BBlackWin
Legal

Privacy Policy

GDPR-compliant · Last updated: 13 May 2026

1. Data Controller

BlackWin acts as the Data Controller within the meaning of Article 4(7) of the EU General Data Protection Regulation 2016/679 ("GDPR") for the personal data collected through this website and during client engagements. You may contact our data protection point of contact at suierqa@gmail.com.

2. Personal Data We Collect

  • Identity data: name, date of birth, nationality, passport details (where required for the service).
  • Contact data: email address, telephone number.
  • Professional data: CV, employment history, qualifications.
  • Case data: visa, residency or corporate-formation information you submit.
  • Payment data: handled exclusively by regulated payment processors; we do not store full card numbers.
  • Technical data: IP address, browser type, basic analytics.

3. Legal Bases for Processing

We process personal data on the following GDPR Article 6 bases:

  • Performance of a contract with you (Art. 6(1)(b)) — for delivering consulting services.
  • Compliance with legal obligations (Art. 6(1)(c)) — for tax, anti-money-laundering and record-keeping rules.
  • Your consent (Art. 6(1)(a)) — for non-essential communications.
  • Our legitimate interests (Art. 6(1)(f)) — for service improvement, fraud prevention and security.

4. Recipients

We share data only with: vetted professional partners directly involved in your matter (translators, notaries, accounting partners, foreign counsel); payment processors; cloud infrastructure providers under data-processing agreements; and government authorities when legally required.

5. International Transfers

Where data is transferred outside the European Economic Area, we rely on Standard Contractual Clauses approved by the European Commission or other adequate safeguards under Chapter V GDPR.

6. Retention

We retain client case files for the period required to complete the engagement and to comply with applicable legal retention obligations (typically 5 years from engagement closure). Inactive prospect data is deleted within 24 months.

7. Your Rights

Under GDPR you have the right to: access your data, request rectification, request erasure, restrict processing, data portability, object to processing based on legitimate interests, and withdraw consent at any time. You also have the right to lodge a complaint with the Polish supervisory authority (Prezes Urzędu Ochrony Danych Osobowych) or your local EU supervisory authority.

8. Cookies

This website uses only strictly necessary cookies for session integrity. Analytics cookies, where deployed, are activated only with your consent.

9. Security

We implement appropriate technical and organisational measures including encryption in transit, access controls, audit logging and least-privilege principles for staff handling personal data.

10. Contact

To exercise any of your rights or for any privacy-related question, contact suierqa@gmail.com.