Pro Document Privacy Policy
Information on the processing of personal data in accordance with GDPR (RODO) (EU Regulation 2016/679) and the Polish Act on the Protection of Personal Data. The Polish version of the document is legally binding.
1. Controller of personal data
The controller of Clients' personal data is Pro Document Sp. z o.o. with its registered office in Wrocław, NIP 8971939103, REGON 528914234, KRS 0001111057. Contact for matters relating to data protection: prodocumentt@gmail.com.
2. Purposes of processing
- Provision of legal services — preparation of wnioski (applications), representation before the Urzędy (Offices), communication regarding the case
- Performance of the agreement — invoicing, settlements, accounting documentation
- Fulfilment of legal obligations — tax regulations, the Code of Administrative Procedure, the Act on Foreigners
- Own marketing — only if the Client has given separate consent (email or WhatsApp)
- Service improvement — statistical analysis on anonymized data
3. Scope of data processed
Within the scope of the services provided, Pro Document processes:
- Identification data — first name, surname, date of birth, citizenship, passport number, PESEL (if held)
- Contact data — place of residence, email, telephone number, WhatsApp number
- Special category data (GDPR (RODO) Art. 9) — to the extent necessary: information on health status (health insurance), national origin, family status, prior administrative decisions
- Document data — scans of passports, employment contracts, diplomas, decisions of the UW (Voivodeship Office), family documents
- Financial data — information on salary, business income, ZUS (to the extent required by the UW (Voivodeship Office))
4. Legal basis for processing
- Art. 6(1)(b) GDPR (RODO) — performance of the legal services agreement
- Art. 6(1)(c) GDPR (RODO) — fulfilment of the Controller's legal obligations
- Art. 9(2)(a) GDPR (RODO) — the Client's explicit consent to the processing of special category data
- Art. 6(1)(a) GDPR (RODO) — the Client's consent to marketing (if given)
- Art. 6(1)(f) GDPR (RODO) — the legitimate interest of the Controller (statistical analysis, security)
5. Recipients of data
The Client's data may be disclosed to:
- The Urzędy Wojewódzkie (Voivodeship Offices), the Szef Urzędu do Spraw Cudzoziemców (Head of the Office for Foreigners), administrative courts — to the extent necessary to handle the case
- Sworn translators, notaries, the accounting office — to the extent necessary to perform the service (after separate consent has been given)
- IT service providers — Supabase (database hosting in the EU/Frankfurt), Vercel (application hosting), Tpay (payments), 360dialog (WhatsApp)
- State authorities — solely on the basis of applicable legal provisions
6. Retention period
- Case data — 6 years after completion (obligation to retain accounting documentation and in respect of potential claims)
- Platform account data — until the account is deleted by the Client
- Marketing data — until consent is withdrawn
- Technical logs — 12 months
7. Client's rights
In accordance with GDPR (RODO), the Client has the following rights:
- Right of access to their data — the Client may obtain a copy of all data we hold about them
- Right to rectification — correction of inaccurate or incomplete data
- Right to erasure ("right to be forgotten") — deletion of data after the retention obligation has expired
- Right to restriction of processing — in specified cases
- Right to data portability — receiving data in a format that allows transfer to another controller
- Right to object — to processing based on legitimate interest
- Right to withdraw consent — at any time, with effect for the future
- Right to lodge a complaint with the President of the Personal Data Protection Office (UODO)
8. Data security
- All data is stored on servers in the European Union (Supabase region: Frankfurt)
- Encryption at rest and in transit (TLS 1.3, AES-256)
- Access to data — only authorized Pro Document employees, with an event log
- Access control — Row-Level Security in the database, two-factor authentication for the team
- Regular backups, encrypted
9. Cookies
The Platform uses only the necessary cookies to maintain the user's session. We do not use third-party analytical or marketing cookies. The full cookie policy is available at /legal/cookies.
10. Changes to the Policy
Pro Document reserves the right to amend this Privacy Policy. The Client will be notified of any material changes 14 days in advance via the Platform and by email. Continued use of the Platform after the changes take effect constitutes acceptance of them — if the Client does not accept them, they may delete their account.
