We participate in developing payment transaction security policies and ensure their compliance with the recommendations of the Polish Financial Supervision Authority (KNF) and EBA guidelines on security measures regarding operational risks and risks for the security of payment services.

We participate in developing monitoring procedures, conduct and supervisory activities related to security incidents and customer complaints. We participate in developing procedures for documenting, monitoring, tracking and restricting access to sensitive data regarding payments.

We participate in developing solutions ensuring business continuity (BIA analysis, risk assessment sheet), implementation of a business continuity plan including measures limiting the risk of business continuity.

We take part in exercising control over compliance of law by payment institutions in the scope of:

• compliance of the services provided with the scope of legal regulations applicable to the payment institution;
• compliance of the services provided with anti-money laundering regulations;
• compliance of the services provided with the provisions on the protection of personal data performance of reporting obligations towards all competent authorities in terms of compliance with applicable requirements, compliance with data from the entity’s transaction and accounting systems, timely performance performing information obligations towards service users;
• execution of payment transactions in accordance with the requirements of the relevant provisions, in particular, regarding the completion time, fees charged to users, complaints;
• managing the outsourcing of payment institution’s activities, managing the agent network, implementation of individual supervisory measures of the Polish Financial Supervision Authority and recommendations of the Polish Financial Supervision Authority.

We conduct training in the field of personal data protection tailored to the requirements of the management, customer service departments, verification and recovery.

We conduct training in the field of counteracting money laundering and terrorist financing for employees of obligated institutions.

We advise on creating internal procedures for payment institutions in the field of customer verification, service, debt collection and complaint processes.

Based on national, European and international regulations on consumer credit and lending activities, we offer comprehensive legal advice to rapidly growing LendTech and Digital Lending financial institutions providing lending and consumer credit services in the Polish and foreign markets. Based on Polish and European regulations, including documents such as:

• Act of 12 May 2011 on consumer credit;
• The Act of 1 March 2018. On counteracting money laundering and terrorist financing (the so-called anti-money-laundering law, AML Act);
• Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC, 2013/36/EU and Regulation (EU) No 1093/2010 and repealing Directive 2007/64/EC (Text with EEA relevance);
• Directive 2008/48/EC of the European Parliament and of the Council of 23 April 2008 on credit agreements for consumers and repealing Council Directive 87/102/EEC (Consumer Credit Directvie, CCD);
• Act of 5 August 2015 on the handling of complaints by financial market entities and the Financial Ombudsman;
• Act of 30 May 2014 on consumer rights;
• Act of 16 February 2007 on competition and consumer protection;
• Guidelines and recommendations of the European Banking Authority (EBA) and the Financial Supervision Commission (FSC);
• Act of 29 August 1997. Banking Law;
• Act of 9 April 2010 on providing access to business information and exchange of business data;
• Act of 8 March 2013 on counteracting excessive delays in commercial transactions;
• Decisions of UOKIK and the Financial Ombudsman;
• Act of 19 August 2011 on payment services;
•  Act of 18 July 2002 on the provision of services by electronic means;
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC (General Data Protection Regulation);
• Act of 21 July 2006 on the supervision of the financial market;
• Act of 6 March 2018. Entrepreneurs’ Law;

we are looking for practical, optimal-to-implement solutions to support innovative business ideas of clients – companies and lending institutions from the LendTech and Digital Lending industries.

• how – from a legal point of view – to start a business in the loan company sector in Poland?
• how – from the legal point of view – to offer credit products to consumers (consumer credit, loan agreement, credit agreement within the meaning of the provisions of the Banking Law, agreement on deferring the fulfilment of monetary performance to the consumer if the consumer is obliged to pay the costs connected with deferring the performance, credit agreement in which the creditor assumes an obligation towards a third party and the consumer to return the performed performance to the creditor, revolving credit agreement)?
• how to design credit products for individuals and SMEs (electronic micro-loans for consumers, working capital loans and debt relief loans for companies)?
• what AML requirements must lending institutions comply with?
• how to protect personal data of clients – consumers in loan institutions?
• how to start up business in Poland while already operating in another country?
• how to respond correctly to consumer demands related to loans and how to conduct complaint processes correctly?
• how to respond to requests from the Financial Ombudsman or the Polish Financial Supervision Authority?
• how to act correctly in proceedings conducted by the Office of Competition and Consumer Protection?
• is it necessary to start up as a Small Payment Institution (MIP) or a National Payment Institution (NIP)?
• what regulatory requirements must be met in order to operate as a Small Payment Institution (MIP) or National Payment Institution (NIP)?
• how to provide services in the bnpl (by now pay later) model?
• how to implement modern forms of credit based on the credit card?
• what conditions need to be met in order to cooperate with or become a credit card issuer ?
• how to process your customers’ personal data and protect it properly?

contact our lawyers who specialise in consumer credit, LendTech and Digital Lending.

• comprehensive support to lending institutions in day-to-day operations, in particular on issues such as data protection, RODO, compliance and AML;
• legal risk management in the area of personal data protection, RODO, compliance and AML;
• ongoing monitoring of legislation, case law of common courts and the Court of Justice of the European Union (CJEU), decisions and positions of the Office of Competition and Consumer Protection (UOKiK) and the Financial Ombudsman (RF) – recommendations on the application of guidelines resulting from these acts;
• ensuring compliance with the guidelines and recommendations of the Polish Financial Supervision Authority (PFSA);
• support at the stage of designing and creating credit products, both short-term loan agreements, instalment loan agreements and bundled loan agreements;
• advising on the establishment of institution structures and on the creation of product offerings using modern technologies and mobile applications;
• drafting and providing opinions on draft consumer credit agreements, ensuring their compliance with the provisions of the Consumer Credit Act, current decisions of the Office of Competition and Consumer Protection (UOKiK) and case law of common courts;
• providing data protection advice to financial institutions and lending institutions;
• provision of data protection officer (DPO) services and ongoing support to the DPO appointed by the client;
• support to lending institutions on particularly sensitive issues such as maximum non-interest credit costs, early repayment of consumer credit, bundled credit agreements, marketing of credit products or creditworthiness assessment including automated decision-making mechanisms;
• support in the negotiation and conclusion of agreements with business partners such as credit reference agencies, credit assessment support providers and financial intermediaries;
• advice on raising finance through activities such as issuing corporate bonds;
• support for the introduction of innovative solutions for building competitive advantage, such as behavioural data analysis in credit assessment, behavioural targeting, identity verification using behavioural data, in particular – identity verification using image;
• creation, development and implementation of documents such as regulatory documentation and internal regulatory procedures, as defined by the provisions of the AML/CFT Act (the so-called AML), including the obliged institution’s internal procedure, breach notification and reporting procedure;
• organisation and delivery of training courses on personal data protection, tailored to the requirements of the management staff of loan institutions, customer service, verification and recovery departments;
• organisation and delivery of training on AML/CFT for employees of obliged institutions;
• advising on the development of internal procedures for lending institutions on issues such as customer verification, customer service, debt collection or complaint processes;
• representation of loan institutions and LendTech companies in relations with administrative authorities – the Office of Competition and Consumer Protection (UOKIK), the Office of Personal Data Protection (UODO), the Polish Financial Supervision Authority (KNF) and the Financial Ombudsman (RF);
• introduction of financial institutions to the Polish market;
• legal risk mapping, legal risk management in LendTech;
• implementation of cloud solutions in LendTech companies;
• outsourcing of AML-related processes.

We support leading Polish and European entities – financial institutions, granting consumer loans and loans to entrepreneurs, as well as consumer E-lending microlending – companies operating in the broader LendTech sector.

We advise individuals who hold board member, head of lending, compliance officer and AML officer positions.

We represent loan institutions in relations with administrative bodies – the Office for Competition and Consumer Protection, the Personal Data Protection Office, the Polish Financial Supervision Authority, the Financial Ombudsman.

We monitor legislation and case law relating to the LendTech sector in Poland, the European Union and non-EU countries. We encourage you to read our blog where we share our practical experience gained in the course of various projects for LendTech companies.

In 2021, legal advisor Monika Macura received a prestigious award from the Lendtech Foundation, which creates and supports the FinTech & LendTech and digital lending ecosystem in Poland, for her substantive contribution, innovation and commitment to the development of the LendTech ecosystem in Poland. We regularly participate in the most important industry events for LendTech and Digital Tech companies, such as the annual LendTech Congress. We are also an active member of the Polish Association of Loan Institutions.

Analyzing national, European and international regulations and best practices regarding the broader cryptoasset market and tokenization issues, including but not limited to:

• the law of March 1, 2018. on anti-money laundering and countering the financing of terrorism (the so-called anti-money-laundering law, AML law);
• regulation on cryptoasset markets (MiCA);
• The position of the KNF, the decisions of the OCCP and the Financial Ombudsman;
• Digital Operational Resilience Ordinance (DORA);
• Cyber Security Directive (NIS2);
• Law on cryptoassets.

We offer comprehensive legal advice to cryptocurrency service companies and entrepreneurs and individuals interested in tokenization.

• How to open a virtual currency exchange and broker crypto assets?
• What regulatory requirements must be met to open a cryptocurrency exchange?
• What regulatory requirements must be met to open an exchange office ?
• How to obtain a registration for virtual currency activities (the so-called VASP license)?
• When should a VASP also be authorized to provide payment services?
• How to obtain a CASP (crypto asset service provider) license?
• What are the legal aspects of token issuance?
• What conditions must be met in order to issue tokens that are electronic money, according to MICA?
• Who can issue a token that is electronic money?
• What conditions must be met in order to issue ART (asset-linked) tokens according to MICA?
• What are digital currencies?
• How to prepare and report to the KNF a disclosure document for the issuance of a MICA-compliant token?
• What are the benefits of using smart contracts?

• Comprehensive legal support in all aspects of business operations for cryptocurrency companies in terms of Polish and European legal regulations.
• Legal advice on opening cryptocurrency exchanges and cryptocurrency exchange offices.
• Advice at every step of the process of establishing a business and obtaining registration in the register of virtual currency activities (known as obtaining a cryptocurrency license).
• Support in the process of applying for a payment service provider license for a cryptocurrency company.
• Develop and implement internal procedures for customer verification (KYC), AML and RODO.
• Legal support for business relations with payment service providers, banks and other financial institutions.
• Legal support and advice to ensure compliance with upcoming regulations, including MiCA.
• Support and advice on the legal aspects of the use of tokens representing rights or property values.
• Legal and tax assessment of blockchain-based services.
• Develop business assumptions for the issuance of EMT and ART tokens.
• Legal analysis of the possibility of issuing, using and trading an e-money token outside the EU, including in particular the UK and the US, if the token were to be traded outside the EU.
• Legal support in obtaining a bank (credit institution) as a partner – depositor of funds raised in connection with the issue – including MiCA.
• Prepare and submit submissions to the KNF, prepare information documents for token issuance, in compliance with requirements from MiCA.
• Advising on the creation of agreements between participants in the token issuance process.

We support Polish, European and international entrepreneurs with digital currencies and tokenization projects, issuers and intermediaries of digital currencies.

We support a project to issue tokens that are electronic money.

We provide legal support for projects using payment instruments based on digital currency feeds.

We also advise companies interested in opening and operating cryptocurrency exchanges and cryptocurrency exchange offices.

Based on national, European and international data protection and privacy regulations, including in particular provisions such as:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (RODO);
• guidelines and documents issued by the European Data Protection Board (EROD);
• Act of 10 May 2018. on the protection of personal data;
• Act of 18 July 2002 on the provision of electronic services;
• Act of 16 April 1993 on combating unfair competition;
• Act of 16 February 2007 on the protection of competition and consumers;
• specific industry regulations, including:
• Act of 16 July 2004 on Telecommunications Law;
• Act of 29 August 1997 on the Banking Law;
• Act of 1 March 2018 on the prevention of money laundering and financing of terrorism;
• Act of 12 May 2011 on consumer credit;
• Act of 19 August 2011 on payment services;
• Act of 9 April 2010 on the disclosure of information economic and exchange of economic data;
• Act of 22 May 2003 on compulsory insurance, the Insurance Guarantee Fund and the Polish Motor Insurers’ Bureau;
• regulations and guidelines of the Banking Supervision Commission;

Our law firm supports companies in the FinTech, LendTech and e-commerce industries, as well as the banking and finance sector, in preparing and implementing an effective and secure strategy for the broad collection, storage and processing of collected personal data.

We start by auditing the ways, procedures and levels of personal data and privacy protection. On this basis, we prepare reports, including practical guidance on the creation and implementation of appropriate data protection and privacy regulations and internal procedures. If necessary, we represent and advise clients in the event of a personal data breach or leakage, as well as control procedures carried out by the relevant authorities.

We answer questions and propose practical, ready-to-implement solutions, taking into account the business realities of clients’ operations. If you are wondering or in doubt:

• what is personal data?
• why is personal data important?
• what data can be collected?
• why do you need to protect personal data?
• how to protect personal data?
• which personal data is sensitive?
• how long can personal data be stored?
• when do we process personal data?
• if and when can personal data be disclosed?
• if and when can or must personal data be deleted?
• if and when must personal data be disclosed?
• what is the processing of personal data on the basis of a legitimate interest pursued by the controller or by a third party?
• is there and how to organise the transfer of personal data to third countries?

contact our lawyers who specialise in data protection, RODO and privacy.

• GDPR audits and surveys, data protection audits, privacy audits (privacy by design and privacy by default).
• Data processing impact assessment for clients’ business operations.
• Data Protection Impact Assessment (DPIA).
• Review and modification of information clauses and consents to comply with the provisions of the GDPR.
• Ongoing consultation on the GDPR, privacy and data protection.
• Privacy compliance – compliance analysis of solutions and products using personal data.
• Creation, development and preparation of policies, registers, Procedures and documentation relating to RODO, privacy and personal data protection, including documents such as information security policy, personal data processing entrustment agreement, policy for permitted use of IT devices or systems, BYOD policy, data processing registers, rules and procedures for dealing with personal data protection breaches, rules for dealing with personal data leaks, cookie policy.
• Development of procedures for the selection of contractors with access to data (processors) and their periodic verification.
• Defining the principles of granting authorisations to process personal data and supervising the process of granting and withdrawing authorisations.
• Defining the principles and legal basis for the acquisition and processing of personal data.
• Developing template responses to clients on issues related to the processing of personal data, consistent with the purposes and categories of personal data processed.
• Developing and maintaining a register of data processing activities and a register of processing categories.
• Developing document templates tailored to the client’s specific business – data processing information and consent templates for personal data processing for marketing purposes.
• Aligning business procedures with requirements in line with the RODO and so-called sector-specific regulations, in particular regulations specific to payment institutions, lending institutions, institutions operating in the insurance sector.
• Assessing data protection breaches – verifying the need to notify the regulator and data subjects of potential remedies.
• Preparation and filing of notifications to regulators and data subject notifications.
• Advising and representing in investigations, control proceedings before public authorities and before the courts on matters relating to the processing of personal data, privacy, as well as breaches of personal data protection and breaches of privacy, complaints and requests from data subjects or questions from regulators.
• Representation and conduct of proceedings before the President of the Personal Data Protection Authority (PUODO).
• Management of risks and incidents of breaches of personal data procedures, identification of appropriate remedies and collection of adequate documentation related to the notification.
• Internal investigations of irregularities in the collection, storage and processing of personal data.
• Advising on issues relating to the processing of personal data in the cloud , covering the nature of processing, access to data and transfer of data to third countries, support in negotiating contracts with service providers.
• Conducting dedicated trainings, seminars and workshops for board members, managers and employees on the collection, storage and processing of personal data, RODO and privacy protection, during which our experts suggest how to meet the requirements arising from Polish, European and international data protection regulations.
• Performing the function of Data Protection Inspector (IOD, former information security administrator – ABI) in companies in the financial sector (payment institutions, lending institutions, consumer credit intermediaries, insurance agents), support during the implementation of tasks by the IODO appointed at the client.
• Proactive response to regulatory changes – ensuring ongoing compliance with the RODO to avoid penalties and liability for company malfunctions.

We advise leading companies in the FinTech, LendTech and e-commerce sectors, as well as entities in the financial sector, IT and startups. We support individuals serving as board members, directors, those responsible for Information Security, Chief Information Officer (CIO) and Compliance Office.

We monitor the legislation and evolving practice of data protection in Poland, the European Union and non-EU countries. We encourage you to read our blog, where we share our practical experience gained during the implementation of projects on data protection, GDPR and privacy protection.

We carry out audits to assess the degree of compliance of a client’s activities with the provisions of the GDPR, in particular in the field of privacy by design and privacy by default, as well as other requirements arising from the GDPR

We adjust our clients’ activities to the requirements of the GDPR and the so-called sectoral regulations, in particular regulations applicable to payment institutions, loan institutions, institutions operating in the insurance sector. As part of implementation activities, we provide support in ensuring compliance with the provisions of the GDPR, in particular:

• We develop procedures for the selection of contractors having access to data (processors) and their periodic verification;
• We define the rules for granting authorization to process personal data and supervise the authorization process;
• We define the principles and legal grounds for obtaining and processing personal data;
• We develop response patterns for clients regarding issues related to the processing of personal data, consistent with the purposes and categories of personal data processed;
• We develop provisions for the personal data processing agreements and adequate security measures for personal data required from our clients’ business partners;
• We prepare and update the data processing activities register and the processing categories register;
• We develop data security policies;
• We develop procedures for reporting personal data breaches;
• We develop data protection impact assessment (DPIA) procedures;
• We carry out impact assessments for the protection of personal data;
• We develop and implement a program to check the adequacy of implementation activities;
• We develop privacy and cookie policies;
• We represent clients in proceedings before the Personal Data Protection Office in matters of complaints and control proceedings.

We advise in the event of an incident of a personal data security breach, we determine appropriate remedies, we take care of collecting adequate documentation related to reporting a data breach and we prepare the content of the notification to the Personal Data Protection Office.

We organize and conduct dedicated trainings in the field of personal data protection and information security.

We act as a data protection officer in enterprises of the financial sector (payment institutions, loan institutions, consumer credit brokers, insurance agents).

Based on national, European and international regulations concerning the law of new technologies, including artificial intelligence (AI), blockchain technology, crypto-assets, we offer legal support to the FinTech, LendTech, e-commerce and banking and finance sectors as well as the IT industry. Based on Polish and European regulations, including documents such as:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of data, personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (RODO);
• Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act);
• Guidelines and documents issued by the European Data Protection Board (EROD);
• The Act of 10 May 2018. on the protection of personal data;
• Act of 18 July 2002 on the provision of electronic services;
• specific industry regulations, including:
• Act of 16 July 2004 Telecommunications Law;
• Act of 29 August 1997 – Banking Law;
• Act of 1 March 2018 on the prevention of money laundering and financing of terrorism;
• Act of 19 August 2011 on payment services;
• Act of 9 April 2010 on sharing of business information and exchange of business data;
• Act of 29 July 2005 on trading in financial instruments;
• The Act of 12 May 2011 on consumer credit;
• Regulation (EU) 2022/858 of the European Parliament and of the Council of 30 May 2022 on a pilot system for the the needs of market infrastructures based on distributed ledger technology, as well as amendments to Regulations (EU) No 600/2014 and (EU) No 909/2014 and Directive 2014/65/EU (DLT Pilot Regime);
• Regulations and guidelines of the Financial Supervisory Commission (in particular the Financial Supervisory Authority’s Position on the issuance and trading of cryptoassets) and the European Banking Authority;
• Guidance and recommendations from the Financial Action Task Force (FATF), in particular the FATF Standards on Virtual Assets and VASPs and Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers;
• upcoming regulations, including:
• Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (AI ACT) and amending certain legislative acts of the union (AI ACT);
• Regulation of the European Parliament and of the Council on cryptoasset markets and amending Directive (EU) 2019/1937 (MICA);
• Regulation of the European Parliament and of the Council on the operational digital resilience of the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014 and (EU) No 909/2014 (DORA);

We help implement modern technological solutions, often changing the face of the banking and financial sector.

It should be emphasised that there is not infrequently a lack of regulations or legislative work in progress in the area of new technologies, as in the case of the EU regulation on artificial intelligence, referred to as the Artificial Intelligence Act (AI Act). In light of the work on this document, very many current solutions or systems in the FinTech industry in the field of automated credit scoring or automated scoring models may be considered AI systems (due to the broad definition) and consequently also high-risk AI systems (due to the definition of high-risk AI system). Consequently, such AI solutions or systems will have to comply with a number of additional requirements set out in the Regulation. Traders will be required to carry out an assessment of the risks posed by AI-based solutions, will be required to provide clear information about the AI system to users.

Legislative work is also being advanced to regulate the broader cryptocurrency market. Of particular note is the draft Crypto Assets Markets Act (MICA), which will be a revolution for much of the cryptocurrency industry in Europe. There is no doubt that many projects using cryptocurrencies will have to adapt to the new legal and regulatory reality that this will come with the entry into force of the MICA regulation.

That is why, when supporting clients in the process of implementing new technological solutions, we answer questions and propose practical and risk-reducing solutions, taking into account current business realities as well as planned legislation. If you are wondering or in doubt:

• How to bring artificial intelligence (AI)-based solutions to market?
• What research, testing and validation procedures should be carried out before, during and after the development of an AI system?
• What is the liability for damages caused by AI?
• what will the entry into force of the EU Artificial Intelligence Regulation, referred to as the Artificial Intelligence Act, mean for my organisation?
• Which AI industries are qualified as high-risk systems?
• What requirements will high-risk AI systems have to meet?
• What are the legal implications of issuing tokens, crypto-assets?
• What are the legal restrictions on the implementation of blockchain-based technology?
• What are the possibilities for effective implementation of the right to be forgotten in networks based on blockchain technology?
• What are the possible ways of protecting the creations of new technology and artificial intelligence?
• how to properly structure a contract for the implementation and maintenance of an IT system?
• How to protect customers’ personal data in cloud technologies?
• Is the planned IT solution architecture compatible with open source software licences
• What are the legal risks in the area of implementing innovative online and mobile payment solutions?

Get in touch with our lawyers who specialise in new technology and IT issues, in particular blochain technology, cryptocurrencies and artificial intelligence.

• Legal support for Artificial Intelligence (AI) implementation projects;
• Legal advice for systems based on machine-learning, but also systems based on logical methods, knowledge, statistical approaches, search and optimisation methods
• Development of concepts for the use of tokens representing rights or property values (in blockchain technology);
• Legal and tax assessment of blockchain-based services;
• Legal support for cryptocurrency market activities;
• Advice on the opening of cryptocurrency exchanges;
• Legal assistance for the establishment of cryptocurrency exchanges;
• Advice on the protection of intellectual property for software developers, mobile applications and Internet service providers;
• Drafting and negotiating contracts for the implementation of IT systems (particularly in the agile model), advice on managing IT projects;
• Advice on data collection and processing in IT systems and on the protection of databases;
• Counselling in disputes arising from infringement of software copyrights;
• Drafting of licence and outsourcing agreements;
• Drafting contracts for the use of services in the SaaS model;
• Counselling on the use of cloud solutions, including compliance with RODO;
• Legal services for implementations of IT systems, including with the use of cloud technology (cloud computing);
• Drafting of licence and service agreements (SLA);
• Drafting contracts for the provision of IT services, as well as contracts for the supply of IT equipment;
• Legal advice on IT outsourcing, including with regard to financial market requirements;
• Legal service of data migration processes;
• Legal advice on data processing in the IT area, taking into account the provisions of RODO (GDPR), including the application of privacy by design and privacy by default principles;
• Legal advice to developers of computer applications and software, including computer games and online games;
• Advice on running an e-business;
• Legal advice in the area of innovative online payment solutions and mobile payments, setting up structures and procedures for concluding financial transactions using electronic devices.

We specialise in advising the FinTech, LendTech, e-commerce and banking and finance industries on the implementation of technological solutions based in particular on the blockchain network and artificial intelligence.

We assist entrepreneurs planning to set up a cryptocurrency exchange or cryptocurrency exchanges and in the trading of virtual currencies.

We advise software and application developers to protect their intellectual property. We have extensive experience in dealing with online businesses, start-ups and software houses.

We monitor legislation and case law relating to the new technology and IT sector in Poland, the European Union and non-EU countries. We encourage you to read our blog, where we share our practical experience gained during the implementation of various projects.

Based on national, European and international regulations affecting the operations and functioning of e-commerce companies, including documents such as:

• Telecommunications Law;
• Act on the provision of electronic services;
• Consumer Rights Act;
• Omnibus Directive;
• Personal Data Protection Regulation.

Our law firm supports companies in the e-commerce and e-commerce sector. We have many years of practical experience gained from projects involving setting up and running a business in the world and virtual reality.

We start with an in-depth discussion and understanding of the client’s needs. Based on the information about business objectives and requirements, we develop tailored solutions for the specific business, which we then discuss with the clients, sharing our experience. We also review and supplement existing documents, regulations or policies that are relevant to the e-commerce industry.

We support both companies that are just planning or taking their first steps in e-business – start-ups, as well as leading market players. Based on our experience and completed projects to date, we are able to realistically estimate the time required to develop selected documents, regulations and policies, so that All necessary documents are ready on the day services are launched.

We answer questions and propose practical, ready-to-implement solutions that take into account the business realities of our clients’ operations.

If you are wondering or have doubts:

• How – from the legal point of view – to set up and run an online shop, a service portal, an application offering services?
• What should the documentation of an online shop look like and what regulations should it contain?
• Is the web shop legal?
• How do I operate a web shop legally?
• What are the basic documents needed to operate a web shop legally?
• What legal documents are needed to set up an e-commerce start-up?
• What should the terms and conditions of an online shop or mobile app be like?
• How to run competitions and customer loyalty programmes?
• How to legally use social media for marketing purposes?
• What should be the wording of so-called marketing consents?
• Can marketing consent be implied?
• Can marketing consents be compulsory?
• How to write a privacy policy?
• What are checkboxes?
• What should be the content of the checkboxes for processing personal data?

Contact our lawyers who specialise in advising e-commerce operators.

• we create legal models for various types of e-commerce activities on the Internet – online shops, websites, online platforms, mobile applications, marketplace;
• we prepare risk analyses related to the operation of e-commerce business, analyses of admissibility and possibilities of introducing innovative solutions on the Polish market of digital services;
• we advise on setting up and launching online shops and platforms, as well as on launching various types of mobile applications;
• we provide ongoing legal services for online shops, e-commerce platforms and mobile applications;
• websites – verification and drafting of legal documentation, legal audits of websites in terms of personal data protection, RODO, cookies, rules of access to websites in different language versions;
• online shops – legal advice at the stage of planning and setting up an online shop, also with regard to the required registration and obtaining permits; verification of the correctness of the construction and operation in terms of formal and legal issues, e.g. with regard to RODO, consumer rights protection, B2B and B2C sales, warranty and returns policy; creation and verification of such documents as rules of online shop compliant with RODO and the Consumer Rights Act, privacy policy, cookies policy, comprehensive RODO documentation, general terms and conditions of sale/purchase, newsletter terms and conditions, model commercial contracts, verification of shopping paths with regard to their compliance with the law, information clauses, consent clauses for data storage and processing, clauses including marketing consents (so-called ‘marketing consents’), model contracts, model instructions on rights, model withdrawal agreements The following are examples of contract terms and conditions: information clauses, consent clauses for the storage and processing of data, marketing consent clauses (so-called marketing consents), model contracts, model notices of rights, model withdrawal periods;
• e-commerce portals, marketplace platforms – drafting regulations of shops, services, mobile applications, privacy policies, cookie policies, adjusting regulations and internal procedures, support in obtaining financial licences;
• legal support for sellers, persons running online shops and sales profiles;
• e-services and applications – advice on implementation, with particular emphasis on data protection, consumer rights protection and rules and regulations;
• contracts with suppliers, subcontractors and contractors – verification of legal compliance of contracts, advice on negotiation and conclusion of contracts such as distribution agreement contract dropshipping, delivery and distribution agreements;
• relations with consumers (customers of online shops) – creating and verifying rules and regulations for purchases, rules and regulations for deliveries, returns, exchange of goods, procedures for protection, processing and collection of personal data of natural persons, protection of consumer rights, consumer sales, conclusion of distance contracts, termination of contracts concluded at a distance, withdrawal from contracts concluded at a distance, also with regard to financial services and insurance services;
• creation and revision of documentation, policies and procedures, taking into account the characteristics of the activities carried out and the related risks concerning loss or violation of personal data, violation of consumer rights or copyrights;
• support for implementation, as well as ongoing updating of security and RODO documents and procedures;
• broadly defined compliance – examination of entities’ compliance with legal requirements – telecommunications law, GDPR, personal data protection, AML;
• preparation of documentation for loyalty programmes, competitions for the benefit of consumers, including preparation of rules and regulations;
• comprehensive legal advice to entities operating as start-ups, including preparation of model articles of association, registration of entities in the National Court Register, templates and document templates needed to actually start the business;
• Distribution of commercial information by electronic means, direct marketing – development of documentation setting out the legal basis and adequate consents, tailored to business needs and objectives
• behavioural marketing, profiling, e-marketing, innovation activities – advising on the development of documentation and adequate consents;
• audits of marketing activities for legal compliance (legal-marketing due diligence);
• Legal advice on geo-location issues;
• counselling in connection with transformations – mergers and acquisitions of companies and e-commerce applications, both in terms of formal and legal aspects, as well as at the level of developing common RODO regulations, data protection, handling the sales process, transfer of know-how, technology, databases and data sets;
• organisation and conduct of dedicated trainings and workshops in the areas of, inter alia, GDPR, personal data processing and protection, compliance or AML, as well as other legal issues related to the conduct of e-commerce activities;
• we also perform the functions of a personal data protection inspector (DPO), which you can read more about in the description of the specialisation “Personal data”.

We support leading e-commerce companies and start-ups, in existing and emerging ventures. We offer legal assistance to owners and operators of small and large online shops. We advise owners, board members, directors, information security officers, Chief Information Officer (CIO) and compliance officers, as well as investors. We support Polish companies in their expansion into foreign markets, as well as foreign companies who wish to enter the Polish or European market.

We monitor legislation and developing practice in advising e-commerce entities in Poland, the European Union and non-EU countries. We encourage you to read our blog where we share our practical experience gained during projects for e-commerce companies.

The operation of companies is based largely on the Commercial Companies Code (CCC), but also on a number of other pieces of legislation, such as:

• Competition and Consumer Protection Law;
• Entrepreneur’s Law;
• Accounting Act;
• Civil Code;
• Law on supervision of the financial market;
• in terms of its licenses and permits, e.g. for the provision of payment services – also on a number of other laws, such as the Payment Services Law, the Banking Law, the Telecommunications Law.

Our legal advisory covers all types of merger and demerger transactions collectively referred to as mergers and acquisitions (M&A):

• merger, aquisition and division of companies;
• joint venture transactions;
• sale of shares or stocks;
• creation of consortium holdings and capital groups (parent/sister companies);
• due diligence of investors and sellers.

• How to safely buy or sell shares in a FinTech company?
• How to increase the company’s share capital and issue shares?
• What legal form (if any) should be adopted for the implementation of joint ventures?
• How to incorporate a FinTech company into a holding or capital group structure?
• How do you verify a potential business partner before a joint venture?
• Why it is worthy to perform due diligence, how to conduct it correctly?
• What benefits will a letter of intent, investment memorandum and investment agreement bring to the investment?
• How long does the merger process take, and which merger model is considered the most advantageous in a given case?

• We support clients at every stage of the transaction from its planning and structuring to post-trade counseling;
• We conduct due diligence on investors and sellers;
• We agree with the client on the scope of due diligence to provide the client with a picture of the financial, tax, legal and organizational situation of the venture;
• As a result of our due diligence, we provide the client with a list of legal, financial, tax risks and their impact on the transaction;
• We are developing a legal model for the transaction;
• We advise on the valuation of the company depending on the chosen form of financing;
• We develop offering documentation for potential investors;
• We negotiate with institutions and potential investors from the initial discussions to the closing of the entire process;
• We create and review draft transaction documentation, such as letters of intent, non-disclosure agreements (NDAs) and share purchase agreements (SPAs);
• We prepare documentation for joint venture transactions (joint venture agreements) and shareholders’ agreeements;
• We represent clients before courts and authorities;
• We take care to protect the company’s data at every stage of the project;
• We support newly established entities at the post-transaction stage.

We support Polish, European and international entrepreneurs in the FinTech, technology and financial sectors, including those pursuing cryptocurrency and tokenization projects, in buying and selling shares, creating joint ventures, holding companies and capital groups. We support buyers and sellers in the design and implementation of due diligence studies, creating suggestions based on them to minimize possible risks.

We support entrepreneurs in obtaining financing for the development of various types of investment projects. We find adjoust sources of financing to meet the requirements and needs of our clients, supporting them in selecting a specific financing model, as well as finding and verifying the right counterparties. We select personalized solutions for a particular client – matched to their needs and the circumstances of the transaction. We benefit from our network of contacts and extensive experience in implementing such projects.

• How to obtain financing?
• How do you choose financing?
• Where to look for funding?
• How do you protect yourself when obtaining financing?
• What issues to regulate in the contract, obtaining financing?
• What documents should be prepared when obtaining financing?

• Selection of appropriate financing for investment projects;
• Formal and legal service of the process of obtaining and selecting financing and the financing itself;
• Vendor/buyer due diligence including investment projects, comprehensive mapping of the financial, tax, legal and organizational situation of the venture;
• Full legal service of transactions when using sources of financing such as bonds, share deal, asset deal, Venture Capital, Private Equity or Mezzanine funds, banks – investment loans, bank loans and other banking instruments;
• Assessing the specifics of the enterprise and discussing strategy and selection of the best form of financing for the venture;
• Developing a strategy for implementing the project – choosing a method of raising capital, among other things;
• Development of a draft financial model (business plan, investment models and risks);
• Valuation of the company depending on the chosen form of financing;
• Development of bidding documentation for potential investors;
• Participation and negotiation with institutions and potential investors, from initial discussions to closing the entire process;
• Preparation of relevant agreements (e.g., share or stock sale agreement, investment agreement, joint venture agreement, loan or bond issue documentation);
• Post-trade support and supervision of project implementation;
• Developing exit rules (including through the use of put options, call options, drag & tag along rights, waterfalls schemes, liquidation preferece, lock-up agreements);
• Tokenization of securities;
• Crowdfunding.

We support business – Polish, European and international entrepreneurs in the FinTech, technology and financial sectors, including those pursuing cryptocurrency and tokenization projects, in obtaining financing. We help design models for modern financing.

The Firm represents financial market institutions in proceedings before the Office for Competition and Consumer Protection (UOKIK), the Office for Personal Data Protection (UODO), the Financial Supervision Authority (FSC), the Financial Ombudsman (RF).

We advise supervised institutions on the implementation of recommendations of the Financial Supervision Authority (FSC) and EBA guidelines

We verify the compliance of the activities of supervised institutions with legal regulations relevant to the activities of a given institution

We support supervised institutions in complying with legal regulations in terms of:

• compliance of the services provided with the scope of legal regulations relevant to the institution concerned;
• compliance of the provided services with anti-money laundering regulations;
• compliance of the provided services with the regulations on personal data protection;
• compliance with reporting obligations to all relevant authorities in terms of compliance with the relevant requirements, compliance with data from the entity’s transaction and accounting systems, timeliness of performance;
• compliance with information obligations towards consumers.