My priority is to protect the data of my clients and other individuals.
1. Who is responsible for performing this obligation?
These terms and conditions explain how I process personal data of those who use the services of my law firm, JUDr. Petra Vlachová, attorney at law, registered office: Vodičkova 710/31, 110 00 Prague 1, Czech Republic, Identification Number (IČO): 66247462. Should you have any questions, do not hesitate to contact me by phone: +420 296 226 811, e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it., or mail using the address above. I also wish to inform you that my legal team includes associates who are independent contractors and help me provide legal services. During provision of my services, your personal data are being processed by lawyers I cooperate with and by these contractors, who are considered joint controllers for the purpose of data privacy. All data privacy obligations are performed by me based on an agreement with these independent contractors.
I have not appointed any data protection officer, as I am not obliged to do so by law, and I perform any obligations and commitments in this area with utmost professional care, so that you can rely on the security of personal data provided to me and my services.
2. What are the applicable regulations governing data processing?
When processing your data, I proceed primarily in compliance with EU’s General Data Protection Regulation (“GDPR”), which also lays down the rights you have as the data subject,[1] provisions of the Legal Profession Act (Section 16 et seq.), Data Processing Act (in particular Section 58), and other regulations that apply to me. I strictly follow the Code of Conduct of the Czech Bar Association, which further details the data privacy procedures to be followed by all attorneys. The Code of Conduct is available at:
https://www.cak.cz/scripts/detail.php?id=381; and https://www.cak.cz/scripts/detail.php?id=18804.
3. Why do I process your personal data?
I need to process your personal data mainly for me to be able to:
· provide legal services to my clients and practice law;
· perform miscellaneous legal, professional, and contractual obligations; and
· protect legitimate interests of my law office, my clients, and other parties.
4. For what purposes and on what legal basis do I process personal data?
|
Purpose |
Legal Basis |
Related Legislation |
|
Exercise of profession – providing legal services to clients. |
Performing a legal obligation under Art. 6 (1) (c) GDPR, contract performance as per Art. 6 (1) (b) GDPR (with respect to special categories of data, special conditions as per Art. 9 (2) (f) GDPR may apply). |
Legal Profession Act, Legal Profession Code of Conduct, Civil Code and Act on Business Corporations and other related legislation, Decision on Attorney Documentation[AKPV1] . |
|
Provision of other than legal services to clients. |
Performing a legal obligation under Art. 6 (1) (c) GDPR, contract performance as per Art. 6 (1) (b) GDPR. |
Act on Electronic Actions and Authorized Conversion of Documents[AKPV2] (E-Government Act), Act on Legal Professions[AKPV3] , Civil Code and Act on Business Corporations. |
|
Execution and performance of contracts including processing and creating orders, contracts, invoices, delivery notes, bank operations, etc. |
Contract performance as per Art. 6 (1) (b) GDPR. |
Civil Code and Act on Business Corporations. |
|
Bookkeeping including cash register, assets and liabilities, etc. |
Performing a legal obligation under Art. 6 (1) (c) GDPR. |
Accountancy Act, Income Tax Act, VAT Act. |
|
Ensuring compliance with legal regulations and Czech Bar Association regulations. |
Performing a legal obligation under Art. 6 (1) (c) GDPR, legitimate interest of attorneys or third parties as per Art. 6 (1) (f) GDPR, public interest as per Art. 6 (1) (e) GDPR, defense of legal claims as per Art. 9 (2) (f) GDPR. |
Legal Profession Act, Legal Profession Code of Conduct, Money Laundering Act[AKPV4] , Criminal Code, GDPR. |
|
Sending newsletters, legal notifications, results of monitoring legal regulations, etc. to controller’s clients or persons authorized to represent controller’s clients. |
Legitimate interest of attorneys or third parties as per Art. 6 (1) (f) GDPR. Legitimate interest of the controller is to inform its clients on new developments or changes in legal area, as these may affect their rights and obligations. With reference to the proportionality principle, the controller is of the opinion that legitimate interest of the controller is to inform its clients on such developments overrides the data subject’s protection of privacy. |
Legal Profession Act, Electronic Communications Act, Act on Information Society Services, Act on Regulation of Advertising, Consumer Protection Act, Civil Code.
|
|
Sending newsletters, legal notifications, results of monitoring legal regulations, etc. to data subjects who are not controller’s clients. |
Consent given by data subject as per Art. 6 (1) (a) GDPR.
|
Legal Profession Act, Electronic Communications Act, Act on Regulation of Advertising, Consumer Protection Act, Civil Code. |
|
Responding to other enquiries or questions sent in via the email addresses published on the website www.advokatpraha.cz, which either relate to the data subject finding work or do not relate to the data subject’s interest to find work, maintaining a database of such enquiries or questions and contacting the data subject. |
Consent given by data subject as per Art. 6 (1) (a) GDPR.
|
Legal Profession Act, Civil Code, Act on Business Corporations, Labor Code. |
|
Keeping records of incoming and outgoing mail, maintaining registries and directories, statistical reporting, archiving in public interest and historical and scientific research. |
Art. 89 GDPR. |
Act on Archiving and File Service |
5. Who has access to your personal data?
Personal data of my clients and other individuals are only accessible to the extent necessary and I always make sure the data recipient keeps the data confidential. The entities that may receive such data include my employees, persons tasked with performing certain legal services, substitute attorneys or associates, my accounting and professional consultants (such as auditors), Czech Bar Association (in the event of a disciplinary action) or software providers or companies providing support to my law office, including employees or subcontractors of such companies.
Even though, for confidentiality reasons, my obligation to disclose your personal data to public authorities is limited,[2] I am still required to do everything to prevent the commission of crimes and to notify any information related to money laundering and terrorism financing.
6. To which countries are your data transferred?
I do not intent to transfer your personal data to third countries outside the European Economic Community (EU, Iceland, Norway, and Lichtenstein). I use safe cloud services of a trusted provider with servers located in the EU.
7. How long do I store your personal data?
I store personal data only for the period necessary for processing. When storing personal data, I follow the Decision of the Czech Bar Association No. č. 9/1999, which sets out that an attorney is obliged to store documentation and client files for the duration of five (5) years from the termination of provision of legal services, unless stated otherwise. Regarding contracts for administration of property, copies of the documents submitted by the client, the power of attorney granted by the client, or other documents arising in connection with the administration of the property pursuant to the Legal Profession Act shall be kept by the attorney for a period of ten (10) years from the completion of the administration.
8. How do I obtain your personal data?
If you are my client, I have most likely obtained your personal data directly from you. If this is the case, you have provided the data on voluntary basis. Depending on the specific case, the failure to provide personal data by the client may affect my ability to properly provide legal advice, or I may even decline to provide legal advice in certain cases. I may also obtain my clients’ personal data from public sources, public authorities or third parties.
If you are not my client, I usually obtain your personal data from my clients or other public sources and in other lawful ways, for instance by way of an enquiry filed with public authorities, from extracts obtained from public registers, through obtaining evidence in favor of my client, etc. In such case, I can obtain your personal data without being obliged to inform you and also against your will, and that based on my legal entitlement and my obligation to practice law in compliance with the Legal Profession Act.
9. What are your rights as the data subject?
If I process any of your personal data based on your express consent, you are entitled to revoke it anytime. Notwithstanding that, you have the right to object to the processing of your personal data in legitimate or public interest or for direct marketing purposes including profiling.
As a client, you are entitled to gain access to your personal data and require rectification of the data. If I process your personal data during the provision of legal services, as a client, you or any other individual (such as the counterparty), are not entitled to object to the data processing as per Art. 22 GDPR. Where the personal data relate to my client (whether legal entity or individual), third parties do not have the right to access the data or the right to portability and that by reason of my statutory obligation to keep such data confidential and referring to Art. 15 (4) GDPR, Art. 20 (4) GDPR and Section 21 (1) of the Legal Profession Act: “An attorney is obliged to maintain the confidentiality of all facts of which he/she has become aware in connection with the provision of legal services.” According to Section 58 of the Act on Data Processing, the Czech Office for Data Protection may only access the data protected by the confidentiality obligation according to the Legal Profession Act in the presence of and with a consent of a representative of the Czech Bar Association. Also, you have the right to lodge a complaint with the Czech Office for Data Protection or the Czech Bar Association.
10. Cookies Policy
To improve my services and functionality of my website, I use cookies. Cookies are small text files that are placed on your computer and contain information on what parts of my website you use; the information is then used in your next session. Cookies can be distinguished according to several criteria, and in the following paragraphs I will explain what types of cookies I use and what their purpose is.
For the functionality of my website, I use essential cookies enabling the realization of the basic functionality of the website. These cookies can be disabled by changing your browser settings but may affect the operational functions of the website. I would also like to use voluntary cookies (non-essential cookies) to help me improve the functioning of my website. To enable them, it is necessary to click the consent button. Cookies used:
Basic cookies: the essential cookies enabling the realization of the basic functionality of the website, such as its security, network management and accessibility.
Functional cookies: these cookies can increase the speed at which I can process your request by allowing me to remember the preferences of the site you have selected.
Analytical cookies: these cookies allow me to improve site functionality through Google Analytics by tracking your use of my website.
Social media cookies: social media cookies offer the ability to connect to your social networks and share content from my website via social media (Facebook, Twitter, Pinterest, LinkedIn).
Advertising cookies: advertising cookies collect information to help better customize the advertisement to your interests, both inside and outside my website.
My website uses both my own and third-party cookies. My website also uses third-party services, such as tools for monitoring site traffic like Google Analytics or buttons to ‘share’ or ‘like’ content on social media such as LinkedIn, Facebook, or Twitter. To use these services, my website reads third-party code, and this may require your acceptance of such third-party cookies to safeguard full functionality. The third parties are fully responsible for such cookies; if you are interested in learning more about third-party cookies, please refer to their privacy policy or service terms.
I use both session and persistent cookies; session cookies are erased once you quit your browser session. On the other hand, persistent cookies remain on your device until they expire (could be weeks or months, depending on settings) or until you manually erase them.
You can prevent cookies from being stored on your device by setting up your web browser; accordingly, however, this may mean that the functionality of the website or third-party services may be restricted. You can find instructions on changing your cookie settings in the help section of your web browser. If you use several devices to browse the Internet (computer, smartphone, tablet), I recommend setting up your browser to reflect your cookie preferences on each device separately.
11. Changes to Privacy Terms
Protection of your personal data is a continuous effort. The information I am legally required to provide to you, is that the scope of data processing may be subject to changes or may become obsolete. I therefore reserve the right to amend or change the terms to the extent necessary and I may do so anytime. In case the terms undergo a substantial change, I will inform you accordingly – either by posting a notice on my website or by sending you an e-mail.