CZEN

INFORMATIONAL MEMORANDUM ON THE PROTECTION OF PERSONAL DATA

As part of our activities as a law firm, we also process personal data. In this informational memorandum you can read about which persons are this processing about, in what manner we do this, and what rights can be applied in this context.

If there is something in this informational memorandum which you do not understand, please do not hesitate to contact us through the contacts listed below and we will gladly explain everything.
 

1.   WHO IS THE CONTROLLER OF YOUR PERSONAL DATA AND WHOM CAN YOU CONTACT?

The controller is generally a person who, alone or together with others, determines the purposes and decides how personal data will be processed.

We are controllers of personal data, that is the company JŠK, advokátní kancelář, s.r.o., residing at: Ovocný trh 573/12, Staré Město, 110 00 Praha 1, IČO: 24712485, registered in the commercial register maintained by the Municipal Court in Prague, file number C 168087.

You can contact us by email at reception@JSK.cz or by telephone at +420 226 227 611.

You can also contact Mrs. Zuzana Olsen, Office & HR Manager, e-mail: Zuzana.Olsen@JSK.cz, direct line: +420 226 227 659.

2   WHOSE PERSONAL DATA ARE WE PROCESSING?

As part of our activities, we collect and subsequently process personal data from the following groups of people:

2.1 Clients

The basic data subjects whose data we process are, of course, our clients (in the case of a natural person) and their employees or co-workers.

2.2 Entities that are counterparties, witnesses and other persons related to client documentation

In order to provide legal assistance to our clients, we collect many documents which individual clients provide to us for the purpose of obtaining a successful legal solution. Some of these documents then contain personal data of various persons related to the case. At the same time, in the course of our work for the client, especially in litigation, we obtain further data based on our activities (for example, in the case of summoning a witness, the submission of expert opinion, etc.).

2.3 Job applicants

Furthermore, we also process the personal data of candidates who would like to become a part of our team, and who, for that purpose, submitted their résumé or in any other way provided their personal data.

2.4 Employees

We also process the personal data of our employees.

2.5 Our suppliers and collaborating attorneys

Another category is our suppliers of various goods and services, and also attorneys who work with us under a contract for the provision of legal services.

2.6 Other subjects (particularly recipients of knowledge marketing)

Among other subjects whose data we process, we especially include persons who provided us with consent to so-called knowledge marketing. If you have ever attended one of our seminars, handed over your business card to us, or have otherwise been in contact with us, and at that time have given your consent to be a recipient of our marketing, we will share our know-how with you, alert you of important events and invite you to various seminars or other social events.

To avoid sending addressees unnecessary knowledge-marketing, we profile them by their industry, of what we think might interest them. You can easily discover (and if need be change) what profile label we assigned to you by clicking on “edit subscribe ” in any message which we have ever sent to you.

You can withdraw your consent to indirect knowledge marketing at any time by clicking “unsubscribe” in any of our messages. If you do so, not only will we no longer send you anything, but we will also delete all of your personal data (if we cannot use it for any other purpose).

3.   WHAT PERSONAL DATA DO WE PROCESS?

Depending on your relationship to us (see types of subjects above), we process the following information from you in particular:

3.1 General identification and contact information

Name, surname (and former surnames), permanent address, correspondence address, email address and telephone number, title, date and place of birth, birth number, identification number,address of registered seat, file number of judicial or other similar proceedings, education, photograph, employment history, skills and experience, interests, professional license and membership, signature.

3.2 Information on potential proceedings

In resolving our clients’ cases, information may be communicated to us about ongoing/terminated/impending court proceedings, enforcement and administrative proceedings, and data about potential criminal proceedings and criminal cases.

3.3 Records of our mutual communication

These are primarily records of our communications via any communication channel. In particular, this will be email, written or other common interactions between yourself and us. We do not use telephone call records.

3.4 Billing information

We of course also store and process invoices related to our services and any others which are provided to us on the part of the client.

3.5 Records of your business activities

Because, as part of our practice, we also come into contact with confidential client documents, this is another area which contains some personal data, which we subsequently process.

4.   FOR WHAT PURPOSES DO WE REQUIRE PERSONAL DATA AND ON WHAT LEGAL BASIS DO WE PROCESS IT?

VWe use your personal data for purposes arising from our legal activities, where, for the majority of such processing, we do not have to obtain your consent – such processing is permitted to us directly on the basis of legislation. The only area where we require consent is in the processing of personal data for the purpose of indirect (knowledge) marketing and in the candidate selection procedure.

These specific purposes are in particular:

(I)

provision of legal services – the legal basis for such processing is the closure and fulfillment of contracts and the fulfillment of legal obligations that apply to us;

(II)

record keeping – the legal basis for such processing is the fulfillment of legal obligations that apply to us and the protection of our legitimate interests;

(III)

communications with you and with other persons in the course of our legal activities – the legal basis for such processing is the closure and fulfillment of contracts, the fulfillment of legal obligations that apply to us, and the protection of our legitimate interests;

(IV)

selection procedure for job applicants – the legal basis for such processing is your consent;

(V)

fulfillment of the requirements of supervisory and other state authorities, the provision of due cooperation including the fulfillment of legal obligations arising from special legislation (e.g. the Law on Advocacy) – the legal basis for such processing is the fulfillment of legal obligations that apply to us;

(VI)

direct marketing (i.e. sending out business communications to existing clients and clients with whom we have concluded our business relationship no later than 1 year ago) – the legal basis for such processing is the protection of our legitimate interests;

(VII)

indirect knowledge marketing – the legal basis for such processing is your consent;

(VIII)   

prevention, detection and investigation of criminal activity, especially money laundering – the legal basis for such processing is the protection of our legitimate interests and the fulfillment of legal obligations that apply to us;

(IX)

facilitating participation in our competitions – the legal basis for such processing is the closure and fulfillment of contracts, however it is possible that in specific cases we will require your consent;

(X)

fulfillment of archiving obligations - the legal basis for such processing is the protection of our legitimate interests and the fulfillment of legal obligations that apply to us;

(XI)

establishment and protection of legal rights, the protection of our privacy, our security and our property and/or your rights or the rights of other persons, and efforts to use available remedies or to limit our damage – the legal basis for such processing is the protection of our legitimate interests, and the fulfillment of legal obligations which apply to us.

5.   FROM WHERE DO WE OBTAIN PERSONAL DATA?

In the majority of cases we obtain personal data directly from you, when you voluntarily provide it to us. We may also obtain personal data from other persons with your consent or from third parties who are authorized to access and share your personal data (for example, courts, administrative authorities, experts etc.). We also obtain data from our own activities.

6.   HOW LONG DO WE STORE PERSONAL DATA?

We take all reasonable steps to ensure that the personal data which we process, reliably corresponds with the intended purpose and was sufficiently accurate and complete to fulfill the purposes described in this informational memorandum. Therefore, we only store personal data for the necessary period. For this purpose, we observe our internal archival and shredding rules, which we will provide on request.

Below are examples of some of the retention periods which we observe in this respect:

(I)

we store personal data derived from client documentation and files for at least 5 years from the day on which the provision of relevant legal services was concluded, and for no longer than the maximum legal length of the limitation period in the given case, in order that we may if need be submit evidence during litigation and defend our interests;

(II)

for the purpose of direct marketing, we store personal data for the duration of our contractual relationship and for a further year after its termination;

(III)

we store accounting records, in which we document our accounts (and which may contain some personal data, in particular billing information), in accordance with Act No. 563/1991 Coll., on Accounting, as amended, for a period of 5 years from the end of the relevant accounting period;

(IV)

in accordance with Act No. 253/2008 Coll., on Certain Provisions Against the Legalization of Proceeds from Criminal Activity and Financial Terrorism, as amended, we save personal data obtained in the course of legal deposit, or in the event that we perform any of the other transactions calculated in this act on the client’s behalf, for a period of 10 years;

(V)

in the event that we carry out any of the authorized conversions, we are required to store the relevant converted document for a period of 10 years from its execution;

(VI)

if you give us permission to process and send out data for purposes other than direct marketing, we will process your personal data until the time when you withdraw your consent;

(VII)   

personal data collected during selection process from candidates who will not be selected for the given position will be forthwith destroyed after the end of the of the given selection process. A candidate who is not selected for the given position can, however, give their consent to have us keep his or her personal data in connection with any possible future contact regarding employment with us for the period specified in the consent thus granted.

7.   WITH WHOM DO WE SHARE PERSONAL DATA?

We process your personal data internally and we only make it accessible to our employees or collaborating attorneys for the purpose of providing our services. However, due to the nature of our business, we are sometimes obliged to share your data with other entities as well. In such case, however, undertake to transmit personal data to only those entities which are guaranteed a sufficient level of personal data protection in accordance with personal data protection regulations. Furthermore, the protection of your personal data is also secured by contractual obligations, certification systems and other technical and organizational measures.

Specifically, we are authorized under certain conditions to disclose personal data to these entities:

(I)

‘PONTES: the CEE Lawyers’ network

We are part of an international network, which connects several law firms in central and eastern Europe. With your consent, your personal data may be shared with other members of our network, who can use it exclusively to send out knowledge-marketing messages and identify a potential risk of conflict of interest.

You can find a list of all the law firms who also belong to this group at: https://www.ponteslegal.eu/contact.

(II)

State administrative authorities and third parties involved in judicial or similar proceedings

In accordance with our other legal duties, we are also required to hand over your personal data to the relevant state authorities or other public authorities (e.g. tax authorities, the courts, law enforcement agencies, etc.). In the event of any litigation, your personal data will also be shared with third parties as participants in such proceedings, in which we provide our clients with our legal services.

(III)

Other law firms or consulting companies

Some of our projects that we implement for our clients require the cooperation of several law firms or the help of specialized consulting companies (e.g. tax advisors). In case of any sharing of your personal data with these entities, you will always be informed in advance.

(IV)   

Our service providers

We also share personal data with those whom we have commissioned to perform certain external activities. Such external suppliers include, for example, accountants, auditors, experts, IT service providers, claim enforcement subjects, document management providers, providers of postal and shipping services, translators, security agency staff, and providers of printing, advertising and marketing services.

(V)

Other persons

We are also authorized to share personal data with payment service providers or with providers of services in the event of an emergency (fire brigade, police and emergency medical services).

8.   DO WE USE AUTOMATED INDIVIDUAL DECISION-MAKING?

We do not automatically process any personal data as part of our activities, nor do we make use of automated individual decision-making.

9.   WHAT RIGHTS DO YOU HAVE IN THE AREA OF PROTECTION OF PERSONAL DATA?

We consider it important to emphasize that our legal priority is the protection of the rights of the client. This means that due to confidentiality, by which we are legally bound, we are often not authorized to process requests from other persons. After submission of such a request, you will be immediately notified of the fact that we are not authorized to handle your request.

The preferred way by which you can exercise your rights against us is to use a data box that allows you to verify your identity safely. The ID of our data box is vmdszuz. If you should choose another method in which there is reasonable doubt about your identity, we may ask you to provide additional information to verify your identity.

All communications and statements about your rights are provided free of charge. However, if the request is manifestly unfounded or excessive, particularly if it is repeated, we are entitled to charge a reasonable fee that takes into account the administrative costs associated with the provisions of the required information.

We will provide you with comments and, if applicable, information about the measures taken as soon as possible, but at the latest within a month. We are entitled to extend the deadline by two months if necessary and in view of the complexity and number of applications. We will inform you of such extension, including the reasons for it.

(I)

You have the right to access your data - you can ask us to confirm that we process your data and to provide a copy of this data.

(II)

You have the right to correct and complete your data - you can ask us to correct inaccurate data. At the same time, you have the right to fill in any incomplete data.

(III)

You have the right to erasure - you can also request that we delete your data without undue delay.

(IV)

You have the right to restrict processing - you can ask us to restrict the processing of your data (i.e. not to use it, but at the same time prevent it from being completely liquidated).

(V)

You have the right to the portability of your data - you have the right to be provided with data that is relevant to you in a structured, commonly-used and machine-readable format, and to pass on this data to another controller.

(VI)

You have the right to object - you have the right to object to data processing which is carried out for the purposes of our legitimate interests. If we cannot subsequently prove to you that we have serious reasons for such processing, which override your interests or rights and freedoms, or which are necessary to the determination, performance or defense of legal claims, the processing of your personal data will be stopped.

You also have the right to object at any time to the processing of your personal data for direct marketing purposes, including profiling. In case of such an objection these personal data will no longer be processed for these purposes.

(VII)

You have the right to withdraw your consent - if in processing your data we are using your consent, you are entitled to withdraw this consent at any point. Withdrawal of consent will ultimately only have effects in the future, therefore the legality of previous processing will not be in any way affected. To withdraw your consent, you can use one of the contacts listed above, where the withdrawal must contain information:

• who is making the withdrawal (please include the name, surname, home address, date of birth, or other identifying information); and
• what specific consent you withdraw and to what extent.

(VIII)   

You have the right to file a complaint with the ÚOOÚ - If for any reason the processing of your personal data is not in order, you can contact The Office for Personal Data Protection (Úřad pro ochranu osobních údajů) at its registered seat Pplk. Sochora 27, 170 00 Praha 7, email: posta@uoou.cz, telephone: +420 234 665 111.

10.   DO WE TRANSFER PERSONAL DATA TO THIRD PARTIES OR INTERNATIONAL ORGANIZATIONS?

We will not transfer personal data to countries outside of the European Union or the European Economic Area, nor to any international organizations.

11.   SECURITY

In an effort to maximize the security of your personal data, we are taking the appropriate technical, physical, legal and organizational measures in accordance with applicable laws on privacy and data security. If you have any reason to believe that your communications with us are no longer secure (for example, if you feel that the security of any personal data you have entrusted to us has been compromised), please notify us immediately via the contact details listed above.