Processing of personal data
Processing of personal data
In accordance with Article 13 of Regulation 2016/679 (GDPR)
Contents
Name and contact details of the controller
Personal data
Processing of personal data in the case of an enquiry about services
Processing of personal data in the provision of legal services and the performance of mediation
Processing of personal data in the academy and in marketing
- User account
- Photo and video documentation
- Reviews
- Newsletters
How do we process your personal data?
To whom may your personal data be disclosed?
Rights of the data subject
Sample submissions for the exercise of rights by the data subject
Name and contact details of the controller
Preegal advokátní kancelář s.r.o., Company ID: 218 73 160, registered office: Bohunická 133/50, Horní Heršpice, 619 00 Brno, registered in the Commercial Register under file no. C 140535 kept by the Regional Court in Brno, email: info@preegal.cz, tel: +420 732 464 814.
The controller has not appointed a data protection officer. If you have any questions or requests concerning personal data, please contact us using the contact details above.
Personal data
Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This natural person may be, in particular, a customer, an enquiring person, a supplier, a subcontractor or their representative (data subjects).
In this document we describe how we handle your personal data in individual situations, in particular in connection with the practice of law, when using our website www.preegal.cz (hereinafter the “website”), when you make an enquiry via the contact form, in connection with the sale of a digital product, or when organising events.
Processing of personal data in the case of an enquiry about services
|
Personal data |
The personal data you provided in your enquiry or in the contact form. This data includes:
|
|
Data subjects |
Prospective customers, enquiring persons. |
|
Purpose of processing |
Handling of queries and enquiries. |
|
Legal basis for processing |
Steps taken prior to entering into a contract at your request (Article 6(1)(b) GDPR). |
|
Duration of processing |
We process this data for the period strictly necessary to fulfil your enquiry or otherwise handle it. Unless your enquiry indicates otherwise, if no contract is concluded we process this data for a maximum of 6 months from the last communication. |
Processing of personal data in the provision of legal services and the performance of mediation
We process the personal data of clients and other persons in the course of the practice of law, in particular when providing legal services, professional advice and mediation. This data forms part of the attorney's case file.
|
Personal data |
Billing details:
Other identification and contact details:
Banking information:
Information about the legal service provided:
We process only such personal data as is necessary for the provision of the specific service. |
|
Data subjects |
Clients, their business partners or persons authorised by them, third parties (the opposing party). |
|
Purpose of processing |
Provision of legal services, related advice and the performance of the activities of a mediator, handling of queries or complaint proceedings. |
|
Legal basis for processing |
Performance of a contract under Article 6(1)(b) GDPR (contracts for the provision of legal services, mediator services) Compliance with legal obligations under Article 6(1)(c) GDPR (obligations arising from the Act on the Legal Profession and professional regulations, i.e. in particular keeping the attorney's case file or carrying out identification under the Act on Certain Measures Against the Legalisation of the Proceeds of Crime, and obligations arising from accounting or tax legislation, i.e. in particular the proper keeping of accounts and tax records) Protection of the controller's legitimate interest under Article 6(1)(f) GDPR (processing of personal data after the end of the cooperation for the duration of this interest) Protection of the legitimate interest of third parties (in particular clients) in accordance with the rules governing the practice of law under Article 6(1)(f) GDPR |
|
Duration of processing |
For the duration of the contract and subsequently for the prescribed archiving period for attorney case files (as a rule 5 years, in some cases 10 years from the end of the provision of the service), or until the assertion of claims arising from these contractual relationships is concluded (legitimate interest). Billing details – in accordance with the relevant provisions of accounting and tax legislation (currently 10 years). |
Processing of personal data in the academy and in marketing
The controller is entitled to process personal data obtained via the registration form for the events it organises (e.g. educational events for the public, courses for businesses). Events are, as a rule, available for purchase through the Academy section.
|
Personal data |
Personal data you have provided to us, or personal data we have obtained on the basis of ongoing cooperation. Registration details:
For a paid event, also billing details:
Other identification and contact details:
Banking information:
Information about the service provided We process only such personal data as is necessary for the provision of the specific service. |
|
Data subjects |
Clients, their employees or persons authorised by them, event participants. |
|
Purpose of processing |
Organisation of the preparation (registration) and the course of an educational event. Provision of a purchased digital product or service. |
|
Legal basis for processing |
Performance of a contract under Article 6(1)(b) GDPR (contracts for the purchase of digital products, contracts for the delivery of training) Compliance with legal obligations under Article 6(1)(c) GDPR (obligations arising from accounting or tax legislation, i.e. in particular the proper keeping of accounts and tax records) Protection of the controller's legitimate interest under Article 6(1)(f) GDPR (processing of personal data after the end of the cooperation for the duration of this interest) |
|
Duration of processing |
For the duration of the contract, subsequently for the duration of the legitimate interest, but no longer than 10 years, or until the assertion of claims arising from these contractual relationships is concluded (legitimate interest) Billing details – in accordance with the relevant provisions of accounting and tax legislation (currently 10 years). |
User account
When purchasing certain digital products and services in the Academy section, the creation of a user account is required in order to make the digital product available. A user may also create an account voluntarily.
|
Personal data |
First name, surname, company, email. |
|
Data subjects |
Customers and their employees / collaborators |
|
Purpose of processing |
Making digital products available, access to invoices. |
|
Legal basis for processing |
Performance of a contract (Article 6(1)(b) GDPR), and subsequently the controller's legitimate interest (Article 6(1)(f) GDPR). |
|
Duration of processing |
For the duration of the contract, at the latest for 2 years from the last login. |
Photo and video documentation
We would like to inform you that at our events we take photographs or video recordings. Upon entering an event you will be informed about the photo and video documentation taking place, so that you can freely give your implied consent or express to the event organiser your objection to the capturing of your likeness or other expression of a personal nature. If you therefore do not wish to be captured in photographs or video, please contact the controller or, at the event venue, the organiser / photographer / video creator, and in the case of an online event please follow the instructions on how to anonymise your data and turn off your camera.
|
Personal data |
Likeness and expression of a personal nature - Photographs and video recordings are published only in such a way as to avoid disproportionate interference with the privacy of the persons depicted. |
|
Data subjects |
Event participants. |
|
Purpose of processing |
Informing the public about current events. Promotion on the website and social media (Facebook, IG, LinkedIn, Youtube). |
|
Legal basis for processing |
The controller's legitimate interest (Article 6(1)(f) GDPR), arising from the consent you have granted to the publication of your likeness and expression of a personal nature. |
|
Duration of processing |
For the duration of the consent given pursuant to Section 85 of the Civil Code, i.e. for the duration of the legitimate interest under Article 6(1)(f) GDPR. |
Reviews
If you give us permission to publish your experiences with our services, including your personal data and data protected by attorney-client privilege, we will publish only the personal data and information that you yourself provide in the review. Publication will take place, depending on the scope of your consent, on the website, on social media, and we may possibly mention them at events.
|
Personal data |
First name, surname, position in the company, and possibly likeness in photographs or recordings. |
|
Data subjects |
Clients and former clients. |
|
Purpose of processing |
Informing about the client experience with our services. |
|
Legal basis for processing |
The consent you have granted for this purpose (Article 6(1)(a) GDPR). You may withdraw your consent at any time. Published likeness – legitimate interest arising from the consent granted pursuant to Section 85 of the Civil Code (Article 6(1)(f) GDPR). |
|
Duration of processing |
For the duration of the consent. If consent is withdrawn, we will delete the personal data. |
Newsletters
We may send you a newsletter with news, events and information about our activities on the basis of your consent or if you are our client. You can express your consent or objection at any time – electronically, in writing or via the unsubscribe link included in every newsletter.
We send the newsletter at reasonable intervals, usually once a month.
|
Personal data |
First name and surname Email address |
|
Data subjects |
Those interested in news Clients who have not expressed their objection |
|
Purpose of processing |
Informing about news and updates in the area of the controller's activities. |
|
Legal basis for processing |
In the case of newsletter sign-up, processing is based on your consent (Article 6(1)(a) GDPR); if you are our client, the law permits us to do so. |
|
Duration of processing |
For the duration of the consent you have granted - you may withdraw your consent at any time. If you are our client, you may express your objection at any time. |
How do we process your personal data?
We process your personal data both manually and automatically (in the controller's information systems and software applications that meet the requirements of cybersecurity and GDPR compliance); however, in the automated processing of your data we do not use automated decision-making that could have an impact on your rights.
Personal data is obtained from:
- Clients: data subjects, courts, administrative authorities
- Third parties: clients, data subjects, courts and court files, administrative authorities, witnesses, experts, public registers, publicly accessible information (e.g. the internet).
In some cases we may combine the data obtained and store it together in our records (e.g. in a CRM system). We always strive to limit the amount of information we collect. We process personal data only for the period strictly necessary, in accordance with the purpose of the processing.
Personal data is protected and secured against leakage and misuse. We adopt technical and organisational measures to ensure the highest possible level of personal data protection. We also keep these processes updated. Documents and inputs requiring a higher level of protection are protected by encryption. Access to the website is secured by HTTPS encryption. Only authorised persons, who are bound by confidentiality, have access to personal data.
To whom may your personal data be disclosed?
The controller discloses personal data to the relevant courts or administrative authorities in connection with the practice of law. In cases stipulated by special legislation, the controller is entitled, or rather obliged, to disclose certain processed personal data to law enforcement authorities or other state authorities.
The data may be accessed by processors with whom we have concluded written contracts. Personal data obtained in the course of legal practice remains within the territory of the European Union. In the area of marketing, however, we use the social networks of companies based in third countries. Without your consent, no personal data will be transferred outside the territory of the European Union.
Specifically, we use the following processors:
- AVE Soft s.r.o., Technologická 378/9, Ostrava 708 00, Company ID: 25378392 (provider of the attorney case file service),
- Microsoft Corporation, 1 Microsoft Way, Redmond, WA 98052 (provider of office services),
- Ecomail.cz, s.r.o., Na Příkopě 388/1, 110 00 Praha 1, Company ID: 02762943 (provider of the newsletter service),
- PayU S.A., 60-166 Poznań, ul. Grunwaldzka 186 (provider of the payment gateway),
- Taxpoint s.r.o., Chládkova 2, 616 00 Brno, Company ID: 25545094 (provider of accounting services),
- Legal Systems s.r.o., Hvězdova 1716/2b, Nusle, 140 00 Praha 4, Company ID: 04471521 (online AML process),
- MONETA Money Bank, a.s., Vyskočilova 1442/1B, Michle (Praha 4), 140 00 Praha, Company ID: 25672720 (banking services and escrow accounts).
The data may further be accessed by collaborating attorneys and employees who are bound by confidentiality.
Rights of the data subject
In connection with the processing of personal data, the data subject has the following rights:
Right of access to personal data: The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them is being processed and, where that is the case, the right to access that personal data.
Right to rectification of inaccurate and completion of incomplete personal data: The data subject has the right to have the controller, without undue delay, rectify inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure (the so-called right to be forgotten): The data subject has the right to have the controller erase, without undue delay, personal data concerning that data subject, and the controller is obliged to erase the personal data without undue delay where (i) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, (ii) the data subject objects to the processing and there are no overriding legitimate grounds for processing the personal data, (iii) the personal data has been unlawfully processed, or (iv) the personal data must be erased in order to comply with a legal obligation laid down in Union law or the law of the Czech Republic.
Right to restriction of processing of personal data: The data subject has the right to have the controller restrict the processing of personal data.
Right to data portability: The data subject has the right to receive the personal data concerning them which they provided to the controller, in a structured, commonly used and machine-readable format, and the right to transmit that data to another controller.
Right to object: The data subject has the right, on grounds relating to their particular situation, to object at any time to the processing of personal data concerning them. The controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests or rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
Data subjects may make their requests/complaints for the exercise of the rights described in the preceding paragraphs to the Attorney, in particular by sending them via the email address info@preegal.cz or in writing to the law firm's registered office.
The supervisory authority in the field of privacy and personal data protection, where a complaint may be lodged, is the Office for Personal Data Protection, with its registered office at: Pplk. Sochora 27, 170 00 Praha 7 (www.uoou.cz).
Sample submissions for the exercise of rights by the data subject
Identification of the data subject
First name and surname: _________________________
Date of birth: _________________________
Address: _________________________
Other identification (email, telephone number, etc.): _________________________
Subject of the request – which right I wish to exercise:
Right of access
It is enough for me to know the types of personal data you process about me (e.g. the data necessary to perform the contract or contracts we have concluded together, or to monitor how I use the purchased services, etc.); or
I want to know in detail all the personal data concerning me that you process, but I do not need to receive copies of this personal data; or
I want to know in detail all the personal data concerning me that you process, and I further request that a copy of this personal data be sent in the following way:
to the following email address: _________________________; or
to the following address: _________________________.
Right to rectification
I wish to correct/complete the following personal data: _________________________
The current value of the personal data is: _________________________
Right to erasure
I wish that you no longer process the following personal data about me _________________________ and delete it from your systems.
Right to restriction of processing
(describe which processing you wish to restrict, and where applicable specify which personal data the restriction is to concern)
I wish that you restrict the following processing _________________________ (description of the processing you wish to restrict) of my personal data _________________________ (which personal data the restriction is to concern).
Right to portability
I request the transfer of this/all of the personal data you process about me, _________________________, in the following format _________________________.
Transfer the personal data to me at the following email address: _________________________
OR
Transfer the personal data directly to the following new controller:
Name of the controller: _________________________
Address of the controller: _________________________
Email of the controller: _________________________
Telephone of the controller: _________________________
Right to object to processing
I object to the following processing of my personal data: _________________________
If you request erasure/restriction of processing and we acknowledge the validity of your request, we will inform all recipients to whom your personal data was disclosed about the erasure/change/restriction of the processing of personal data, except in cases where this would be impossible or would require disproportionate effort. Are you interested in information about such recipients of personal data? (YES/NO)
Reason for the request
If you are requesting the exercise of the right to erasure, the right to restriction of processing or the right to object, please state the justification for your request. If you do not do so, the request cannot be granted.