Privacy Policy (hereinafter the “Policy”)

1. Identity of the controller

The controller of your personal data is Kastner & Pieš, advokátní kancelář s.r.o., Id. No.: 07958692, with its registered office at Neklanova 152/42, Vyšehrad, 128 00 Prague 2 (hereinafter the “Law Firm”), which would like to present to you this Privacy Policy, which explains our procedures and methods we use to ensure sufficient security of your personal data.

2. Introduction

The aim of this Policy is to provide you with information on the processing of your personal data, how we process and collect your personal data and on what grounds. Furthermore, this Policy will provide you with information on the purpose of use of your personal data, parties to whom we may provide the data and, last but not least, we would also like to inform you of your rights following from the processing of your personal data.

This Policy applies to the processing of personal data of all entities whose personal data are collected and used by the Law Firm specially in relation to:

  • use of our website at;
  • provision of our legal services and related activities (e.g. visiting our law office);
  • co-operation with our Law Firm;
  • marketing communications;
  • protection of legitimate interests of the Law Firm;
  • interactions with clients of our Law Firm.

3. Definitions and laws and regulations

What is the definition of personal data under this Policy? “Personal data” means any information/data that can be used to identify you or that can be assigned to you as a natural person.

We process personal data in accordance with the legal regulations, especially Act No. 85/1996 Coll., on the legal profession, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “GDPR”) and Act No. 110/2019 Coll., on personal data processing. Any terms used in this Policy shall have the same meaning as specified in the GDPR.

4. How we collect your personal data

We obtain your personal data primarily directly from you, based on your interest in sharing your personal data with our Law Firm, or, in case you are not our client, from our clients or their adversaries and representatives.

We also obtain your personal data in the performance of activities of our Law Firm and from other third parties, i.e. a public authority, your employer or business partner; we may also obtain your personal data from a publicly available database.

5. What personal data do we process?

Personal data processed by our Law Firm include, without limitation, personal data and categories of personal data specified below. For the sake of completeness, we would like to point out that we do not process all the personal data specified below specifically in relation to you; the scope of processing of personal data is specified on the basis of the relevant interaction with you as a personal data subject.

  • Basic personal identification data (e.g. name, title, office or your position vis-à-vis our Law Firm or our clients);
  • contact details (e.g. name, surname, mailing address, e-mail address, telephone number);
  • payment details related to the service provided (e.g. bank account number, details on payments made, invoices);
  • personal data processed in connection with the provision of legal services (e.g. name and surname, birth identification number, data concerning health, information on the amount of income, details on family status, your office or position in a company that is our client);
  • data from your visit to our website (e.g. cookies, IP address, information on your device);
  • any other data you provide for a specific purpose of processing at your own discretion.

6. Purpose of processing

Below, we would like to describe in more detail the main categories of personal data processing, the scope of which relates to the purpose of processing as described in this Policy.

a) Performing our legal obligations

In the provision of our services, we are obliged to perform the duties following from legal and professional regulations. For this reason, we are obliged to process your personal data in accordance with the law to ensure compliance of our activities and proper provision of our services.

b) Performance of contractual obligations

In order for our Law Firm to be able to provide you with services on the basis of an agreement concluded with you, the Law Firm must be authorised to process your personal data. For these purposes – fulfilment of the sense and purpose of the concluded agreements, where the legal title for the processing is the performance of the agreement, your personal data are processed primarily within the scope of the basic personal identification data as defined above in paragraph 5 hereof.

c) Legitimate interest of our Law Firm, i.e. controller

Just like any other business entity, our Law Firm wishes to pursue its activities effectively; in order to achieve this, we must be protected during the performance of our activities. Therefore, we must be allowed to provide our services in accordance with the legal regulations, secure our assets, perform the necessary checks of our activities, carry out marketing activities and take care of the operation of the Law Firm. For these reasons, we can process your personal data on the grounds of a legitimate interest in order to be authorised to enforce the above, e.g. in the event of breach of your obligation towards our Law Firm (for example in case of a failure to pay an invoice, etc.).

d) Consent

As a rule, the Law Firm processes your personal data for the reasons set out in Art. 6 (a)) to (c)) hereof; however, in exceptional cases, your personal data may be processed on the basis of your consent, within the scope and for the period specified in the relevant consent. However, you may revoke your consent at any time. We would like to inform you that the withdrawal of consent does not apply to processing of personal data that occurred before the withdrawal.

7. Retention of personal data

Our priority is to retain personal data only for the necessary period of time which is not longer than necessary for the fulfilment of the specific purpose of the processing or for the period stipulated by the legal regulations. For this purpose, we regularly assess the necessity of processing certain personal data; if we conclude that the data are no longer necessary for any purpose for which they were being processed in accordance with this Policy, we will erase such data.

8. Sharing personal data with third parties

As a rule, we do not provide your personal data to other commercial entities and, we generally also do not transfer your personal data to entities outside the Law Firm, with the exception of entities directly co-operating with the Law Firm. Attorneys-at-law who have entered into a permanent co-operation agreement with the Law Firm and their employees or professional specialists, such as external providers of accounting and tax services and external providers of IT services, are considered directly co-operating entities under this Policy.

We have introduced the above sharing in order to be able to offer you the best possible services in the performance of our obligations and duties under the agreements. Therefore, where expedient, we use the above-mentioned professional specialists who are in the position of third parties. If these third parties process personal data transferred to them by our Law Firm, these third parties become processors under the GDPR in relation to personal data and, as such, are obliged to follow the Law Firm’s instructions in the processing and may not use the personal data in any other manner. At the same time, in order to ensure that these third parties comply with the standards set out in this Policy, we enter into an agreement on processing of personal data where expedient, which guarantees at least the same level of protection of your personal data as this Policy.

The Law Firm may provide your personal data on the basis of the performance of its legal obligations, where the data will be transferred to public authorities, courts and prosecuting bodies; such transfer is not at variance with our obligation of secrecy. Should such a transfer take place, we agree to ensure that we will use our best efforts to inform you of such provision of personal data in advance.

9. Personal data security

Our Law Firm uses reasonable organisational, technical and other measures to protect personal data in order to ensure that personal data in both electronic and printed form are retained securely and protected against unauthorised access, alteration, accidental loss, destruction or disclosure. Our security measures are supported by a number of security standards, processes and procedures that we introduce for you in accordance with the best practices of care for users. These measures are regularly checked, tested and, if necessary, replaced by a newer version.

Our security measures include, for example, storing the data in premises with limited and controlled access or in electronic databases secured using access rights with individual identifiers, prevention of access in case of several unsuccessful attempts to log in or inactivity and the possibility to renew locked access identifiers. Furthermore, the measures include, inter alia, the adoption of reasonable steps to ensure employee liability, regular backups, etc.

We also require the above security measures to be utilised by our above-defined directly co-operating entities, who are, at the same time, also subject to a confidentiality obligation same as our own employees.

However, in view of the nature of the Internet network, we cannot completely guarantee that the absolute security of personal data transferred over the Internet will be maintained. We ask you to exercise caution when you provide personal data via the Internet. Our Law Firm cannot guarantee that an unauthorised third party will not gain access to your personal data in connection with their transfer. Therefore, when you provide your personal data via the Internet, consider the associated advantages and risks because, e.g., in a situation where you do not inform us in writing that you require specific security measures to be taken in relation to the transfer of certain data, we will use usual internet communication services for the transfer of this data – primarily e-mail communication.

10. Your rights

In accordance with the GDPR and local legal regulations on personal data protection, you have the following rights:

  • Right to rectification or erasure of any incorrect or incomplete personal data retained about you by the Law Firm.
  • Right of access to your personal data retained by the Law Firm.
  • The right to object to the processing of your personal data in certain cases and on legitimate grounds.
  • If we process your personal data based on your consent, you have the right to withdraw your consent.
  • Right to restriction of processing of your personal data in certain cases.
  • The right not to be subject to automated decision-making aimed at assessing certain personal aspects concerning you, such as behaviour-based analyses.
  • The right to personal data portability to you or another controller, if technically feasible; this applies in cases where you provided us with your personal data with your consent or as part of a contract and your personal data are processed by automated means.
  • The right to lodge a complaint with the competent national supervisory authority for personal data protection or exercise the right to compensation for damage. The Office for Personal Data Protection is the competent supervisory authority in the Czech Republic.

If you wish to exercise any of your above rights and/or obtain the relevant information, you can contact us via the contact details specified below.

If you request the exercise of your rights, acknowledge that in order to verify whether the relevant request has been made by you, we may request that you provide identification information.

At the same time, we would like to point out that in view of the specific nature of our activities and overall specifics of the legal field, we do not have to satisfy some of your requirements, especially those related to the legal claim defended by us.

11. How can you contact us?

If you have any questions concerning the scope, use, alteration or erasure of the personal data you provided to us, or if you wish to withdraw your consent to the processing of your personal data by our Law Firm, please contact us by e-mail at: or you may also send us a letter to the following address:

Kastner & Pieš, advokátní kancelář
International Business Center
Pobřežní 620/3,
186 00 Prague 8
Czech Republic

12. Updating this Policy

This Policy enter into effect on 1 April 2019 and are issued in accordance with the GDPR with a view to complying with the duty borne by the Law Firm to provide information under the GDPR. At the same time, we would like to inform you that this Policy may be updated, in which case, the changes contained in the update shall become effective after the relevant update is published on the website of our Law Firm.