Privacy policy


  1. Policy means this Personal Data Protection Policy.
  2. GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU. L. of 2016 No. 119, p. 1 as amended).
  3. Controller means ROA Rasiewicz Spółka Jawna with its registered office in Warsaw (01-207) at Karolkowa 30 Street.
  4. Law Firm (ROA) shall mean the law firm operating under the business name ROA Rasiewicz Spółka Jawna with registered office in Warsaw.
  5. Data shall mean personal data within the meaning of Article 4 point 1 GDPR, unless the context clearly indicates otherwise.
  6. Person(s) means the data subject(s) whose personal data are processed by the Law Firm.
  7. Processing means an operation or set of operations performed on Data in an automated or non-automated manner, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available.
  8. Processor means an organisation or person to whom the Firm has outsourced the processing of personal data (e.g. IT service provider, external accountancy).
  9. Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
  10. Supervisory authority means the President of the Office for Personal Data Protection.
  11. Website means the website at the address:
  1. Purposes

The Law Firm processes the Data for the purposes of and in connection with the provision of its services, such as: providing legal assistance, including representing clients before courts and authorities, providing legal advice and drawing up legal opinions, conducting trainings, fulfilling requirements resulting from tax and accounting regulations, including keeping tax records and storing accounting evidence, archiving Data processed in connection with the provision of legal assistance and recruitment processes, marketing the Law Firm’s services (including informing about the Law Firm’s activities and events in which the Law Firm participates), as well as in connection with the realization of legally justified interests of the Law Firm or a third party.

  1. Legal grounds

The Data shall be processed in accordance with Article 5 of the GDPR and/or the provisions of the Act of 26 May 1982 Law on Advocates and the Act of 6 July 1982 on Legal Advisers, including respect for professional secrecy of advocates and legal advisers.

Depending on the purpose for which the Data are processed, the basis for the Law Firm’s activities is:

1) consent to the processing of Data (Article 6(1)(a) of the GDPR);

2) performance of the agreement concluded between the Person and the Law Firm, or taking action at the request of the Person prior to the conclusion to perform an agreement concluded between the Person and telephone conversations or sent by e-mail before concluding the agreement order (Article 6(1)(b) of the DPA);

3) obtaining Data during business contacts (Article 6(1)(f) of the GDPR);

4) fulfilment of legal obligations vested with the Law Firm (Article 6(1)(c) GDPR);

5) a situation in which processing is necessary for purposes resulting from legitimate interests of the Law Firm or a third party (Article 6(1)(f) of the GDPR).

  1. Period of Data processing.

1) The Data shall be processed only for the minimum period necessary for the purposes set out in this Policy. First of all, copies of the Data in identifiable form shall be kept for as long as necessary in connection with the purposes set out in this Policy, unless a longer retention period is required by applicable law. In particular, the Firm may retain Data for the period necessary to establish, exercise or defend legal rights.

2) Data whose usefulness diminishes over time shall be deleted from the Law Firm’s resources. Such Data may be archived and kept on backup copies of the systems and information processed by the Law Firm.

  1. The way of handling individual rights and information obligations
  • The Law Firm takes care of the legibility and style of information provided and communication with the Individuals.
  • The Law Firm shall make it easier for the Individuals to exercise their rights by taking necessary actions, including placing on information about their rights and the manner of exercising them.
  • The Law Firm shall take care to meet the legal deadlines for performance of the obligations incumbent upon it.
  • The Law Firm shall introduce adequate methods of identification and authentication of persons for the purpose of realization of individual rights and information obligations.
  • In order to realize the rights of an individual the Law Firm shall provide mechanisms allowing to identify the Data of specific persons processed by the Law Firm, to introduce changes to them and to delete those Data.
  • The Law Firm shall document the handling of information obligations, notices and requests of persons.
  • The Law Firm shall inform the person about the prolongation of the time limit for handling that person’s request by more than one month.
  • The Law Firm shall inform a person about their rights when collecting Data from that person.
  • The Law Firm shall inform the person about their rights in the case of obtaining Data about that person from other entitiesT
  • The Law Firm shall inform the person in the event of a change in the purpose of Data processing.
  • The Law Firm shall inform Data recipients of rectification, erasure or restriction of Data processing (unless this would require disproportionate effort or would be impossible).
  • The Law Firm shall inform the person about the right to object to the Data processing at the latest on the first contact with that person.
  1. Rights of the Persons.

When realizing the rights of the Persons, the Law Firm shall introduce guarantees of protection of third parties’ rights and freedoms. In particular, in the event that the Law Firm obtains reliable information that the execution of a request of the Person for a copy of the Data or the right to transfer the Data may adversely affect the rights and freedoms of other persons (e.g. rights related to the protection of Data of other persons, intellectual property rights, trade secrets, personal rights, etc.), the Law Firm may contact the Person in order to clarify the doubts or take other steps permitted by law, including refusal to satisfy the request.

Revocation of consent to processing

Consent for Data processing can be withdrawn by writing to: The withdrawal of consent is effective as of the moment of this event.


The Law Firm informs identified Individuals that it does not process Data concerning them if such Individuals have made a request concerning their rights.

Access to Data

Upon a Person’s request for access to the Data, the Law Firm shall inform whether it is processing their Data and shall inform them of the details of the processing, in accordance with Article 15 GDPR (the scope corresponds to the information obligation when collecting the Data), and shall grant that Person access to the Data.


The Law Firm shall inform, within one month of receiving the request, of the refusal to process the request and of the rights related thereto.

Copies of Data

At the request of a Person, the Law Firm shall issue a copy of Data concerning him/her and shall record the fact of issuing the first copy of the Data. The Law Firm may introduce a price list of Data copies, according to which it may charge for subsequent copies of the Data. The price of the Data copy shall be calculated on the basis of the estimated unit cost of processing the request for the Data copy (min. remuneration of the employee preparing the Data copy, the cost of office materials).

Rectification of Data

The Law Firm shall rectify incorrect Data at the request of a Person. The Law Firm shall have the right to refuse to rectify the Data, unless the person reasonably demonstrates the incorrectness of the Data the rectification of which is requested. In the event of the rectification of the Data, the Law Firm shall, at the request of the Person, inform about the recipients of the Data.

Completion of the Data

The Law Firm shall supplement and update the Data at the request of the Person. The Law Firm shall be entitled to refuse to supplement the Data if the supplementation would be incompatible with the purposes of the Data processing. The Law Firm may rely on the statement of a Person as to the Data to be supplemented, unless it is insufficient in view of procedures adopted by the Law Firm, the law or there are grounds to consider the statement unreliable.

Deletion of Data

At the request of a Person, the Law Firm shall delete the Data when:

  1. the Data provided by him/her are not necessary for the purposes for which they were collected or processed for other lawful purposes;
  2. the consent for their processing has been withdrawn by the person, and there is no other legal basis for the processing;
  3. the Person has made an effective objection to the processing of that Data;
  4. the Data were processed unlawfully;
  5. the necessity to delete the Data results from a legal obligation.

In the case of deletion of the Data, the Law Firm shall, at the request of the Person, inform about the recipients of the Data.

Limitation of processing

The Law Firm restricts Data processing, at the request of a Person, if:

  1. the correctness of the Data is questioned – for a period making it possible to check their correctness;
  2. processing is unlawful and the person objects to erasure of the Data, demanding instead a limitation of their use;
  3. the Law Firm no longer needs the Data for the purposes for which they were provided, but they are necessary for the Person to establish, assert or defend claims;
  4. the Person has raised an objection to the processing for reasons related to his/her particular situation – until it is determined whether on the part of the Law Firm there are legitimate grounds overriding the grounds for the objection.

During the restriction of processing, the Law Firm shall store the Data, but shall not process them (shall not use them, transfer them) without the consent of the Person, unless in order to determine, assert or defend claims, or in order to protect the rights of another natural or legal person, or due to important reasons of public interest.

In the case of restriction of Data processing, the Law Firm shall, upon request, inform the Person about the recipients of the Data.

Data transfer

At the request of a Person, the Law Firm shall release in a structured, commonly used machine-readable format or transfer to another entity, if possible, the Data concerning that Person which was provided by that Person to the Law Firm, processed on the basis of that Person’s consent or for the purpose of concluding or performing an agreement concluded with that Person, in the Law Firm’s IT systems.

Objection in a particular situation

If a person raises an objection, motivated by his/her particular situation, to the processing of his/her Data and the Data is processed by the Law Firm on the basis of a justified interest of the Law Firm or a task entrusted to the Law Firm in the public interest, the Law Firm shall take the objection into account unless there are important legal justified grounds for the processing on the part of the Law Firm, overriding the interests, rights and freedoms of the person raising the objection or grounds for establishing, asserting or defending claims.

Objection to direct marketing

If a Person objects to the Law Firm’s processing of his or her Data for direct marketing purposes, the Law Firm will honor the objection and cease such processing.

No profiling

The Data is not subject to profiling as one of the forms of automated processing of the Data.

Right to lodge a complaint to the supervisory authority (President of the Office for Personal Data Protection)

If a Person believes that the processing of Data violates his/her rights, he/she may file a complaint with the supervisory authority for the protection of personal data.


The Law Firm on the basis of the Data processing entrustment agreement makes the Data available to entities providing IT services, including cloud computing services, entities providing accounting, audit and legal services, call center services and marketing activities cooperating with the Law Firm, other entities processing data on behalf of ROA on the basis of the Data processing entrustment agreement, as well as in accordance with other principles of GDPR to administrative bodies, state services and courts.

Data is not transferred to countries outside the European Union. In case of transfer of Data to third countries outside the EU – ROA will apply appropriate instruments to ensure the security of the Data.

In connection with its cooperation with other law firms and with its suppliers and the ROA may entrust the processing of your Personal Data to the entities indicated above. These entities will be obliged to maintain the confidentiality of the Data and to process the Data in accordance with data protection legislation.


Changes in the Policy

Any changes introduced to the Policy in the future, resulting from revisions and updates of the Policy will be published on


If you have any questions about the Law Firm’s processing of your personal data, please contact the Controller at the following email address:

Applicability of the Policy

The Policy is effective as of January 1, 2021.