GDPR
PRINCIPLES OF PERSONAL DATA PROCESSING IN A LAW FIRM
BULINSKÝ & VÁVRA, ADVOKÁTNÍ KANCELÁŘ,
Protecting the privacy and personal data not only of our clients, but also of potential clients, business partners, suppliers, job applicants and other persons who collaborate with our law firm is one of our highest priorities. We handle all personal data exclusively in accordance with applicable data protection legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (the "Regulation").
The purpose and aim of these principles of personal data processing in the law firm Bulinský & Vávra, advokátní kancelář, s.r.o. (hereinafter referred to as the "Principles") is primarily to fulfil our information obligation arising from the provisions of Article 13 et seq. Regulation.
1. WHO PROCESSES PERSONAL DATA?
DATA SUBJECT | PURPOSE OF PROCESSING | LEGAL TITLE | CATEGORY OF PERSONAL DATA |
---|---|---|---|
Clients |
|
|
|
Potential Clients |
|
legitimate interest (Article 6(1)(f) of the Regulation) | the implementation of pre-contractual measures taken at the request of a potential client (Article 6(1)(b) of |
third parties in connection with legal services provided by our Law Firm |
|
|
|
Job Applicants |
|
|
|
business partners, suppliers of goods and services |
|
|
|
Personal data is processed both manually and automatically.
4. For how long is the personal data processed?
The Law Firm processes and stores personal data only for the time necessary to fulfil the stated purpose and for the period of time for which the Law Firm, as the administrator of personal data, is obliged to store personal data pursuant to the professional regulations issued by the Czech Bar Association and pursuant to generally binding legal regulations, in particular Act No. 85/1996 Coll., on advocacy, as amended, Act No. 499/2004 Coll., on archiving and filing services and on amendments to certain acts, as amended, etc.
5. Is the provision of personal data voluntary?
The provision of personal data is always voluntary. However, in the event that you refuse to provide us with your personal data, it will not be possible for you to become our client, employee, supplier and/or business partner, as the provision of your personal data for the purposes specified above is a prerequisite for the conclusion of the contractual relationship between you and us (failure to provide your personal data makes it impossible to identify you as a contracting party) and for the performance of the statutory obligations of our Law Firm.
6. Who has access to personal data?
All of the aforementioned personal data is processed by our Law Firm as the administrator and, to the extent necessary, by the Cooperating Attorneys. The Law Firm only makes personal data available to authorized employees and only to the extent necessary. We may further disclose personal data to individual data processors, always subject to the conditions set out in the Regulation, whereby the processors are, for example:
- IT service provider
- an accounting service provider,
- tax advisors, translators, forensic experts.
Personal data may also be provided to other entities in cases where we are required to provide such data by generally binding legal regulations or if it is necessary to protect the legitimate interests of our Law Firm (e.g. to courts, the Police of the Czech Republic, etc.). The law firm does not transfer personal data to a third country (non-EU country) or an international organization.
What rights do you have as a data subject?
Stejně jako my máme svá práva a povinnosti při zpracování Vašich osobních údajů, máte také Vy při zpracování Vašich osobních údajů určitá práva, která jsou dále vyjmenována. Uplatnitelnost těchto práv může být v jednotlivých konkrétních případech výrazně omezena povinností Advokátní kanceláře zachovávat advokátní mlčenlivost či povinností plnit jiné zákonné povinnosti související s poskytováním právních služeb.
Right of access
Under Article 15 of the Regulation, you have the right to obtain confirmation from us as to whether or not we are processing personal data relating to you, and if so, you have the right to obtain access to that personal data and information about what data
we are processing about you, for what purpose, for how long, to whom we are
transferring it, who is processing it outside of us, and what other rights you have in
relation to the processing of your personal data.
If, after reading this document, you are not sure which personal data we process
about you or what your rights are in relation to the processing of your personal data,
you can ask us for confirmation, which will include information about:
- purposes of processing;
- the categories of personal data involved;
- the recipient or categories of recipients, if any, of the personal data;
- the period for which the personal data will be stored and, if such period cannot be determined, the criteria for determining the storage period;
- the right to request access to personal data, the right to request rectification or erasure;
- the right to request restriction of processing;
- the right to object to the processing of personal data;
- the right to lodge a complaint with a supervisory authority;
- the source of the personal data, if not obtained directly from you;
- whether automated decision-making takes place and the data subject's rights in relation to automated decision-making;/li>
- the transfer of personal data to third countries, if such transfer is to take place, including information on appropriate safeguards for the security of the data transferred to the third country.
If the provision of a copy could result in damage to the rights and liberties of third
parties or a breach of attorney-client confidentiality (e.g. the copy contains personal
data of third parties in relation to the disclosure of which the data subject requesting
the copy has no legal basis), the copy shall be anonymized accordingly. If
anonymization is not possible or if the requested information would lose its probative
value by appropriate anonymization, the copy shall not be provided.
In compliance with the provisions of Article 16 of the Regulation, you have the right to
rectification of the processed personal data if the processed personal data are
inaccurate in terms of the purpose of processing or if they are incomplete in terms of
the purpose of processing personal data. You may therefore request the rectification
of the personal data processed or their completion.
Right to rectification
If you exercise your right to rectification of the personal data processed, we will immediately check the processed personal data. If we conclude that the objection is justified, even if only partially, we will immediately arrange for the rectification, i.e. correction or completion of the personal data processed. We will inform you without delay of the outcome of the investigation and the measures taken.
Right to erasure
In certain instances, you are entitled to have your personal data erased by us under Article 17 of the Regulation. We will erase your personal data without undue delay if one of the following criteria is met:
- if the personal data are not necessary for the purposes for which they were collected or otherwise processed;
- you withdraw your consent to the processing of personal data and there is no other legal basis (title) for the processing of personal data;
- you raise a relevant objection to the processing of personal data;
- personal data have been processed unlawfully, in particular without a legal basis (title) for the processing of personal data;
- the erasure of the personal data is required to comply with a legal requirement as a result of a legal provision or a court decision issued on the basis of a legal provision;
- the personal data were collected in connection with the offer of information services company pursuant to Article 8(1) of the Regulation.
Erasure of personal data means the physical disposal of the personal data carrier
(e.g. disposal of documents), or its erasure (from multimedia carriers) or other
permanent exclusion from further processing of personal data.
If you exercise your right to erasure, we will promptly review your request. If your
request is justified, even partially, we will carry out the deletion to the extent
necessary. Pending the processing of your request by the data subject, the personal
data in respect of which the right to erasure has been exercised will be marked.
Personal data cannot, however, be deleted if its processing is required:
- for the exercise of the right to freedom of expression and information;
- to comply with a legal obligation under applicable law;
- for reasons of public interest in the field of public health (Article 9(2)(h) and (i) and Article 9(3) of the Regulation);
- for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, where erasure is likely to prevent or seriously jeopardies the achievement of the purposes of that processing;
- the establishment, exercise and enforcement of our legal claims.
Right to restriction of processing
In the cases referred to in Article 18 of the Regulation, you may exercise your right to restrict the processing of personal data. This right allows you in certain cases to request that your personal data be labelled and not subject to any further processing operations - in this case, however, not forever (as in the case of the right to erasure), but for a limited period of time. If you exercise the right to restriction of processing in respect of a specific processing of personal data, we will promptly assess the relevance of your request, primarily in terms of the fulfilment of the conditions for exercising the right to restriction of processing, taking into account both the content of your request and other circumstances and facts relating to the processing of personal data in question.
verify the accuracy of the personal data;
- you disclaim the accuracy of the personal data for the time necessary for us to verify the accuracy of the personal data;
- the processing is unlawful, and you refuse the erasure of the personal data and request instead a restriction on its use;
- we no longer need the personal data for the purposes of the processing but you require it for the establishment, exercise or defense of legal claims;
- you have objected to the processing.
The personal data to which the restriction of processing applies shall be labelled.
Where processing has been restricted, such personal data, except for storage, may
only be processed with your consent or for the purpose of establishing, exercising or
defending legal claims, protecting the rights of another natural or legal person or for
reasons of important public interest.
Before the restriction on the processing of personal data is removed, you will be
informed of this fact, which will indicate when the restriction on the processing of
personal data will be removed and the reason for which it will be removed.
Right to data portability
If the subject of the processing of personal data is personal data obtained from you (either data provided directly by you or data obtained about your activities, etc.) that concerns you, you have the right to data portability under Article 20 of the Regulation if the processing is based on your consent or if the processing is based on a contract with the data subject and is carried out by automated means.
We will provide you with your personal data in a structured, commonly used and
machine-readable format. To enable us to easily transfer the data at your request, it
may only be personal data that we process automatically in our electronic databases.
We will not be able to comply with your request if such compliance would harm the
rights and liberties of other persons (data subjects), or if the transfer is not technically
feasible, whereby a technically infeasible transfer is also considered to be a transfer
that cannot be adequately secured with regard to the available technological
possibilities in a manner appropriate to the nature of the personal data transferred
and the risks involved.
Right to object
According to Article 21 of the Regulation, you have the right to object to the processing of personal data that is based on our legitimate interest.
In the case of direct marketing activities, we will cease to process your personal data
for this purpose without further consideration on the basis of your objection; in other
cases, we will investigate your objection without undue delay and, pending the
resolution of the objection, we will label the personal data concerned or the
processing of these personal data.
We will no longer process personal data to which a legitimate objection has been
raised, unless:
- there are compelling legitimate reasons for further processing which override your interests or rights and liberties, or
- further processing was necessary for the establishment, exercise or defense of our rights.
Right to be notified of a personal data breach
If a personal data breach is likely to result in a high risk to the rights and liberties of natural persons, we are obliged to notify you of the breach without undue delay and to inform you of the nature of the personal data breach and further:
- the name and contact details of a point of contact who can provide you with more information;
- a description of the likely consequences of a personal data breach;
- a description of the measures we have taken or proposed to take to address the personal data breach, including, where appropriate, measures to mitigate any adverse effects.
Right to lodge a complaint with the supervisory authority
Exercising your rights in the above manner does not affect your right to file a complaint with the competent supervisory authority, which is the Office for Personal Data Protection, located at Pplk. Sochora 727/27, Postal Code 170 00, Prague 7, tel.: 234 665 111 (headquarters). The Office for Personal Data Protection operates a website: www.uoou.cz, where you can find more information about your rights and what and how the Office can help you.
You can exercise this right in particular if you believe that we are processing your
personal data unlawfully or in violation of generally binding legal regulations.
8. How and where can you exercise your rights as a data subject?
For all matters relating to the processing of your personal data, whether an enquiry, exercising a right, making a complaint or otherwise, you may contact us in any of the following ways:
- email: bumama@bumama.cz
- in writing at the address of the Law Firm's registered office, i.e. Jana Nečase 1343/29, 616 00 Brno
- by phone at +420 542 215 109 or +420 542 219 678
- by mailbox: 65v59ca
We will process your request without undue delay, but no later than one month. In
exceptional cases, in particular due to the complexity of your request, we are entitled
to extend this period by a further two months. We will, of course, inform you of any
such extension and the reasons for it. We will communicate in the manner you prefer
(email, letter).