In our Law the Data Protection Officer has been designated who is your contact point for answering any questions relating to the protection of personal data or the management of requests of data subjects. The contact details of the Data Protection Officer are: firstname.lastname@example.org or the address of the registered seat of our Law office for the mailing correspondence. In the processing of personal data, we are primarily governed by the EU General Privacy Act ("GDPR"), which also governs your rights as the data subject, provisions of the Personal Data Protection Act applicable to us (in particular Section 78), Act on advocacy (Section 18) as well as other applicable legislation.
Below we answer the basic questions regarding the processing of personal data by our Law office in the light of Art. 13 and 14 GDPR:
|Purpose||Legal ground according to GDPR|
|Exercise of legal profession (provision of legal services)||Compliance with legal obligation pursuant to article 6 (1) c) GDPR alternatively performance of contract pursuant to article 6 (1) b) GDPR.|
|Provision of non-legal services||Compliance with legal obligation pursuant to article 6 (1) c) GDPR alternatively performance of contract pursuant to article 6 (1) b) GDPR.|
|Compliance with laws and regulations of Slovak Bar Association||Compliance with legal obligation pursuant to article 6 (1) c) GDPR.|
|Monitoring of compliance of Licensing agreements||Legitimate interest pursuant to article 6 (1) f) GDPR: protection of property, financial interest and market position of law office.|
|Legal enforcement||Legitimate interest pursuant to article 6 (1) f) GDPR: establishment, exercise or defense of legal claims of law office.|
|Publication, adjustment and analysis of content via social networks and website of law office||Legitimate interest pursuant to article 6 (1) GDPR: raising awareness about law office in the online environment.|
|Marketing communication||Consent pursuant to article 6 (1) a) GDPR or legitimate interest pursuant to article 6 (1) f) GDPR: direct marketing purposes.|
|Personnel & Payroll||Compliance with legal obligation pursuant to article 6 (1) c) GDPR alternatively performance of contract pursuant to article 6 (1) b) GDPR.|
|Publication of CVs||Consent pursuant to article 6 (1) a) GDPR.|
|Accounting & Tax purposes||Compliance with legal obligation pursuant to article 6 (1) c) GDPR.|
|Statistical purposes||Any other legal ground of above purposes (compatible purposes) in light of article 89 GDPR.|
|Historic and scientific research||Any other legal ground of above purposes (compatible purposes) in light of article 89 GDPR.|
As maybe seen from the above, when processing personal data, we monitor the rely on following legitimate interests of our Law office:
|Protection of property, financial interest and market position of law office||When providing GDPR modules, we need to monitor the number of IP addresses that access documents to the extent necessary to monitor compliance with the Licensing agreement. Monitoring is set up in accordance with the principles of privacy by design and privacy by default at (i) the technically necessary minimum that (ii) is reasonably possible to meet the intended purpose while (iii) under the Licensing agreement we do not need to identify specific users.|
|Establishment, exercise or defense of legal claims of law office||When we do not represent our clients in the case of judicial or out-of-court disputes, negotiations and communication about contractual relations, recovery of claims, disclosure of facts by public authorities and similar activities we establish, defend and exercise legal claims of our office. Hence, we rely on our legitimate interest.|
|Raising awareness about law office in the online environment||When publishing content on our social networks (especially LinkedIn) and on our website, we may process personal data including profiling. We use basic analytics tools like Google Analytics, especially for tracking traffic, trends, success of our campaigns and content, conversion to online documentation purchases, and more.|
|Direct marketing purposes||The purposes of direct marketing may constitute legitimate interests within the meaning of recital 47 of the GDPR. We rely mainly on pertinent legitimate interest mainly while sending a marketing communication in the form of a newsletter or post or in cases where the prior consent of the addressee of the communication is not required under applicable law.|
We provide personal data of our clients and other natural persons only to the extent necessary and always while maintaining the confidentiality of the data recipient e.g. to our employees, persons authorized to exercise legal actions within provision of of legal services, representing or cooperating lawyers / attorneys, to our accounting or tax advisors, server repository providers, accounting software providers ( visible on the invoice), the Slovak Bar Association (e.g. in the case of disciplinary proceedings) or to a provider of software equipment or the support of our Law office, including employees of those persons. Although we have a limited obligation to provide your personal data to public authorities for reasons of confidentiality, we are required to contravene the crime and we also have the obligation to communicate information on the prevention of money laundering and terrorist financing.
In general, we try to set up the processing of personal data by our Law office in way that personal data are not transferred to third countries outside the European Economic Area (EU, Iceland, Norway and Liechtenstein). Email communication and electronic copies of all documentation related to our activity remain stored on servers located in the territory of the Slovak Republic. However, we also use the services of some leading suppliers as the Google, LLC., Facebook, Inc. and Microsoft Corporation. We do not use them primarily for providing legal services but for the purposes of our online activities on the web, blog, search engines, social networks, and marketing, where the link to the client is not so unambiguous (including public as data subjects). These suppliers and facilities are located in the United States of America, which is generally regarded as a third country that does not ensure an adequate level of protection. However, companies that have been certified in the so-called “EU-US Privacy Shield” mechanism are considered as countries ensuring adequate protection of personal data such as EEA/EU countries according to the EU Commission's decision. If, however, we are conducting a cross-border transfer of personal data to third countries, we do so only on the basis of the adequacy decision of European Commission (such as EU-US Privacy Shield) or require other safeguards to protect personal data (e. g, conclusion of model contract clauses.
We store personal data as long as necessary for the purposes for which personal data are processed. When storing personal data, we follow the recommended retention periods in accordance to Resolution of chair of Slovak Bar Association n. 29/11/2011 e.g.
- The incoming mail book / registry and the posting book / registry after it has been filled by the lawyer for ten years from the date of receipt or posting in the last registered mail;
- The inventory list is archived by the lawyer for ten years after writing;
- If the lawyer manages clients' names and client records electronically, at the end of the calendar year he will print his printed form for the calendar year and store it in the office without any time limit;
- The client's file shredding period is 10 years and starts from the day when all the conditions for saving the file to the archive are fulfilled.
Lawyers are subject to regulations of Slovak Bar Association that interpret lawyers' obligations under Advocacy Act, according to which there are certain circumstances that prolong our retention periods of personal data and explicitly prevent us from shredding some documents for rational reasons. e.g.:
- The client file containing the original documents delivered to us by the client shall not be shredded;
- It is not possible to shred the records of client files and names of client files;
- It is not possible to shred the client's file or its part that lawyer is obliged to submit to the state archive;
- It is not possible to shred the client file if any proceedings before the courts, state administration bodies, law enforcement authorities, the Slovak Bar Association that is/are related to the contents of the client file or the lawyer's legal action or omission in providing legal services in matters of the client.
If you are our client, we often obtain your personal data directly from you. In that case, obtaining your personal data is voluntary. Depending on the particular case, the failure to provide personal data by clients may affect our ability to provide high-quality legal services or in exceptional cases, our obligation to refuse to provide legal services. Personal data about our clients may also be obtained from publicly available sources, from public authorities or from other third parties.
If you are not our client, we often obtain your personal data from our clients or from other public or statutory sources, requesting from public authorities, extracting from public registers, obtaining evidence in favor of our client, etc. In such a case, we may obtain personal data without your knowledge and against your will on the basis of our legal authorization and the obligation to practice law in accordance with the Advocacy Act.
“If we process personal data based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.”
“You have a right to object to any processing that is based on legitimate interest or public interest as well as to any direct marketing purposes including profiling.”
GDPR stipulates rights of data subjects from Article 12 to Article 22. Data subject is every natural person we are processing personal data about. However, it is very important whether this natural person is or is not our client, because it may be dependent whether we accept or not accept the data subject´s request. As our client you have right to access, their rectification, erasure, portability as well as request to restriction of the processing or lodge the objection against the processing in accordance with the conditions stipulated int the GDPR. These rights in our opinion also arise from the Act on advocacy and from the internal regulations of the Slovak Bar Association. The right of access, information and portability within the meaning of Article 15 and Article 20 GDPR may not have any persons other than clients because of our legal obligation to maintain confidentiality and by pointing to Section 18 (2) of the Act on Advocacy, where states: “An attorney is under no obligation to provide information about the processing of personal data, to allow access or portability of personal data under a special regulation if this could lead to a violation of the lawyer's duty to observe confidentiality under this Act." However, this restriction applies only to cases where the disclosure of the information could result in an infringement of the confidentiality obligations accordance to Section 23 of the Act on Advocacy. In such cases, we are required to request the client to consent to the provision of the concerned information. In the event that the waiver of the confidentiality obligation would not be in the interest of the client, we are entitled to decide not to provide such information despite the grant of the client's consent (see Section 23 (3) of the Act on Advocacy). If this is not the case, we following the general conditions arising from the GDPR. We believe that automated individual decision-making pursuant to Article 22 GDPR does not occur in our processing operations, but we are ready to hear the opposite view and accept the request for human intervention, if it is justified. You also have the right to file a complaint at any time at Office for the protection of personal data of Slovak Republic or the Slovak Bar Association.