INFORMATION ON THE PROCESSING OF PERSONAL DATA
In compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the „Regulation“ or „GDPR“), we hereby inform our clients on the data processing we undertake.
Contact details:
E-mail: info@akmracek.cz
Tel: +420 608 112 279
The re article 91 of the Regulation, the attorney-at-law does not meet the provisions for appointing a data protection officer (hereinafter referred to as the „DPO“) and is not legally obliged to appoint one; DPO has not been appointed.
LEGAL BASIS AND PURPOSES OF DATA PROCESSING
The Client is not legally obligated to consent to the processing of their personal data, however the processing is necessary for providing legal services. Personal data is mainly processed for the following purposes:
• Data processing necessary for the purposes of performing contractual legal services, including data processing in negotiation prior to entering into this contract, ie. Personal data processing for the purpose of duly performing legal services to the Client.
• Data processing necessary for the purposes of compliance with Data Controller’s legal obligations, epecially tax and accounting obligations, obligations pursuant to Act No. 85/1996 Coll. on advocacy, especially the obligations on client file documentation, obligations pursuant to the Act No. 253/2008 Coll. on selected measures against legitimisation of proceeds of crime and financing of terrorism.
• Third parties‘ personal data processing, where applicable, for the purposes of the Clients’ legitimate interests, in compliance with Act No. 85/1996 Coll. on advocacy.
PERSONAL DATA RECIPIENTS
• Client’s personal data are not transferred to any third party for the purposes of further processing.
• Depending on the character of the legal services provided, Client’s personal data may be transferred to public authorities such as courts, administrative authorities, notaries and providers of related services, such as translation providers.
• Personal data Recipients may also include the attorney’s employees and IT administrators, who process Client’s data solely for the purpose for which such recipient has been entrusted by the Data Controller. These persons are bound by confidentiality, contractually or otherwise.
• Personal data Recipients may include other subjects as per the Client’s instructions and/or interests.
• As an attorney-at-law, the Data Controller is legally obligated to transfer some personal data to law enforcement authorities and/or other public authorities in specific cases, where applicable and as defined by legislation.
DURATION OF PERSONAL DATA PROCESSING
Personal data shall be processed for the duration of the legal services contract with the Client, and following the contract’s termination, the data shall be processed in compliance with the relevant legislation, especially Act No. 85/1996 Coll. on advocacy, Act No. 499/2004 Coll. on archiving and records management and on amendments to certain acts, and GDPR. Pursuant to this legislation, the attorney-at-law, as a Data Controller, is obligated to keep record of the Client’s file for the duration of five (5) years following the termination of the legal service, and is obligated to keep accounting records for ten (10) years following their issue.
THIRD PARTY PERSONAL DATA
Third parties’ personal data, especially the Client’s employee and client base data, the attorney-at-law’s contractual partners, and attorney-at-law’s other collaborators, and/or data transferred to the attorney by the Client or a contractual partner in the context of entering into and/or performing a contract, shall be processed in compliance with the relevant legislation. This personal data shall be processed for the purposes of performing a contract, be it with the Client or attorney’s contractual partners. As a Data Controller, the attorney-at-law shall process third party personal data for the duration of this contractual relation, as well as for the duration defined in relevant legislation.
CLIENT’S RIGHTS
Right of access. The Client has the right to obtain information from the attorney on whether Client’s personal data are processed, and if they are, the Client has the right to obtain information on which data are processed and the way they are processed. The Client also has the right to make corrections to inaccurate personal data, as well as to complete incomplete personal data on request.
Right of erasure. At the Client’s request, where conditions for erasure pursuant to GDPR apply, the Data Controller shall erase the Client’s personal data.
Right of restriction. The Client has the right to restrict the processing of their personal data, where applicable in compliance with GDPR. The Client also has the right to object to data processing based on the attorney’s or third party’s legitimate interests, as well as to data processing necessary in public interest or in performing a legal obligation.
Right of personal data portability. The Client has the right to request the personal data he has provided the Data Controllor, in a commonly used and machine-readable format. The Client may transfer this data to a different Data Controller or, where technologically viable, the Client may request that the Data Controllers exchange the data themselves.
The right to withdraw consent at any time shall not apply to Client’s personal data, as the Client’s personal data is being processed on the grounds of contractual duties to be performed, and consent to data processing does not apply.
Requests and/or complaints may be filed via e-mail or by mail as per the contact information listed above.
Please note that where requests to exercise the abovementioned rights are manifestly unfounded or excessive, the attorney is within his rights refuse to perform the request, or charge a reasonable fee for processing the request. In such case, the attorney shall inform the client in advance.
Should the Client be dissatisfied with the personal data processing as performed by the controller/attorney, the Client may file a complaint directly with the attorney or contact the Office for Personal Data Protection, at Pplk. Sochora 27 170 00 Prague 7.
More information on the Client’s rights with regards to data processing is available on the Office for Personal Data Protection website: https://www.uoou.cz/6-prava-subjektu-udaj/d-27276.
