Last Updated: September 23, 2024
1. Introduction
David Burt Law (“we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data in compliance with:
- General Data Protection Regulation (GDPR) (EU 2016/679)
- Polish Data Protection Act (Ustawa o ochronie danych osobowych)
- Other applicable privacy laws
This Privacy Policy explains:
- What personal data we collect
- How we use, store, and protect it
- Your legal rights regarding your data
By using davidburtlaw.com or engaging our legal services, you agree to this policy.
2. Detailed Information We Collect
A. Personal Data Provided by You
We collect data when you:
- Contact us via email, contact forms, or phone
- Engage our legal services (client onboarding)
- Subscribe to newsletters or legal updates
- Attend our events or seminars
Examples of collected data:
- Identifiers: Full name, date of birth, nationality
- Contact details: Email, phone number, business/personal address
- Professional information: Employer, job title, case-related documents
- Financial data: Billing details, bank account information (for payments)
- Legal case data: Confidential case details, court documents, contracts
B. Automatically Collected Data
- Technical data: IP address, browser type, device information
- Usage data: Pages visited, time spent on site, click patterns
- Cookies & tracking: Session cookies, analytics cookies (Google Analytics)
C. Data from Third Parties
We may receive data from:
- Public records (court filings, business registries)
- Other law firms (in case of referrals)
- Government agencies (where legally required)
3. Legal Basis for Processing (GDPR Compliance)
We process data under the following lawful bases:
| Purpose | Legal Basis |
|---|---|
| Providing legal services | Contractual necessity |
| Responding to inquiries | Legitimate interest |
| Compliance with legal obligations | Legal requirement (e.g., tax laws) |
| Marketing communications | Consent (opt-in required) |
4. How We Use Your Data
| Purpose | Data Used |
|---|---|
| Legal representation & consultations | Name, contact info, case details |
| Billing & invoicing | Payment details, transaction history |
| Website improvement | Cookies, usage analytics |
| Regulatory compliance (e.g., anti-money laundering checks) | ID verification, due diligence |
5. Data Sharing & International Transfers
A. Third-Party Processors
We share data only with necessary providers under strict confidentiality:
- Cloud storage: Secure document management systems
- Payment processors: Bank transfers, PayPal (encrypted)
- Legal software: Case management tools (Clio, LexisNexis)
B. Legal Disclosures
We may disclose data if required by:
- Courts or government authorities (e.g., subpoenas)
- Anti-fraud investigations
- Regulatory compliance (e.g., bar association rules)
C. International Transfers
If data is transferred outside the EU/EEA, we ensure:
- Adequacy decisions (e.g., EU-US Privacy Shield)
- Standard Contractual Clauses (SCCs)
6. Data Security Measures
We implement:
- Encryption: TLS/SSL for data transfers
- Access controls: Role-based permissions for staff
- Secure storage: Password-protected databases
- Regular audits: Penetration testing & compliance checks
7. Data Retention Period
We retain data only as long as necessary:
| Data Type | Retention Period |
|---|---|
| Client case files | 10 years (legal requirement) |
| Financial records | 7 years (tax compliance) |
| Marketing contacts | Until consent is withdrawn |
8. Your Legal Rights
Under GDPR and Polish law, you have the right to:
- Access – Request a copy of your data.
- Rectification – Correct inaccurate data.
- Erasure (“Right to be Forgotten”) – Request deletion.
- Restriction – Limit how we use your data.
- Data Portability – Receive your data in a machine-readable format.
- Object – Opt out of marketing or automated processing.
To exercise these rights, contact:
Data Protection Officer (DPO)
Email: dpo@geissin.com
Post: David Burt Law, Varso Tower, ul. Chmielna 47, 00-801 Warsaw, Poland
We respond within 30 days (may extend for complex requests).
10. Policy Updates
We review this policy annually. Significant changes will be notified via:
- Website banners
- Direct email (for clients)
11. Complaints
If dissatisfied with our data handling, you may lodge a complaint with:
- President of the Personal Data Protection Office (Poland)
- EU Data Protection Authority (for cross-border issues)
12. Contact Information
David Burt Law
Varso Tower, ul. Chmielna 47
00-801 Warsaw, Poland
Phone: +48 732 144 500
Email: privacy@geissin.com
Key Recommendations for Implementation:
- Cookie Consent Tool: Integrate a GDPR-compliant solution (e.g., Cookiebot).
- Data Processing Agreements (DPAs): Ensure third-party vendors sign DPAs.
- Record of Processing Activities (ROPA): Maintain as required by GDPR Article 30.
- Staff Training: Regular privacy law updates for employees.