PERSONAL DATA PROTECTION POLICY OF LAW FIRM
BUŽEK & TEREM advokáti s.r.o.
According to Art. 13 and 14 of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons in the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (“GDPR”).
In this document you will learn:
I. Where to contact us for your personal data protection questions
II. How and why we process personal data when you:
- visit our website;
- communicate with us (e.g. using a contact form or e-mail);
- we provide you with our legal services.
III. What your rights are as a data subject.
Our website and its sub-domains may contain links to third-party websites (e.g. LinkedIn), which may – after their visit – collect your personal data. These third party websites have their own personal data protection policies and we do not assume any responsibility for these policies. Before submitting any personal data to such third-party websites please make sure that you are thoroughly informed about their policies.
I. THE CONTROLLER AND ITS CONTACT INFORMATION
BUŽEK & TEREM advokáti s.r.o., with its seat at: Mariánska 12, 811 08 Bratislava, Slovak Republic, BIN: 36 867 276, registered in the Commercial Register of District Court Bratislava I, Section Sro, File No. 70074/B.
Address: BUŽEK & TEREM advokáti s.r.o., Mariánska 12, 811 08 Bratislava, Slovak Republic.
Tel.: 421 (0) 2 207 57 203
II. HOW AND WHY WE PROCESS PERSONAL DATA
a) Visitors to our website and Cookies
We do not process any personal data about visitors to our website that would enable us to individually identify a visitor to our website.
PURPOSE: these cookies are used to distinguish between humans and bots.
b) Communication (web contact form, e-mail etc.).
If you communicate with us through our website (e.g. by using a contact form, or by sending an email), our law firm receives the personal data you provide in such communication (in particular, e-mail, name, surname, employer, the content of the message).
We assume that the data you provide is correct and up-to-date. Handling of your correspondence is our legitimate interest, and we base our right to process your personal data on this legal basis. We also assume that by sending such correspondence you are expecting and agreeing that we may subsequently contact you by e-mail, phone, or by an electronic message with the aim of resolving your correspondence or request. Your personal data obtained in this manner are processed only for the duration of the purpose of their processing, for a maximum of 24 months after the last communication has ended. Passive access to your personal data may be available to third parties with whom the Controller cooperates when providing the services and which include, in particular, the web hosting provider and the website administrator.
According to Art. 21 GDPR has the right at any time to object to the processing of your personal data on grounds relating to your specific situation against the processing of personal data concerning you which is carried out on the basis of our legitimate interest.
You may submit the objection in writing or by e-mail to the addresses mentioned above. In this case, however, we may no longer be able to deal with your correspondence.
c) Provision of legal services
In addition to the GDPR and the Personal Data Protection Act, attorneys are also subject to specific regulations resulting from Act no. 586/2003 Coll. on Advocacy as amended (hereinafter referred to as the “Advocacy Act”), as well as from the statutes of the Slovak Bar Association. The Slovak Bar Association has developed in accordance with Art. 40 GDPR Code of Conduct for the Processing of Personal Data by Attorneys (hereinafter the “Code of Conduct”), which applies to all attorneys registered in the List of Attorneys maintained by the Slovak Bar Association. The Code of Conduct takes into account special features of the practice of advocacy and can be found at https://www.sak.sk/web/sk/cms/document/224. Our law firm adheres to the Code of Conduct
Attorneys, employees of our law firm and other persons involved in our activities are obliged to maintain confidentiality about all facts they have learned in the course of their activities related to the performance of advocacy. We consider this obligation to be the absolute basis of mutual trust and our approach to clients.
- Purposes of processing
We will process your personal data for the following purposes:
- Provision of legal services, in particular for representation in proceedings before courts, public authorities and other legal entities, defense in criminal proceedings, provision of legal advice, drafting of legal documents, legal analyzes and opinions and other forms of legal advice and legal assistance according to your instructions (hereinafter the” Legal Services”)
- Provision of other than legal services, in particular when performing the function of an authorized person for a public sector partner, authorization of real estate transfer contracts, when performing conversion and a guaranteed conversion.
- billing of our legal services and related performance of obligations under accounting and tax legislation
- ensuring compliance of our activities with legal regulations and SBA regulations (according to the GDPR, the Advocacy Act, the Bar Code, the Act on Protection against Money Laundering, the Whistleblowing Act, etc.)
- exercising of our rights and the protection of our legitimate interests, especially in cases where our law firm is a party to judicial or administrative proceedings, or if we are obliged to comply with the laws or regulations of the Slovak Bar Association
- statistical purposes, archival purposes in the public interest and historical and scientific research purposes.
- Legal basis for processing
We derive our right to process personal data from legal regulations (Article 6 (1) (c) of the GDPR), in particular from the Advocacy Act, the Civil Procedure Code, the Civil Non-Dispute Code, the Administrative Judicial Code, the Administrative Code, the Commercial Register Act, the Act on Protection Against Money Laundering and Protection Against terrorist Financing, accounting and tax regulations as well as GDPR.
According to Sec. 18 par. 6 and 7 of the Act No. 586/2003 Coll. On Advocacy, our law firm:
- processes personal data of clients and other natural persons to the extent necessary for the purposes of advocacy, while the law firm has the status of a controller;
- is authorized to collect and process personal data necessary for the purposes of advocacy by copying, scanning or other recording of official documents on an information carrier without the consent of the person concerned
The processing of your personal data may also be necessary for the performance of the contract that you enter into with our law firm (or to fulfill pre-contractual obligations) – Art. 6 par. 1 letter b) of the GDPR.
We can also process personal data on the basis of the so-called the legitimate interest of our law firm or third parties (Article 6 (1) (f) of the GDPR), such legitimate interests being, in particular, demonstrating the compliance of our law firm’s conduct with the law and legal regulations, the exercise of our rights in relation to clients or third parties, protection of property, network security, information and data.
- How we obtain personal data
We most often obtain personal data directly from you – our client. Providing personal data may be your obligation (e.g for tax purposes), but in most cases it is voluntary. However, depending on the specific case, failure to provide personal data may affect our ability to provide you with the required and quality legal advice or, in exceptional cases, may lead to our obligation to refuse to provide the requested service. We may also obtain personal data from publicly available sources, from public authorities or from other persons.
If you are not our client, we most often obtain your personal data from our clients or from other public or legal sources by requesting the data from public authorities, from extracts from public registers, by obtaining evidence in favour of the client, etc. In this case, we may collect personal data about you on the basis of our legal authorization and obligation to practice law in accordance with the Advocacy Act (see also Article 14 (5) of the GDPR).
- Data subjects
The persons about whom we process personal data are mainly natural persons – our clients, or employees, representatives or members of the statutory bodies of our clients. For the purposes of performing our profession, the Advocacy Act directly allows us to process personal data of other natural persons as well; it is mainly the client’s counterparty, its employees, counterparty employees, spouse, children or other family members of the client, other participants in the proceedings than a client, etc., depending on the nature of the case and the type of legal service provided.
- Categories of personal data processed
We may process not only ordinary personal data (name, surname, date of birth, residence, etc.), but in certain cases also personal data belonging to a special category (Article 9 of the GDPR). In addition to the legal basis mentioned above (Article 6 of the GDPR), in this case, we rely on the exception stated in Art. 9 par. 2 letter f) of the GDPR – proving, asserting or defending legal claims, or – depending on the circumstances – g) – a significant public interest, or a) – the express consent of the person concerned.
We make the personal data of our clients and other natural persons available only to the extent necessary and always while maintaining the confidentiality of the data recipient, e.g. to our employees, persons we entrust with the performance of individual acts of legal services, substitute or cooperating lawyers, our accounts, auditors, the Slovak Bar Association (e.g. in the case of disciplinary proceedings). Although we have a limited obligation to provide your personal information to public authorities, we are required to prevent the committing a crime and we also have an obligation to report information in the field of money-laundering prevention and terrorist financing.
- Transfer of personal data to third countries
We do not envisage the transfer of data to third countries outside the European Economic Area.
- Automated decision making and profiling
We do not do any of these.
- Time period for data storage
We store personal data for as long as necessary for the purposes for which the personal data are processed. When storing personal data, we follow legal regulations (accounting, tax, regulations on protection against money laundering and terrorist financing), as well as recommended retention periods in accordance with the regulations of the Slovak Bar Association.
The shredding period of the client file is 10 years and runs from the day when all conditions for storing the file in the archive are met. Our office is also subject to status regulations, according to which there are certain circumstances that extend our retention periods of personal data, or which prevent us from shredding some documents for understandable reasons. For example, it is not possible to shred: (i) a client file containing the original documents handed over to the attorney by the client, (ii) protocols of client files and names of client files, (iii) the client file or part thereof that the attorney is obliged to hand over to the state archives; (iv) the client file, if any proceedings are pending before a court, state administration authorities, authorities active in criminal proceedings, the Slovak Bar Association, which are content-related to the content of the client file, or the subject of which was the act or omission of an attorney in providing legal assistance to the client.
III. YOUR RIGHTS
According to Sec. 18 par. 8 of the Advocacy Act, an attorney is not obliged to provide information on the processing of personal data, to allow access or transfer of personal data, if this could lead to a breach of the attorney’s obligation to maintain confidentiality under the Advocacy Act. We do not provide your data to third parties, except when such an obligation arises from applicable law, or when the data is requested by the relevant state authorities.
As a data subject you have the right:
- You have the right, upon written (including electronic) request access to your personal data.
If you are a counterparty of our client, or a person against whom our client has or may have a claim, which is / will be the subject of legal services, your right to access the data we process about you is very limited. This is because confirmation of this fact could jeopardize the legitimate interests of our client. If you nevertheless ask us to tell you what data we process about you, you will most likely receive the following response from us: “I would like to inform you that our law firm does not process any personal data about you or processes the data, but cannot confirm it to you. For legal reasons, our law firm cannot provide you with any further information in accordance with the GDPR regulation. For more information, we refer to Section 6.3 of the SBA Code of Conduct at https://www.sak.sk/blox/cms/sk/sak/doc/224/225/_event/open “.
- for rectification of inaccurate personal data or the right to have incomplete personal data completed;
- to restriction of processing of your personal data, if any case mentioned in Article 18 of the GDPR occurs;
- to receive the personal data concerning you, which you have provided to a controller, and the right to transmit those data to another controller under the conditions set forth in Article 20 of the GDPR.
This means you have a right to ask us to provide the data we process about you to another attorney (or another controller with the same level of legal obligation to protect confidential client information) in a structured, commonly used and machine-readable format.
- to object in cases set forth in Article 21 of the GDPR;
You have the right to object, on grounds relating to your particular situation, to processing of personal data concerning you which is based on legitimate interests which we persue. We may no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
- For the erasure of personal data whose purpose of processing has ended or in the cases provided for in Art. 17 GDPR. However, this right does not take precedence over our legal obligation to process your data to the extent and for the purpose specified by applicable law.
- If you believe that your rights have been violated or that the Personal Data Protection Act or the GDPR has been breached, you may file a petition to initiate personal data protection proceedings with the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, Slovak Republic; www.dataprotection.gov.sk or go to apply your rights at the court.
We will provide you with information on the measures we have taken in response to your request without undue delay, at the latest within one month of receipt of the request (this period may be extended by a further two months if necessary (we will promptly inform you of any such extension). If you submit your application electronically, the information shall, as far as possible, be provided by electronic means, unless you request otherwise.
We may change or modify this PERSONAL DATA PROTECTION POLICY at any time, in particular with regard to legislative changes in the field of personal data protection which may be adopted in the future, or when updating the purposes and means of processing. If we do so, we will inform you accordingly.