This Privacy and Cookie Policy (hereinafter also referred to as the Policy) defines the rules for processing and protecting personal data by the Legal Link Group, , including data transmitted via the website www.legal.link (hereafter referred to as the Website).
The data administrator is the Legal Link Group. The Legal Link Group includes:
The address for Legal Link Group for business activities and correspondence is: al. 29 Listopada 85, 31-408 Kraków.
We care about the security of personal data and the privacy of the Website User. If you have any doubts regarding the provisions of this Privacy and Cookie Policy, please contact the Administrator via email at: info@legal.link.
The Administrator reserves the right to make changes to the Policy, and it is the responsibility of every Website User to be aware of the current version of the Policy. Reasons for changes may include internet technology development, changes in binding law or development of the Website through, for example, the use of new tools by the Administrator.
Administrator – Legal Link Group
Legal Link Group – a group of related entities consisting of:
User – any entity visiting and using the site.
Website and/or Online Store – the website, blog and online store located at the domain legal.link.
User Account or Account - an account set up on the online Store Platform that enables access to purchased trainings and products in accordance with the Store's Terms and Conditions, which the User is obliged to accept during account registration.
Form or Forms – areas on the Website that allow the User to enter personal data for specified purposes, e.g., for newsletter, order placement or contact with the User.
Newsletter – represents a free service provided electronically by the Administrator to the User by sending electronic messages through which the Administrator informs about events, services, products and other elements important from the Administrator's point of view and/or for the purpose of realizing the Administrator’s legally justified goal, which is direct marketing, including sending marketing and commercial content with the User’s consent. Detailed information about the newsletter dispatch is provided later in this privacy policy.
GDPR - refers to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Act on Personal Data Protection – the act of 10 May 2018 on personal data protection (Journal of Laws 2018, item 1000, as amended).
Act on Providing Services by Electronic Means – the act of 18 July 2002 on providing services by electronic means (Journal of Laws No. 144, item 1204, as amended).
Providing data is voluntary, but failing to provide certain information, generally marked as mandatory on the Administrator's Website, will result in an inability to perform a given service, achieve a specific goal or take certain actions.
If a User provides data that is not mandatory or provides more data than the Administrator needs to process, it is understood as processing based on the User’s own decision, and then the processing is based on the legal basis contained in Art. 6 (1)(a) of GDPR (consent). The User consents to the processing of this data and to the anonymization of data that the Administrator does not require.
The User's personal data on the Administrator's Website may be processed for the following purposes and on the following legal bases:
Because we are unable to provide all services independently, we use services from external providers. Your data is passed on to the following categories of entities:
The provisions by the User of data that are not mandatory or the provisions of excess data that the Administrator does not need to process occurs based on the decision of the User themselves, and then the processing is carried out based on the premise contained in Art. 6(1)(a) of the GDPR (consent). The User gives their consent to the processing of these data and to the anonymization of data that the Administrator does not require and does not want to process, yet the User has provided them to the Administrator.
Only those data which the User themselves provides are collected and processed, except for – in certain situations – data automatically collected via cookies and login data, as discussed below.
During a visit to the Website, data about the visit itself, such as the user's IP address, domain name, browser type, operating system type, etc. (login data), are automatically collected. These automatically collected data can be used to analyze user behaviors on the website, collect demographic data about users, or personalize the content of the site to improve it. However, these data are processed only to administer the Website, ensure efficient hosting service or direct marketing content, and are not associated with individual users' data.e found later in this policy.
Data may also be collected for the purpose of filling out forms located on the Website, as mentioned later in the privacy policy.
Information Society Services
The Administrator does not collect data on children. Users should be at least 16 years old to independently consent to the processing of personal data for the purpose of providing information society services, including marketing purposes, or to obtain such consent from a legal guardian (e.g., parent).
If the User is under the age of 16, they should not use the Site and www.legal.link service.
The Administrator is authorized to make reasonable efforts to verify whether the user meets the age requirement mentioned above, or whether the person exercising parental authority or care over the User under 16 has given or approved the consent.
The User is entitled at any time to exercise their rights contained in Articles 15-21 of the GDPR, i.e.:
The Administrator notes that these rights are not absolute and do not apply to all data processing activities of the User's personal data. This applies, for example, to the right to obtain a copy of the data. This right cannot adversely affect the rights and freedoms of others, such as copyright, professional secrecy. To learn about the limitations concerning the User's rights, refer to the content of the GDPR.
The User always has the right to lodge a complaint with the supervisory authority.
To exercise their rights, the User may contact the Administrator via email at info@legal.link or by mail to the address of the Administrator's place of business specifying the scope of their requests. A response will be provided no later than 30 days from the receipt of the request and its justification, unless an extension of this period is justified in accordance with the GDPR.
If the user has given consent for specific actions, such consent can be withdrawn at any time. This will result in the removal of the email address from the administrator's mailing list and/or the phone number from the contact list, and the discontinuation of specified actions (if the subscription was based on consent). Withdrawing consent does not affect the processing of data that was performed based on consent before its withdrawal.
In some cases, data may not be completely deleted and will be retained to defend against potential claims for the period compliant with the provisions of the civil code or, for example, to fulfill legal obligations imposed on the Administrator (e.g., tax obligations).
Each time, the Administrator will address the user's request, justifying further actions resulting from legal obligations.
User data may be transferred outside the European Union - to third countries.
Given that the Administrator uses external service providers such as Facebook, Google, Zoom, Webflow, PayU, Mailerlite, Microsoft, etc., user data may be transferred to the United States of America (USA) due to their storage on American servers (in whole or in part). Google and Facebook apply compliance mechanisms provided for by the GDPR (e.g., certifications) or standard contractual clauses for their services. The data will only be transferred to recipients who guarantee the highest protection and security of data, including through:
Detailed information is available in the privacy policy of each of these service providers, available on their websites. For example:
Google: https://policies.google.com/privacy?hl=pl
Facebook: https://www.facebook.com/privacy/explanation
MailerLite: https://www.mailerlite.com/legal/privacy-policy
Microsoft: https://privacy.microsoft.com/pl-pl
Wix: https://pl.wix.com/about/privacy
ClickMeeting: https://clickmeeting.com/pl/legal
Webflow: https://webflow.com/legal/privacy
Web To Learn: https://webtolearn.pl/polityka-prywatnosci-i-regulamin
Currently, services offered by Google and Facebook are mainly provided by entities located within the European Union. However, it is necessary to review these providers' privacy policy to obtain current information about personal data protection.
User data will be stored by the Administrator for the time necessary to perform specific services/achieve goals and:
Data retention periods specified in years are calculated at the end of each year in which data processing began. This is intended to streamline the data processing and management process.
Detailed periods of personal data processing, related to specific processing activities, are found in the Administrator's processing activities register.
Links to other websites may appear on the Site. These will open in a new browser window or the same window. The Administrator is not responsible for the content transmitted by these sites. The User is required to read the privacy policy or terms of these sites.
The Data Administrator of the User's personal data on the Facebook page under the name Legal Link in the Facebook service (hereinafter referred to as the Fanpage) is the Administrator.
User personal data provided on the Fanpage will be processed for the purpose of administering and managing the Fanpage, communicating with the User, interacting, directing marketing content to the User, and creating the Fanpage community.
The basis for their processing is the User's consent and the legally justified interest of the administrator in interacting with Users and Followers of the Fanpage. The User voluntarily decides to like/follow the Fanpage.
The rules prevailing on the Fanpage are set by the Administrator, however, the rules for staying in the Facebook social network result from Facebook's regulations.
At any time, the User may stop following the Fanpage. The Administrator will then no longer display any content to the User related to the Administrator's Fanpage.
The Administrator sees the User's personal data, such as name, surname, or general information that the User places on their profiles as public.The processing of other personal data is done by the social network Facebook and under the terms contained in its regulations.
User personal data will be processed for the period of conducting/existence of the Fanpage based on the consent expressed by liking/clicking "Follow" Fanpage or entering into interactions e.g., leaving a comment, sending a message, and for the purpose of realizing the legally justified interests of the Administrator, i.e., marketing of their own products or services or defense against claims.
User personal data may be shared with other data recipients, such as the Facebook portal, cooperating advertising agencies or other subcontractors serving the Administrator's Fanpage, IT service, virtual assistant, or teachers handling individual online courses if contact occurs outside the Facebook portal.
The remaining User rights are described in this privacy policy.
User data may be transferred to third countries in accordance with Facebook's regulations.
This data may also be profiled, which helps better personalize the advertising offer directed to the User. However, they will not be processed in an automated manner within the meaning of the GDPR (having a negative impact on the User's rights and freedoms).
The above rules related to data within the Facebook portal also apply to the Linkedin portal.
User personal data are stored and protected with due care, in accordance with the internal procedures implemented by the Administrator. The Administrator processes information about the User using appropriate technical and organizational measures that meet the requirements of the generally applicable laws, particularly the provisions on the protection of personal data. These measures are primarily intended to protect Users' personal data from access by unauthorized persons.
In particular, access to Users' personal data is only granted to authorized persons who are obliged to keep this data confidential or entities to whom the processing of personal data has been entrusted based on a separate data entrustment agreement.
The User should also exercise care in securing their personal data transmitted over the Internet, particularly not to disclose their login data to third parties, use antivirus protections, and update software.
The Administrator informs that it uses the services of external entities. Entities to which personal data processing is entrusted (such as courier companies, companies intermediating in electronic payments, companies offering accounting services, companies enabling newsletter dispatch) guarantee the application of appropriate measures to protect and secure personal data required by law, in particular by the GDPR.
The Administrator informs the User that it entrusts the processing of personal data to, among others, the following entities:
The Data Administrator hereby informs that a Data Protection Officer (DPO) has not been appointed and the responsibilities related to the processing of personal data are carried out independently.
The User acknowledges that their personal data may be transferred to authorized state bodies in connection with proceedings conducted by them, upon their request, and after meeting the conditions confirming the necessity to obtain such data from the Administrator.
User personal data will not be used for automated decision-making affecting the rights, obligations, or freedoms of the User as defined by the GDPR.
Within the website and tracking technologies, User data may be profiled, which helps in better personalizing the company's offer directed to the User (mainly through so-called behavioral advertising). However, this should not have any impact on the User's legal situation, particularly regarding the terms of contracts they have entered or intend to enter. It may only help in better matching the content and directed advertisements to the User's interests. The used information is anonymous and is not associated with personal data provided by the User, e.g., in the purchasing process. They derive from statistical data such as gender, age, interests, approximate location, behavior on the Site.
Every User has the right to object to profiling if it would negatively impact their rights and obligations.
If you want to learn more about behavioral advertising, click here: https://www.youronlinechoices.com/pl/o-reklamie-behawioralnej
The Administrator uses the following types of forms on the Website:
1. Newsletter Subscription Form
Requires entering one's name and email address in the designated fields, which are mandatory. Subsequently, to add their email address to the Administrator's subscriber database, the User must confirm the desire to subscribe. The data thus obtained are added to the mailing list for sending newsletters.
Subscription/registration implies that the User agrees to this Policy and consents to receive marketing and commercial information via electronic communication means, such as email or SMS, under the Act of July 18, 2002, on providing services by electronic means (Journal of Laws from 2020, item 344with later changes).
By subscribing to the newsletter, the User also consents to the Administrator using the User's telecommunication terminal equipment (e.g., phone, tablet, computer) for direct marketing of the Administrator's products and services and for presenting commercial information according to Article 172(1) of the Telecommunications Law (Journal of Laws from 2024, item 34 with later changes).
These consents are voluntary but necessary for sending the newsletter, including informing about services, new blog entries, products, promotions, and discounts offered by the Administrator or third-party products recommended by them. Consents can be withdrawn at any time, which will stop the newsletter distribution as per the rules in this privacy policy.
The newsletter is sent for an indefinite period, from the time of activation until the withdrawal of consent. After withdrawing consent, the User's data may be stored in the newsletter database for another year, to demonstrate the fact of the User's consent to communication via the newsletter, User's actions (email open rates), and the moment of its withdrawal, as well as any related claims, which constitutes a legally justified interest of the Administrator (Art. 6(1)(f) GDPR).
The newsletter may be discontinued if the User shows no activity for at least 1 year from the start of the newsletter service or from the day of opening the last email (sent newsletter). In such a case, the Administrator will delete the User's data from the newsletter system (provider). The User will not be entitled to receive any messages from the Administrator unless they decide to re-subscribe using the newsletter subscription form or contact the Administrator in another selected way.
The mailing system used to send the newsletter records all activity and actions taken by the User related to the emails sent (date and time of opening the messages, clicks on links, the moment of unsubscribing, etc.).
The Administrator may also conduct remarketing based on Art. 6(1)(f) GDPR (the legally justified interest of the Administrator, which involves promoting and advertising services to those subscribed to the newsletter, such that the email addresses of subscribers are uploaded into the marketing tool offered by Facebook Inc., known as the Ad Manager, and then targeted advertising created by the Administrator or authorized persons is directed at them through the Administrator's advertising account, provided that the newsletter subscribers are also users of the Facebook platform (have an account there). Each time, this data is deleted after the advertising campaign ends. In the case of executing another advertising campaign, an updated subscriber database is uploaded to the tool). Detailed information about so-called custom audience groups, data hashing rules, and their processing can be found in the privacy policy of the Facebook portal at this link: https://www.facebook.com/legal/terms/customaudience#and https://www.facebook.com/legal/terms/dataprocessing, and the Administrator recommends that each User and subscriber familiarize themselves with these rules.
2. Contact form
Enables sending messages to the Administrator and contact via electronic means. Personal data in the form of the first name, last name, email address, and data provided in the message content are processed by the Administrator in accordance with this Privacy Policy for the purpose of contacting the User.
After the contact with you has concluded, the data may be archived, which is a legally justified interest of the Administrator. The Administrator cannot specify the exact period of message archiving and, therefore, their deletion. However, the maximum period will not exceed the limitation periods for claims arising from legal regulations.
The Administrator is not responsible for the content of comments posted by readers of the Fanpage. The Administrator reserves the right not to post comments that are spammy, offensive, contain vulgar or offensive terms, unlawful content, or contain any links to other sites posted without his consent.
3. Order Form in the Shop
When placing an order in the online shop, you must provide specific data as stipulated in the sales regulations, in order to allow execution of the order, fulfillment of legal obligations imposed on the Administrator, handling settlements, consideration of claims, and also for statistical and archival purposes, and for direct marketing towards customers, which is a legally justified interest of the Administrator.
The data mainly includes: first name, last name, company name, tax identification number (NIP), residential address or company headquarters, possibly a delivery address, email address. If you already have a user account in the shop, then providing the login (or email address) and password and logging into your account, followed by further steps related to the order is sufficient.
The Administrator stores data for the duration of the order or service fulfillment, and after its completion, for the period necessary to protect against claims. Additionally, for the period specified by legal regulations, e.g., tax law (including the period for storing invoices).
4. Complaint and Contract Withdrawal Form
If you use services or products from the Administrator, you can file a complaint or withdraw from the contract concluded. For this purpose, the Administrator enables you to fill out the complaint form and the contract withdrawal form attached to the sales regulations. You can also perform these actions without filling out the form, however, by providing the necessary data.
Required data in this case include: first name, last name or possibly username, residential address or company headquarters address (if the order was made on behalf of a company), email address, phone number (optionally), bank account number (if a refund will be necessary).
Providing data is voluntary but necessary to consider the complaint in accordance with legal regulations and sales regulations. Data will be stored for the purpose of executing the complaint procedure / contract withdrawal and for archival purposes and defense against claims.
5. User Account Registration Form in the Online Shop
Users have the option to create an account in the online shop, for which they should perform appropriate registration and provide data: first name, last name, email address, residential address, company headquarters address, tax identification number (NIP), and then a password.
Account creation is conducted under the terms provided in the sales regulations and is a service provided electronically. The rules for maintaining the account and its possible deletion are contained in the regulations.
Data marked as mandatory is required and without them, it will not be possible to create a user account. Provision of other data is voluntary.
The Administrator may entrust the processing of personal data to third parties without separate consent from the User (based on a data entrustment agreement).
If the User utilizes services from external providers such as Google, they should familiarize themselves with their privacy policy, available from these service providers on their websites.
To use the Administrator's website, it is necessary to have:
The Facebook Pixel, provided by Facebook Inc. and its affiliated companies, is an analytics tool that helps measure the effectiveness of advertisements by showing how users interact with the Website. It helps target a specific audience (Facebook Ads, Facebook Insights), facilitating tailored advertising initiatives.
The Administrator may conduct remarketing based on Article 6(1)(f) of the GDPR (legitimate interest of the administrator), targeting those who have consented to receive offers or users who have liked the Fanpage. Email addresses are uploaded into Facebook Inc.'s advertising manager tool, then targeted with ads created by the Administrator or authorized persons, provided these individuals are also Facebook users. Information is deleted after each advertising campaign. For subsequent campaigns, an updated contact database is uploaded. Detailed information about 'Custom Audience' groups, data hashing, and processing can be found on Facebook's privacy policies at these links: Custom Audience Terms and Data Processing Terms. Users are encouraged to review these policies to understand data management practices better.
Data collected using the Facebook Pixel are anonymous and do not allow for the identification of the User. They display general user data such as location, age, gender, and interests. Facebook may combine this data with information provided by the user within their Facebook account and use it according to its policies and objectives. Users are advised to familiarize themselves with the details regarding the use of the Facebook Pixel and, if necessary, ask questions to the provider of this tool, as well as manage their privacy settings on Facebook. More information is available at Facebook’s Privacy Explanation. Users can opt out of cookies responsible for displaying remarketing ads at any time at Facebook Ads Preferences. By using the website, the User consents to the installation of the specified cookie on their end device.
This tool is provided by Google LLC. The activities undertaken using Google Analytics are based on the legitimate interest of the Administrator, which involves the creation and use of statistics, subsequently enabling the improvement of the Administrator's services and optimization of the website.
While using Google Analytics, the Administrator does not process any User data that enables personal identification.
The Administrator recommends familiarizing yourself with the details related to the use of Google Analytics, the possibility of disabling the tracking code, and potentially asking questions to the provider of this tool at this link: https://support.google.com/analytics#topic=3544906.
To consent to receiving web push notifications, the User should select the "display notifications" option or a similar one (as each browser may label this option differently) on the message sent by their web browser. Consent to receive such notifications can be withdrawn at any time by changing the settings of the User's web browser. The Administrator does not process any personal data of Users using web push notifications. Users are identified solely based on information stored by their web browsers, to which the Administrator does not have access.
After clicking on the icon of a given plugin, the User is redirected to the page of an external provider, in this case, the owner of the social media service such as Facebook. The User then has the option to click "Like" or "Share" and like the Administrator's fan page, located on the Facebook portal or directly share its content (post, article, video, etc.).
The Administrator recommends reviewing Facebook's privacy policy before creating an account on this portal. The Administrator has no influence over the data processed by the Facebook portal. From the moment the User clicks on the button of the plugin directing to social media, personal data are processed by the social media portal, e.g., Facebook, which becomes their administrator and decides on the purposes and scope of their processing. Cookies left by the Facebook plugin (or other third parties) may also be applied to the User's device upon entering the Website and then associated with data collected in the Facebook portal. The User, by using the Website, accepts this fact. The Administrator has no control over the processing of data by third parties in this way.
These guidelines should also be referred to the handling of:
Facebook – fan page located at the URL: https://www.facebook.com/legallinktaxandlaw,
Profile on LinkedIn, located at the URL: https://www.linkedin.com/company/legallink-main.
The Administrator does not collect any data that would allow for the identification of the User's personal data.
The Administrator recommends reviewing Google's privacy policy to learn the details of how these features work and their possible deactivation from the User's browser level.
The Administrator may embed content from portals, services, blogs, and other external web pages on the Site. Specifically, these can be videos from services like Vimeo or Zoom.
These third parties may save certain data about the content playback performed by the User.
If you do not want this to happen, log out from the portal (if you have an account and are logged in) before visiting my Site or do not play such content on the Site. You can also change your browser settings to block the display of specific content from certain portals.
Upon your first visit to the Site, you must express your consent for cookies or undertake other possible actions indicated in the notification to continue using the Site's content. Using the Site signifies your consent. If you do not wish to give such consent, you should leave the Site. You can always change your browser settings to disable or delete cookies. Necessary information is available in the "Help" tab of your browser.
Publication Date of the Privacy Policy: December 29, 2020
Last Update: July 15, 2024
