Hereinafter the “Policy”.
1. Identity of the controller
Your personal data controller under this Policy is company Kastner & Pieš, advokátní kancelář s.r.o., ID No.: 07958692, with its registered office at Pobřežní 620/3, Karlín, 186 00, Prague 8, registered in the Commercial Register maintained by the Municipal Court in Prague under the file no. C 310523 (hereinafter the “Law Firm” or “we”). We would like to present to you this Policy, which explains our procedures and methods we use to ensure sufficient security of your personal data.
2. Introduction
The aim of this Policy is to provide you with information on the processing of your personal data, how we process and collect your personal data and on what legal grounds. Furthermore, this Policy will provide you with information on the purpose of your personal data use, parties to whom we may provide the data and, finally, we would also like to inform you of your rights following from the processing of your personal data.
This Policy applies to the processing of personal data of all entities whose personal data are collected and used by us specially in relation to:
- use of our website at https://kastnerpies.cz;
- provision of our legal services and related activities (e.g., in connection with the visit of our office or fulfilment of clients’ assignments);
- co-operation with our Law Firm;
- sales and marketing notices and online communications;
- protection of our legitimate interests;
- interactions with our clients;
- acquiring information about job candidates.
3. Definitions and laws and regulations
What is the definition of personal data under this Policy? “Personal data” means any information/data that can be used to identify you or that can be assigned to you as a natural person.
We process personal data in accordance with the legal regulations, especially in accordance with the Act No. 85/1996 Coll., on the legal profession, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “GDPR”) and Act No. 110/2019 Coll., on personal data processing. Any terms used in this Policy shall have the same meaning as specified in the GDPR.
4. How we collect your personal data
We obtain your personal data primarily directly from you, based on your interest in sharing your personal data with us, or, in case you are not our client, we may receiver your personal data from our clients or their opponents and representatives.
We also obtain your personal data in the course of performance of our Law Firm activities and from another third parties, i.e. a public authorities (including courts or administrative offices), your employer or business partner; we may also obtain your personal data from a publicly available database.
5. What personal data do we process?
Personal data processed by our Law Firm include, without limitation, personal data and categories of personal data specified below. For the sake of completeness, we would like to point out that we do not process all the personal data specified below specifically in relation to you; the scope of processing of personal data is specified on the basis of the relevant interaction with you as a personal data subject.
- basic personal identification data (e.g. name, title, office or your position vis-à-vis our Law Firm or our clients);
- contact details (e.g. name, surname, mailing address, e-mail address, telephone number, date of birth);
- payment details related to the service provided (e.g., bank account number, details on payments made, invoices);
- personal data processed in connection with the provision of legal services (e.g. name and surname, birth identification number, data concerning health, information on the amount of income, details on family status, your office or position in a company that is our client);
- data from your visit to our website (e.g., cookies, IP address, information on your device);
- data you provide for the purposes of recruitment process (e.g., information about education or work experience)
- any other data you provide for a specific purpose of processing at your own discretion.
6. Purpose of processing
Below, we would like to describe in more details the main categories of personal data processing, the scope of which relates to the purpose of processing as described in this Policy.
a) Performing our legal obligations
While performing our services, we are obliged to comply with our statutory and professional regulations. For this reason, we are obliged to process your personal data in accordance with the law to ensure compliance of our activities and proper provision of our services.
b) Performance of contractual obligations
For our Law Firm to be able to provide you with services based on an agreement concluded with you, the Law Firm must be authorised to process your personal data. In cases, where the legal title for the processing is the performance of the agreement, your personal data are processed primarily within the scope given by the nature of the agreement and in the scope of the basic personal identification data as defined above in paragraph 5 hereof.
c) Legitimate interest of our Law Firm as a controller
Our Law Firm wishes to pursue its activities efficiently, to achieve this, we can process your personal data on the grounds of a legitimate interest. Such legitimate interest includes processing of your personal data for marketing purposes, which you provided to us as our clients.
d) Performance of statutory obligations
Our Law Firm must comply with various statutory obligations from anti-money laundering measures to tax and accounting purposes. For these purposes we will process your personal data as our client, supplier or counterparty.
e) Consent
The Law Firm processes your personal data primarily for the reasons set out in Art. 6 (a)) to (d)) hereof; however, in exceptional cases and in cases established by law, your personal data may be processed on the basis of your consent, within the scope and for the period specified in the relevant consent. However, you may revoke your consent at any time. We would like to inform you that the withdrawal of consent does not apply to processing of personal data that occurred before the withdrawal.
7. Purposes of processing in recruitment process
Your personal data is being processed within the framework of recruitment process only for the purposes as stated above in Article 6 of the Policy. However, especially for the purpose of:
- performing a recruitment process in the scope of performing our legal obligations arising especially from the labour laws and GDPR and for the selection of the most suitable candidate;
- performing future recruitment processes in the case of consent to participate in subsequent recruitments;
- conducting satisfaction survey regarding the recruitment process according to Article 6 (c) of the Policy;
- preparation of an employment contract or other contract in the event of a positive recruitment result according to Article 6 (b) of the Policy.
8. Retention of personal data
Our priority is to retain personal data only for the period necessary for the fulfilment of the specific processing purpose or for the period stipulated by the legal regulations. For this purpose, we regularly assess the necessity of processing certain personal data. Once the data are no longer necessary for any purpose for which they were being processed in accordance with this Policy, such data will be erased.
9. Sharing personal data with third parties
We do not provide your personal data to other entities or transfer your personal data to entities outside the Law Firm, with the exception of entities directly co-operating with the Law Firm. Attorneys-at-law who have entered into a permanent co-operation agreement with the Law Firm and their employees or professional specialists, such as external providers of accounting and tax services and external providers of IT services or translation agencies, are considered directly co-operating entities under this Policy.
We have introduced the above sharing in order to be able to offer you the best possible services in the performance of our obligations and duties under the agreements. Therefore, where appropriate, we use the above-mentioned professional specialists who are in the position of third parties. If these third parties process personal data transferred to them by our Law Firm, these third parties become processors under the GDPR in relation to personal data and, as such, are obliged to follow the Law Firms’ instructions in the processing and may not use the personal data in any other manner. At the same time, in order to ensure that these third parties comply with the standards set out in this Policy, we enter into an agreement on processing of personal data where necessary, which guarantees the same level of protection of your personal data as indicated in this Policy.
The Law Firm may provide your personal data on the basis of the performance of its legal obligations, where the data will be transferred to public authorities, courts and prosecuting bodies; such transfer does not violate our duty of confidentiality. Should such a transfer take place, we agree to ensure that we will use our best efforts to inform you of such provision of personal data in advance.
If you provide personal data for the purposes of the recruitment process, your data may be also shared with the entities providing services in this area or public authorities in order to perform our legal obligations (e.g., for tax purposes).
We do not disclose personal data to recipients in third countries or within international organisations.
10. Personal data security
Our Law Firm uses reasonable organisational, technical and other measures to protect personal data in order to ensure that personal data in both electronic and printed form are retained securely and protected against unauthorised access, alteration, accidental loss, destruction or disclosure. Our security measures are supported by a number of security standards, processes and procedures that we introduce for you in accordance with the best practices of care for users. These measures are regularly checked, tested and, if necessary, replaced by a newer version.
Our security measures include, for example, storing the data in premises with limited and controlled access or in electronic databases secured using access rights with individual identifiers, prevention of access in case of several unsuccessful attempts to log in or inactivity and the possibility to renew locked access identifiers. Furthermore, the measures include, inter alia, the adoption of reasonable steps to ensure employee liability, regular backups, etc.
We also require the above security measures to be utilised by our above-defined directly co-operating entities, who are, at the same time, also subject to a confidentiality obligation same as our own employees.
However, in view of the nature of the Internet network, we cannot completely guarantee that the absolute security of personal data transferred over the Internet will be maintained. We ask you to exercise caution when you provide personal data via the Internet. Our Law Firm cannot guarantee that an unauthorised third party will not gain access to your personal data in connection with their transfer. Therefore, when you provide your personal data via the Internet, consider the associated advantages and risks because, e.g., in a situation where you do not inform us in writing that you require specific security measures to be taken in relation to the transfer of certain data, we will use usual internet communication services for the transfer of this data – primarily e-mail communication.
11. Your rights
In accordance with the GDPR and local legal regulations on personal data protection, you have the following rights:
- Right to rectification or erasure of any incorrect or incomplete personal data retained about you by the Law Firm.
- Right of access to your personal data retained by the Law Firm.
- The right to object to the processing of your personal data in certain cases and on legitimate grounds.
- If we process your personal data based on your consent, you have the right to withdraw your consent.
- Right to restriction of processing of your personal data in certain cases.
- The right not to be subject to automated decision-making aimed at assessing certain personal aspects concerning you, such as behaviour-based analyses.
- The right to personal data portability to you or another controller, if technically feasible; this applies in cases where you provided us with your personal data with your consent or as part of a contract and your personal data are processed by automated means.
- The right to lodge a complaint with the competent national supervisory authority for personal data protection or exercise the right to compensation for damage. The Office for Personal Data Protection is the competent supervisory authority in the Czech Republic.
We also bear the notification obligation regarding rectification or erasure of personal data or restriction of processing when we shall inform you about such changes, unless this proves impossible or involves disproportionate effort.
If you wish to exercise any of your above rights and/or obtain the relevant information, you can contact us via the contact details specified below.
If you request the exercise of your rights, acknowledge that in order to verify whether the relevant request has been made by you, we may request that you provide identification information.
At the same time, we would like to point out that in view of the specific nature of our activities and overall specifics of the legal field, we do not have to comply with some of your requirements, especially those related to the legal claim represented by us.
12. How can you contact us?
If you have any questions concerning the scope, use, alteration or erasure of the personal data you provided to us, or if you wish to withdraw your consent to the processing of your personal data by our Law Firm, please contact us by e-mail at: info@kastnerpies.cz.
13. Updating this Policy
This Policy enters into effect as of 1 April 2019 and is issued in accordance with the GDPR in order to comply with the information duty borne by the Law Firm under the GDPR. At the same time, we would like to inform you that this Policy may be updated, in which case, the changes contained in the update shall become effective once the relevant update is published on the website of our Law Firm.