GDPR


PRINCIPLES OF PERSONAL DATA PROCESSING IN A LAW FIRM

BULINSKÝ & VÁVRA, ADVOKÁTNÍ KANCELÁŘ,

Protecting the privacy and personal data not only of our clients, but also of potential clients, business partners, suppliers, job applicants and other persons who collaborate with our law firm is one of our highest priorities. We handle all personal data exclusively in accordance with applicable data protection legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (the "Regulation").

The purpose and aim of these principles of personal data processing in the law firm Bulinský & Vávra, advokátní kancelář, s.r.o. (hereinafter referred to as the "Principles") is primarily to fulfil our information obligation arising from the provisions of Article 13 et seq. Regulation.

1. WHO PROCESSES PERSONAL DATA?

DATA SUBJECT PURPOSE OF PROCESSING LEGAL TITLE CATEGORY OF PERSONAL DATA
Clients
  • providing legal services on the basis of a contract concluded with the client
  • maintaining documentation on the client's case and fulfilling other obligations of the lawyer arising from the Advocacy Code, professional regulations and applicable legislation (tax legislation, accounting, etc.)
  • asserting the Law Firm's claims under contractual relations after the termination of the contract with the client (handling claims, debt recovery and other obligations)
  • sending information to clients by email (in particular information on updates of important legal regulations, major legal news) - limited direct marketing
  • performance of the contract with the client (Article 6(1)(b) of the Regulation)
  • compliance with legal obligations (Article 6(1)(c) of the Regulation)
  • legitimate interest (Article 6(1)(f) of the Regulation)
  • establishment, exercise or defense of legal claims (Article 9(2)(f) of the Regulation, Article 10 of the Regulation)
  • legitimate interest (Article 6(1)(f) of the Regulation)
  • identification data
  • contact details
  • accounting data
  • data on services provided
  • data and information necessary for the legal services provided
  • records of personal meetings, correspondence with the client
  • to the extent necessary, special categories of personal data may be processed (e.g. health data or data relating to criminal convictions and offences or related
  • email address
Potential Clients
  • answering questions and inquiries from potential clients
  • negotiating the conclusion of a contract with the client
legitimate interest (Article 6(1)(f) of the Regulation) the implementation of pre-contractual measures taken at the request of a potential client (Article 6(1)(b) of
third parties in connection with legal services provided by our Law Firm
  • providing legal services to the client on the basis of a concluded contract
  • fulfilling the Law Firm's contractual obligations
  • fulfilling the lawyer's obligations arising from the Advocacy Code, professional regulations and applicable legislation (tax legislation, bookkeeping, etc.)
  • legitimate interest (Article 6(1)(f) of the Regulation)
  • compliance with legal obligations (Article 6(1)(c) of the Regulation)
  • establishment, exercise or defense of legal claims (Article 9(2)(f) of the Regulation, Article 10 of the Regulation)
  • identification data
  • contact details
  • data and information related to the provided legal services
  • to the extent necessary, special categories of personal data may be processed (e.g. health data or data relating to criminal convictions and offences or related security measures)
  • Job Applicants
  • assessing the suitability of the candidate in the selection procedure
  • demonstrating compliance with the non-discrimination and equal treatment obligations, where applicable in accordance with the relevant legislation in force
  • implementation of measures taken before the conclusion of the contract on the basis of a request of a potential applicant (Article 6(1)(b) of the Regulation) - legitimate interest (Article 6(1)(f) of the Regulation)
  • identification data
  • contact details
  • details of education, qualifications
  • other data contained in the CV and motivation CV, letter of application or other documents sent by the applicant
  • business partners, suppliers of goods and services
  • performance of concluded contract
  • claims of the Law Firm from contractual relations after termination of the contract with the business partner / supplier of goods or services (handling of claims, debt recovery and other obligations)
  • compliance with obligations imposed by tax and accounting legislation, the law on archiving, etc.
  • performance of the contract with the client (Article 6(1)(b) of the Regulation)
  • legitimate interest (Article 6(1)(f) of the Regulation)
  • compliance with legal obligations (Article 6(1)(c) of the Regulation)
  • identification data
  • contact details
  • accounting data
  • data related to the concluded contract
  • information on tax and accounting documents
  • Personal data is processed both manually and automatically.


    4. For how long is the personal data processed?

    The Law Firm processes and stores personal data only for the time necessary to fulfil the stated purpose and for the period of time for which the Law Firm, as the administrator of personal data, is obliged to store personal data pursuant to the professional regulations issued by the Czech Bar Association and pursuant to generally binding legal regulations, in particular Act No. 85/1996 Coll., on advocacy, as amended, Act No. 499/2004 Coll., on archiving and filing services and on amendments to certain acts, as amended, etc.

    5. Is the provision of personal data voluntary?

    The provision of personal data is always voluntary. However, in the event that you refuse to provide us with your personal data, it will not be possible for you to become our client, employee, supplier and/or business partner, as the provision of your personal data for the purposes specified above is a prerequisite for the conclusion of the contractual relationship between you and us (failure to provide your personal data makes it impossible to identify you as a contracting party) and for the performance of the statutory obligations of our Law Firm.

    6. Who has access to personal data?

    All of the aforementioned personal data is processed by our Law Firm as the administrator and, to the extent necessary, by the Cooperating Attorneys. The Law Firm only makes personal data available to authorized employees and only to the extent necessary. We may further disclose personal data to individual data processors, always subject to the conditions set out in the Regulation, whereby the processors are, for example:

    • IT service provider
    • an accounting service provider,
    • tax advisors, translators, forensic experts.

    Personal data may also be provided to other entities in cases where we are required to provide such data by generally binding legal regulations or if it is necessary to protect the legitimate interests of our Law Firm (e.g. to courts, the Police of the Czech Republic, etc.). The law firm does not transfer personal data to a third country (non-EU country) or an international organization.

    What rights do you have as a data subject?

    Stejně jako my máme svá práva a povinnosti při zpracování Vašich osobních údajů, máte také Vy při zpracování Vašich osobních údajů určitá práva, která jsou dále vyjmenována. Uplatnitelnost těchto práv může být v jednotlivých konkrétních případech výrazně omezena povinností Advokátní kanceláře zachovávat advokátní mlčenlivost či povinností plnit jiné zákonné povinnosti související s poskytováním právních služeb.

    Right of access

    Under Article 15 of the Regulation, you have the right to obtain confirmation from us as to whether or not we are processing personal data relating to you, and if so, you have the right to obtain access to that personal data and information about what data


    we are processing about you, for what purpose, for how long, to whom we are transferring it, who is processing it outside of us, and what other rights you have in relation to the processing of your personal data. If, after reading this document, you are not sure which personal data we process about you or what your rights are in relation to the processing of your personal data, you can ask us for confirmation, which will include information about:

    • purposes of processing;
    • the categories of personal data involved;
    • the recipient or categories of recipients, if any, of the personal data;
    • the period for which the personal data will be stored and, if such period cannot be determined, the criteria for determining the storage period;
    • the right to request access to personal data, the right to request rectification or erasure;
    • the right to request restriction of processing;
    • the right to object to the processing of personal data;
    • the right to lodge a complaint with a supervisory authority;
    • the source of the personal data, if not obtained directly from you;
    • whether automated decision-making takes place and the data subject's rights in relation to automated decision-making;/li>
    • the transfer of personal data to third countries, if such transfer is to take place, including information on appropriate safeguards for the security of the data transferred to the third country.


    If the provision of a copy could result in damage to the rights and liberties of third parties or a breach of attorney-client confidentiality (e.g. the copy contains personal data of third parties in relation to the disclosure of which the data subject requesting the copy has no legal basis), the copy shall be anonymized accordingly. If anonymization is not possible or if the requested information would lose its probative value by appropriate anonymization, the copy shall not be provided.


    In compliance with the provisions of Article 16 of the Regulation, you have the right to rectification of the processed personal data if the processed personal data are inaccurate in terms of the purpose of processing or if they are incomplete in terms of the purpose of processing personal data. You may therefore request the rectification of the personal data processed or their completion.


    Right to rectification

    If you exercise your right to rectification of the personal data processed, we will immediately check the processed personal data. If we conclude that the objection is justified, even if only partially, we will immediately arrange for the rectification, i.e. correction or completion of the personal data processed. We will inform you without delay of the outcome of the investigation and the measures taken.


    Right to erasure

    In certain instances, you are entitled to have your personal data erased by us under Article 17 of the Regulation. We will erase your personal data without undue delay if one of the following criteria is met:

    • if the personal data are not necessary for the purposes for which they were collected or otherwise processed;
    • you withdraw your consent to the processing of personal data and there is no other legal basis (title) for the processing of personal data;
    • you raise a relevant objection to the processing of personal data;
    • personal data have been processed unlawfully, in particular without a legal basis (title) for the processing of personal data;
    • the erasure of the personal data is required to comply with a legal requirement as a result of a legal provision or a court decision issued on the basis of a legal provision;
    • the personal data were collected in connection with the offer of information services company pursuant to Article 8(1) of the Regulation.


    Erasure of personal data means the physical disposal of the personal data carrier (e.g. disposal of documents), or its erasure (from multimedia carriers) or other permanent exclusion from further processing of personal data.


    If you exercise your right to erasure, we will promptly review your request. If your request is justified, even partially, we will carry out the deletion to the extent necessary. Pending the processing of your request by the data subject, the personal data in respect of which the right to erasure has been exercised will be marked.


    Personal data cannot, however, be deleted if its processing is required:

    • for the exercise of the right to freedom of expression and information;
    • to comply with a legal obligation under applicable law;
    • for reasons of public interest in the field of public health (Article 9(2)(h) and (i) and Article 9(3) of the Regulation);
    • for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, where erasure is likely to prevent or seriously jeopardies the achievement of the purposes of that processing;
    • the establishment, exercise and enforcement of our legal claims.

    Right to restriction of processing

    In the cases referred to in Article 18 of the Regulation, you may exercise your right to restrict the processing of personal data. This right allows you in certain cases to request that your personal data be labelled and not subject to any further processing operations - in this case, however, not forever (as in the case of the right to erasure), but for a limited period of time. If you exercise the right to restriction of processing in respect of a specific processing of personal data, we will promptly assess the relevance of your request, primarily in terms of the fulfilment of the conditions for exercising the right to restriction of processing, taking into account both the content of your request and other circumstances and facts relating to the processing of personal data in question.


    verify the accuracy of the personal data;

    • you disclaim the accuracy of the personal data for the time necessary for us to verify the accuracy of the personal data;
    • the processing is unlawful, and you refuse the erasure of the personal data and request instead a restriction on its use;
    • we no longer need the personal data for the purposes of the processing but you require it for the establishment, exercise or defense of legal claims;
    • you have objected to the processing.


    The personal data to which the restriction of processing applies shall be labelled. Where processing has been restricted, such personal data, except for storage, may only be processed with your consent or for the purpose of establishing, exercising or defending legal claims, protecting the rights of another natural or legal person or for reasons of important public interest.


    Before the restriction on the processing of personal data is removed, you will be informed of this fact, which will indicate when the restriction on the processing of personal data will be removed and the reason for which it will be removed.


    Right to data portability

    If the subject of the processing of personal data is personal data obtained from you (either data provided directly by you or data obtained about your activities, etc.) that concerns you, you have the right to data portability under Article 20 of the Regulation if the processing is based on your consent or if the processing is based on a contract with the data subject and is carried out by automated means.


    We will provide you with your personal data in a structured, commonly used and machine-readable format. To enable us to easily transfer the data at your request, it may only be personal data that we process automatically in our electronic databases.


    We will not be able to comply with your request if such compliance would harm the rights and liberties of other persons (data subjects), or if the transfer is not technically feasible, whereby a technically infeasible transfer is also considered to be a transfer that cannot be adequately secured with regard to the available technological possibilities in a manner appropriate to the nature of the personal data transferred and the risks involved.


    Right to object

    According to Article 21 of the Regulation, you have the right to object to the processing of personal data that is based on our legitimate interest.


    In the case of direct marketing activities, we will cease to process your personal data for this purpose without further consideration on the basis of your objection; in other cases, we will investigate your objection without undue delay and, pending the resolution of the objection, we will label the personal data concerned or the processing of these personal data.


    We will no longer process personal data to which a legitimate objection has been raised, unless:

    • there are compelling legitimate reasons for further processing which override your interests or rights and liberties, or
    • further processing was necessary for the establishment, exercise or defense of our rights.

    Right to be notified of a personal data breach

    If a personal data breach is likely to result in a high risk to the rights and liberties of natural persons, we are obliged to notify you of the breach without undue delay and to inform you of the nature of the personal data breach and further:

    • the name and contact details of a point of contact who can provide you with more information;
    • a description of the likely consequences of a personal data breach;
    • a description of the measures we have taken or proposed to take to address the personal data breach, including, where appropriate, measures to mitigate any adverse effects.

    Right to lodge a complaint with the supervisory authority

    Exercising your rights in the above manner does not affect your right to file a complaint with the competent supervisory authority, which is the Office for Personal Data Protection, located at Pplk. Sochora 727/27, Postal Code 170 00, Prague 7, tel.: 234 665 111 (headquarters). The Office for Personal Data Protection operates a website: www.uoou.cz, where you can find more information about your rights and what and how the Office can help you.


    You can exercise this right in particular if you believe that we are processing your personal data unlawfully or in violation of generally binding legal regulations.


    8. How and where can you exercise your rights as a data subject?

    For all matters relating to the processing of your personal data, whether an enquiry, exercising a right, making a complaint or otherwise, you may contact us in any of the following ways:

    • email: bumama@bumama.cz
    • in writing at the address of the Law Firm's registered office, i.e. Jana Nečase 1343/29, 616 00 Brno
    • by phone at +420 542 215 109 or +420 542 219 678
    • by mailbox: 65v59ca


    We will process your request without undue delay, but no later than one month. In exceptional cases, in particular due to the complexity of your request, we are entitled to extend this period by a further two months. We will, of course, inform you of any such extension and the reasons for it. We will communicate in the manner you prefer (email, letter).