×
MACURA | Unikalna wiedza ekspercka

Kancelaria MACURA.
ul. Odyńca 7/13
02-606 Warszawa

T: (+48) 696-011-713
M: monika.macura@kancelariamacura.pl

See us on:

Expert knowledge,
innovative
approach

Not only we understand the legal but also the technological and financial aspects of our clients’ businesses. We are an excellent choice for companies seeking specialized expertise and partnership. our services >

Payment services

We support clients in obtaining permits for payment services.

LendTech Financial Institutions

We provide comprehensive legal services to dynamically developing loan institutions.

Cryptoassets and tokenization

Comprehensive legal support for companies providing services in the area of cryptoassets. Legal advice on tokenization issues.

Personal Data

GDPR, data protection and privacy in the FinTech, LendTech and e-commerce industries.

Intelectual Property

We provide advice on intellectual property protection for software developers.

E-commerce

We provide comprehensive services for entities in the e-commerce industry.

Mergers and acquisitions (M&A)

Comprehensive legal support for companies in demergers and mergers, joint venture transactions, the purchase and sale of shares and the set up of holding companies and capital groups.

Obtaining financing

Comprehensive legal support for companies in the obtaining and raising finance for the development of selected business projects.

Relations with supervisory authorities

We advise on the implementation of the recommendations of the Polish Financial Supervision Authority.

Payment services

Specializations

Payment services

We support clients in obtaining permits for payment services.

We develop internal documentation and regulations for payment institutions. We provide ongoing legal services for payment institutions – payment card issuers, online payments, and mobile payments. We provide ongoing consultancy in the field of personal data protection for financial institutions, we provide the services of a data protection officer (DPO) and develop personal data protection documentation.

We prepare regulatory documentation specified in the provisions of the Act on counteracting money laundering and terrorist financing – AML (internal procedures of the obligated institution, procedure of reporting violations).

What do we offer? more

We participate in developing payment transaction security policies and ensure their compliance with the recommendations of the Polish Financial Supervision Authority (KNF) and EBA guidelines on security measures regarding operational risks and risks for the security of payment services.

We participate in developing monitoring procedures, conduct and supervisory activities related to security incidents and customer complaints. We participate in developing procedures for documenting, monitoring, tracking and restricting access to sensitive data regarding payments.

What questions do we answer? more

We participate in developing solutions ensuring business continuity (BIA analysis, risk assessment sheet), implementation of a business continuity plan including measures limiting the risk of business continuity.

Selected services more

We take part in exercising control over compliance of law by payment institutions in the scope of:

  • compliance of the services provided with the scope of legal regulations applicable to the payment institution;
  • compliance of the services provided with anti-money laundering regulations;
  • compliance of the services provided with the provisions on the protection of personal data performance of reporting obligations towards all competent authorities in terms of compliance with applicable requirements, compliance with data from the entity’s transaction and accounting systems, timely performance performing information obligations towards service users;
  • execution of payment transactions in accordance with the requirements of the relevant provisions, in particular, regarding the completion time, fees charged to users, complaints;
  • managing the outsourcing of payment institution’s activities, managing the agent network, implementation of individual supervisory measures of the Polish Financial Supervision Authority and recommendations of the Polish Financial Supervision Authority.
Who do we advise? more

We conduct training in the field of personal data protection tailored to the requirements of the management, customer service departments, verification and recovery.

We conduct training in the field of counteracting money laundering and terrorist financing for employees of obligated institutions.

We advise on creating internal procedures for payment institutions in the field of customer verification, service, debt collection and complaint processes.

Awards and honors

Experience

Documentation of the anti-money laundering and anti-terrorist financing (AML) system

For our client, during regular legal advice, we developed documentation for an anti-money laundering and counter-terrorist financing system (hereinafter “AML/TF system”, maximum penalty for violating those laws may result in financial penalty up to 5 million EUR).

more more
Representation in proceedings to obtain a license to provide payment services as a national payment institution (NPI)

As part of our ongoing cooperation with a client, a small payment institution, providing payment services including issuing of credit cards and providing payment credit to consumers, we represent the client in the proceedings for obtaining a license to provide payment services as a national payment institution.

more more
Proceedings for entry into the register of small payment institutions

We represented our client, an innovative utility provider in the proceeding for entry into the register of small payment institutions to enable the client to accept payments for e-commerce services provided. The client already provides its services through a mobile app and intended to enable users of the app direct payment for utility services.

more more
Representation in the proceedings for the issuance of a license to provide payment services as a national payment institution (NPI)

The firm continues to work with the client, which is a small payment institution providing payment services: issuing credit cards and providing payment credit to consumers.

more more
LendTech Financial Institutions

Specializations

LendTech Financial Institutions

The law firm provides comprehensive legal services to dynamically developing loan institutions.

Thanks to technology, lending to consumers and businesses via the Internet is becoming more and more widespread, taking place more and more quickly, largely using electronic communication tools and modern technology. This is the essence of the term lending technology, referred to as LendTech for short. By using new technologies, lending and consumer credit services can be provided more conveniently and efficiently.

The LendTech and Digital Lending sectors are developing very rapidly, with new financial instruments, requiring up-to-date and practical knowledge of the law, as well as – the ability to find solutions and legal rules for completely new areas. A particular challenge is the effective adaptation of already existing legal rules to the dynamically changing world of technology and unlimited business creativity. For more than 10 years, we have been offering comprehensive legal services to lending institutions, payment institutions as well as banks. Our experts have successfully introduced more than a dozen financial institutions to the Polish market and provide ongoing legal services to support them in their day-to-day challenges.

What do we offer? more

Based on national, European and international regulations on consumer credit and lending activities, we offer comprehensive legal advice to rapidly growing LendTech and Digital Lending financial institutions providing lending and consumer credit services in the Polish and foreign markets. Based on Polish and European regulations, including documents such as:

  • Act of 12 May 2011 on consumer credit;
  • The Act of 1 March 2018. On counteracting money laundering and terrorist financing (the so-called anti-money-laundering law, AML Act);
  • Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC, 2013/36/EU and Regulation (EU) No 1093/2010 and repealing Directive 2007/64/EC (Text with EEA relevance);
  • Directive 2008/48/EC of the European Parliament and of the Council of 23 April 2008 on credit agreements for consumers and repealing Council Directive 87/102/EEC (Consumer Credit Directvie, CCD);
  • Act of 5 August 2015 on the handling of complaints by financial market entities and the Financial Ombudsman;
  • Act of 30 May 2014 on consumer rights;
  • Act of 16 February 2007 on competition and consumer protection;
  • Guidelines and recommendations of the European Banking Authority (EBA) and the Financial Supervision Commission (FSC);
  • Act of 29 August 1997. Banking Law;
  • Act of 9 April 2010 on providing access to business information and exchange of business data;
  • Act of 8 March 2013 on counteracting excessive delays in commercial transactions;
  • Decisions of UOKIK and the Financial Ombudsman;
  • Act of 19 August 2011 on payment services;
  •  Act of 18 July 2002 on the provision of services by electronic means;
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC (General Data Protection Regulation);
  • Act of 21 July 2006 on the supervision of the financial market;
  • Act of 6 March 2018. Entrepreneurs’ Law;

we are looking for practical, optimal-to-implement solutions to support innovative business ideas of clients – companies and lending institutions from the LendTech and Digital Lending industries.

If you are wondering or are in doubt more
  • how – from a legal point of view – to start a business in the loan company sector in Poland?
  • how – from the legal point of view – to offer credit products to consumers (consumer credit, loan agreement, credit agreement within the meaning of the provisions of the Banking Law, agreement on deferring the fulfilment of monetary performance to the consumer if the consumer is obliged to pay the costs connected with deferring the performance, credit agreement in which the creditor assumes an obligation towards a third party and the consumer to return the performed performance to the creditor, revolving credit agreement)?
  • how to design credit products for individuals and SMEs (electronic micro-loans for consumers, working capital loans and debt relief loans for companies)?
  • what AML requirements must lending institutions comply with?
  • how to protect personal data of clients – consumers in loan institutions?
  • how to start up business in Poland while already operating in another country?
  • how to respond correctly to consumer demands related to loans and how to conduct complaint processes correctly?
  • how to respond to requests from the Financial Ombudsman or the Polish Financial Supervision Authority?
  • how to act correctly in proceedings conducted by the Office of Competition and Consumer Protection?
  • is it necessary to start up as a Small Payment Institution (MIP) or a National Payment Institution (NIP)?
  • what regulatory requirements must be met in order to operate as a Small Payment Institution (MIP) or National Payment Institution (NIP)?
  • how to provide services in the bnpl (by now pay later) model?
  • how to implement modern forms of credit based on the credit card?
  • what conditions need to be met in order to cooperate with or become a credit card issuer ?
  • how to process your customers’ personal data and protect it properly?

contact our lawyers who specialise in consumer credit, LendTech and Digital Lending.

Selected services more
  • comprehensive support to lending institutions in day-to-day operations, in particular on issues such as data protection, RODO, compliance and AML;
  • legal risk management in the area of personal data protection, RODO, compliance and AML;
  • ongoing monitoring of legislation, case law of common courts and the Court of Justice of the European Union (CJEU), decisions and positions of the Office of Competition and Consumer Protection (UOKiK) and the Financial Ombudsman (RF) – recommendations on the application of guidelines resulting from these acts;
  • ensuring compliance with the guidelines and recommendations of the Polish Financial Supervision Authority (PFSA);
  • support at the stage of designing and creating credit products, both short-term loan agreements, instalment loan agreements and bundled loan agreements;
  • advising on the establishment of institution structures and on the creation of product offerings using modern technologies and mobile applications;
  • drafting and providing opinions on draft consumer credit agreements, ensuring their compliance with the provisions of the Consumer Credit Act, current decisions of the Office of Competition and Consumer Protection (UOKiK) and case law of common courts;
  • providing data protection advice to financial institutions and lending institutions;
  • provision of data protection officer (DPO) services and ongoing support to the DPO appointed by the client;
  • support to lending institutions on particularly sensitive issues such as maximum non-interest credit costs, early repayment of consumer credit, bundled credit agreements, marketing of credit products or creditworthiness assessment including automated decision-making mechanisms;
  • support in the negotiation and conclusion of agreements with business partners such as credit reference agencies, credit assessment support providers and financial intermediaries;
  • advice on raising finance through activities such as issuing corporate bonds;
  • support for the introduction of innovative solutions for building competitive advantage, such as behavioural data analysis in credit assessment, behavioural targeting, identity verification using behavioural data, in particular – identity verification using image;
  • creation, development and implementation of documents such as regulatory documentation and internal regulatory procedures, as defined by the provisions of the AML/CFT Act (the so-called AML), including the obliged institution’s internal procedure, breach notification and reporting procedure;
  • organisation and delivery of training courses on personal data protection, tailored to the requirements of the management staff of loan institutions, customer service, verification and recovery departments;
  • organisation and delivery of training on AML/CFT for employees of obliged institutions;
  • advising on the development of internal procedures for lending institutions on issues such as customer verification, customer service, debt collection or complaint processes;
  • representation of loan institutions and LendTech companies in relations with administrative authorities – the Office of Competition and Consumer Protection (UOKIK), the Office of Personal Data Protection (UODO), the Polish Financial Supervision Authority (KNF) and the Financial Ombudsman (RF);
  • introduction of financial institutions to the Polish market;
  • legal risk mapping, legal risk management in LendTech;
  • implementation of cloud solutions in LendTech companies;
  • outsourcing of AML-related processes.
Who do we advise? more

We support leading Polish and European entities – financial institutions, granting consumer loans and loans to entrepreneurs, as well as consumer E-lending microlending – companies operating in the broader LendTech sector.

We advise individuals who hold board member, head of lending, compliance officer and AML officer positions.

We represent loan institutions in relations with administrative bodies – the Office for Competition and Consumer Protection, the Personal Data Protection Office, the Polish Financial Supervision Authority, the Financial Ombudsman.

We monitor legislation and case law relating to the LendTech sector in Poland, the European Union and non-EU countries. We encourage you to read our blog where we share our practical experience gained in the course of various projects for LendTech companies.

In 2021, legal advisor Monika Macura received a prestigious award from the Lendtech Foundation, which creates and supports the FinTech & LendTech and digital lending ecosystem in Poland, for her substantive contribution, innovation and commitment to the development of the LendTech ecosystem in Poland. We regularly participate in the most important industry events for LendTech and Digital Tech companies, such as the annual LendTech Congress. We are also an active member of the Polish Association of Loan Institutions.

Awards and honors
Cryptoassets and tokenization

Specializations

Cryptoassets and tokenization

Comprehensive legal support for companies providing services in the area of cryptoassets. Legal advice on tokenization issues.

The popularity of cryptocurrency and tokenisation is constantly evolving. Although legislation is gradually emerging at national and EU levels, many aspects still needs to be regulated. Advising in this area requires from lawyers not only to have a proficient, practical knowledge of the regulatory framework, but also to have actual experience in a differentiated projects, of varying scales. It can also be challenging to support clients in the implementation of business intentions in the absence of specific regulation – in such cases, we advise on the basis of previous knowledge and experience, creating solutions that ensure maximum protection of clients’ interests.

What do we offer? more

Analyzing national, European and international regulations and best practices regarding the broader cryptoasset market and tokenization issues, including but not limited to:

  • the law of March 1, 2018. on anti-money laundering and countering the financing of terrorism (the so-called anti-money-laundering law, AML law);
  • regulation on cryptoasset markets (MiCA);
  • The position of the KNF, the decisions of the OCCP and the Financial Ombudsman;
  • Digital Operational Resilience Ordinance (DORA);
  • Cyber Security Directive (NIS2);
  • Law on cryptoassets.

We offer comprehensive legal advice to cryptocurrency service companies and entrepreneurs and individuals interested in tokenization.

What questions do we answer? more
  • How to open a virtual currency exchange and broker crypto assets?
  • What regulatory requirements must be met to open a cryptocurrency exchange?
  • What regulatory requirements must be met to open an exchange office ?
  • How to obtain a registration for virtual currency activities (the so-called VASP license)?
  • When should a VASP also be authorized to provide payment services?
  • How to obtain a CASP (crypto asset service provider) license?
  • What are the legal aspects of token issuance?
  • What conditions must be met in order to issue tokens that are electronic money, according to MICA?
  • Who can issue a token that is electronic money?
  • What conditions must be met in order to issue ART (asset-linked) tokens according to MICA?
  • What are digital currencies?
  • How to prepare and report to the KNF a disclosure document for the issuance of a MICA-compliant token?
  • What are the benefits of using smart contracts?
Selected services more
  • Comprehensive legal support in all aspects of business operations for cryptocurrency companies in terms of Polish and European legal regulations.
  • Legal advice on opening cryptocurrency exchanges and cryptocurrency exchange offices.
  • Advice at every step of the process of establishing a business and obtaining registration in the register of virtual currency activities (known as obtaining a cryptocurrency license).
  • Support in the process of applying for a payment service provider license for a cryptocurrency company.
  • Develop and implement internal procedures for customer verification (KYC), AML and RODO.
  • Legal support for business relations with payment service providers, banks and other financial institutions.
  • Legal support and advice to ensure compliance with upcoming regulations, including MiCA.
  • Support and advice on the legal aspects of the use of tokens representing rights or property values.
  • Legal and tax assessment of blockchain-based services.
  • Develop business assumptions for the issuance of EMT and ART tokens.
  • Legal analysis of the possibility of issuing, using and trading an e-money token outside the EU, including in particular the UK and the US, if the token were to be traded outside the EU.
  • Legal support in obtaining a bank (credit institution) as a partner – depositor of funds raised in connection with the issue – including MiCA.
  • Prepare and submit submissions to the KNF, prepare information documents for token issuance, in compliance with requirements from MiCA.
  • Advising on the creation of agreements between participants in the token issuance process.
Who do we advise? more

We support Polish, European and international entrepreneurs with digital currencies and tokenization projects, issuers and intermediaries of digital currencies.

We support a project to issue tokens that are electronic money.

We provide legal support for projects using payment instruments based on digital currency feeds.

We also advise companies interested in opening and operating cryptocurrency exchanges and cryptocurrency exchange offices.

Awards and honors
Personal Data

Specializations

Personal Data

GDPR, DATA PROTECTION AND PRIVACY IN THE FINTECH, LENDTECH AND E-COMMERCE INDUSTRIES

Personal data is the currency of the future. Protecting it is one of the biggest challenges facing companies in all industries. No business can operate efficiently and securely without acquiring significant amounts of personal data, and at the same time ensuring an adequate level of data protection and privacy rights (RODO) when it comes to its collection and gathering, storage, as well as its use for day-to-day business operations and winning new business. Adequate procedures in this regard positively influence trust in the company, building its desired image as a responsible business partner, as well as protecting companies from the negative consequences of privacy breaches or data leaks resulting from the Personal Data Protection Regulation (RODO). Therefore, data protection is an area that should be dealt with in a company by a specialised lawyer.

What do we offer? more

Based on national, European and international data protection and privacy regulations, including in particular provisions such as:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (RODO);
  • guidelines and documents issued by the European Data Protection Board (EROD);
  • Act of 10 May 2018. on the protection of personal data;
  • Act of 18 July 2002 on the provision of electronic services;
  • Act of 16 April 1993 on combating unfair competition;
  • Act of 16 February 2007 on the protection of competition and consumers;
  • specific industry regulations, including:
  • Act of 16 July 2004 on Telecommunications Law;
  • Act of 29 August 1997 on the Banking Law;
  • Act of 1 March 2018 on the prevention of money laundering and financing of terrorism;
  • Act of 12 May 2011 on consumer credit;
  • Act of 19 August 2011 on payment services;
  • Act of 9 April 2010 on the disclosure of information economic and exchange of economic data;
  • Act of 22 May 2003 on compulsory insurance, the Insurance Guarantee Fund and the Polish Motor Insurers’ Bureau;
  • regulations and guidelines of the Banking Supervision Commission;

Our law firm supports companies in the FinTech, LendTech and e-commerce industries, as well as the banking and finance sector, in preparing and implementing an effective and secure strategy for the broad collection, storage and processing of collected personal data.

We start by auditing the ways, procedures and levels of personal data and privacy protection. On this basis, we prepare reports, including practical guidance on the creation and implementation of appropriate data protection and privacy regulations and internal procedures. If necessary, we represent and advise clients in the event of a personal data breach or leakage, as well as control procedures carried out by the relevant authorities.

What questions do we answer? more

We answer questions and propose practical, ready-to-implement solutions, taking into account the business realities of clients’ operations. If you are wondering or in doubt:

  • what is personal data?
  • why is personal data important?
  • what data can be collected?
  • why do you need to protect personal data?
  • how to protect personal data?
  • which personal data is sensitive?
  • how long can personal data be stored?
  • when do we process personal data?
  • if and when can personal data be disclosed?
  • if and when can or must personal data be deleted?
  • if and when must personal data be disclosed?
  • what is the processing of personal data on the basis of a legitimate interest pursued by the controller or by a third party?
  • is there and how to organise the transfer of personal data to third countries?

contact our lawyers who specialise in data protection, RODO and privacy.

Selected services more

  • GDPR audits and surveys, data protection audits, privacy audits (privacy by design and privacy by default).
  • Data processing impact assessment for clients’ business operations.
  • Data Protection Impact Assessment (DPIA).
  • Review and modification of information clauses and consents to comply with the provisions of the GDPR.
  • Ongoing consultation on the GDPR, privacy and data protection.
  • Privacy compliance – compliance analysis of solutions and products using personal data.
  • Creation, development and preparation of policies, registers, Procedures and documentation relating to RODO, privacy and personal data protection, including documents such as information security policy, personal data processing entrustment agreement, policy for permitted use of IT devices or systems, BYOD policy, data processing registers, rules and procedures for dealing with personal data protection breaches, rules for dealing with personal data leaks, cookie policy.
  • Development of procedures for the selection of contractors with access to data (processors) and their periodic verification.
  • Defining the principles of granting authorisations to process personal data and supervising the process of granting and withdrawing authorisations.
  • Defining the principles and legal basis for the acquisition and processing of personal data.
  • Developing template responses to clients on issues related to the processing of personal data, consistent with the purposes and categories of personal data processed.
  • Developing and maintaining a register of data processing activities and a register of processing categories.
  • Developing document templates tailored to the client’s specific business – data processing information and consent templates for personal data processing for marketing purposes.
  • Aligning business procedures with requirements in line with the RODO and so-called sector-specific regulations, in particular regulations specific to payment institutions, lending institutions, institutions operating in the insurance sector.
  • Assessing data protection breaches – verifying the need to notify the regulator and data subjects of potential remedies.
  • Preparation and filing of notifications to regulators and data subject notifications.
  • Advising and representing in investigations, control proceedings before public authorities and before the courts on matters relating to the processing of personal data, privacy, as well as breaches of personal data protection and breaches of privacy, complaints and requests from data subjects or questions from regulators.
  • Representation and conduct of proceedings before the President of the Personal Data Protection Authority (PUODO).
  • Management of risks and incidents of breaches of personal data procedures, identification of appropriate remedies and collection of adequate documentation related to the notification.
  • Internal investigations of irregularities in the collection, storage and processing of personal data.
  • Advising on issues relating to the processing of personal data in the cloud , covering the nature of processing, access to data and transfer of data to third countries, support in negotiating contracts with service providers.
  • Conducting dedicated trainings, seminars and workshops for board members, managers and employees on the collection, storage and processing of personal data, RODO and privacy protection, during which our experts suggest how to meet the requirements arising from Polish, European and international data protection regulations.
  • Performing the function of Data Protection Inspector (IOD, former information security administrator – ABI) in companies in the financial sector (payment institutions, lending institutions, consumer credit intermediaries, insurance agents), support during the implementation of tasks by the IODO appointed at the client.
  • Proactive response to regulatory changes – ensuring ongoing compliance with the RODO to avoid penalties and liability for company malfunctions.
Who do we advise? more

We advise leading companies in the FinTech, LendTech and e-commerce sectors, as well as entities in the financial sector, IT and startups. We support individuals serving as board members, directors, those responsible for Information Security, Chief Information Officer (CIO) and Compliance Office.

We monitor the legislation and evolving practice of data protection in Poland, the European Union and non-EU countries. We encourage you to read our blog, where we share our practical experience gained during the implementation of projects on data protection, GDPR and privacy protection.

We carry out audits to assess the degree of compliance of a client’s activities with the provisions of the GDPR, in particular in the field of privacy by design and privacy by default, as well as other requirements arising from the GDPR

We adjust our clients’ activities to the requirements of the GDPR and the so-called sectoral regulations, in particular regulations applicable to payment institutions, loan institutions, institutions operating in the insurance sector. As part of implementation activities, we provide support in ensuring compliance with the provisions of the GDPR, in particular:

  • We develop procedures for the selection of contractors having access to data (processors) and their periodic verification;
  • We define the rules for granting authorization to process personal data and supervise the authorization process;
  • We define the principles and legal grounds for obtaining and processing personal data;
  • We develop response patterns for clients regarding issues related to the processing of personal data, consistent with the purposes and categories of personal data processed;
  • We develop provisions for the personal data processing agreements and adequate security measures for personal data required from our clients’ business partners;
  • We prepare and update the data processing activities register and the processing categories register;
  • We develop data security policies;
  • We develop procedures for reporting personal data breaches;
  • We develop data protection impact assessment (DPIA) procedures;
  • We carry out impact assessments for the protection of personal data;
  • We develop and implement a program to check the adequacy of implementation activities;
  • We develop privacy and cookie policies;
  • We represent clients in proceedings before the Personal Data Protection Office in matters of complaints and control proceedings.

We advise in the event of an incident of a personal data security breach, we determine appropriate remedies, we take care of collecting adequate documentation related to reporting a data breach and we prepare the content of the notification to the Personal Data Protection Office.

We organize and conduct dedicated trainings in the field of personal data protection and information security.

We act as a data protection officer in enterprises of the financial sector (payment institutions, loan institutions, consumer credit brokers, insurance agents).

Awards and honors

Experience

Comprehensive training on data protection and RODO

For one of the leading companies in the LendTech sector, we organised and conducted a comprehensive training course…

more more
Website’s terms and conditions

Buying insurance online can raise many questions for the consumer. Is my data adequately protected?

more more
Veryfication and updating of all regulations on personal data processing

For one of our clients – Creditstar Polska, a leading lending institution we carried out a project involving…

more more
Comprehensive consulting in the area of GDPR

The law firm has established permanent cooperation in the area of personal data protection with a leading airline…

more more
Intelectual Property

Specializations

Intelectual Property

We provide advice on intellectual property protection for software developers.

The firm’s lawyers specialise in the legal aspects of implementing IT solutions and new technologies. With the development of technology, including blockchain networks or artificial intelligence, there are more and more innovations and opportunities for their application. However, legal regulations have not kept up with the reality around us, particularly in such cutting-edge areas.

Entrepreneurs in FinTech, LendTech and e-commerce as well as in the banking and finance sector need the support of lawyers who know the regulations and can create and adapt existing legal solutions to areas that are not yet regulated. We provide our clients with solutions that reduce the legal risks associated with a new technology project. We assist in the implementation of innovative solutions by creating the legal framework for the planned projects.

What do we offer? more

Based on national, European and international regulations concerning the law of new technologies, including artificial intelligence (AI), blockchain technology, crypto-assets, we offer legal support to the FinTech, LendTech, e-commerce and banking and finance sectors as well as the IT industry. Based on Polish and European regulations, including documents such as:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of data, personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (RODO);
  • Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act);
  • Guidelines and documents issued by the European Data Protection Board (EROD);
  • The Act of 10 May 2018. on the protection of personal data;
  • Act of 18 July 2002 on the provision of electronic services;
  • specific industry regulations, including:
  • Act of 16 July 2004 Telecommunications Law;
  • Act of 29 August 1997 – Banking Law;
  • Act of 1 March 2018 on the prevention of money laundering and financing of terrorism;
  • Act of 19 August 2011 on payment services;
  • Act of 9 April 2010 on sharing of business information and exchange of business data;
  • Act of 29 July 2005 on trading in financial instruments;
  • The Act of 12 May 2011 on consumer credit;
  • Regulation (EU) 2022/858 of the European Parliament and of the Council of 30 May 2022 on a pilot system for the the needs of market infrastructures based on distributed ledger technology, as well as amendments to Regulations (EU) No 600/2014 and (EU) No 909/2014 and Directive 2014/65/EU (DLT Pilot Regime);
  • Regulations and guidelines of the Financial Supervisory Commission (in particular the Financial Supervisory Authority’s Position on the issuance and trading of cryptoassets) and the European Banking Authority;
  • Guidance and recommendations from the Financial Action Task Force (FATF), in particular the FATF Standards on Virtual Assets and VASPs and Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers;
  • upcoming regulations, including:
  • Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (AI ACT) and amending certain legislative acts of the union (AI ACT);
  • Regulation of the European Parliament and of the Council on cryptoasset markets and amending Directive (EU) 2019/1937 (MICA);
  • Regulation of the European Parliament and of the Council on the operational digital resilience of the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014 and (EU) No 909/2014 (DORA);

We help implement modern technological solutions, often changing the face of the banking and financial sector.

It should be emphasised that there is not infrequently a lack of regulations or legislative work in progress in the area of new technologies, as in the case of the EU regulation on artificial intelligence, referred to as the Artificial Intelligence Act (AI Act). In light of the work on this document, very many current solutions or systems in the FinTech industry in the field of automated credit scoring or automated scoring models may be considered AI systems (due to the broad definition) and consequently also high-risk AI systems (due to the definition of high-risk AI system). Consequently, such AI solutions or systems will have to comply with a number of additional requirements set out in the Regulation. Traders will be required to carry out an assessment of the risks posed by AI-based solutions, will be required to provide clear information about the AI system to users.

Legislative work is also being advanced to regulate the broader cryptocurrency market. Of particular note is the draft Crypto Assets Markets Act (MICA), which will be a revolution for much of the cryptocurrency industry in Europe. There is no doubt that many projects using cryptocurrencies will have to adapt to the new legal and regulatory reality that this will come with the entry into force of the MICA regulation.

What questions do we answer? more

That is why, when supporting clients in the process of implementing new technological solutions, we answer questions and propose practical and risk-reducing solutions, taking into account current business realities as well as planned legislation. If you are wondering or in doubt:

  • How to bring artificial intelligence (AI)-based solutions to market?
  • What research, testing and validation procedures should be carried out before, during and after the development of an AI system?
  • What is the liability for damages caused by AI?
  • what will the entry into force of the EU Artificial Intelligence Regulation, referred to as the Artificial Intelligence Act, mean for my organisation?
  • Which AI industries are qualified as high-risk systems?
  • What requirements will high-risk AI systems have to meet?
  • What are the legal implications of issuing tokens, crypto-assets?
  • What are the legal restrictions on the implementation of blockchain-based technology?
  • What are the possibilities for effective implementation of the right to be forgotten in networks based on blockchain technology?
  • What are the possible ways of protecting the creations of new technology and artificial intelligence?
  • how to properly structure a contract for the implementation and maintenance of an IT system?
  • How to protect customers’ personal data in cloud technologies?
  • Is the planned IT solution architecture compatible with open source software licences
  • What are the legal risks in the area of implementing innovative online and mobile payment solutions?

Get in touch with our lawyers who specialise in new technology and IT issues, in particular blochain technology, cryptocurrencies and artificial intelligence.

Selected services more
  • Legal support for Artificial Intelligence (AI) implementation projects;
  • Legal advice for systems based on machine-learning, but also systems based on logical methods, knowledge, statistical approaches, search and optimisation methods
  • Development of concepts for the use of tokens representing rights or property values (in blockchain technology);
  • Legal and tax assessment of blockchain-based services;
  • Legal support for cryptocurrency market activities;
  • Advice on the opening of cryptocurrency exchanges;
  • Legal assistance for the establishment of cryptocurrency exchanges;
  • Advice on the protection of intellectual property for software developers, mobile applications and Internet service providers;
  • Drafting and negotiating contracts for the implementation of IT systems (particularly in the agile model), advice on managing IT projects;
  • Advice on data collection and processing in IT systems and on the protection of databases;
  • Counselling in disputes arising from infringement of software copyrights;
  • Drafting of licence and outsourcing agreements;
  • Drafting contracts for the use of services in the SaaS model;
  • Counselling on the use of cloud solutions, including compliance with RODO;
  • Legal services for implementations of IT systems, including with the use of cloud technology (cloud computing);
  • Drafting of licence and service agreements (SLA);
  • Drafting contracts for the provision of IT services, as well as contracts for the supply of IT equipment;
  • Legal advice on IT outsourcing, including with regard to financial market requirements;
  • Legal service of data migration processes;
  • Legal advice on data processing in the IT area, taking into account the provisions of RODO (GDPR), including the application of privacy by design and privacy by default principles;
  • Legal advice to developers of computer applications and software, including computer games and online games;
  • Advice on running an e-business;
  • Legal advice in the area of innovative online payment solutions and mobile payments, setting up structures and procedures for concluding financial transactions using electronic devices.
Who do we advise? more

We specialise in advising the FinTech, LendTech, e-commerce and banking and finance industries on the implementation of technological solutions based in particular on the blockchain network and artificial intelligence.

We assist entrepreneurs planning to set up a cryptocurrency exchange or cryptocurrency exchanges and in the trading of virtual currencies.

We advise software and application developers to protect their intellectual property. We have extensive experience in dealing with online businesses, start-ups and software houses.

We monitor legislation and case law relating to the new technology and IT sector in Poland, the European Union and non-EU countries. We encourage you to read our blog, where we share our practical experience gained during the implementation of various projects.

Awards and honors
E-commerce

Specializations

E-commerce

We provide comprehensive services for entities in the e-commerce industry.

Virtual reality is developing rapidly. Every day, new companies are established that offer their own or third-party services via the Internet. On the one hand, these are new companies in a new reality, applying modern solutions, on the other hand, companies that still have to fulfil the obligations that legal regulations impose on those running a business. We advise entrepreneurs running e-businesses at all stages of their activity, from setting up and registering a company, obtaining the necessary permits and licences, through its day-to-day operation – providing services, selling via the Internet, cooperating with contractors, creating and implementing new products, to mergers and divisions of companies, changes of ownership or obtaining financing. We take care of formal and legal correctness, regulations and relations with supervisory authorities.

In the e-commerce industry, the credibility and sense of security of customers’ shops and websites or mobile applications are the basis for building a competitive advantage. Comprehensively thought-out and developed internal regulations in compliance with the requirements of Polish and EU law will help build a professional image in the industry, among potential customers and business partners, and will allow to limit and consciously managing the risks involved in e-commerce activities.

What do offer? more

Based on national, European and international regulations affecting the operations and functioning of e-commerce companies, including documents such as:

  • Telecommunications Law;
  • Act on the provision of electronic services;
  • Consumer Rights Act;
  • Omnibus Directive;
  • Personal Data Protection Regulation.

Our law firm supports companies in the e-commerce and e-commerce sector. We have many years of practical experience gained from projects involving setting up and running a business in the world and virtual reality.

We start with an in-depth discussion and understanding of the client’s needs. Based on the information about business objectives and requirements, we develop tailored solutions for the specific business, which we then discuss with the clients, sharing our experience. We also review and supplement existing documents, regulations or policies that are relevant to the e-commerce industry.

We support both companies that are just planning or taking their first steps in e-business – start-ups, as well as leading market players. Based on our experience and completed projects to date, we are able to realistically estimate the time required to develop selected documents, regulations and policies, so that All necessary documents are ready on the day services are launched.

We answer questions and propose practical, ready-to-implement solutions that take into account the business realities of our clients’ operations.

What questions do we answer? more

If you are wondering or have doubts:

  • How – from the legal point of view – to set up and run an online shop, a service portal, an application offering services?
  • What should the documentation of an online shop look like and what regulations should it contain?
  • Is the web shop legal?
  • How do I operate a web shop legally?
  • What are the basic documents needed to operate a web shop legally?
  • What legal documents are needed to set up an e-commerce start-up?
  • What should the terms and conditions of an online shop or mobile app be like?
  • How to run competitions and customer loyalty programmes?
  • How to legally use social media for marketing purposes?
  • What should be the wording of so-called marketing consents?
  • Can marketing consent be implied?
  • Can marketing consents be compulsory?
  • How to write a privacy policy?
  • What are checkboxes?
  • What should be the content of the checkboxes for processing personal data?

Contact our lawyers who specialise in advising e-commerce operators.

Selected services more
  • we create legal models for various types of e-commerce activities on the Internet – online shops, websites, online platforms, mobile applications, marketplace;
  • we prepare risk analyses related to the operation of e-commerce business, analyses of admissibility and possibilities of introducing innovative solutions on the Polish market of digital services;
  • we advise on setting up and launching online shops and platforms, as well as on launching various types of mobile applications;
  • we provide ongoing legal services for online shops, e-commerce platforms and mobile applications;
  • websites – verification and drafting of legal documentation, legal audits of websites in terms of personal data protection, RODO, cookies, rules of access to websites in different language versions;
  • online shops – legal advice at the stage of planning and setting up an online shop, also with regard to the required registration and obtaining permits; verification of the correctness of the construction and operation in terms of formal and legal issues, e.g. with regard to RODO, consumer rights protection, B2B and B2C sales, warranty and returns policy; creation and verification of such documents as rules of online shop compliant with RODO and the Consumer Rights Act, privacy policy, cookies policy, comprehensive RODO documentation, general terms and conditions of sale/purchase, newsletter terms and conditions, model commercial contracts, verification of shopping paths with regard to their compliance with the law, information clauses, consent clauses for data storage and processing, clauses including marketing consents (so-called ‘marketing consents’), model contracts, model instructions on rights, model withdrawal agreements The following are examples of contract terms and conditions: information clauses, consent clauses for the storage and processing of data, marketing consent clauses (so-called marketing consents), model contracts, model notices of rights, model withdrawal periods;
  • e-commerce portals, marketplace platforms – drafting regulations of shops, services, mobile applications, privacy policies, cookie policies, adjusting regulations and internal procedures, support in obtaining financial licences;
  • legal support for sellers, persons running online shops and sales profiles;
  • e-services and applications – advice on implementation, with particular emphasis on data protection, consumer rights protection and rules and regulations;
  • contracts with suppliers, subcontractors and contractors – verification of legal compliance of contracts, advice on negotiation and conclusion of contracts such as distribution agreement contract dropshipping, delivery and distribution agreements;
  • relations with consumers (customers of online shops) – creating and verifying rules and regulations for purchases, rules and regulations for deliveries, returns, exchange of goods, procedures for protection, processing and collection of personal data of natural persons, protection of consumer rights, consumer sales, conclusion of distance contracts, termination of contracts concluded at a distance, withdrawal from contracts concluded at a distance, also with regard to financial services and insurance services;
  • creation and revision of documentation, policies and procedures, taking into account the characteristics of the activities carried out and the related risks concerning loss or violation of personal data, violation of consumer rights or copyrights;
  • support for implementation, as well as ongoing updating of security and RODO documents and procedures;
  • broadly defined compliance – examination of entities’ compliance with legal requirements – telecommunications law, GDPR, personal data protection, AML;
  • preparation of documentation for loyalty programmes, competitions for the benefit of consumers, including preparation of rules and regulations;
  • comprehensive legal advice to entities operating as start-ups, including preparation of model articles of association, registration of entities in the National Court Register, templates and document templates needed to actually start the business;
  • Distribution of commercial information by electronic means, direct marketing – development of documentation setting out the legal basis and adequate consents, tailored to business needs and objectives
  • behavioural marketing, profiling, e-marketing, innovation activities – advising on the development of documentation and adequate consents;
  • audits of marketing activities for legal compliance (legal-marketing due diligence);
  • Legal advice on geo-location issues;
  • counselling in connection with transformations – mergers and acquisitions of companies and e-commerce applications, both in terms of formal and legal aspects, as well as at the level of developing common RODO regulations, data protection, handling the sales process, transfer of know-how, technology, databases and data sets;
  • organisation and conduct of dedicated trainings and workshops in the areas of, inter alia, GDPR, personal data processing and protection, compliance or AML, as well as other legal issues related to the conduct of e-commerce activities;
  • we also perform the functions of a personal data protection inspector (DPO), which you can read more about in the description of the specialisation “Personal data”.
Who do we advise? more

We support leading e-commerce companies and start-ups, in existing and emerging ventures. We offer legal assistance to owners and operators of small and large online shops. We advise owners, board members, directors, information security officers, Chief Information Officer (CIO) and compliance officers, as well as investors. We support Polish companies in their expansion into foreign markets, as well as foreign companies who wish to enter the Polish or European market.

We monitor legislation and developing practice in advising e-commerce entities in Poland, the European Union and non-EU countries. We encourage you to read our blog where we share our practical experience gained during projects for e-commerce companies.

Awards and honors
Mergers and acquisitions (M&A)

Specializations

Mergers and acquisitions (M&A)

Comprehensive legal support for companies in demergers and mergers, joint venture transactions, the purchase and sale of shares and the set up of holding companies and capital groups.

Every company tackle different stages of business development. Sometimes it is advisable to take advantage of an opportunity and join forces with another entity, such as buying shares, acquisitions or forming a joint venture for a specific project, or a holding company or equity group for further business development. It also happens that the partners decide to continue the business separately, and then it is necessary to divide the company, pay off the business partner or profitably sell their shares.

We support entrepreneurs in the FinTech, financial and technology sectors at each of these stages, starting from comprehensive due diligence, supporting in negotiations and taking care of corporate documentation.

What do we offer? more

The operation of companies is based largely on the Commercial Companies Code (CCC), but also on a number of other pieces of legislation, such as:

  • Competition and Consumer Protection Law;
  • Entrepreneur’s Law;
  • Accounting Act;
  • Civil Code;
  • Law on supervision of the financial market;
  • in terms of its licenses and permits, e.g. for the provision of payment services – also on a number of other laws, such as the Payment Services Law, the Banking Law, the Telecommunications Law.

Our legal advisory covers all types of merger and demerger transactions collectively referred to as mergers and acquisitions (M&A):

  • merger, aquisition and division of companies;
  • joint venture transactions;
  • sale of shares or stocks;
  • creation of consortium holdings and capital groups (parent/sister companies);
  • due diligence of investors and sellers.
What questions do we answer? more
  • How to safely buy or sell shares in a FinTech company?
  • How to increase the company’s share capital and issue shares?
  • What legal form (if any) should be adopted for the implementation of joint ventures?
  • How to incorporate a FinTech company into a holding or capital group structure?
  • How do you verify a potential business partner before a joint venture?
  • Why it is worthy to perform due diligence, how to conduct it correctly?
  • What benefits will a letter of intent, investment memorandum and investment agreement bring to the investment?
  • How long does the merger process take, and which merger model is considered the most advantageous in a given case?
Selected services more
  • We support clients at every stage of the transaction from its planning and structuring to post-trade counseling;
  • We conduct due diligence on investors and sellers;
  • We agree with the client on the scope of due diligence to provide the client with a picture of the financial, tax, legal and organizational situation of the venture;
  • As a result of our due diligence, we provide the client with a list of legal, financial, tax risks and their impact on the transaction;
  • We are developing a legal model for the transaction;
  • We advise on the valuation of the company depending on the chosen form of financing;
  • We develop offering documentation for potential investors;
  • We negotiate with institutions and potential investors from the initial discussions to the closing of the entire process;
  • We create and review draft transaction documentation, such as letters of intent, non-disclosure agreements (NDAs) and share purchase agreements (SPAs);
  • We prepare documentation for joint venture transactions (joint venture agreements) and shareholders’ agreeements;
  • We represent clients before courts and authorities;
  • We take care to protect the company’s data at every stage of the project;
  • We support newly established entities at the post-transaction stage.
Who do we advise? more

We support Polish, European and international entrepreneurs in the FinTech, technology and financial sectors, including those pursuing cryptocurrency and tokenization projects, in buying and selling shares, creating joint ventures, holding companies and capital groups. We support buyers and sellers in the design and implementation of due diligence studies, creating suggestions based on them to minimize possible risks.

Jerzy Karney

Jerzy Karney

M&A consultant
Awards and honors
Obtaining financing

Specializations

Obtaining financing

Comprehensive legal support for companies in the obtaining and raising finance for the development of selected business projects.

FinTech, financial and technology companies, which are aiming to gain an advantage over their competitors, must invest in new technologies, solutions, modern infrastructure and software, and training in order to develop and modernise their operations. For instance, lending institutions need to seek funding for consumer lending activities.

Today, there are numerous financial methods available that are worth looking into when raising funds for development.

What do we offer? more

We support entrepreneurs in obtaining financing for the development of various types of investment projects. We find adjoust sources of financing to meet the requirements and needs of our clients, supporting them in selecting a specific financing model, as well as finding and verifying the right counterparties. We select personalized solutions for a particular client – matched to their needs and the circumstances of the transaction. We benefit from our network of contacts and extensive experience in implementing such projects.

What questions do we answer? more
  • How to obtain financing?
  • How do you choose financing?
  • Where to look for funding?
  • How do you protect yourself when obtaining financing?
  • What issues to regulate in the contract, obtaining financing?
  • What documents should be prepared when obtaining financing?
Selected services more
  • Selection of appropriate financing for investment projects;
  • Formal and legal service of the process of obtaining and selecting financing and the financing itself;
  • Vendor/buyer due diligence including investment projects, comprehensive mapping of the financial, tax, legal and organizational situation of the venture;
  • Full legal service of transactions when using sources of financing such as bonds, share deal, asset deal, Venture Capital, Private Equity or Mezzanine funds, banks – investment loans, bank loans and other banking instruments;
  • Assessing the specifics of the enterprise and discussing strategy and selection of the best form of financing for the venture;
  • Developing a strategy for implementing the project – choosing a method of raising capital, among other things;
  • Development of a draft financial model (business plan, investment models and risks);
  • Valuation of the company depending on the chosen form of financing;
  • Development of bidding documentation for potential investors;
  • Participation and negotiation with institutions and potential investors, from initial discussions to closing the entire process;
  • Preparation of relevant agreements (e.g., share or stock sale agreement, investment agreement, joint venture agreement, loan or bond issue documentation);
  • Post-trade support and supervision of project implementation;
  • Developing exit rules (including through the use of put options, call options, drag & tag along rights, waterfalls schemes, liquidation preferece, lock-up agreements);
  • Tokenization of securities;
  • Crowdfunding.
Who do we advise? more

We support business – Polish, European and international entrepreneurs in the FinTech, technology and financial sectors, including those pursuing cryptocurrency and tokenization projects, in obtaining financing. We help design models for modern financing.

Jerzy Karney

Jerzy Karney

M&A consultant
Awards and honors
Relations with supervisory authorities

Specializations

Relations with supervisory authorities

We advise on the implementation of the recommendations of the Polish Financial Supervision Authority.

The Firm provides comprehensive support services to lending and payment institutions in their relations with administrative authorities – min. UOKIK, Office for Personal Data Protection, Financial Supervision Authority, Financial Ombudsman The Firm advises on the manner of implementation of individual supervisory measures of the FSA and recommendations of the FSA.

Who do we advise? more

The Firm represents financial market institutions in proceedings before the Office for Competition and Consumer Protection (UOKIK), the Office for Personal Data Protection (UODO), the Financial Supervision Authority (FSC), the Financial Ombudsman (RF).

We advise supervised institutions on the implementation of recommendations of the Financial Supervision Authority (FSC) and EBA guidelines

We verify the compliance of the activities of supervised institutions with legal regulations relevant to the activities of a given institution

We support supervised institutions in complying with legal regulations in terms of:

  • compliance of the services provided with the scope of legal regulations relevant to the institution concerned;
  • compliance of the provided services with anti-money laundering regulations;
  • compliance of the provided services with the regulations on personal data protection;
  • compliance with reporting obligations to all relevant authorities in terms of compliance with the relevant requirements, compliance with data from the entity’s transaction and accounting systems, timeliness of performance;
  • compliance with information obligations towards consumers.
Awards and honors