In the processing of personal data, we are primarily governed by the EU General Data Protection Regulation (“GDPR”), which also governs your rights as the data subject21 the provisions of the Act on Personal Data Protection applicable to us (in particular Section 78), the Act on Legal Profession (Section 18) as well as other applicable legislation. We are in compliance with the Code of Conduct adopted by the Slovak Bar Association (“SBA“) that explains processing of personal data by lawyers. You can familiarize yourself with the SBA’s Code of Conduct in more detail at www.sak.sk/gdpr.
Why we process personal data?
Processing of personal data is necessary for us mainly to:
- provide legal services to our clients and pursue the legal profession;
- comply with various legal, professional and contractual obligations; and
- protect legitimate interests of us, our clients and other persons.
What are our purposes of processing personal data and on what legal grounds are they made?
What are our legitimate interests that we pursue?
- compliance with the basic principles of personal data processing, implementation and maintenance of technical and organizational security measures, including, but not limited to, the prevention of unauthorized access to systems and information, the investigation of suspected or known security breaches,
- fraud prevention and protection against misuse of services,
- direct marketing.
Who are recipients of our personal data?
We provide personal data of our clients and other natural persons only to the extent necessary and always while maintaining the confidentiality of the data recipient, e.g. to our employees, persons authorised to take individual legal actions within provision of legal services, substituting or cooperating lawyers, our accountancy advisors, our professional advisors e.g. auditors, the Slovak Bar Association (e.g. in the case of disciplinary proceedings) or to providers of software or the support to our law firm, including employees of those persons.
Although our obligation to provide your personal data to public authorities is limited for reasons of confidentiality, we are required to frustrate the commission of criminal offences and we also have the obligation to report information regarding prevention of money laundering and terrorism financing.
What countries we transfer your personal data to?
We do not intend to transfer your personal data outside the EU and/or European Economic Area. We use safe cloud services of a verified provider with servers located in an EU jurisdiction.
How long do we store your personal data?
We store personal data as long as is necessary for the purposes for which personal data are processed. When storing personal data, we follow the recommended retention periods under the Resolution of Council of Slovak Bar Association no. 29/11/2011, e.g.
- The incoming mail book / register and the outgoing mail book / register, after it has been filled, is kept by the lawyer for ten years from the date of receipt or sending of the last mail registered in such book;
- The inventory list is archived by the lawyer for ten years after made;
- If the lawyer keeps a list of client names and client records electronically, at the end of the calendar year he or she will make its printed form for the calendar year and store it in the office without any time limit;
- Client files shredding period is 10 years and starts to run on the day when all the conditions for deposition of the file to the archive are fulfilled.
Lawyers are subject to professional regulations of the Slovak Bar Association that interpret their obligations under the Act on Legal Profession, according to which there are certain circumstances that extend our retention periods of personal data and explicitly prevent us from shredding some documents on reasonable grounds, such as:
- A client file that contains original documents delivered to us by the client cannot be shredded;
- It is not possible to shred client file protocols and list of client file names;
- It is not possible to shred the client file or its part that the lawyer is obliged to submit to the state archives;
- It is not possible to shred the client file if any proceedings before the courts, state administration bodies, law enforcement authorities, the Slovak Bar Association are pending that have a material relation to the contents of the client file or that concer the lawyer’s legal action or omission in providing legal services in that client’s matter.
How we collect your personal data?
If you are our client, we often obtain your personal data directly from you. In that case, obtaining your personal data is voluntary. Depending on the particular case, the failure to provide personal data by clients may affect our ability to provide high-quality legal services or, in exceptional cases, may give rise to our obligation to refuse to provide legal services. Personal data about our clients may also be obtained from publicly available sources, from public authorities or from other third parties.
If you are not our client, we often obtain your personal data from our clients or from other public or statutory sources by making requests to public authorities, through extracts from public registers, obtaining evidence in favour of our client, etc. In such a case, we may obtain personal data without your knowledge and against your will on the basis of our statutory authorization and the obligation to practice law in accordance with the Act on Legal Profession.
What rights do you have?
You have a right to object to any processing that is based on legitimate interest or public interest as well as to any direct marketing purposes including profiling.
As a client, you have the right to request access to your personal data and request their rectification. When processing personal data during the provision of legal services, you have no right, as a client or any other natural person (e.g. a counterparty), to object to such processing under Article 22 of the GDPR. If personal data relate to a client (regardless of whether the client is a legal or natural person) other persons do not have the right of access to such data or the right to data portability, due to our legal obligation to maintain confidentiality with reference to Article 15 (4) of the GDPR, Article 20 (4) of the GDPR and Section 18 (8) of the Act on Legal profession: “A lawyer is not obliged to provide information on the personal data processing, facilitate access or enable data portability pursuant special legal regulation (footnote: Article 14 (5) (d) 15 (4) and Article 20 (4) of the GDPR) if it may lead to breach of professional duty of secrecy in compliance with this Act.”