Principles of Personal Data Processing
Principles of Personal Data Processing
Effective Date: January 1, 2019
These Principles of Personal Data Processing (the “Principles”) in particular describe and inform you (as data subjects whose personal data may be processed) what personal data, for what purpose and on what legal basis are processed by Skils s.r.o. advokátní kancelář, with its registered office at Křižovnické nám. 193/2, 110 00 Prague 1, IČO (company Reg. No.): 256 210 50, registered in the Commercial Register maintained by the Municipal Court in Prague under File No. C 137418 (the “Company” or “we”), with whom the Company may share such data, how the Company protects the data and what rights you have in relation to your personal data if they are processed by the Company. In addition to these Principles, the Company may provide you with other specific information relating to processing of your personal data.
The Company protects personal data processed by it in connection with the provision of legal services and the operation of its business and respects the rights of the data subjects with respect to their personal data. The Company is the controller of personal data within the meaning of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General data Protection Regulation; the “GDPR”).
Personal Data Processed by Us
Within the scope of our activities (particularly in connection with the provision of legal services), we may obtain your personal data, in particular in cases where your personal data is (i) provided to us in the course of the provision of our services to you or to any of our clients (as a result of your relationship with any of our clients), (ii) provided to us as part of the provision of any services by you or by any persons working with us and our contractors (as a result of your relationship with any persons working with us and/or with any of our contractors), (iii) obtained from any other sources, including those accessible to the public, and/or (iv) in cases where you contact us and/or request any information from us.
Personal data processed by us may typically include your name and surname (including the title and academic degree), date of birth, place of birth, birth number, sex, permanent or other residence, nationality, business name (including its part distinguishing the legal form of the entity), seat, IČO (company Reg. No.), ID No. for taxation purposes, numbers of identification documents or their copies, business name of your employer, your function or job position, your contact information (such as your e-mail address, phone number, postal address), number of your bank account and other payment specification data, information provided by you to us in connection with the provision of legal services to you or to any of our clients, for the purposes of meetings, visits to our office, business trips, events, or in connection with applying for a job in the Company, and any other personal data provided to us by you or by any third parties or that we may obtain in any other way (in particular, any data and information about legal services provided or any other data obtained in connection with the provision of legal services).
In extraordinary cases, the Company also may process the so-called sensitive personal data (personal data that reveal racial or ethnic origin, political opinions, religion or philosophical beliefs or trade union membership, genetic and biometric data, data concerning health, sexual life, or orientation) or personal data relating to judgments in criminal matters and crimes or related security measures. Such personal data will be processed by the Company only in necessary cases (particularly in connection with the provision of legal services to you or to any of our clients) and subject to the terms and conditions stipulated in applicable laws and regulations (in particular, the provisions of Art. 9 of the GDPR).
If you provide the Company with any personal data relating to other persons, you are required to ensure that the provision of the relevant personal data is compliant with applicable laws and regulations and that you are authorized to make the relevant personal data available to the Company for processing for certain purpose.
Purpose of Processing and Legal Basis for Personal Data Processing
Depending on circumstances, we may process your personal data for the following purposes:
- provision of legal services by the Company (including, without limitation, use of personal data when representing the Company’s clients and communicating with clients or their contact persons) and other activities relating to the execution and performance of agreements for provision of legal services;
- operation, management and administration of Company operations (including, without limitation, the execution and performance of agreements for the operation, management and administration of the Company, identification of visitors in the Company’s seat, personal security measures at the Company’s seat and protection of Company assets, assertion of legal claims or defense against same and the management of relationships with clients, Company contractors or other persons);
- HR purposes (including, without limitation, processing of applications for jobs in the Company and the related communication with applicants for a job);
- keeping of records of Company operations and performance of obligations imposed on the Company under laws and regulations in the field of prevention of money laundering or terrorist financing (AML) and under other applicable laws and regulations (such as obligations imposed by labor laws, tax regulations, laws and regulations governing advocacy practice, etc.); and
- marketing and promotions of Company services.
The Company processes personal data only to the necessary extent and where a legal basis for processing exists. Depending on circumstances, any one or more reasons specified below may provide legal basis for processing your personal data:
- where such processing is required for performance of an agreement (such as an agreement for provision of legal services) to which the data subject concerned is a party or for the taking of steps, at the data subject’s request, prior to entering into the agreement for provision of legal services;
- where such processing is required for performance of legal obligations applicable to the Company;
- where such processing is required for protection of vital interests of a data subject or another natural person;
- where such processing is required for the purposes of protection of legitimate interests of the Company or a third person (such as for the protection of Company assets, assertion of legal claims or defense against same or the conduct of proceedings, defense of legitimate interests of Company clients, etc.); and/or
- where such processing is based on your approval.
Personal Data Recipients and Personal Data Disclosure
Depending on the purpose of processing the personal data concerned, the Company may share, to the necessary extent, your personal data with its employees and cooperating attorneys, attorneys or law offices practicing in other jurisdictions, clients, accountants or tax advisors, experts, translators or interpreters, independent persons monitoring the legal services market, couriers or, as appropriate, other recipients bound under appropriate agreements, processors or other controllers of personal data (such as providers of cloud or other IT services).
The Company may also transfer your personal data to other persons if it is required or authorized to do so under applicable laws and regulations (in particular, at the request of public authorities authorized to request personal data from the Company, or as required for the conduct of judicial or other proceedings). In extraordinary cases, your personal data may be transferred to persons in other countries (if so required by the purpose of using the personal data concerned, for example if so required for the use of a law firm or an expert in the relevant country in connection with the provision of legal services). Any transfer of personal data to other country will always occur in accordance with the requirements stipulated in the GDPR and other applicable legal regulations.
Our Protection of Your Personal Data
To protect your personal data processed by our Company from loss, unauthorized use, access or publication, alteration or destruction, appropriate technical and organizational measures within the meaning of Art. 32 of the GDPR are taken (including, for example, personal data encryption and technical securing against unauthorized access). However, we cannot guarantee, or assume responsibility for, the security of any personal data during their transmission to us.
Should the security of your personal data be breached, we will proceed in compliance with applicable laws and regulations, which may include the notification of a breach of security measures to the relevant supervising authority or to the applicable data subjects (if required under applicable laws and regulations).
Duration of Personal Data Storage
We will store your personal data for as long as may be required for meeting the purpose of its processing as described in these Principles and, in each case, in compliance with the time periods for storing certain information permitted or required by applicable laws and regulations, and until the limitation or other similar periods for taking legal steps have lapsed (or until any possibly initiated litigation or other proceeding has been closed, to which the personal data concerned is of relevance).
Your Rights in relation to Your Personal Data
Rights you enjoy in relation to your personal data processed by the Company:
- Right to access to personal data (including the right to obtain from the Company a confirmation as to whether the personal data concerning you is processed by the Company, and if so, the right to obtain access to such personal data and to other information as well as to, as the case may be, the right to be provided with a copy of the personal data processed, as set forth in more detail in Art. 15 of the GDPR);
- Right to object to processing your personal data (including the objection to processing your personal data on the grounds that such processing is required for the purposes of the legitimate interests of the controller or of any third party, and objection to processing your personal data for direct marketing in cases, where such personal data are processed for the purposes of direct marketing, as set forth in more detail in Art. 21 of the GDPR);
- Right to object to automated decision-making and profiling, should it take place (as set forth in more detail in Art. 22 of the GDPR);
- Right to obtain restriction of processing your personal data (as set forth in more detail in Art. 18 of the GDPR);
- Right to portability of your personal data (as set forth in more detail in Art. 20 of the GDPR);
- Right to rectification of inaccurate personal data concerning your person (including the right to have incomplete personal data completed, as set forth in more detail in Art. 16 of the GDPR);
- Right to request the erasure of your personal data (particularly where such personal data is no longer necessary for the purposes for which it was collected or otherwise processed, or if such personal data was processed unlawfully, as set forth in more detail in Art. 17 of the GDPPR); and
- Right to withdraw consent to the processing of your personal data (if the processing is based on such consent).
The above rights (including the requirements which must be met to assert such rights) are more particularly defined in the GDPR. In certain cases, such rights may be conditional upon or restricted by, for example, rights and obligations resulting from laws and regulations governing the advocacy practice.
Should you wish to assert any of the above rights, please contact us (see our contact information below). We will consider any such request in compliance with applicable laws and regulations in the field of personal data protection and other relevant laws and regulations. No fee will be charged to you for considering and/or granting any such request unless such request is manifestly unfounded or unreasonable. In case we have doubts about your identity in connection with your request, we are entitled to request provision of additional information that may be necessary to confirm your identity.
In case of change of any of your personal data that you made available to the Company, please inform the Company about such change so that the Company may process your personal data in an accurate, updated and complete form. The Company assumes no liability in case that the personal data you provided is inaccurate, outdated or incomplete.
In case of breach of your rights, you may also file a complaint with the relevant supervising authority, specifically Úřad pro ochranu osobních dat (Office for the Protection of Personal Data), with its seat at Pplk. Sochora 27, 170 00 Praha 7, www.uoou.cz.
Update of These Principles
These Principles may be updated, altered and/or modified. A current version of these Principles may be found on the Company’s webpage www.skils.cz.
How to Contact Us
Should you have any queries concerning these Principles or the processing of your personal data, please do not hesitate to contact us at:
If by e-mail: zc.sliks@ecpecer
at the below address:
Skils s.r.o. advokátní kancelář
Křižovnické nám. 193/2
110 00 Praha 1