ČECHOVÁ & PARTNERS s. r. o., law firm having its registered office at Staromestská 3, Bratislava 811 03, Slovak Republic, Identification No. (IČO): 47 249 129, registered in the Commercial Register of the District Court Bratislava I, Section: Sro, File No. 90271/B (“CPA”), values your trust, respects your privacy and complies with personal data protection rules.
When processing personal data, we comply with the requirements set out by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”), which also provides for your rights as a data subject. We also follow the provisions of Act No. 18/2018 Coll. on the Protection of Personal Data, as amended, in particular the part that is applicable to you (Articles 78 to 81 of the Act), Act No. 586/2003 Coll. on the Legal Profession, as amended (Article 18 of the Act) and other regulations.
We comply with the Code of Conduct adopted by the Slovak Bar Association (“SBA”) and approved by the Office for Personal Data Protection of the Slovak Republic. This Code explains the data processing by attorneys in more detail. You can consult the SBA Code of Conduct at www.sak.sk/gdpr.
When collecting and processing personal data, CPA adheres to the following principles of personal data protection:
- necessity and proportionality, especially when collecting personal data in order to ensure data minimization,
- lawfulness, fairness and transparency, in particular by informing data subjects, establishing appropriate legal grounds, and determining an adequate data storage period,
- purpose limitation when collecting data only for specific purposes and respecting limits defined by such purposes,
- data security by adopting the security measures in order to ensure data accuracy, integrity and confidentiality,
- storage limitation by implementing data storage periods respecting specific purposes of data processing.
If you have any questions regarding the processing of personal data by CPA or this Policy, please contact us by e-mail at firstname.lastname@example.org or by post at the address of our office.
I. What personal data we process?
CPA processes in particular:
- personal data of clients and other individuals to the extent necessary for the purposes of performance of the legal profession in accordance with Act No. 586/2003 Coll. on the Legal Profession, as amended and personal data protection legislation and for the fulfilment of its statutory, professional and contractual duties;
- personal data of employees in accordance with legal requirements and for the purposes set forth in applicable laws, such as the Labour Code, the Act on Social Insurance, the Act on Income Tax, the Act on Health Protection;
- personal data of suppliers and/or employees of suppliers for the purpose of carrying out mutual rights and obligations arising from commercial relations;
- personal data of our business partners or their employees;
- personal data of job seekers; and
- personal data of persons interested in receiving our informational materials (newsletter).
II. Why do we process personal data?
We need to process personal data primarily in order to:
- provide legal services to our clients and perform the legal profession;
- comply with various statutory, professional and contractual obligations;
- provide employment;
- order services and maintain relations with our suppliers and business partners;
- provide information on the CPA’s activities and legal updates to those who have agreed to receiving a newsletter; and
- protect the legitimate interests of CPA, our clients and other persons.
More details on the purposes and legal bases for data processing are available HERE.
III. Where do we obtain personal data from?
We obtain most personal data directly from data subjects (clients, employees, suppliers, candidates, those interested in legal updates). We may also collect personal data of our clients from publicly available sources, public authorities and other persons.
If you are not our client, we mostly obtain your personal data from our clients or other public or legal sources by means of requests to public authorities, extracts from public registers, by obtaining evidence in a client’s favour etc. in compliance with applicable laws. In such case, we may also obtain your personal data without informing you thereof and against your will on the basis of our statutory authorisation and obligation to perform the legal profession in accordance with the Act on the Legal Profession.
IV. To whom will personal data be provided and to which countries?
We disclose personal data of our clients and other individuals only to the extent necessary, with data recipients being subject to confidentiality at all times, e.g. to our employees, persons entrusted with carrying out individual acts related to legal services, substitute or cooperating attorneys, our advisors, the Slovak Bar Association (e.g. in the event of disciplinary proceedings). Exceptionally, we may be required to disclose relevant personal data to software equipment providers or to those who provide support to our office, including their employees.
Our obligation to provide personal data to public authorities is limited due to statutory confidentiality, yet we are obliged to frustrate the commission of a crime and to report information related to money laundering and terrorism financing.
Only occasionally we transmit personal data to third countries outside the European Economic Area (the EU, Iceland, Norway and Liechtenstein). On such occassion, we make contractual arrangements (mainly via standard contractual clauses) and apply technical, organizational and personnel measures to ensure an adequate level of data protection.
V. How long do we store personal data?
We only store personal data for as long as necessary, i.e. no longer than is necessary for the purposes for which personal data are processed, unless applicable law requires longer periods or there is another legal basis for the further processing/storage of data. When storing personal data, we follow the recommended retention periods within the meaning of Resolution of the Slovak Bar Association Council No. 29/11/2011 (retention periods are mostly 10 years – incoming and outgoing mail logs, client files, accounting records, financial statements, documents etc.).
Attorneys are subject to professional regulations that specify the obligations of attorneys set out in the Act on the Legal Profession. According to these professional regulations there are certain circumstances that do extend our data retention periods and/or prevent us from shredding certain documents on reasonable grounds. These include, for example, the following circumstances:
- a client file that contains the originals of documents delivered to an attorney by the client cannot be shredded;
- client file protocols and a list of client file names cannot be shredded;
- a client file or part thereof that an attorney is required to provide to the state archives cannot be shredded;
- it is not allowed to shred a client file if there are any pending proceedings before the courts, public administration bodies, law enforcement authorities or the Slovak Bar Association that have a material relation to the contents of the client file or that concern an attorney’s action or omission when providing legal assistance to the client regarding the matter.
VI. What are your rights?
If we process your personal data on the basis of your consent with the data processing (e.g. newsletter subscription), you have the right to withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of the processing based on consent before its withdrawal. Regardless of the above, you have the right to object to personal data processing on the basis of legitimate interest or public interest, as well as to the processing for direct marketing purposes, including profiling, even though CPA does not conduct the latter.
Furthermore, you have the following rights:
- to access your personal data and to information on data processing;
- to have your personal data rectified and to have incomplete data completed. Please inform us of any change to your personal data on a timely basis, so that CPA processes correct and complete personal data;
- to data portability under conditions set out by the GDPR;
- in justified cases, to erasure or restriction of processing; you may ask CPA to remove any deficiencies, and/or
- to lodge a compliant with the competent supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, Bratislava, e-mail: email@example.com.
Some of these rights may be limited due to our legal obligation to maintain confidentiality with reference to Article 15 (4) of the GDPR, Article 20 (4) of the GDPR and Section 18 (8) of the Act on Legal Profession.
VII. Whom can you contact?
If you have any questions regarding this policy or the processing of your personal data, you can contact us via: firstname.lastname@example.org.
VIII. Further information
DISCLOSURE OF PERSONAL DATA OF OTHER INDIVIDUALS
Please note that if you want to provide us with personal data of other individuals (e.g. other persons interested in a newsletter etc.), in most cases you are required to provide this data with their prior consent after they were informed of the processing of their personal data to the extent set forth in this policy. You must be able to prove the above upon request. You can use the link to this policy or a copy thereof for this purpose.
AUTOMATED DECISION-MAKING AND PROFILING
Automated decision-making is a decision-making based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
CPA does not use automated decision-making or profiling when processing personal data.
Cookies are small text files that improve the website usage, e.g. by allowing us to recognize previous visitors logging into the user interface, remember a user’s choice when opening a new window, measure the website traffic or its usage in order to improve it for users.
At the same time, we use Google Analytics to monitor our website traffic. These data are processed without any further identifiers. More information on the analytics is available HERE.
We do not use information from cookies for advertising or any other similar purposes.
X. Changes to the data protection policy
Personal data protection is not a one-time matter for us. Hence the conditions of data processing may change and here provided information on the data processing will become outdated. If so, we would be obliged to also change this data protection policy. We reserve the right to change this policy at any time and to the extent needed.
In case this policy changes substantially, we will notify you, for example, by means of a general notice posted on this website or a special notification sent by e-mail.