Principles of data processing and data protection

Principles of data processing and data protection

Protection of personal data of our clients and other individuals is important to us. These terms and conditions explain how your personal data is processed in the course of provision of legal services and performance of the legal profession of an attorney at law (advocate) by the data controller JUDr. Andrea Šupáková, attorney at law, registered office: Miletičova 21, 821 09 Bratislava - mestská časť (municipal district) Ružinov, ID no: 50 076 698, (hereinafter referred to as “We” or “Law Firm”). If you have any questions, you may contact us by e-mail at supakova@aksupakova.sk or by regular post addressed to our registered office.

When processing personal data, We are primarily governed by the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, as amended (hereinafter referred to as the “GDPR”), which also governs your rights as the data subject, the provisions of the Act No. 18/2018 on the Protection of Personal Data and on Amendment to Certain Acts, as amended (hereinafter referred to as the “Personal Data Protection Act”), which apply to us (i.e., in particular, Section 78 of the Personal Data Protection Act), Act no. 586/2003 Coll. on the Advocacy and on Amendment to the Act No. 455/1991 Coll. on the Trade Licensing Entrepreneurial Activity (Trade Licensing Act), as amended (hereinafter referred to as the “Act on Advocacy”, and in particular Section 18 of the Act on Advocacy), as well as other applicable laws. We act in compliance with the Code of Conduct adopted by the Slovak Bar Association (“SBA”), which further explains the processing of personal data by attorneys at law (advocates). The Code of Conduct can be consulted at www.sak.sk/gdpr.

Why do We process personal data?

Processing of personal data by Law Firm is necessary primarily to enable us:

  • to provide legal services to our clients and to perform the legal profession of attorney at law (advocate);
  • to fulfil various legal, professional and contractual obligations;
  • to protect the legitimate interests of ourselves, our clients and other individuals, and
  • to inform our clients and prospective clients about legal updates and, where appropriate, the successes of the Law Firm.

For what purposes, on what legal bases and for how long do We process personal data?

Performance of the legal profession of an attorney at law (advocate):

Legal basis:

performance of the contract and taking steps prior to entering into a contract pursuant to Article 6(1)(b) of the GDPR, or performance of legal obligations pursuant to Article 6(1)(c) of the GDPR and obligations under the professional regulations of SBA, or a legitimate interest pursuant to Article 6(1)(f) of the GDPR, and, where applicable, establishment, exercise or defence of legal claims pursuant to Article 9(2)(f) of the GDPR

Duration of processing

the client directory and the client file protocol kept electronically is printed out at the end of the calendar year and a printed copy is kept in the office without any time limit;

in case of other data, during the existence of the contract with the client and after termination of the contract, for 10 years from the date on which all the conditions for archiving the file have been fulfilled

Applicable legislation:

Act on Advocacy, professional regulations of SBA, Act No. 40/1964 Coll. the Civil Code, as amended (hereinafter referred to as the “Civil Code”), Act No. 513/1991 Coll. the Commercial Code, as amended (hereinafter referred to as the “Commercial Code”), Act No. 455/1991 Coll. on Trade Licensing Entrepreneurial Activity (Trade Licensing Act), as amended (hereinafter referred to as the “Trade Licensing Act”)

Provision of services other than legal services

Legal basis:

performance of a contract pursuant to Article 6(1)(b) of the GDPR, or performance of legal obligations pursuant to Article 6(1)(c) of the GDPR, or legitimate interest pursuant to Article 6(1)(f) of the GDPR

Duration of processing:

during the existence of a contract with the client

after termination of the contract, 10 years from the termination of the contract with the client

Applicable legislation

GDPR, Act No. 315/2016 Coll. on the Register of Public Sector Partners and on Amendment to Certain Acts, as amended (hereinafter referred to as the “Act on RPVS”), Act No. 305/2013 Coll. on the Electronic Form of Exercise of Public Authority Powers and on Amendment to Certain Acts (the “e-Government Act”), as amended, the Civil Code, the Commercial Code, Act No. 116/1990 Coll. on the Lease and Sublease of Non-residential Premises, as amended.

Ensuring compliance of our activities with legal regulations and professional regulations of SBA

Legal basis:

compliance with a legal obligation pursuant to Article 6(1)(c) of the GDPR, or with legitimate interest pursued by our Law Firm or by the third parties pursuant to Article 6(1)(f) of the GDPR, or a public interest pursuant to Article 6(1)(e) of the GDPR, or for defence of legal claims pursuant to Article 9(2)(f) of the GDPR

Duration of processing

for as long as required by applicable laws or as necessary for retention for the purposes of demonstrating compliance with our legal obligations

Applicable legislation:

GDPR, Act No. 297/2008 Coll. on the Protection against the Legalization of the Proceeds from Crime and on the Protection against the Financing of Terrorism and on the Amendment to Certain Acts, as amended, Act No. 54/2019 Coll. on the Protection of Whistle-blowers of Anti-social Activity and on Amendments to Certain Acts, as amended, Act No. 583/2008 Coll. on the Prevention of Crime and Other Anti-social Activities and on Amendment to Certain Acts, as amended, Act on Advocacy, professional regulations of SBA, Trade Licensing Act

Commercial contracts:

Legal basis:

performance of a contract pursuant to Article 6(1)(b) of the GDPR and performance of a legal obligation pursuant to Article 6(1)(c) of the GDPR

Duration of processing:

during the existence of a contract with a business partner (in particular a supplier of various goods and services)

for a period of 10 years after the termination of the contract with the business partner

Applicable legislation:

the Commercial Code, the Civil Code and special tax and accounting laws

Statistical purposes, archiving purposes in the public interest and historical and scientific research purposes

Legal basis:

safeguards and derogations relating to processing for the purposes of archiving scientific or historical research or statistical purposes pursuant to Article 89 of the GDPR

Duration of processing:

for a period of 10 years from the date on which all the conditions for filing the file in the archives pursuant to the applicable rules are fulfilled

Applicable legislation:

GDPR, Act No 395/2002 Coll. on Archives and Registries and on the Amendment to Certain Acts, as amended (hereinafter referred to as the “Archives Act”)

Accounting and tax purposes

Legal basis:

fulfilment of legal obligation under Article 6(1)(c) of the GDPR

Duration of processing:

for a period of 10 years following the year to which they relate

Applicable legislation:

special laws in the field of accounting and tax administration

Business communication

Legal basis:

legitimate interest of attorneys at law (advocates) pursuant to Article 6(1)(f) of the GDPR;

our legitimate interest is to find the most suitable service provider for the needs of the Law Firm

Duration of processing:

for a period of 3 years after the year in which the communication ended

Applicable legislation:

GDPR

Maintaining the commercial agenda and registration and notification of changes to the commercial and trade registers of the Slovak Republic and the register of public sector partners

Legal basis

fulfilment of a legal obligation pursuant to Article 6(1)(c) of the GDPR

Duration of processing:

for a period of 5 years following the year in which the organisation ceased to exist. Data on the ultimate business owner for a period of 5 years from the date of cessation of the status of the ultimate business owner in the relevant company, unless the data is part of a verification document available on-line

Applicable legislation:

Act No. 530/2003 Coll. on the Commercial Register and on Amendment to Certain Acts, as amended, the Commercial Code, Act No. 757/2004 Coll. on Courts and on Amendment to Certain Acts, as amended, the Trade Licensing Act, the Act on RPVS and other special laws

Correspondence (written, electronic), maintaining the registry and keeping records of mail

Legal basis:

fulfilment of a legal obligation pursuant to Article 6(1)(c) of the GDPR or a legitimate interest pursuant to Article 6(1)(f) of the GDPR;

our legitimate interest is responding to enquiries, offers and other correspondence from potential clients, service providers or employees.

Duration of processing:

for the necessary period of time required for the purpose of providing the response or for the statutory retention periods applicable to important documents;

the book of incoming mail and the book of outgoing mail, after the book is full, shall be kept by the Law Firm for ten years from the date of receipt or dispatch of the last recorded shipment entered in the book;

Applicable legislation:

Act on Archives, Act on Advocacy, professional regulations of SBA, Act No. 305/2013 Coll. on the Electronic Form of Exercise of Public Authority Powers and on Amendment to Certain Acts (Act on e-Government) in the effective wording

Requests from the data subject

Legal basis:

fulfilment of a legal obligation pursuant to Article 6(1)(c) of the GDPR

Duration of processing:

for a period of 5 years following the year in which the request was processed

Applicable legislation:

GDPR

We retain personal data for no longer than is necessary for the purposes for which the personal data is processed. When retaining personal data, We follow the recommended retention periods as set out in the SBA Executive Committee Resolution No. 29/11/2011.

The Law Firm is subject to professional regulations interpreting the obligations of attorneys at law (advocates) under the Act on Advocacy, according to which there are certain circumstances that extend the retention periods of personal data or prevent the Law Firm from shredding certain documents for obvious reasons, e.g.:

  • client files containing original documents handed over to the Law Firm by the clients cannot be shredded;
  • client file protocols and client file directory cannot be shredded;
  • a client file or part of a client file which the Law Firm is obliged to hand over to the State Archive may not be shredded;
  • a client file may not be shredded if any proceedings are pending before a court, a state administration authority, law enforcement authorities, or the SBA, which are substantively related to the contents of the client file or the subject of which was an act or omission of the Law Firm or an attorney at law (advocate) in the provision of legal assistance to a client.

What categories of personal data do We process?

The Law Firm only processes the personal data to the extent that is necessary for the fulfilment of the purpose of the processing in question, always in accordance with the principle of minimisation of the processing of personal data. We may process the following categories of personal data within the framework set out above:
  • identification data – i.e. personal data serving to identify the data subject uniquely and unmistakably (in particular name, surname, academic degree, date of birth, signature, etc.)
  • contact data – i.e. personal data enabling contact with the data subject (in particular delivery address, telephone number, e-mail address, etc.);
  • payment data – i.e. personal data necessary for the billing of fees for the provision of our services or, for example, for the performance of legal custody of funds by the attorney at law/advocate (e.g. account number, designation of the banking institution and other transaction data);
  • profile data – basic physiological characteristics (age, gender), socio-economic data (e.g. income data, ownership of movable and immovable property), socio-demographic characteristics (marital status, number of children, residence and household information, education, occupation, etc.);
  • sensitive data – i.e. special categories of personal data (e.g. data relating to health or sex life or sexual orientation, data relating to political opinions, religious beliefs or trade union membership) and data related to criminal convictions and offences;
  • personal data generated by our activities – this includes, in particular, identifiers assigned by us for record-keeping purposes (e.g. the number under which you are registered in our filing system), records of your preferred language for communication or of your specific requests that have been communicated to us;
  • third party personal data – i.e. personal data of family members that is usually communicated to us by clients when providing legal services (e.g. data relating to spouses, children and others);
  • other data – i.e. data not falling into any of the above categories relating to your person (e.g. data about the fact that the enforcement, bankruptcy or other proceedings are pursued against you).

What legitimate interests do We pursue in processing personal data other than the above?

Our clients pursue various legal claims and protect their legitimate interests through the Law Firm. Therefore, We pursue legitimate interests of our clients in the provision of legal services. As a Law Firm, We also have our own separate, non-derogable right to process personal data for the purpose of performing the legal profession of an attorney at law (advocate), including sensitive data (Article 9 of the GDPR), and data related to criminal convictions and offences (Article 10 of the Regulation), as well as personal data on third parties, even without their consent (Section 18(6) and (7) of the Act on Advocacy).

We have legitimate interests in the course of provision of legal services and the performance of the legal profession of an attorney at law (advocate), e.g. the interest in protecting our assets, and We may have legal claims against various individuals, e.g. for breach of contract, damages, etc. In this case, We process personal data on the basis of Article 6(1)(f) of the GDPR.

To whom do We make personal data available?

We only make available personal data of our clients and other natural persons to the extent it is necessary and always under confidentiality obligation of the data recipient, e.g. to our employees, to persons whom We instruct to perform individual acts of legal services, to representing or cooperating attorneys at law (advocates), to our accounting advisers, to the SBA (e.g. in the case of disciplinary proceedings) or to the providers of software equipment or support of our Law Firm, including the employees of these persons and, where applicable, relevant public authorities.

While We have a limited obligation to disclose your personal data to public authorities due to confidentiality reasons, We also have a duty to prevent the commission of a crime and to report information in the area of anti-money laundering and countering the financing of terrorism.

In special cases, We may make publicly available the personal data of our clients, and possibly of other natural persons, e.g. in the course of the cadastral proceedings, proceedings for registration in the Commercial Register, proceedings for registration of a pledge in the Notarial Central Register of Pledges, proceedings for registration of rights in the registers maintained by the Industrial Property Office of the Slovak Republic, etc., always on the basis of a special regulation, and in the course of the provision of legal services.

Which countries do We transfer personal data to?

We do not intend to transfer your personal data across borders to third countries outside the European Economic Area (EU, Iceland, Norway and Liechtenstein). We use secure cloud services from a verified provider with servers located in an EU jurisdiction.

We do not conduct automated individual decision-making, including profiling, in respect to your personal data.

How do We collect personal data?

If you are our client, We most often collect your personal data directly from you. Collection of your personal data is voluntary in such cases. However, depending on the specific case, failure to provide personal data by the client may affect our ability to provide quality legal services or, in exceptional cases, it may result into our obligation to refuse to provide legal services. We may also obtain personal data about our clients from publicly available sources, public authorities or other persons.

If you are not our client, We typically collect your personal data from our clients or from other public or lawful sources. This may include requesting information from public authorities, obtaining extracts from public registers, lawfully collecting evidence in favour of a client, lawfully collecting information in the context of ongoing proceedings or negotiations, and other lawful means. In such cases, We may collect your personal data without informing you and also against your will on the basis of our legal authority and obligation to perform the legal profession of the attorney at law (advocate) in accordance with the Act on Advocacy.

In this context, We would like to point out that our Law Firm is not considered to be a controller if it collects personal data in a random manner without first determining the purposes and means of processing. This may include situations where personal data is provided to our Law Firm by mistake, inadvertently, in a speculative manner, or where personal data is provided to our Law Firm that it did not request and has no interest in further processing such personal data for any purpose, where the retention of such data (e.g. for the purpose of returning it to the authorised person or erasing it within a reasonable period of time) does not constitute processing of personal data under the GDPR.

What rights do you have as a data subject?

If We process your personal data on the basis of your consent to the processing of your personal data, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal. You have the right to object at any time to the processing of personal data on the grounds of legitimate or public interest, as well as its processing for direct marketing purposes, including profiling. As a client, you have the right to request access to your personal data, as well as its rectification. If We process personal data in the course of providing legal services, you do not have the right as a client or as another natural person (e.g. counterparty) to object to such processing under Article 22 of the GDPR. If the personal data relates to a client (regardless of whether the client is a legal or natural person), the right of access to the data or the right of portability is not available to other persons due to our legal duty of confidentiality and with reference to Article 15(4) of the GDPR, Article 20(4) of the GDPR and Article 18(8) of the Act on Advocacy: “An attorney at law (advocate) shall not be obliged to provide information on the processing of personal data, to allow access to or the portability of personal data pursuant to a special regulation if this could lead to a breach of the advocate’s duty of confidentiality under this Act.” You also have the right to lodge a complaint with the Data Protection Authority or the SBA at any time.

Cookies

Cookies are small text files that improve the use of a website by, for example, enabling recognition of previous visitors when logging in into user’s interface, remembering a visitor’s choice when opening a new window, measuring website traffic or how a website is used in order to improve its user experience. Our website uses cookies.

Changes to these terms and conditions

Protection of personal data is not a one-off issue for us. Information that We are required to provide to you in respect of our processing of your personal data may change or cease to be up to date. For this reason, We reserve the right to modify and change these terms and conditions to any extent at any time. In the event of a change to these terms and conditions, We will bring the change to your attention, for example, by a general notice on this website or a separate notice by e-mail.
This site is registered on wpml.org as a development site.