In the processing of personal data, we are primarily governed by the EU General Data Protection Regulation (“GDPR”), which also governs your rights as the data subject21 the provisions of the Act on Personal Data Protection applicable to us (in particular Section 78), the Act on Legal Profession (Section 18) as well as other applicable legislation. We are in compliance with the Code of Conduct adopted by the Slovak Bar Association (“SBA“) that explains processing of personal data by lawyers. You can familiarize yourself with the SBA’s Code of Conduct in more detail at www.sak.sk/gdpr.
Why we process personal data?
Processing of personal data is necessary for us mainly to:
- provide legal services to our clients and pursue the legal profession;
- comply with various legal, professional and contractual obligations; and
- protect legitimate interests of us, our clients and other persons.
What are our purposes of processing personal data and on what legal grounds are they made?
|Purposes of processing||Primary legal ground||Related legislation|
|Practice of profession (provision of legal services)||Compliance with legal obligation pursuant to Article 6 (1) (c) GDPR, performance of contract pursuant to Article 6 (1) (b) GDPR, legitimate interest pursuant to Article 6 (1) (f) GDPR||Act on Legal profession, Rules of Professional Conduct for Lawyers, Civil Code and Commercial Code|
|Provision of non-legal services||Compliance with legal obligation pursuant to Article 6 (1) (c) GDPR, performance of contract pursuant to Article 6 (1) (b) GDPR, legitimate interest pursuant to Article 6 (1) (f) GDPR||Public Sector Partners Act, Act on e-Government, Civil Code, Commercial Code, Act on Lease of Non-Residential Premises|
|Compliance with laws and regulations of Slovak Bar Association||Compliance with legal obligation pursuant to Article 6 (1) (c) GDPR, legitimate interest of lawyers pursuant to Article 6 (1) (f) GDPR or public interest pursuant Article 6(1) (e) GDPR.||Act on Legal profession, Rules of Professional Conduct for lawyers, Anti-Money Laundering Act, Act on Whistleblowing, GDPR|
|Purposes concerning protection of legitimate interests||Legitimate interest of lawyers or third parties pursuant to Article 6 (1) (f) GDPR.||GDPR, Civil Code, Commercial Code, Criminal Code, Criminal Procedure, Civil Procedure, Code of Civil Non-Contentious Procedure, Code of Administrative Judicial Procedure, Code Administrative Procedure, Act on Offences|
|Marketing purposes||Legitimate interest of lawyers or third parties pursuant to Article 6 (1) (f) GDPR.||Act on Legal profession, Act on Electronic Communications, Act on Advertising, Consumer Protection Act, Civil Code|
|Statistical purposes, archiving purposes in public interest and purposes of historical and scientific research||The legal ground that allowed collection of personal data for original purposes (compatible purposes) in the light of Article 89 GDPR.||Act on Archives|
|Personnel & Payroll||Compliance with legal obligation pursuant to Article 6 (1) (c) GDPR, performance of contract pursuant to Article 6 (1) (b) GDPR, alternatively legitimate interest pursuant to Article 6 (1) (f) GDPR||Labour Code, Act on Legal profession and other legislation|
|Accounting & Tax purposes||Compliance with legal obligation pursuant to Article 6 (1) (c) GDPR||Specific law in the area of accountancy and taxes|
What are our legitimate interests that we pursue?
- compliance with the basic principles of personal data processing, implementation and maintenance of technical and organizational security measures, including, but not limited to, the prevention of unauthorized access to systems and information, the investigation of suspected or known security breaches,
- fraud prevention and protection against misuse of services,
- direct marketing.
Who are recipients of our personal data?
We provide personal data of our clients and other natural persons only to the extent necessary and always while maintaining the confidentiality of the data recipient, e.g. to our employees, persons authorised to take individual legal actions within provision of legal services, substituting or cooperating lawyers, our accountancy advisors, our professional advisors e.g. auditors, the Slovak Bar Association (e.g. in the case of disciplinary proceedings) or to providers of software or the support to our law firm, including employees of those persons.
Although our obligation to provide your personal data to public authorities is limited for reasons of confidentiality, we are required to frustrate the commission of criminal offences and we also have the obligation to report information regarding prevention of money laundering and terrorism financing.
What countries we transfer your personal data to?
We do not intend to transfer your personal data outside the EU and/or European Economic Area. We use safe cloud services of a verified provider with servers located in an EU jurisdiction.
How long do we store your personal data?
We store personal data as long as is necessary for the purposes for which personal data are processed. When storing personal data, we follow the recommended retention periods under the Resolution of Council of Slovak Bar Association no. 29/11/2011, e.g.
- The incoming mail book / register and the outgoing mail book / register, after it has been filled, is kept by the lawyer for ten years from the date of receipt or sending of the last mail registered in such book;
- The inventory list is archived by the lawyer for ten years after made;
- If the lawyer keeps a list of client names and client records electronically, at the end of the calendar year he or she will make its printed form for the calendar year and store it in the office without any time limit;
- Client files shredding period is 10 years and starts to run on the day when all the conditions for deposition of the file to the archive are fulfilled
Lawyers are subject to professional regulations of the Slovak Bar Association that interpret their obligations under the Act on Legal Profession, according to which there are certain circumstances that extend our retention periods of personal data and explicitly prevent us from shredding some documents on reasonable grounds, such as:
- A client file that contains original documents delivered to us by the client cannot be shredded;
- It is not possible to shred client file protocols and list of client file names;
- It is not possible to shred the client file or its part that the lawyer is obliged to submit to the state archives;
- It is not possible to shred the client file if any proceedings before the courts, state administration bodies, law enforcement authorities, the Slovak Bar Association are pending that have a material relation to the contents of the client file or that concer the lawyer’s legal action or omission in providing legal services in that client’s matter.
How we collect your personal data?
If you are our client, we often obtain your personal data directly from you. In that case, obtaining your personal data is voluntary. Depending on the particular case, the failure to provide personal data by clients may affect our ability to provide high-quality legal services or, in exceptional cases, may give rise to our obligation to refuse to provide legal services. Personal data about our clients may also be obtained from publicly available sources, from public authorities or from other third parties.
If you are not our client, we often obtain your personal data from our clients or from other public or statutory sources by making requests to public authorities, through extracts from public registers, obtaining evidence in favour of our client, etc. In such a case, we may obtain personal data without your knowledge and against your will on the basis of our statutory authorization and the obligation to practice law in accordance with the Act on Legal Profession.
What rights do you have?
You have a right to object to any processing that is based on legitimate interest or public interest as well as to any direct marketing purposes including profiling
As a client, you have the right to request access to your personal data and request their rectification. When processing personal data during the provision of legal services, you have no right, as a client or any other natural person (e.g. a counterparty), to object to such processing under Article 22 of the GDPR. If personal data relate to a client (regardless of whether the client is a legal or natural person) other persons do not have the right of access to such data or the right to data portability, due to our legal obligation to maintain confidentiality with reference to Article 15 (4) of the GDPR, Article 20 (4) of the GDPR and Section 18 (8) of the Act on Legal profession: “A lawyer is not obliged to provide information on the personal data processing, facilitate access or enable data portability pursuant special legal regulation (footnote: Article 14 (5) (d) 15 (4) and Article 20 (4) of the GDPR) if it may lead to breach of professional duty of secrecy in compliance with this Act.”
|Google Analytics||Obtaining anonymized website usage statistics (pages you visit on our website, how long you stay on the page, how you got to the page, what you click on when you browse the page)||24 months||Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland|