Personal Data Processing Policy
Your personal data are processed in compliance with Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)), (hereinafter referred to as the “GDPR”), which came into effect on 25 May 2018.
Who is the controller of your personal data?
The controller of your personal data is JUDr. Bc. Michal Březovják, Lawyer, with a registered office in Zlín at Školní 3362/11, post code 760 01, identification number: 71464794, e-mail: firstname.lastname@example.org.
What principles relating to the processing of your personal data do we comply?
When we process personal data, it is ensured that all the principles specified in Article 5 (1) of the GDPR are adhered to. In particular, we ensure that your personal data are processed lawfully, fairly and in a transparent manner, they are collected for specified, explicit and legitimate purposes, and such processing of personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. We always do our best to ensure personal data are accurate and kept up-to-date.
Under the GDPR, your personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Therefore, we do not process personal data for longer than absolutely necessary.
We process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. We monitor such technical or organisational measures, and whenever necessary, we perform necessary steps to comply with the requirements of the GDPR and opinions issued by the Office for Personal Data Protection.
What is the lawful basis for processing personal data?
Personal data are processed especially for the performance of an agreement to provide legal services executed between the client and the controller, in compliance with legislation regulating the practice of law (Article 6 (1) (b) of the GDPR).
Your personal data are also processed on any of the following legal grounds:
the processing is carried out based on a consent for one or more specific purposes (Article 6 (1) (a) of the GDPR);
the processing is necessary for compliance with a legal obligation to which the controller is subject (Article 6 (1) (c) GDPR);
the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (Article 6 (1) (f) GDPR).
What personal data do we process?
Your personal data are processed only to the extent required and in order to accomplish a purpose for which a lawful reason has been determined.
If you are a consumer, the following personal data are processed in connection with the provision of legal services:
• Forename and surname (or academic title, if applicable)
• Date of birth (and birth certificate number, if necessary)
• Address of residence (or correspondence address)
• Telephone number
• Payment details
If you are a natural person doing business, the following personal data are processed in connection with the provision of legal services:
• Forename and surname (or academic title, if applicable)
• Address of the registered office (or correspondence address)
• Identification number
• Telephone number
• Payment details
Please note, the extent of processed information may differ depending on the case being solved and the provision of a specific legal service, and it cannot be excluded that for such a purpose, we will require other personal data than referred to above. For this purpose, it may be necessary to process also special categories of personal data (such as information concerning health, photographs, video recordings or audio recordings), in particular in the event of the provision of a legal service relating to the enforcement of non-material damage, personality rights, in cases relating to intellectual property rights or when an aggrieved party is represented in criminal proceedings. We may also need personal data on contractual partners or persons against whom claims are enforced or persons enforcing claims against the you.
We also process personal data from publicly available sources, such as public registers or the Internet.
If you provide personal data to us on the basis of your consent, we will process the personal data specified to the extent of such consent.
Visitors to our website shall also have their IP addresses and information relating to cookies processed.
Your personal data are processed both by automated means from within the information system, and also manually by employees or cooperating attorneys.
Please note, that personal data pursuant to Article 4 (1) of the GDPR pertain to any information relating to an identified or identifiable natural person, and as such it does not include data relating to legal entities.
What is the purpose of processing personal data?
The purpose of processing your personal data is mainly the performance of an agreement to provide legal services executed with you in compliance with legislation regulating the practice of law, in particular, Act No. 85/1996 Coll., on the legal profession, as amended.
We are entitled to process your personal data additionally for a purpose arising from one or more lawful reasons, including the discharge of a legal obligation pursuant to Act No. 89/2012 Coll., the Civil Code, as amended, Act No. 634/1992 Coll., on consumer protection, as amended, Act No. 235/2004 Coll., on value added tax, as amended, Act No. 563/1991 Coll., on accounting, as amended, or Act No. 253/2008 Coll., on some measures against the legalisation of proceeds from crimes and the financing of terrorism, as amended.
If you make an online enquiry using our contact form, we process the name, email and telephone number entered in order to answer the enquiry.
If you give us consent to send newsletters, the purpose of processing your personal data is to send information in the form of emails.
For how long do we process personal data?
We process personal data only for the period strictly necessary for the given purpose.
In order to perform an agreement to provide legal services, we hold your personal data for the duration of said agreement, and also for the period stipulated by legislation regulating the practice of law, Act No. 499/2004 Coll., on archiving and file management, as amended, Act No. 563/1991 Coll., on accounting, as amended, and Act No. 253/2008 Coll., on some measures against the legalisation of proceeds from crimes and the financing of terrorism, as amended, typically for no longer than 10 years.
Upon expiry of the period stipulated by law, the personal data of the client are destroyed.
Personal data entered in the contact form on our website are processed for the period necessary to answer the enquiry, however, for no longer than 10 days.
In the event of giving consent to send newsletters, we process your personal data for this purpose until consent is withdrawn.
Who has an access to the personal data?
Besides the controller, the personal data can be accessed by cooperating lawyers, trainee lawyers, and other employees of the controller, in each case on a strict need-to-know basis. Such persons are bound by the duty of confidentiality with respect to the personal data processed by them.
Your personal data can also be transferred for processing to a third party (hereinafter referred to as the “processor”), however, solely on the basis of a processing agreement pursuant to Article 28 of the GDPR, under which the given processor is obliged to keep the personal data confidential and to take appropriate technical or organisational measures against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Such a processor is our tax advisor for the purposes of performing the legal obligations imposed on us by tax and accounting legislation, and in the case of a visit to our website, such a processor is our web-hosting provider, in whose server the personal data are maintained during the visit.
If the fee for legal services provided is paid by a payment card, provided such a payment method is enabled, your personal data are provided to payment gateway providers.
Furthermore, personal data can be provided to third parties if we are obliged to do so by legislation or if this is necessary for the protection of our legitimate interests, always in compliance with legislation regulating the practice of law.
For more information on parties receiving personal data, contact us at: email@example.com.
How are your personal data secured?
We ensure that your personal data are secured against unauthorised access, use or disclosure.
The personal data provided by you in our contact form on the website are held in the protected servers of the web-hosting provider, and are secured in our information systems using a sufficiently strong password, which is changed on a regular basis.
Personal data given in documents are protected against unauthorised access by third parties, unauthorised processing, accidental loss, destruction or damage.
The disks of our computers are secured with a sufficiently strong password against unauthorised use, and the password is changed on a regular basis.
What are your rights under the GDPR?
The following rights pertain to the processing of your personal data, the:
• right of access: the right to obtain from the controller confirmation as to whether or not your personal data are being processed, and, where that is the case, access to the personal data and information; you have the right to know what personal data concerning you are being processed by us, to whom your personal data may be disclosed and what other rights you have in connection with the processing of such personal data;
• right to rectification: the right to obtain from the controller, without undue delay, the rectification of inaccurate personal data concerning you; taking into account the purposes of the processing, you also have the right to have incomplete personal data completed;
• right to erasure (“right to be forgotten”): the right to obtain from the controller the erasure of personal data concerning you without undue delay, where one of the following grounds applies:
the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
you withdraw consent on which the processing is based, and there is no other legal ground for such processing;
you object to such processing and there are no overriding legitimate grounds for the processing;
the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation to which the controller is subject;
• right to restriction of processing: right to obtain from the controller restriction of processing where one of the following applies:
the accuracy of your personal data is contested by you;
the processing of your personal data is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead;
we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
you have objected to processing of your personal data;
• right to data portability: the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on your consent or on a contract, and the processing is carried out by automated means;
• right to object if the processing of your personal data is carried out on the basis of our legitimate interest;
• right to lodge a complaint with a supervisory authority, if you believe that the processing of your personal data is in violation of the GDPR; the complaint about our processing of personal data can be lodged with the office for personal data protection (Úřad pro ochranu osobních údajů), with a registered office at Pplk. Sochora 27, 170 00 Praha 7.
Please note that if we process your personal data on the basis of your consent, you have the right to withdraw such consent at any time.
Contact details for the controller
Your rights can be exercised at the office of the controller, or by email: firstname.lastname@example.org.
Updated on 1 January 2020