Privacy Policy.

KORDECKI & Partners Kancelaria Prawna sp.k. with its registered office at ul. Marszałkowska 111, 00-102 Warsaw, Poland.

Contact for data protection matters:

• Email: info@kordeckipartners.com
• Phone:
• Postal address: as above

We have not appointed a Data Protection Officer because we are not required to do so under Art. 37(1) GDPR. Inquiries on data-protection matters are handled by the partner overseeing compliance, currently Anna Witkowska.

We process personal data for the following purposes and on the following legal bases:

We do not sell personal data. We do not transfer personal data outside the European Economic Area (EEA).

Data may be disclosed to:

• Our hosting provider — OVH SAS or Hetzner Online GmbH (EU-based, GDPR-compliant data processor under Art. 28 GDPR)
• Email service provider (transactional email infrastructure, EU-based)
• Professional advisers under confidentiality (e.g., accountants, auditors)
• Public authorities where required by law (court orders, KAS audits, UODO investigations)

Each processor operates under a written data-processing agreement that limits use of the data strictly to the agreed purpose.

We retain personal data only as long as needed for the purpose for which it was collected:

• Contact-form submissions — 12 months from last contact, then erased unless engagement begins.
• Client files — duration of engagement plus 10 years (Polish Bar attorney-retention rules under the Act on Advocates' Profession, Art. 6).
• Newsletter — until you withdraw consent or unsubscribe.
• Accounting records — 5 years from year-end (Polish accounting law).

Under GDPR Articles 15–22, you have the right to:

• Access — obtain a copy of your personal data we process (Art. 15)
• Rectification — correct inaccurate data (Art. 16)
• Erasure — request deletion (Art. 17), subject to our legal-retention obligations
• Restriction — limit processing during dispute resolution (Art. 18)
• Portability — receive your data in a structured, machine-readable format (Art. 20)
• Objection — to processing on legitimate-interest basis (Art. 21)
• Withdrawal of consent — at any time without affecting prior lawful processing (Art. 7(3))

To exercise these rights, write to info@kordeckipartners.com. We respond within one month (extendable by two months for complex requests under Art. 12(3) GDPR).

Right to lodge a complaint: You may complain to the Polish supervisory authority — UODO (Urząd Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warsaw. uodo.gov.pl

We use only essential cookies and similar technologies necessary for the website to function:

We do not use third-party tracking cookies, advertising cookies, or behavioural analytics. Our website analytics is server-side and aggregated, with no individual user tracking.

A consent banner is displayed on first visit. You can change your preferences at any time by clearing your browser storage for this site or via the link in our cookie section (will appear when consent is required).

We do not transfer personal data outside the European Economic Area (EEA). Our hosting, email and analytics infrastructure are based within the EU.

Where a client matter requires cross-border legal coordination (e.g., engaging counsel in a non-EEA jurisdiction), any data transfer is made on the basis of Art. 49(1)(b) GDPR — transfer necessary for the performance of a contract between the client and the controller — and only after explicit client confirmation.

We may update this policy when our processing practices change or when statute requires. The last reviewed date is shown at the top of this page. Material changes will be notified via the website banner.