply with a legal obligation or the data has been collected in connection with the provision of information society services. 

  1. The right to request restriction of data processing for a specified period of time and within a specified scope. 

A request to restrict data processing will not affect any processing that has already been carried out. 

When User data is incorrect – Users may request that its processing be restricted for a period enabling the Controller to verify the accuracy of the data; the processing of User data is unlawful, but Users do not want the data to be deleted; the Uset data is no longer necessary for the Controller, but is necessary for Users to establish, exercise or defend their legal claims; or Users have objected to the processing of their data – until it is determined whether the legitimate grounds of the Controller override the grounds for the objection. 

  1. The right to transfer data by the data subject to another controller. 

The right to transfer data is available when the processing of Users data is based on consent or a contract when the processing is carried out by automated means. 

  1. Right to object to data processing. 

Submitting an objection will not affect any actions already taken. The right to object to data processing is available when the processing of Users’ personal data is based on a legitimate interest and the objection is justified due to the User’s particular situation, as well as when the User’s personal data is processed for direct marketing purposes, including profiling. 

  1. The right to lodge a complaint with the President of the Personal Data Protection Office if the User believe that the processing of its personal data violates the provisions of the GDPR.

The User can make use of these rights by sending a request to the Controller’s email address:  kancelaria@hww.pl.  

To ensure that the User are eligible to apply, the Controller may ask the User to provide authentication details. 

LEGAL BASIS FOR DATA PROCESSING 

The Controller makes every effort to ensure proper protection of personal data, in particular by applying the organizational and legal measures required under the GDPR.

The Controller is authorised the process personal data in cases where at least one of the following conditions is met:

  1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes; 
  2. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into contract; 
  3. processing is necessary for compliance with a legal obligation to which the Controller is subject; 
  4. processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

PURPOSES OF PERSONAL DATA PROCESSING

Personal data of all persons using the Website (including IP addresses or other identifiers and information collected through Cookies or other similar technologies) are processed by the Controller:

  1. in order to provide electronic services in the scope of making the content collected on the Website available to Users, including handling User inquiries or using the contact form – the legal basis for processing is: 

– the User’s consent to marketing activities (Article 6(1)(a) of the GDPR)

– the Controller’s legitimate interest (Article 6(1)(f) GDPR) in ensuring efficient and effective communication between the Controller and the User.

  1. for analytical and statistical purposes, including the analysis of how the User uses and navigates the Website, management of the Website, use of tools that improve the functionality of the Website, and analysis of data related to the use of the Website in order to tailor it to the needs and behavior of Users. – the legal basis for processing is the the Controller’s legitimate interest (Article 6(1)(f) of the GDPR), consisting in analysing the activity of Users and their preferences in order to improve the functionalities used and the services provided;

User activity on the Website, including personal data, is recorded in system logs (a special computer program used to store chronological records containing information about events and actions related to the IT system used to provide services by the Controller). The information collected in the logs is processed primarily for purposes related to the provision of services. The Controller also processes this data for technical and administrative purposes, for the purposes of ensuring the security of the IT system and its management, as well as for analytical and statistical purposes – in this respect, the legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) of the GDPR).

  1. to operate and manage social media profiles – the legal basis for processing is the the Controller’s legitimate interest (Article 6(1)(f) of the GDPR) to manage a profile on a given platform,
  2. for the use of Cookies on the Website– the legal basis for processing is:

– the User’s consent (Article 6(1)(a) of the GDPR) to the use of all Cookies,

– the Controller’s legitimate interest (Article 6(1)(f) of the GDPR) in the use of the necessary Cookies to ensure the proper functioning of the Website and to ensure the security of the Website, 

  1. to fulfil legal obligations related to the protection of personal data – the legal basis for processing is the applicable legal provisions that require the processing of such data (Article 6(1)(c) of the GDPR), 
  2. for the purpose of possible establishment, investigation or defence against claims – the legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) of the GDPR) consisting in the protection of its rights.

CONTACT FORM 

The Controller provide Users with a contact form on the Website, enabling them to contact the Controller.

In order to contact the Controller via the contact form, the following personal data must be provided:

  1. first and last name/company name;
  2. email address;
  3. phone numer.

Therefore, personal data is processed:

  1. to identify the sender and handle their request to contact the Controller sent via the contact form – the legal basis for processing is:

–  the User’s consent to marketing activities (Article 6(1)(a) of the  GDPR),

– the Controller’s legitimate interest (Article 6(1)(f) of the GDPR) in ensuring efficient and effective communication between the Controller and the User,

  1. for analytical and statistical purposes – the legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) of the GDPR), consisting in keeping statistics on the number of requests submitted by Users via the Website in order to improve its functionality.

SOCIAL MEDIA

The Controller processes the personal data of Users visiting the Controller’s profiles on social media  (Facebook, LinkedIn). This data is processed solely in connection with the maintenance of the profile, including for the purpose of informing Users about the Controller’s activities, promoting various events and products and also for the purpose of communicating with Users via the functionalities available on social media (comments, messages, chat, invitations, reactions).The legal basis for the processing of personal data by the Controller for this purpose is its legitimate interest (Article 6(1)(f) of the GDPR), consisting in the promotion of its own brand. 

The Website uses the following plugins: Facebook or LinkedIn, which redirect to the Controller’s profile maintained via the above-mentioned platforms. 

The provider of a given platform determines the rules governing the platform and the rules for processing data for its own purposes. In order to use the Controller’s profile via an external platform, the User should read the terms and conditions and policies of each platform. Detailed information on data processing in this regard is provided below:

Facebook: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0   

LinkedIn: https://pl.linkedin.com/legal/privacy-policy

Together with the provider of a given platform, the Controller co-administers data related to the Controller’s profile on the platform as part of the implementation of the Controller’s common economic objectives (marketing activities, creation of statistics).

ANALYTICAL AND MARKETING TOOLS

The Controller uses analytical, marketing, and security and website optimization tools. Users’ personal data may be processed in this regard for the purpose of analyzing website traffic, verifying its correctness, ensuring the security of forms, creating statistics, and optimizing content for search engines. The legal basis for the processing of necessary data is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in conducting marketing activities, increasing the security of the website, and improving the services provided. However, with regard to the use of all Cookies, the legal basis for the processing of personal data will be the User’s consent (Article 6(1)(a) of the GDPR).

The Website uses Google Analytics as part of its analytical and marketing tools. This tool works on the basis of cookies and other tracking technologies. The data collected by Google Analytics may include, among other things, information about location, age, gender, Internet activity, and behavior on the website. Google Analytics is provided by Google Ireland Limited. The rules of operation of the service and the rules of data processing by Google are specified by the provider in its own regulations. The User can restrict the use of cookies in their browser settings, but this may limit the full use of the Website’s functionality.

Detailed information about Google Analytics is available at https://analytics.google.com/analytics/web/provision/?hl=pl#/provision

INFORMATION ON CATEGORIES OF RECIPIENTS OF PERSONAL DATA

User’s personal data may be disclosed or transferred only to:

  • employees and associates of the Controller authorised to process personal data in connection with the performance of their duties,
  • technical and organisational service providers for the Controller to the extent necessary for the performance of their tasks, but only within the scope of authorisations or entrustments, in particular: suppliers and entities specialising in providing technical support for ICT systems, including hosting providers, mailing system providers, invoicing system providers, accounting firms providing accounting services, law firms providing legal advice and representation services,
  • with regard to statistical and advertising data, whereby the entities responsible for operating the platforms are the joint controllers of personal data, namely:

–  Facebook: Meta Platforms Ireland Limited,

–  LinkedIn: LinkedIn Ireland Unlimited Company with its registered office at Wilton Place

  • entities authorised by law.

The Controller shall only use the services of processors who provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of the GDPR and protects the rights of data subjects. 

The Controller transfers data only when it is necessary to achieve the purpose of personal data processing and only to extent necessary to achieve it. 

The Controller reserves the right to disclose information about the User to competent authorities or third parties who request such information on the basis of a relevant legal basis and in accordance with applicable law.

TRANSFER OF PERSONAL DATA TO A THIRS COUNTRY OR AN INTERNATIONAL ORGANISATION

The level of personal data protection outside the European Economic Area (EEA) differs from that provided by European law. The Controller therefore transfers personal data outside the EEA only when necessary and with an adequate level of protection, primarily through:

  1. cooperating with personal data processors in countries for which an appropriate decision has been issued by the European Commission;
  2. using standard contractual clauses issued by the European Commission;
  3. applying binding corporate rules approved by the competent supervisory authority.

Given the international nature of data flows within the Facebook and LinkedIn platforms, the entities responsible for the operation of these platforms may transfer personal data to countries outside the European Economic Area (EEA).

PERIOD OF STORAGE OF PERSONAL DATA

The period for which data is processed by the Controller depends on the type of service provided and the purpose of the processing. As a rule, data is processed for the time necessary to respond to an inquiry or to provide the service, until the consent is withdrawn or an effective objection to the processing is submitted in cases where the legal basis for processing is the Controller’s legitimate interest. The processing period may be extended if the data is necessary for the establishment, exercise, or defence of potential legal claims, and after that period – only if and to the extent required by applicable law. Once the processing period has expired, the data is irreversibly deleted or anonymized.

INFORMATION ON AUTOMATED DECISION-MAKING 

The Controller does not make automated decisions regarding the User, including profiling as referred to in Article 22(1) and (4) of the GDPR.

COOKIES POLICY 

The Controller uses information stored in cookies to ensure maximum convenience when using the Website. These cookies may also be used by research and advertising partners cooperating with the Controller. If the User does not consent to the use of cookies, cookie settings can be adjusted in the web browser and on the Website.

This Cookie Policy applies to Cookies used on the Website.

GENERAL PROVISIONS

  1. This policy on cookies and similar technologies used on the Website is for informational purposes only and is intended to clearly present the rules governing the use of cookies and similar technologies on the Website.
  2. In the remainder of this document, the term “Controller” shall refer to HWW Hewelt Wojnowski Lindner i Wspólnicy limited partnership with its registered office in Warsaw,  Łucka 18, 4/L, 00-845 Warsaw, entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court for the capital city of Warsaw in Warsaw, XIII Commercial Division of the National Court Register, under KRS number: 0000713665, NIP: 1132960039, REGON: 369257204.
  3. The provisions of the GDPR and PKE will apply accordingly.
  4. The User can contact the Controller at the above address, by email at kancelaria@hww.pl or in writing to HWW Hewelt Wojnowski Lindner i Wspólnicy, Łucka 18, 4/L, 00-845 Warsaw.
  5. To the extent that Cookies contain the User’s personal data, the Controller shall also act as the Controller of such personal data. The rules governing the processing of this data are outlined in the Privacy Policy.
  1. COOKIES
  1. The Controller informs that the Website uses cookies, which are installed on the User’s end device. Cookies are IT data, particularly text files, stored on the User’s device when browsing the Website. Cookies typically contain the domain name of the website from which they originate, the time they are stored on the end device, and a unique identifier. The Controller may process data stored in cookies when Users visit the Website for the following purposes:
  1. adapting the Website’s content to the User’s preferences and optimizing the use of the Website – in particular, Cookies enable recognition of the User’s device and the appropriate display of the website according to the User’s individual needs;
  2. ensuring the proper functioning of the Website – Cookies allow for the efficient operation of the Website, use of available features and conveniently navigate between individual subpages;
  3. ensuring security – Cookies are used to authenticate Users and prevent unauthorised use of the User’s account;
  4. creating statistics that help understand how Website Users use the websites, which allows improving their structure and content;
  5. analysing the use of the Website and generating statistics and reports on its performance, which help improve the Website’s structure and content.
  1. The Cookies used by the Website are secure and do not cause any configuration changes to User’s computer, laptop or smartphone, or to the software installed on the device. 
  2. Obtaining and storing information through Cookies—except when necessary to ensure the proper functioning, security, and basic operations of the Website, including service stability through basic statistical measures—is only permitted with the User’s consent. During the User’s first visit to the Website, they are informed about the use of Cookies. The User may, however, modify their Cookie preferences at any time in the settings available on the Website.
  3. The basis for processing data to the extent that Cookies contain Users’ personal data is the legitimate interest of the Controller or a third party (Article 6(1)(f) of the GDPR), i.e. the need to ensure the highest quality of content presented by the Controller and to ensure the proper functioning of the Website. In the case of the use of all Cookies, the basis for data processing is the User’s consent (Article 6(1)(a) of the GDPR).
  4. Information about Cookies used by the Controller is displayed in a panel on the Website. 
  5. Data collected through Cookies does not generally allow the Controller to identify the User. However, some information, depending on its content and how it is used, may be linked to a specific person, e.g. through an IP address, and thus be considered personal data. With regard to information collected by cookies that may be linked to a specific person, the provisions of the Privacy Policy apply.
  6. The Controller uses the following cookies or tools that use them:
  7. Cookiebot by Usercentrics:
https://www.cookiebot.com/en/privacy-policy/?utm_source=google&utm_medium=cpc&utm_term=cookiebot&utm_campaign=cb_dm_pl_eng_brand_search&utm_content=pl-eng-brand&campaign_id=20484773976&adset_id=161222604456&ad_id=695945740239&matchtype=e&utm_device=c&gclid=Cj0KCQiAsNPKBhCqARIsACm01fRjhuYb__IqnSA1C9BNjfBIEjHmCBYPO9EFcX2oK72DubDRs0JdPjQaAlYAEALw_wcB
  1. Google Analytics: 
https://analytics.google.com/analytics/web/provision/?hl=pl#/provision

The Cookies used by the Controller are primarily used to optimise the User’s experience when using the Website. In this regard, the Controller also cooperates with other companies that provide tools to support the Controller primarily in ensuring the proper functioning of the Website. For the purposes of the Controller’s activities, the browser or other software installed on the User’s device also stores Cookies from third parties (for example – Google Ireland Limited in relation to Google Analytics), which may become controllers of the User’s personal data or act as joint controllers of personal data together with the Controller. Cookies sent by these entities are intended to ensure the security of the Website.

  1. Using most commonly used browsers, the User can check whether Cookies have been installed on the end device, as well as delete installed cookies and block their installation in the future by the Website. However, disabling or limiting the use of cookies may cause difficulties in using the Website, e.g. in the form of the need to log in on each subpage, longer loading times of the Website, or restrictions on the use of certain functionalities.

PERSONAL DATA SECURITY 

The Controller takes appropriate measures to ensure adequate protection of personal data, in particular by implementing the organisational and legal safeguards required under the GDPR.

CONTACT DETAILS 

Users may contact the Controller via email at: kancelaria@hww.pl or in writing at the following address: HWW Hewelt Wojnowski Lindner i Wspólnicy, Łucka 18, 4/L, 00-845 Warsaw.

This Privacy Policy and Cookie Policy is reviewed regularly and updated as necessary. The current version of the Policy was adopted and is effective as of 8th January 2026.