Privacy and cookie policy Advocly
# 1: Who is the controller of personal data?
The administrator of your personal data is ADVOCLY PROSTA SPÓŁKA AKCYJNA, with its registered office in Warsaw (02-454), at ul. Szczęsna 26, entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under KRS number 0001151203, NIP 5223323464, REGON 540722005, with a share capital of PLN 40,000.00. Where we use phrases such as "we", "our", etc. in the Privacy Policy, we mean the indicated entity.
In respect of social media profiles linked to our website, in accordance with the case law of the Court of Justice of the European Union, we are a joint controller of personal data together with the provider of the social media service on which the profile operates.
Details regarding the processing of personal data by individual social networking service providers we use can be found here:
#2: Who can you contact regarding the processing of personal data?
As part of the implementation of the personal data protection system in our organization, we have decided not to appoint a personal data protection officer due to the fact that in our situation it is not mandatory.
In matters related to personal data protection and broadly understood privacy, you can contact us at the e-mail address: [email protected]. In the field of social media, you can also directly contact the administrators of the social networking sites in which we run our profiles.
#3: For what purposes do we process personal data?
There is more than one of these purposes. Below is a list of them, along with a more detailed explanation. The individual purposes are also assigned appropriate legal bases for processing:
| Purpose of processing | Discussion of the purpose of processing | Legal basis |
|---|---|---|
| User account management | Registering a user account requires providing the data necessary for this purpose, as specified in the registration form. Data is processed for the purpose of providing you with the user account service. After deletion of the user account, the data is archived for the purpose of determining, pursuing or defending claims related to the user account service. | Article 6, paragraph 1, letter b of the GDPR |
| Newsletter service | When subscribing to the newsletter, you must provide the data necessary to receive it, as specified in the subscription form. Providing data is a condition for receiving the newsletter. In addition, the mailing system saves your IP address that you used to sign up for the newsletter, determines your approximate location, the email client that you use to manage your email, and tracks your actions in connection with the messages sent to you. In connection with this, we also have information about which messages you opened, in which messages you clicked on links, etc. In the mailing system, we can define, based on various criteria related to your activity, interests or other preferences, specific groups or segments of newsletter recipients that influence what types of messages you receive as part of the newsletter. The data provided by you in connection with your subscription to the newsletter are used to send you the newsletter, and the legal basis is our legally justified interest, which in this case is the implementation of marketing purposes. When it comes to the processing of information that does not originate from you but was collected automatically, we rely on our legitimate interest in analysing the behaviour of newsletter subscribers in order to optimise marketing activities. You can unsubscribe from the newsletter at any time by clicking on the dedicated link in each newsletter message, or by simply contacting me. Unsubscribing from the newsletter does not result in the deletion of your data from the mailing system. The data is archived for the purpose of determining, pursuing or defending claims related to the newsletter, as well as to ensure the possibility of demonstrating that the newsletter activities were conducted in accordance with the law. | Article 6, paragraph 1, letter f of the GDPR |
| Contact and correspondence management | By contacting us via available means of communication, e.g. e-mail, social media, you naturally provide your personal data contained in the content of the correspondence. Providing data is a condition for establishing contact. In addition, the communication system saves your IP address that you used to send the message. Data is processed for the purpose of communication, which is our legitimate interest. After the communication is completed, the data is archived for the purpose of determining, pursuing or defending claims related to the communication. | Article 6, paragraph 1, letter f of the GDPR |
| Fulfillment of tax and accounting obligations | In connection with the performance of the contract, we also fulfill various tax and accounting obligations, in particular in the form of issuing an invoice, including the invoice in our accounting documentation, storing documentation, etc. To issue an invoice, we process, among others, data such as name and surname, company name, business address, and Tax Identification Number. Providing data required by tax law is necessary to fulfill the indicated obligations. | Article 6, paragraph 1, letter c of the GDPR in connection with the relevant provisions of tax law |
| Defending, establishing or pursuing claims | The use of our website, as well as the conclusion of a contract with us, may give rise to certain claims on our or your side in the future. We are therefore entitled to process personal data for the purpose of defending, establishing or pursuing claims. For this purpose, we may process any personal data that is related to a given claim, therefore their scope may vary depending on what the claim concerns. In this case, we rely in this respect on our legitimate interest in protecting our interests. | Article 6, paragraph 1, letter f of the GDPR |
| Creating audiences for advertising | Your e-mail address stored in our database may be sent to a specific advertising system (e.g. Facebook Ads, LinkedIN Ads) in order to create a group of advertising recipients using that e-mail address. When you use this feature, your email address is hashed before it is sent to your system to create your audience. The email address will be used in the matching process conducted by the advertising system in question. The advertising system does not share your email address with third parties or other advertisers and deletes your email address immediately after the matching process is complete. The advertising system implements processes and procedures to ensure the confidentiality and security of the e-mail address sent to it and the set of user identifiers constituting the group of recipients created using the e-mail address, among others, through the use of technical and physical security measures. Creating a group of advertising recipients using your e-mail address constitutes our legitimate interest, which in this case is the achievement of our marketing goals. | Article 6, paragraph 1, letter f of the GDPR |
| Social media support | If you follow our social media profiles or interact with our content on social media, we naturally see your data that is publicly available on your social media profile. We process this data solely within the social media and solely for the purpose of operating the social media, which is our legitimate interest. If you contact us via private message, you naturally provide us with your personal data contained in the content of the correspondence, in particular your image and name and surname. In this case, your data is processed for the purpose of contacting you, and the basis for processing is our legitimate interest. It may happen that we are the party initiating contact with you via social media in order to offer cooperation, then your data will be processed for the purpose of searching for potential contractors, offering and establishing cooperation, which is our legitimate interest. Messages sent to us via social media are automatically archived using tools available within each social network and are available to us until you delete them. You can view all messages exchanged with us in the private messages tab. Your use of social networking sites is subject to the terms and conditions and privacy policies of the administrators of those sites, and those administrators provide you with services electronically, completely independently of us. | Article 6, paragraph 1, letter f of the GDPR |
| Analysis and statistics | We conduct analytical and statistical activities using tools provided by external suppliers. As part of the analytical tools, we only have access to Anonymous Information. We base the processing of this information on a legitimate interest, which consists in creating, viewing and analyzing statistics related to user activity on the website in order to draw conclusions that will allow for the subsequent optimization of our activities. From the tools level we only have access to a set of statistics and information not assigned to specific people. For detailed information about tools from third-party providers, please see the section on tools we use. | Article 6, paragraph 1, letter f of the GDPR |
| Own Marketing | We conduct marketing activities using tools provided by external suppliers. As part of marketing tools, we only have access to Anonymous Information. We base the processing of this information on a legitimate interest, which consists in conducting marketing activities, including targeting advertisements within external systems for the purposes of marketing our own products and services. From the level of the tools, we only have access to a set of statistics and information not assigned to specific individuals. For detailed information about tools from third-party providers, please see the section on tools we use. | Article 6, paragraph 1, letter f of the GDPR |
| Fulfillment of obligations related to the protection of personal data | As a data controller, we are obliged to fulfil our obligations related to the protection of personal data. In this respect, we may process your personal data to the extent necessary to fulfil these obligations (e.g. when processing your request regarding your personal data). The scope of the data depends on what data we need to fulfil the obligation and prove compliance with the GDPR. In addition, in this case, we also rely on our legitimate interest, which consists in securing the data necessary to demonstrate accountability. | Article 6 paragraph 1 letter c of the GDPR in conjunction with other relevant provisions of the GDPR, Article 6 paragraph 1 letter f of the GDPR |
| Storing User Content | When submitting User Content (as defined in our terms and conditions), such as a comment or review, you must provide the personal data necessary for that purpose. Providing data is a condition for submitting User Content. In addition, our IT system stores your IP number that you used to submit User Content. The IT system that supports User Content may be operated by a third-party provider. In such a case, use of the system is subject to the terms and conditions and privacy policy of the third-party provider. Detailed information about the tools of third-party providers can be found in the section on the tools we use. The data is processed for the purpose of publishing User Content on the website or storing it in the IT system associated with the website, which constitutes the implementation of the service provided to you electronically in accordance with our regulations. If you submit User Content for publication on the site, the User Content you submit, along with your personal data, is publicly available on the site. You can modify or delete the submitted User Content at any time. Deleted User Content, along with your personal data, is archived for any purpose of determining, pursuing, or defending claims related to the Digital Content and for demonstrating accountability. | Article 6, paragraph 1, letter b of the GDPR |
| Processing and Analysis of User Agreements | When you upload agreements or other legal documents to our Service, we process this content for the following purposes: 1. Providing you with the requested analysis and services; 2. Improving and testing our services, algorithms and AI models; 3. Creating anonymized datasets for service enhancement; 4. Analyzing patterns and trends in legal documents to improve our analytical capabilities; 5. Training and validating our systems to enhance accuracy; 6. Conducting A/B testing of different analysis methods and models to improve service quality. | Article 6, paragraph 1, letters b and f of the GDPR |
#4: What information do we have about you?
Within each of the purposes described above, we can process a different scope of data – such as is necessary to achieve a specific purpose. The data includes information such as:
- name and surname,
- email address,
- IP address,
- invoice details,
- information contained in user materials,
#5: Where do we get your information?
In most cases, you provide it to us yourself.
In addition, some information about you may be automatically collected by the tools we use. Detailed information about external tools can be found in the appendix to the Privacy Policy.
# 6: Is your data safe?
We care about the security of your personal data. We have analyzed the risks associated with individual processes of processing your data, and then implemented appropriate security measures and personal data protection. We constantly monitor the state of technical infrastructure, train staff, look at the procedures used, and introduce necessary improvements.
#7: How long will we keep your personal information?
We process your personal data for as long as it is justified within the framework of the given purpose of processing personal data, therefore the processing periods vary depending on the purpose. Remember that the termination of the processing of your data within the framework of one purpose does not necessarily have to lead to the complete deletion or destruction of your personal data, because the same set of data may be processed within the framework of another purpose, for the period indicated for it. The complete deletion or destruction of data takes place when we have completed the implementation of all purposes and in other cases indicated in the GDPR.
The retention periods are indicated in the table below.
| The purpose of data processing | Data storage period |
|---|---|
| User account | Until the user account is deleted |
| Fulfillment of the contract | Until the contract is fulfilled. |
| Newsletter | Until you unsubscribe from the newsletter. |
| Tax and accounting obligations | For the period required by law. |
| Determination, defense, and pursuit of claims | Until the limitation period for claims expires. |
| Advertising audiences | Until the information loses its usefulness or you object to its processing |
| Social media | For as long as the information is available on the social networking site |
| Analysis and statistics | Until the information loses its usefulness or you object to its processing |
| Own Marketing | Until the information loses its usefulness or you object to its processing |
| Contact and correspondence | As long as there is contact between us |
| Additional tools | Until the information loses its usefulness or you object to its processing |
| Obligations regarding the protection of personal data | Until the limitation period for our liability as a personal data controller expires |
| Storing User Content | Until such time as your User Content is deleted. |
#8: Who are the recipients of personal data?
We will venture to say that modern business cannot do without services provided by third parties. We also use such services. Some of these services involve the processing of your personal data. External service providers who participate in the processing of your personal data are indicated in the table below.
| Processor | The purpose of cooperation with the processor |
|---|---|
| Hosting provider | Storing data on the server |
| Invoicing system provider | Issuing invoices |
| Mailing system provider | Newsletter service |
| Landing page system provider | Landing page support |
| Cloud Service Provider | Google services |
| Accounting office | Bookkeeping |
| Technical support | Technical work on areas with personal data |
#9: Do we transfer data to third countries or international organizations?
Yes, part of the processing of your personal data may involve their transfer to third countries.
We transfer your personal data to third countries in connection with the use of tools that use resources located in third countries, in particular in the USA. The providers of these tools guarantee an adequate level of protection of personal data through appropriate compliance mechanisms provided for by the GDPR, in particular through the use of standard contractual clauses.
Currently, your personal data is transferred to third countries in connection with our use of the following solutions:
| Type of Solution | Solution Provider | Third Country |
|---|---|---|
| Cloud Services & CDN | Cloudflare, Inc. | USA |
| Serverless Database Management | Neon.tech | USA |
| Cloud Hosting | AWS (Frankfurt Server) | Germany |
| API Gateway | Hasura.io | USA |
| Payment Provider | Paddle | USA |
| Error Reporting & Session Logging | On-Premise Sentry | N/A (On-Premise) |
| Email Provider | Resend.com | USA |
| Email Communication | Google Workspace | USA |
| Tag Management | Google Tag Manager | USA |
| Advertising | Google Ads | USA |
| Video Hosting | YouTube | USA |
| Business Insights | LinkedIn Insight Tag | USA |
| AI Language Model Provider | Anthropic API | USA |
| AI Language Model Provider | OpenAI API | USA |
| AI Language Model Provider | USA | |
| Internal & External Communication | Slack | USA |
In addition, Anonymous Information collected in connection with the use of the tools indicated in the annex to this privacy policy may be transferred to third countries, in particular the USA.
#10: Do we use profiling?
We do not make decisions about you based solely on automated processing, including profiling, that would produce legal effects for you or significantly affect you in a similar way. Yes, we use tools that allow us to take certain actions depending on the information collected through tracking mechanisms, but we believe that these actions do not have a significant impact on you because they do not differentiate your situation as a customer, do not affect the terms of a contract you may enter into, etc.
By using certain tools, we can, for example, target you with personalized ads based on your previous actions on a given site or suggest products that may interest you. This is called behavioral advertising. We encourage you to learn more about behavioral advertising, especially privacy issues. Detailed information, including the ability to manage settings for behavioral advertising, can be found here .
#11: What are your rights?
The GDPR grants you the following potential rights in relation to the processing of your personal data:
-
the right to access your data and receive a copy thereof;
-
the right to rectify (correct) your data;
-
the right to delete data (if in your opinion there is no basis for us to process your data, you can request that we delete it);
-
the right to restrict data processing (you can request that we restrict data processing only to storing it or performing activities agreed with you, if in your opinion we have incorrect data or process it without justification);
-
the right to object to data processing (you have the right to object to data processing based on a legitimate interest; you should indicate the specific situation that, in your opinion, justifies discontinuing the processing covered by the objection; we will stop processing your data for these purposes unless we can prove that the grounds for data processing override your rights or that your data are necessary to establish, pursue or defend claims);
-
the right to data portability (you have the right to receive the personal data you have provided under a contract or your consent in a structured, commonly used and machine-readable format; you can have this data sent directly to another entity);
-
the right to withdraw consent to the processing of personal data, if you have previously given such consent;
-
the right to lodge a complaint with a supervisory authority (if you find that we are processing your data unlawfully, you may lodge a complaint with the President of the Personal Data Protection Office or another competent supervisory authority).
The principles related to the implementation of the above-mentioned rights are described in detail in Articles 16–21 of the GDPR. We encourage you to familiarize yourself with these provisions. For our part, we consider it necessary to explain to you that the above-mentioned rights are not absolute and will not apply to you in relation to all activities of processing your personal data.
We would like to emphasize that you always have one of the rights indicated above: if you believe that we have violated the provisions on personal data protection while processing your personal data, you have the right to lodge a complaint with the supervisory authority (the President of the Personal Data Protection Office).
# 12: Do we use cookies or other similar technologies and what do they involve?
Our website, like almost all other websites, uses cookies and other similar technologies, such as tracking codes or pixels, conversion APIs, etc.
Using cookies or other similar technologies, certain information is collected and then used for various purposes, from ensuring the correct operation of individual website functions, through analysis of user behavior on the website, to sending targeted advertising.
If you want to learn more about cookies and other similar technologies, you can read these materials, for example:
#13: On what basis do we use cookies or other similar technologies?
We use cookies or other similar technologies based on your consent, except when cookies or other similar technologies are necessary for the proper provision of services to you.
Cookies or other similar technologies that are not necessary for the proper provision of services remain blocked until you express your consent to their use. During your first visit to our website, you are presented with a message asking for your consent along with the possibility of managing cookies or other similar technologies, i.e. deciding which cookies or other similar technologies you agree to and which you want to block.
#14: Can you disable cookies or other similar technologies?
Yes, you can manage cookie settings or other similar technologies within your web browser. You can block all or selected cookies or other similar technologies. You can also delete previously saved cookies and other site and plug-in data at any time.
Internet browsers also offer the option of using incognito mode. You can use it if you do not want information about visited sites and downloaded files to be saved in your browsing and download history. Cookies created in incognito mode are deleted when you close all incognito windows.
There are also browser plugins available to control cookies or similar technologies, such as Ghostery . Additional software, particularly antivirus packages, etc., may also provide the option to control cookies or similar technologies.
In addition, there are tools available on the Internet that allow you to control certain types of cookies or other technologies, in particular the collective management of behavioral advertising settings.
We also give you the ability to control cookies or other similar technologies directly from our website. We have implemented a special privacy mechanism that allows you to block cookies or other technologies that you do not want. Remember that disabling or limiting the use of cookies or other technologies may prevent you from using some of the functions available on our websites and cause difficulties in using the website, as well as many other websites that use cookies or other similar technologies. For example, if you block cookies or technologies related to social media plugins, buttons, widgets, social functions implemented on our websites may be unavailable to you.
#15: For what purposes do we use cookies or other similar technologies?
Cookies or other similar technologies are used to ensure the proper functioning of individual mechanisms of our websites, such as remembering the contents of the shopping cart for a specified period of time after adding selected products to it, maintaining the session after logging in, correctly sending forms visible on the pages, embedding video or audio players, operation of the comment system, social plugins, etc.
In addition, cookies or other similar technologies are used to conduct statistical, analytical and marketing activities.
Cookies also store information about your cookie settings defined by you via the privacy mechanism operating on our website.
Some cookies or other similar technologies are associated with external tools that we use, and the providers of those tools may have access to information collected through those cookies or other similar technologies. Details about external tools can be found in the appendix to the Privacy Policy.
#16: What external tools do we use?
A list of tools that require the use of cookies or other similar technologies, as well as a detailed description of these tools, can be found in the appendix to the Privacy Policy.
#17: Are we serving targeted ads to you?
Yes, we use external tools that allow us to direct advertising to specific target groups defined based on various criteria such as age, gender, interests, profession, work, and previous activities on our sites. These tools are described in detail in the appendix to this Privacy Policy.
#18: Is this Privacy Policy subject to change?
Yes, we may modify this Privacy Policy, in particular due to technological changes and changes in legal regulations. If you have a user account or subscribe to the newsletter, you will receive a message about each change to the Privacy Policy. All archived versions of the Privacy Policy are linked below.
Privacy policy valid starting March 1, 2025