Privacy policy

Welcome!
If you are reading this Privacy Policy, it means that the protection of your personal data matters to
you. We take your privacy seriously and have implemented legal and technical measures to protect it.
Below, we explain how we process your personal data under the GDPR. If you have any questions,
please contact us.

§1. General information
Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of
27 April 2016 (the “GDPR”) (and, where we obtain personal data from other sources, also Article 14
GDPR), we set out below information on how we process your personal data.
This Privacy Policy contains information about the processing of your personal data by us. Detailed
information on the use of cookies and other similar technologies is provided in the Cookies Policy,
available below.
§2. Who is the Controller of your personal data?
The Controller is Agnieszka Deegan, carrying on business under the name Agnieszka Deegan,
Solicitor KANCELARIA PRAWNIKA ZAGRANICZNEGO, Tax Identification Number (NIP): 6431073018,
Statistical Number (REGON): 140724502, with its registered address at: ul. Bitwy pod Rokitną 1/91,
01-506 Warsaw, Poland. You may contact the Controller by e-mail at: agnieszka@deeganlaw.eu.
§3. For what purposes do we collect your data and how long do we retain it?
We may process your personal data for the following purposes:
1. Communication with you in order to resolve or finalise the matter to which the
correspondence relates, including answering questions submitted via the contact
form, e-mail message, etc. (Article 6(1)(f) GDPR)
We process your personal data on the basis of the Controller’s legitimate interest consisting in
communicating with you (Article 6(1)(f) GDPR). We will retain such data until you object or until the
purpose has been achieved, whichever occurs first. Providing this data is voluntary; however, it is
necessary to communicate with you.
We may also retain the data for internal archiving purposes on the basis of the Controller’s legitimate
interest (Article 6(1)(f) GDPR), until you object or until the purpose has been achieved, whichever
occurs first.
2. Entering into and performance of a contract, and pre-contractual communication in
matters concerning the contract (Article 6(1)(b) GDPR)
3. Establishing, pursuing or defending claims as the Controller’s legitimate interest
(Article 6(1)(f) GDPR)
4. Compliance with legal obligations incumbent on the Controller, including tax and
archiving obligations (Article 6(1)(c) GDPR)
Data necessary to enter into and perform the contract will be retained for the period of contract
performance, including the period of exercising rights arising from the contract (Article 6(1)(b) and
(f) GDPR). Providing this data is voluntary; however, it is necessary to enter into and perform the
contract.
Additional data provided, inter alia, to improve the performance of the contract will be retained no
longer than until you object or until the purpose is fulfilled, on the basis of the legitimate interest
consisting in customer service (Article 6(1)(f) GDPR).

2
Your data will be retained for the limitation period for claims arising from applicable provisions,
including, in particular, Article 118 of the Polish Civil Code, and thereafter for an additional period of
12 months, on the basis of the Controller’s legitimate interest in defending against claims as well as
establishing and pursuing claims (Article 6(1)(f) GDPR).
Where processing is necessary for compliance with legal obligations, your data will be retained for the
period required by generally applicable laws. Where the data is necessary to comply with the
Controller’s legal obligations (e.g. issuing and storing invoices; archiving obligations), the retention
period is 5 years from the end of the calendar year in which the tax obligation arose, unless
provisions provide otherwise (Article 6(1)(c) GDPR). In other cases of compliance with legal
obligations, the retention period is determined by the provisions governing those obligations (Article
6(1)(c) GDPR).
Your data may also be archived for internal and statistical purposes until you object or until the
purpose is fulfilled, on the basis of the Controller’s legitimate interest (Article 6(1)(f) GDPR).
5. Administration and management of our website and social media pages/groups
(including LinkedIn), including communication and directing marketing content
(Article 6(1)(f) GDPR)
Data provided for the use of a platform will be retained no longer than until you object or until the
purpose is fulfilled – whichever occurs first – on the basis of the legitimate interest consisting in
managing and operating our social media pages and communicating with users. This data will be
processed only if you decide to: like the page / join the group / choose the “Follow” option, or
otherwise leave your data on the platform managed by us, e.g. by posting an entry or comment.
Data will be retained for as long as the page/group exists or until you object, which may occur by
unliking/unfollowing, deleting a comment/post, by other means available within the platform/page, or
by contacting us directly. Please note that the rules relating to the page/fan page/group are set by
the Controller, while the terms of use of the social media platform on which the page/fan page/group
is hosted are set by the entity managing that platform.
6 Analytical and statistical purposes [kk5.1] (Article 6(1)(a) or (f) GDPR)
We process personal data for analytical and statistical purposes to better understand how you use our
products/services and how we can develop them. Such data may come from various sources – for
example from analytics tools (if we use a website or application), from customer service systems,
accounting software, booking or communication systems, as well as from statements and reports
prepared for our internal purposes.
Where we use cookies or similar technologies, tools other than strictly necessary are activated only
after you have given consent (Article 6(1)(a) GDPR) in the cookies banner. Data necessary for proper
operation, security and functionality of the service are processed on the basis of legitimate interest
(Article 6(1)(f) GDPR). Where we do not use cookies, analytics data come from our own systems and
are processed on the basis of legitimate interest (Article 6(1)(f) GDPR) to produce statistics, analyse
trends and improve services.
Where possible, we apply pseudonymisation or anonymisation, and reports are aggregated (e.g.
number of enquiries, average contact time, most frequently selected service categories) without the
possibility of attributing them to a specific person. We process such data until you object or until the
purpose is fulfilled – whichever occurs first – and, where consent is the legal basis, until consent is
withdrawn. You have the right to object to processing based on our legitimate interest, and where
consent is the legal basis – to withdraw it at any time.
7 Promotion and marketing of products (Article 6(1)(a) or (f) GDPR)
Where you provide us with your data, in particular in the form of reviews/opinions, such data will be
processed on the basis of the Controller’s legitimate interest consisting in marketing, in order to

3
improve the quality of services and products and to promote the Controller’s services and products.
This data will be processed until you object or until the purpose has been achieved, whichever occurs
first. Providing the data is voluntary.
8 Recruitment (Article 6(1)(b) and Article 6(1)(c) GDPR)
Data may be processed for the period necessary for recruitment and entering into a contract (Article
6(1)(b) GDPR). Data required by the labour law is processed pursuant to Article 6(1)(c) GDPR in
conjunction with Article 221 of the Polish Labour Code. For additional data provided voluntarily, the
legal basis is your consent (Article 6(1)(a) GDPR).
Your data may also be processed for future recruitment purposes – based on your consent – for a
maximum of 3 years due to the recruitment cycle in the industry (this period is calculated from the
end of the year in which the application was obtained). Providing personal data is voluntary, however
providing certain data may be necessary to conduct recruitment and/or enter into a contract. Failure
to provide such data will result in the inability to undertake the above actions.
§4. To whom may we disclose your personal data?
We disclose your data to other entities only where it is necessary to achieve the processing purposes
referred to in §3 and only to the extent necessary to achieve those purposes. As a rule, we collect
and process only the data that you have provided to us, subject to data collected automatically or
semi-automatically (e.g. online identifiers, system logs, cookies and similar technologies). More
information on cookies is provided in §8.
We may disclose your data to processors acting on our instructions. Data is disclosed to other
companies/entities only where necessary.
We may entrust your data to: a hosting provider; an IT provider/entity managing the website; an
accounting and bookkeeping service provider; an invoicing software provider; a cloud services
provider; marketing service providers; administrative service providers; consulting service providers;
subcontractors; lawyers; courier or postal operators; appointment booking platforms; platforms used
to deliver products or provide services; and other entities supporting the Controller in achieving the
processing purposes. Personal data may also be disclosed by the Controller to entities authorised to
receive it under applicable law, including, inter alia, public authorities, common courts and
administrative courts, bailiffs’ offices, notarial offices, etc.
As a rule, data will not be transferred outside the EEA, subject to the situations described below. In
other cases, where data is transferred outside the EEA, this will take place on the basis of your
consent, standard contractual clauses or other safeguards provided for in the GDPR, subject to
meeting the applicable information requirements.
Services provided by Microsoft Ireland Operations Ltd, Meta Platforms Ireland Limited (Facebook),
and Google Ireland Ltd are performed by entities established in the EU; however, due to their global
nature, data may be transferred to the USA on the basis of standard contractual clauses or other
GDPR-compliant safeguards. In any event, these entities have implemented safeguards intended to
protect personal data, including standard contractual clauses. Further information on the rules
applicable to data processing by the above providers can be found in each provider’s privacy policy.
Your data (where required by the processing purpose) may also be transferred outside the EEA to the
following entities:
1. ActiveCampaign LLC, 1 N Dearborn St., 5th Floor, Chicago, Illinois 60602
2. Asana, Inc., 1550 Bryant Street, 2nd Floor, San Francisco, California 94103
§5. What rights do you have?
Under the GDPR you have the right to: access your personal data; rectify personal data; erasure of
personal data; restrict processing; object to processing; data portability; and withdraw consent.

4 . Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
Detailed information on these rights is set out in the GDPR, i.e. Regulation (EU) 2016/679 of 27 April
2016. We respond to your requests as a rule within one month (Article 12(3) GDPR).
If you believe that your personal data is processed in breach of applicable law, you have the right to
lodge a complaint with the President of the Personal Data Protection Office (PUODO). In such a case,
however, we encourage you to contact us first to clarify your concerns.
§6. Is your personal data subject to profiling?
The Controller analyses personal data in an automated manner using tools provided by software
vendors (e.g. statistics, history), solely to the extent that it does not produce legal effects concerning
you or similarly significantly affect you. The purpose of automated processing is to identify users’
preferences (more information on such analysis is provided in §8 – Cookies Policy)
§7. Applicable law
In matters not regulated herein, the relevant provisions of law apply, including European law (in
particular the GDPR).
§8. Cookies Policy
When you use the Website, technical information and online identifiers may be collected
automatically, in particular via cookies and similar technologies. Such data may constitute personal
data.
Cookies are small text files stored on a user’s device. Cookies usually contain the name of the
website they originate from, the period for which they are stored on the end device and a unique
number.
Cookies are used in particular for the following purposes:
 technical and functional – necessary for the proper operation of the Website and its
functionalities (e.g. session maintenance, shopping cart, forms);
 -analytical and statistical – enabling analysis of how the Website is used, which helps improve
its structure and content
 marketing and advertising – enabling remarketing and the delivery of personalised advertising
content
 communication and performance – supporting chat service, optimisation of website operation
and service performance.
The current list of cookies used on the Website, together with information on their categories,
providers and retention periods, is available in the consent management tool (the cookies banner
visible on the Website).
You can change cookie settings in your web browser. In many cases, the browser allows cookies to be
stored by default. Detailed information on the options and ways to manage cookies is available in
your browser settings. Failure to consent to cookies may limit the operation of certain Website
functionalities.
§9. Social media plug-ins
The Website uses plug-ins, widgets and other social tools provided by portals such as LinkedIn. The
rules concerning the processing of personal data are described directly on the websites of those
service providers.
§10. Joint controllership

5
Data processed within LinkedIn is subject to joint controllership by the Controller and LinkedIn
Ireland Unlimited Company, Legal Dept. (Privacy Policy and User Agreement), Wilton Place, Dublin 2,
Ireland (the “Joint Controller”). Detailed rules on joint controllership, including information on your
rights, are provided in LinkedIn’s privacy policy. The Controller processes data on the basis of the
Controller’s legitimate interest, consisting of analysing users’ activity and preferences to improve
functionalities and services. In matters relating to personal data, you may contact both the Controller
and the Joint Controller.
The allocation of responsibilities of the parties as joint controllers is governed by the arrangements
referred to in Article 26 GDPR, published in the privacy policies of the relevant platform.
This Privacy Policy is effective as of 31 January 2026.

Privacy Policy

Let Me Help You Overshoot Your Goals in the Right Ways.