Information about processing of personal data
In this document, Giese & Partner, s.r.o. declares the basic rules for procedures relating to personal data processing and clarifies the principles of collecting, processing and usage of personal data, as well as the rights that the data subjects have in relation to the processed personal data. Giese & Partner, s.r.o. protects personal data as strictly confidential and collects and processes each piece in accordance with the personal data protection rules.
Personal data controller
Giese & Partner, s.r.o.
Bělehradská 132, 120 00 Praha 2
ID No.: 26156920
+420 221 411 511
acting through its organizational unit in the territory of the Slovak Republic
Giese & Partner, s.r.o. – organizačná zložka
Lazaretská 8, 811 08 Bratislava
ID No.: 36863238
+421 (2)20 510 110
Legal grounds for processing
We process personal data under one or more of the following legal titles:
- Legal services agreement or other agreement in which we are a party of; and/or
- Consent of data subjects; and/or
- Legitimate interest of the controller or third parties (especially of a client) to use personal data in connection with provided services and/or a legitimate interest of the controller particularly to protect, enforce, prove and defend the rights, interests and claims of the controller and to maintain and deepen business relationships; and/or
- Responsibility of the controller to perform its legal obligations.
Purpose of processing
We process personal data in accordance with bar regulations for following purposes:
- Provision of legal services (legal consultancy) and/or performance of obligations according to the agreement; provision of personal data is an obligation of the client or of another data subject under the agreement referred to above; failure to provide it would represent a breach of contractual obligation by the client and would make it impossible for us to fulfil the agreement made with the client effectively; and/or
- Performance of legal obligations arising from bar regulations(especially from the regulations governing the practise of advocacy, public health insurance, welfare system or anti-money laundering measures and measures to prevent financing of terrorism etc.); in cases where the obligation to provide personal data arises from the law directly, failure to provide it would represent a breach of legal obligation, in other cases, failure to provide personal data could make it impossible for us to conclude a contractual or business relationship, or to provide required service; and/or
- Sending marketing communications (by mail or e-mail), maintaining and deepening of commercial relationships with clients; it is neither a legal nor a contractual obligation to provide personal data for this purpose but failure to provide it would prevent us from sending information and other marketing materials (e.g. Newsletter); and/or
- Protection of legitimate interests of the controller or third parties; in cases where the obligation to provide personal data arises from the agreement directly, failure to provide it would represent a breach of contractual obligation, in other cases, failure to provide personal data could make it impossible for us to conclude a contractual or a business relationship, or to provide required service, or to continue an already established relationship; and/or
- Selection procedures and recruitment activities; it is neither legal nor contractual obligation to provide personal data in this case but, failure to provide them would prevent us from establishing contact regarding a specific selection procedure.
Categories of relevant personal data
We process the following categories of personal data:
- Basic data (e.g. name surname, title, date of birth, address of residence, birth ID number, ID of company, tax number, position, relationship to us or to our clients),
- Contact and identification details (e.g. mail address, e-mail address, phone number, health insurance, signature),
- Financial data (e.g. details related to bank transfers and bank accounts),
- Details about education and qualification (e.g. certificate about achieved qualifications, competence),
- Data that you provide us to use our legal services,
- Data that you provide us to establish a labour-law relationship,
- Personal data provided by our clients or by their representatives under the performance of the agreement on legal consultancy,
- Data required by the regulations on anti-money laundering measures and measures to prevent financing of terrorism, by the regulations on public health insurance, welfare system etc.,
- Any other data provided to us by data subjects at their discretion (e.g. on ongoing, completed or impending court, enforcement or administrative proceedings).
Personal data sources
We collect personal data:
- From data subjects directly,
- From our clients or their counterparties and from their representatives,
- From third parties such as courts and other state authorities, employers, business partners,
- From publicly available databases and sources.
Potential personal data recipients
We can share personal data with Giese & Partner, s.r.o. branches and also with:
- Information system maintenance providers and office management software providers, IT support
- Other recipients according to the client’s needs and directions (e.g. notary)
- Tax advisors and auditors of the controller
- Translation agencies
- Our associated lawyers and employees
- Public authorities (e.g. courts, administrative authorities) and regulatory authorities, if there is a legal obligation or justification
- Selected contracting service providers (phone/mobile operator)
Personal data processing period
Personal data will be stored for the duration of the legal basis for personal data processing; after its termination or in the case we no longer need the personal data, it will be handled in accordance with applicable legal regulations, in particular Act No. 85/1996 Sb. (Legal Profession Act), Act No. 499/2004 Sb. (Act on Archiving and File Service and Amendment of Certain Other Laws), Act No. 586/2003 Z.z. (Legal Profession Act) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation). The applicable time periods may, where justified (e.g. initiation of court proceedings, protection of legitimate interests of the controller) be adequately prolonged according to the specific circumstances of the case.
Transfer of personal data and automatic decision-making
During the personal data processing by the data controller, the personal data is not transferred to third countries outside the European Union nor to international organisations and there is no automatic decision-making including profiling.
Data subject’s rights
As a data subject, you have the following rights regarding personal data processing:
- The right to access to personal data: You may obtain information from us as to whether we process your personal data and, if so, what kind of data and in what way it is processed.
- The right to rectification and completion: In addition, you have the right that we correct any inaccurate personal data relating to you without undue delay on your request. You also may ask us to add any personal information on you request if the data stored is incomplete.
- The right to erasure of personal data: You may ask us to delete or remove any of your personal data being processed, provided that certain conditions have been met, e.g. we no longer need the data, or you withdraw your consent and there is no other legal reason for personal data processing, or you raise objections against processing and there are no other legitimate reasons for processing, or personal data has been processed unlawfully etc.
- The right to restriction and the right to object: You have the right to have the processing of your personal data restricted by us in certain situations, e.g. if you question the correctness of your personal data or we no longer need it etc. You may object at any time the processing of the data which is processed on the basis of a legitimate interest of the data controller or a third party or which is necessary to be carried out in the public interest or while exercising the powers of public authority. You also have the right to raise objections against processing your personal data for direct marketing purposes.
- The right to data portability: You may ask to obtain the personal data, which you provided to us in a commonly used and machine-readable format. You may then transmit such data to another controller or require the controllers to transmit the data between each other, where technically possible.
- The right to withdraw the consent: If we process your personal data based on your consent, you have the right to withdraw your consent to the personal data processing at any time.
- The right to file a complaint: If you are concerned about or dissatisfied with the personal data processing by us in any manner whatsoever, you may lodge a written complaint to us directly (sent by mail or e-mail to the above mentioned address), or you may contact the Czech Personal Data Protection Office (or the Slovak Personal Data Protection Office).
Some of the rights may be limited in cases where the data controller has a prevailing interest or a legal obligation to continue the personal data processing, or due to the obligation of advocate confidentiality.
If you are unsure about how to exercise your above mentioned rights, we will gladly provide you with a sample form for easy filling at your request. Additional information on your rights is available on the web pages of the Czech Personal Data Protection Office.