In the processing of personal data, we are primarily governed by the EU General Data Protection Regulation (“GDPR”), which also governs your rights as the data subject1 the provisions of the Act on Personal Data Protection applicable to us (in particular Section 78), the Act on Legal Profession (Section 18) as well as other applicable legislation. We are in compliance with the Code of Conduct adopted by the Slovak Bar Association (“SBA“) that explains processing of personal data by lawyers. You can familiarize yourself with the SBA’s Code of Conduct in more detail at www.sak.sk/gdpr.
Why we process personal data?
Processing of personal data is necessary for us mainly to:
- provide legal services to our clients and pursue the legal profession;
- comply with various legal, professional and contractual obligations; and
- protect legitimate interests of us, our clients and other persons.
What are our purposes of processing personal data and on what legal grounds are they made?
|Purpose||Legal ground||Relevant legislation|
|Practice of profession (provision of legal services)||Compliance with legal obligation pursuant to Article 6 (1) (c) of the GDPR (there may be additional conditions under Article 9 (2) (f) of the GDPR in relation to specific categories of personal data) (alternatively also contract on legal services)||Act on Legal profession, Rules of Professional Conduct for Lawyers, Civil Code and Commercial Code|
|Provision of non-legal services (e.g. Registration to register of public sector partners, contract authorization, conversion and guaranteed conversion of legal documents, etc.)||Performance of contract pursuant to Article 6 (1) (b) of the GDPR, alternatively also compliance with legal obligation pursuant to Article 6 (1) (c) of the GDPR, (alternatively also contract on legal services)||Public Sector Partners Act, Act on e-Government, Civil Code, Commercial Code, Act on Legal profession, Act on Lease of Non-Residential Premises|
|Compliance with laws and regulations of Slovak Bar Association (e.g. internal administrative activities, protection against money laundering and financing of terrorism, case management, etc.)||Compliance with legal obligation pursuant to Article 6 (1) (c) of the GDPR, legitimate interest of lawyers pursuant to Article 6 (1) (f) of the GDPR, public interest pursuant to Article 6 (1) (e) of the GDPR or defending legal claims pursuant to Article 9 (2) (f) of the GDPR.||Act on Legal profession, Rules of Professional Conduct for lawyers, Anti-Money Laundering Act, Act on Whistleblowing, GDPR|
|Marketing purposes||Consent of data subject pursuant to Article 6 (1) (a) of the GDPR or legitimate interest of lawyers or third parties pursuant to Article 6 (1) (f) of the GDPR.||Act on Legal profession, Act on Electronic Communications, Act on Advertising, Consumer Protection Act, Civil Code|
|Statistical purposes, archiving purposes in public interest and purposes of historical and scientific research||Article 89 of the GDPR.||Act on Archives|
|Purposes concerning protection of legitimate interests (e.g. CCTV system at the lawyer’s offices to protect lawyers´ property and for security)||Legitimate interest of lawyers or third parties pursuant to Article 6 (1) (f) of the GDPR.||GDPR, Civil Code, Commercial Code, Criminal Procedure, Criminal Code, Civil Procedure, Code of Civil Non-Contentious Procedure, Code of Administrative Judicial Procedure, Act on Offences|
|Human resources & Payroll||Compliance with legal obligation pursuant to Article 6 (1) (c) of the GDPR, legitimate interest pursuant to Article 6 (1) (f) of the GDPR, alternatively performance of contract pursuant to Article 6 (1) (b) of the GDPR (there may be additional conditions under Article 9 (2) (f) of the GDPR in relation to specific categories of personal data)||Labour Code, Act on Legal profession and other legislation|
|Accounting & Tax purposes||Compliance with legal obligation pursuant to Article 6 (1) (c) of the GDPR||Specific laws in the area of accountancy and taxes|
Who are recipients of our personal data?
We provide personal data of our clients and other natural persons only to the extent necessary and always while maintaining the confidentiality of the data recipient, e.g. to our employees, persons authorised to take individual legal actions within provision of legal services, substituting or cooperating lawyers, [other offices belonging to our group], our accountancy advisors [our professional advisors e.g. auditors], the Slovak Bar Association (e.g. in the case of disciplinary proceedings) or to providers of software or the support to our law firm, including employees of those persons.
Although our obligation to provide your personal data to public authorities is limited for reasons of confidentiality, we are required to frustrate the commission of criminal offences and we also have the obligation to report information regarding prevention of money laundering and terrorism financing.
What countries we transfer your personal data to?
We do not intend to transfer your personal data outside the EU and/or European Economic Area. [We use safe cloud services of a verified provider with servers located in an EU jurisdiction.]
We do not perform or pursue automated individual decision making
How long do we store your personal data?
We store personal data as long as is necessary for the purposes for which personal data are processed. When storing personal data, we follow the recommended retention periods under the Resolution of Council of Slovak Bar Association no. 29/11/2011, e.g.
- The incoming mail book / register and the outgoing mail book / register, after it has been filled, is kept by the lawyer for ten years from the date of receipt or sending of the last mail registered in such book;
- The inventory list is archived by the lawyer for ten years after made;
- If the lawyer keeps a list of client names and client records electronically, at the end of the calendar year he or she will make its printed form for the calendar year and store it in the office without any time limit;
- Client files shredding period is 10 years and starts to run on the day when all the conditions for deposition of the file to the archive are fulfilled.
Lawyers are subject to professional regulations of the Slovak Bar Association that interpret their obligations under the Act on Legal Profession, according to which there are certain circumstances that extend our retention periods of personal data and explicitly prevent us from shredding some documents on reasonable grounds, such as:
- A client file that contains original documents delivered to us by the client cannot be shredded;
- It is not possible to shred client file protocols and list of client file names;
- It is not possible to shred the client file or its part that the lawyer is obliged to submit to the state archives;
- It is not possible to shred the client file if any proceedings before the courts, state administration bodies, law enforcement authorities, the Slovak Bar Association are pending that have a material relation to the contents of the client file or that concer the lawyer’s legal action or omission in providing legal services in that client’s matter.
How we collect your personal data?
If you are our client, we often obtain your personal data directly from you. In that case, obtaining your personal data is voluntary. Depending on the particular case, the failure to provide personal data by clients may affect our ability to provide high-quality legal services or, in exceptional cases, may give rise to our obligation to refuse to provide legal services. Personal data about our clients may also be obtained from publicly available sources, from public authorities or from other third parties.
If you are not our client, we often obtain your personal data from our clients or from other public or statutory sources by making requests to public authorities, through extracts from public registers, obtaining evidence in favour of our client, etc. In such a case, we may obtain personal data without your knowledge and against your will on the basis of our statutory authorization and the obligation to practice law in accordance with the Act on Legal Profession.
What rights do you have?
If we process personal data based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
You have a right to object to any processing that is based on legitimate interest or public interest as well as to any direct marketing purposes including profiling.
As a client, you have the right to request access to your personal data and request their rectification. When processing personal data during the provision of legal services, you have no right, as a client or any other natural person (e.g. a counterparty), to object to such processing under Article 22 of the GDPR. If personal data relate to a client (regardless of whether the client is a legal or natural person) other persons do not have the right of access to such data or the right to data portability, due to our legal obligation to maintain confidentiality with reference to Article 15 (4) of the GDPR, Article 20 (4) of the GDPR and Section 18 (8) of the Act on Legal profession: “A lawyer is not obliged to provide information on the personal data processing, facilitate access or enable data portability pursuant special legal regulation (footnote: Article 14 (5) (d) 15 (4) and Article 20 (4) of the GDPR) if it may lead to breach of professional duty of secrecy in compliance with this Act.”
1 See articles 12 to 22 of the GDPR: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN
2 which are not considered recipients according to article 4 (9) of the GDPR.