Privacy Policy
Protection of personal data of our clients and other natural persons is important for us. This Privacy Policy provides an explanation how we process personal data when providing legal services at ConSense Legal s.r.o. with registered seat at: Jarošova 1, 831 03 Bratislava, Identification number (IČO): 53 532 503 (hereinafter referred to as “we“ or “us“). If you have any questions or queries you may contact us by phone on +421 902 959 664, by sending an e-mail to info@consenselegal.com or by post at the registered seat.
In the processing of personal data, we are primarily governed by the EU General Data Protection Regulation (“GDPR”), which also governs your rights as the data subject21 the provisions of the Act on Personal Data Protection applicable to us (in particular Section 78), the Act on Legal Profession (Section 18) as well as other applicable legislation. We are in compliance with the Code of Conduct adopted by the Slovak Bar Association (“SBA“) that explains processing of personal data by lawyers. You can familiarize yourself with the SBA’s Code of Conduct in more detail at www.sak.sk/gdpr.
Why we process personal data?
Processing of personal data is necessary for us mainly to:
- provide legal services to our clients and pursue the legal profession;
- comply with various legal, professional and contractual obligations; and
- protect legitimate interests of us, our clients and other persons.
What are our purposes of processing personal data and on what legal grounds are they made?
| Purposes of processing | Primary legal ground | Related legislation |
|---|---|---|
| Practice of profession (provision of legal services) | Compliance with legal obligation pursuant to Article 6 (1) (c) GDPR, performance of contract pursuant to Article 6 (1) (b) GDPR, legitimate interest pursuant to Article 6 (1) (f) GDPR | Act on Legal profession, Rules of Professional Conduct for Lawyers, Civil Code and Commercial Code |
| Provision of non-legal services | Compliance with legal obligation pursuant to Article 6 (1) (c) GDPR, performance of contract pursuant to Article 6 (1) (b) GDPR, legitimate interest pursuant to Article 6 (1) (f) GDPR | Public Sector Partners Act, Act on e-Government, Civil Code, Commercial Code, Act on Lease of Non-Residential Premises |
| Compliance with laws and regulations of Slovak Bar Association | Compliance with legal obligation pursuant to Article 6 (1) (c) GDPR, legitimate interest of lawyers pursuant to Article 6 (1) (f) GDPR or public interest pursuant Article 6(1) (e) GDPR. | Act on Legal profession, Rules of Professional Conduct for lawyers, Anti-Money Laundering Act, Act on Whistleblowing, GDPR |
| Purposes concerning protection of legitimate interests | Legitimate interest of lawyers or third parties pursuant to Article 6 (1) (f) GDPR. | GDPR, Civil Code, Commercial Code, Criminal Code, Criminal Procedure, Civil Procedure, Code of Civil Non-Contentious Procedure, Code of Administrative Judicial Procedure, Code Administrative Procedure, Act on Offences |
| Marketing purposes | Legitimate interest of lawyers or third parties pursuant to Article 6 (1) (f) GDPR. | Act on Legal profession, Act on Electronic Communications, Act on Advertising, Consumer Protection Act, Civil Code |
| Statistical purposes, archiving purposes in public interest and purposes of historical and scientific research | The legal ground that allowed collection of personal data for original purposes (compatible purposes) in the light of Article 89 GDPR. | Act on Archives |
| Personnel & Payroll | Compliance with legal obligation pursuant to Article 6 (1) (c) GDPR, performance of contract pursuant to Article 6 (1) (b) GDPR, alternatively legitimate interest pursuant to Article 6 (1) (f) GDPR | Labour Code, Act on Legal profession and other legislation |
| Accounting & Tax purposes | Compliance with legal obligation pursuant to Article 6 (1) (c) GDPR | Specific law in the area of accountancy and taxes |
What are our legitimate interests that we pursue?
- compliance with the basic principles of personal data processing, implementation and maintenance of technical and organizational security measures, including, but not limited to, the prevention of unauthorized access to systems and information, the investigation of suspected or known security breaches,
- fraud prevention and protection against misuse of services,
- direct marketing.
Who are recipients of our personal data?
We provide personal data of our clients and other natural persons only to the extent necessary and always while maintaining the confidentiality of the data recipient, e.g. to our employees, persons authorised to take individual legal actions within provision of legal services, substituting or cooperating lawyers, our accountancy advisors, our professional advisors e.g. auditors, the Slovak Bar Association (e.g. in the case of disciplinary proceedings) or to providers of software or the support to our law firm, including employees of those persons.
Although our obligation to provide your personal data to public authorities is limited for reasons of confidentiality, we are required to frustrate the commission of criminal offences and we also have the obligation to report information regarding prevention of money laundering and terrorism financing.
What countries we transfer your personal data to?
We do not intend to transfer your personal data outside the EU and/or European Economic Area. We use safe cloud services of a verified provider with servers located in an EU jurisdiction.
How long do we store your personal data?
We store personal data as long as is necessary for the purposes for which personal data are processed. When storing personal data, we follow the recommended retention periods under the Resolution of Council of Slovak Bar Association no. 29/11/2011, e.g.
- The incoming mail book / register and the outgoing mail book / register, after it has been filled, is kept by the lawyer for ten years from the date of receipt or sending of the last mail registered in such book;
- The inventory list is archived by the lawyer for ten years after made;
- If the lawyer keeps a list of client names and client records electronically, at the end of the calendar year he or she will make its printed form for the calendar year and store it in the office without any time limit;
- Client files shredding period is 10 years and starts to run on the day when all the conditions for deposition of the file to the archive are fulfilled
Lawyers are subject to professional regulations of the Slovak Bar Association that interpret their obligations under the Act on Legal Profession, according to which there are certain circumstances that extend our retention periods of personal data and explicitly prevent us from shredding some documents on reasonable grounds, such as:
- A client file that contains original documents delivered to us by the client cannot be shredded;
- It is not possible to shred client file protocols and list of client file names;
- It is not possible to shred the client file or its part that the lawyer is obliged to submit to the state archives;
- It is not possible to shred the client file if any proceedings before the courts, state administration bodies, law enforcement authorities, the Slovak Bar Association are pending that have a material relation to the contents of the client file or that concer the lawyer’s legal action or omission in providing legal services in that client’s matter.
How we collect your personal data?
If you are our client, we often obtain your personal data directly from you. In that case, obtaining your personal data is voluntary. Depending on the particular case, the failure to provide personal data by clients may affect our ability to provide high-quality legal services or, in exceptional cases, may give rise to our obligation to refuse to provide legal services. Personal data about our clients may also be obtained from publicly available sources, from public authorities or from other third parties.
If you are not our client, we often obtain your personal data from our clients or from other public or statutory sources by making requests to public authorities, through extracts from public registers, obtaining evidence in favour of our client, etc. In such a case, we may obtain personal data without your knowledge and against your will on the basis of our statutory authorization and the obligation to practice law in accordance with the Act on Legal Profession.
What rights do you have?
You have a right to object to any processing that is based on legitimate interest or public interest as well as to any direct marketing purposes including profiling
As a client, you have the right to request access to your personal data and request their rectification. When processing personal data during the provision of legal services, you have no right, as a client or any other natural person (e.g. a counterparty), to object to such processing under Article 22 of the GDPR. If personal data relate to a client (regardless of whether the client is a legal or natural person) other persons do not have the right of access to such data or the right to data portability, due to our legal obligation to maintain confidentiality with reference to Article 15 (4) of the GDPR, Article 20 (4) of the GDPR and Section 18 (8) of the Act on Legal profession: “A lawyer is not obliged to provide information on the personal data processing, facilitate access or enable data portability pursuant special legal regulation (footnote: Article 14 (5) (d) 15 (4) and Article 20 (4) of the GDPR) if it may lead to breach of professional duty of secrecy in compliance with this Act.”
Cookies
Cookies are small text files that improve website usage, e.g. by allowing us to recognise previous visitors when logging in to a user environment, remembering a user’s choice when opening a new window, measuring website traffic, or evaluating usage of the website for improvement. Our website www.consenselegal.com uses cookies:
| Name | Purpose | Expiration | Address |
|---|---|---|---|
| Google Analytics | Obtaining anonymized website usage statistics (pages you visit on our website, how long you stay on the page, how you got to the page, what you click on when you browse the page) | 24 months | Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland |
| Cookie Notice | We write a cookie as soon as you agree to the use of cookies on our website so that we can stop displaying that notice to you. | 12 months | dfactory.eu |
You can always stop storing these files on your device in the settings of your web browser. Setting your browser is considered, under Section 55 (5) of the Act on Electronic Communications, as your consent to the use of cookies on our site.
Changes to this Privacy Policy
Protection of your data is not a one-time issue for us. The information we give you with regard to processing of personal data may change or cease to be up to date. For these reasons, we may change this Privacy Policy at any time and to any extent. If we change this Privacy Policy substantially, we will bring such changes to your attention, for example through a general notice posed on this website or by explicit notice delivered by email.