Privacy policy

This Privacy Policy provides an explanation how we process personal data at Dagital Legal, s.r.o., registered seat at: Nové Záhrady I/9, 821 05 Bratislava, Slovak Republic, Company ID (IČO): 50 881 761 (hereinafter referred to as „we“ or „us“). If you have any questions or queries you may contact us by phone on 0911 195 133, by sending an email to info@dagital.eu or by post at the registered seat.

In our Law the Data Protection Officer has been designated who is your contact point for answering any questions relating to the protection of personal data or the management of requests of data subjects. The contact details of the Data Protection Officer are: info@dagital.eu or the address of the registered seat of our Law office for the mailing correspondence. In the processing of personal data, we are primarily governed by the EU General Privacy Act ("GDPR"), which also governs your rights as the data subject, provisions of the Personal Data Protection Act applicable to us (in particular Section 78), Act on advocacy (Section 18) as well as other applicable legislation.

Below we answer the basic questions regarding the processing of personal data by our Law office in the light of Art. 13 and 14 GDPR:


Purpose Legal ground according to GDPR 
Exercise of legal profession (provision of legal services)  Compliance with legal obligation pursuant to article 6 (1) c) GDPR alternatively performance of contract pursuant to article 6 (1) b) GDPR. 
Provision of non-legal services  Compliance with legal obligation pursuant to article 6 (1) c) GDPR alternatively performance of contract pursuant to article 6 (1) b) GDPR.
Compliance with laws and regulations of Slovak Bar Association  Compliance with legal obligation pursuant to article 6 (1) c) GDPR.
Monitoring of compliance of Licensing agreements  Legitimate interest pursuant to article 6 (1) f) GDPR: protection of property, financial interest and market position of law office. 
Legal enforcement  Legitimate interest pursuant to article 6 (1) f) GDPR: establishment, exercise or defense of legal claims of law office.
Publication, adjustment and analysis of content via social networks and website of law office Legitimate interest pursuant to article 6 (1) GDPR: raising awareness about law office in the online environment.  
Marketing communication  Consent pursuant to article 6 (1) a) GDPR or legitimate interest pursuant to article 6 (1) f) GDPR: direct marketing purposes.
Personnel & Payroll  Compliance with legal obligation pursuant to article 6 (1) c) GDPR alternatively performance of contract pursuant to article 6 (1) b) GDPR.
Publication of CVs  Consent pursuant to article 6 (1) a) GDPR.
Accounting & Tax purposes  Compliance with legal obligation pursuant to article 6 (1) c) GDPR.
Statistical purposes Any other legal ground of above purposes (compatible purposes) in light of article 89 GDPR.
Historic and scientific research Any other legal ground of above purposes (compatible purposes) in light of article 89 GDPR.

As maybe seen from the above, when processing personal data, we monitor the rely on following legitimate interests of our Law office:

Legitimate interest  Description
Protection of property, financial interest and market position of law office When providing GDPR modules, we need to monitor the number of IP addresses that access documents to the extent necessary to monitor compliance with the Licensing agreement. Monitoring is set up in accordance with the principles of privacy by design and privacy by default at (i) the technically necessary minimum that (ii) is reasonably possible to meet the intended purpose while (iii) under the Licensing agreement we do not need to identify specific users.
Establishment, exercise or defense of legal claims of law office When we do not represent our clients in the case of judicial or out-of-court disputes, negotiations and communication about contractual relations, recovery of claims, disclosure of facts by public authorities and similar activities we establish, defend and exercise legal claims of our office. Hence, we rely on our legitimate interest.
Raising awareness about law office in the online environment When publishing content on our social networks (especially LinkedIn) and on our website, we may process personal data including profiling. We use basic analytics tools like Google Analytics, especially for tracking traffic, trends, success of our campaigns and content, conversion to online documentation purchases, and more.
Direct marketing purposes The purposes of direct marketing may constitute legitimate interests within the meaning of recital 47 of the GDPR. We rely mainly on pertinent legitimate interest mainly while sending a marketing communication in the form of a newsletter or post or in cases where the prior consent of the addressee of the communication is not required under applicable law.

We provide personal data of our clients and other natural persons only to the extent necessary and always while maintaining the confidentiality of the data recipient e.g. to our employees,  persons authorized to exercise legal actions within provision of of legal services, representing or cooperating lawyers / attorneys, to our accounting or tax advisors, server repository providers, accounting software providers ( visible on the invoice), the Slovak Bar Association (e.g. in the case of disciplinary proceedings) or to a provider of software equipment or the support of our Law office, including employees of those persons. Although we have a limited obligation to provide your personal data to public authorities for reasons of confidentiality, we are required to contravene the crime and we also have the obligation to communicate information on the prevention of money laundering and terrorist financing.

In general, we try to set up the processing of personal data by our Law office in way that personal data are not transferred to third countries outside the European Economic Area (EU, Iceland, Norway and Liechtenstein). Email communication and electronic copies of all documentation related to our activity remain stored on servers located in the territory of the Slovak Republic. However, we also use the services of some leading suppliers as the Google, LLC., Facebook, Inc. and Microsoft Corporation. We do not use them primarily for providing legal services but for the purposes of our online activities on the web, blog, search engines, social networks, and marketing, where the link to the client is not so unambiguous (including public as data subjects). These suppliers and facilities are located in the United States of America, which is generally regarded as a third country that does not ensure an adequate level of protection. However, companies that have been certified in the so-called “EU-US Privacy Shield” mechanism are considered as countries ensuring adequate protection of personal data such as EEA/EU countries according to the EU Commission's decision. If, however, we are conducting a cross-border transfer of personal data to third countries, we do so only on the basis of the adequacy decision of European Commission (such as EU-US Privacy Shield) or require other safeguards to protect personal data (e. g, conclusion of model contract clauses.

While ordering a GDPR module or other online documentation the algorithm of our website automatically determines number of persons of a client that shall use the documentation. The maximum amount of entitled users. is 15. We do not think that this would lead to an automated individual decision-making pursuant Art. 22 GDPR. If so, this is in accordance with our Terms of use (see License terms), respectively within our pre-contractual relationships. Theoretically, there may be a negative legal effect / consequence for a client who violates the Terms of use related to this limit (see point 3.4 of the License terms) consisting with the obligation to pay for the use of the additional use of GDPR modules. The importance of these provisions as well as the processing involved is the protection of our legitimate interests, which are the protection of property, the financial interests of our Law office and its market position. It is not our intention to use these contractual tools against our clients whom we value and trust. Therefore, irrespective of whether Art. 22 GDPR is applicable to the processing, we always allow human intervention and communication.

We store personal data as long as necessary for the purposes for which personal data are processed. When storing personal data, we follow the recommended retention periods in accordance to Resolution of chair of Slovak Bar Association n. 29/11/2011 e.g. 

  • The incoming mail book / registry and the posting book / registry after it has been filled by the lawyer for ten years from the date of receipt or posting in the last registered mail;
  • The inventory list is archived by the lawyer for ten years after writing;
  • If the lawyer manages clients' names and client records electronically, at the end of the calendar year he will print his printed form for the calendar year and store it in the office without any time limit;
  • The client's file shredding period is 10 years and starts from the day when all the conditions for saving the file to the archive are fulfilled.

Lawyers are subject to regulations of Slovak Bar Association that interpret lawyers' obligations under Advocacy Act, according to which there are certain circumstances that prolong our retention periods of personal data and explicitly prevent us from shredding some documents for rational reasons. e.g.:

  • The client file containing the original documents delivered to us by the client shall not be shredded;
  • It is not possible to shred the records of client files and names of client files;
  • It is not possible to shred the client's file or its part that lawyer is obliged to submit to the state archive;
  • It is not possible to shred the client file if any proceedings before the courts, state administration bodies, law enforcement authorities, the Slovak Bar Association that is/are related to the contents of the client file or the lawyer's legal action or omission in providing legal services in matters of the client.

If you are our client, we often obtain your personal data directly from you. In that case, obtaining your personal data is voluntary. Depending on the particular case, the failure to provide personal data by clients may affect our ability to provide high-quality legal services or in exceptional cases, our obligation to refuse to provide legal services. Personal data about our clients may also be obtained from publicly available sources, from public authorities or from other third parties.

If you are not our client, we often obtain your personal data from our clients or from other public or statutory sources, requesting from public authorities, extracting from public registers, obtaining evidence in favor of our client, etc. In such a case, we may obtain personal data without your knowledge and against your will on the basis of our legal authorization and the obligation to practice law in accordance with the Advocacy Act.

“If we process personal data based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.”
 

“You have a right to object to any processing that is based on legitimate interest or public interest as well as to any direct marketing purposes including profiling.”

 

GDPR stipulates rights of data subjects from Article 12 to Article 22. Data subject is every natural person we are processing personal data about. However, it is very important whether this natural person is or is not our client, because it may be dependent whether we accept or not accept the data subject´s request. As our client you have right to access, their rectification, erasure, portability as well as request to restriction of the processing or lodge the objection against the processing in accordance with the conditions stipulated int the GDPR. These rights in our opinion also arise from the Act on advocacy and from the internal regulations of the Slovak Bar Association. The right of access, information and portability within the meaning of Article 15 and Article 20 GDPR may not have any persons other than clients because of our legal obligation to maintain confidentiality and by pointing to Section 18 (2) of the Act on Advocacy, where states: “An attorney is under no obligation to provide information about the processing of personal data, to allow access or portability of personal data under a special regulation if this could lead to a violation of the lawyer's duty to observe confidentiality under this Act." However, this restriction applies only to cases where the disclosure of the information could result in an infringement of the confidentiality obligations accordance to Section 23 of the Act on Advocacy. In such cases, we are required to request the client to consent to the provision of the concerned information. In the event that the waiver of the confidentiality obligation would not be in the interest of the client, we are entitled to decide not to provide such information despite the grant of the client's consent (see Section 23 (3) of the Act on Advocacy). If this is not the case, we following the general conditions arising from the GDPR. We believe that automated individual decision-making pursuant to Article 22 GDPR does not occur in our processing operations, but we are ready to hear the opposite view and accept the request for human intervention, if it is justified. You also have the right to file a complaint at any time at Office for the protection of personal data of Slovak Republic or the Slovak Bar Association.

Cookies are small text files that improve website usage e.g. by allowing us to recognize previous visitors when logging in to a user environment, remembering a user's choice when opening a new window, measuring website traffic, or evaluation of usage of the website for the improvement. Our website uses cookies for two different purposes. The first purpose is to ensure the functioning of the website through session cookies. Within the meaning of the Section 55 (2) the last sentence of the Electronic Communications Act we are not obliged to require your prior consent to store access to your device: "This does not prevent the technical storage of data or access to them, the sole purpose of which is to transmit or facilitate transmission via the network, or if it is strictly necessary for an information society service provider to provide an information society service expressly requested by the user. ' The second purpose of the processing cookies is publication and adaptation of content through social networks and our website. For this purpose, we use standard software solutions from Google and Facebook to help us to show you relevant content on our website and on other publisher´s websites (e.g. paid advertising on external websites). You can always stop storing these files on your device by setting up your web browser. Setting up your browser is within the meaning of Section 55 (5) of the Act on Electronic Communications considered as your consent to the use of cookies on our site. In addition, we collect opt in consent to the use of cookies for these purposes, including through a pop-up window integrated into our website.

Protection of privacy is not a one-time issue for us. The information we give you with regard processing of personal data may change or cease to be up to date. From these reasons we may change this privacy policy from time to time by posting the most current privacy policy and its effective date on our website. In case we change this privacy policy substantially, we may bring such changes to your attention by explicit notice, on our websites or by email.