Personal Data Protection Policy
Personal data protection of our clients and other private individuals is important to us. These Personal Data Protection Policy terms explain in more details, how we at PISAK & PARTNERS, s.r.o. law firm with its seat at Gercenova 6B, 851 01 Bratislava, ID No.: 36 862 827 process personal data of our clients or other persons in the provision of legal services.
In the processing of personal data we follow primarily the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “GDPR”), which also governs your rights as the data subject[1], the provisions of the Act No. 18/2018 Coll. on Data Protection applicable to Us (in particular, Section 78), the Act. No. 297/2008 Coll. on Protection Against Proceeds of Crime Legalization and Terrorism Financing (Section 19), the Act No. 586/2003 Coll. on Advocacy (Section 18), as well as other legal and professional regulations. Among other, we also adhere to the Code of Conduct adopted by the Slovak Bar Association (“SAK”), which explains in more details the personal data processing by attorneys and also based on the attorneys´ mandate by persons such as professional staff and trainee lawyers. You can get acquainted with the SAK Code of Conduct at https://www.sak.sk in section Dokumenty, GDPR.
Why do we process personal data?
Personal data processing is necessary for us, especially in order to:
• Provide legal services to our clients and practice the profession of an attorney;
• Fulfil various legal, professional and contractual obligations; and
• Protect our legitimate interests, the legitimate interests of our clients and other persons.
What is the purpose and the legal basis for processing personal data?
Purpose |
Legal basis for GDPR |
Related regulations |
Provision of legal services |
Fulfilment of legal obligation under Art. 6 par. 1 c) of GDPR (in relation to specific categories of personal data, there may be additional conditions under Art. 9 par. 2 f) of GDPR) |
Law on Advocacy, Advocacy order, Civil Code, Commercial Code and other |
Ensuring compliance with the laws and regulations of the Slovak Bar Association |
Fulfilment of legal obligation under Art. 6 par. 1c) of GDPR, legitimate interest of attorneys or third parties under Art. 6 par. 1 f) of GDPR, public interest under Art. 6 par. 1e) of GDPR or defense of legal claims under Art. 9 par. 2 f) of GDPR |
Law on advocacy, Advocacy order, Act on Protection Against Legalization of Proceeds from Criminal Activity, Act on Reporting of Anti-social Activity, GDPR and other |
Executing the functions of an authorized person under the Act on Registry of Public Sector Partners |
Fulfilment of legal obligation under Art. 6 par. 1 c) of GDPR, performance of an agreement on control activity under Art. 6 par. 1 b) of GDPR |
Act on Registry of Public Sector Partners |
Purposes related to the protection of legitimate interests of attorneys or third parties |
Legitimate interests of attorneys or third parties under Art. 6 par. 1 f) GDPR |
GDPR, Civil Code, Commercial Code, Code of Criminal Procedure, Criminal Code, Civil Dispute Code, Civil Non-Dispute Code, the Administrative Procedure Code, Administrative Code, Act on offenses and other |
Marketing |
Consent of the person concerned under Art. 6 par. 1 a) of GDPR or legitimate interests of attorneys or third parties under Art. 6 par. 1 f) of GDPR |
Act on advocacy, Act on electronic communications, Advertising Act, Consumer Protection Act, Civil Code and other |
What are the legitimate interests we pursue when processing personal data?
We are sometimes interested in using your personal data for a purpose other than the one, for which you have provided them, that is if we follow our legitimate interests or legitimate interests of third parties. However, this does not mean that we can use your personal data to any activity. If we want to use your personal data, we will make a test to see whether your interests are outweighed by ours or that we would not inadvertently interfere with your fundamental rights and freedoms. In general, we use some data for marketing purposes, typically in the form of a list of e-mail addresses, to which we could send news from different legal areas or invitations to various social events, conferences or receptions or as references to our services, but also to demonstrate, apply and defend our legal claims. Although we do adequacy test it may happen that you, as data subject, have a reason to object to the processing of your personal data in any particular situation. For this purpose, you may at any time send us your objections that we will properly deal with and if there are no necessary legitimate reasons for processing that outweigh your interests, rights and freedoms, we will not continue in such processing. You can send your reasonable objections at any time to pisak@pisak.eu.
To whom we make your personal data accessible?
The personal data of our clients and other individuals we make available only to the extent necessary and always while maintaining confidentiality of the data recipient, such as for example, our employees, the persons we entrust with the performance of individual acts of legal services (in particular, the professional staff and trainee lawyers), representing or collaborating attorneys, to our accounting consultants, or other professional consultants (e.g. auditors), the Slovak Bar Association (e.g. in case of disciplinary proceedings) or to providers of software or other support of our office, including the employees of these persons.
Although we have a limited obligation – because of keeping confidentiality - to provide your personal data to public authorities[2], we have the duty to thwart the commission of a crime, and we also have a legal obligation to report information in the field of prevention money laundering and terrorist financing.
To which countries do we transfer your personal data?
The cross-border transfer of your personal data to third countries outside the European Economic Area (EU, Iceland, Norway and Lichtenstein) is not intended.
How long do we keep your personal data?
We keep the personal data for as long as it is necessary for the purposes, for which the personal data are processed. When retaining personal data, we comply with recommended periods for retention in accordance with the Slovak Bar Association regulations. Generally speaking, personal data contained in the client file we process for a period of minimum 10 years after its closure.
For attorneys, including our law firm, professional regulations apply interpreting the obligations of attorneys according to the Act on Advocacy, under which there are certain circumstances, that prolong our retention periods of personal data, or prevent us shredding some documents, for example:
• The client file containing the originals of documents handed by the client to the attorney, cannot be shredded;
• It is not possible to shred the protocols of client files and the name list of client files;
• It is not possible to shred client file or its part, which the attorney is obliged to submit to the state archive (we do not currently have such a duty);
• It is not possible to shred client´s file, if there are any proceedings before the court, the state authority, the law enforcement agencies, the Slovak Bar Association, which are related to the content of the client file or the subject of which was an act or omission of the attorney in providing legal assistance to the client.
How do we get personal data about you?
If you are our client, we obtain in most cases your personal data directly from you. In that case obtaining your personal data is voluntary. Depending on the particular case, the failure to provide personal data by the client may affect our ability to provide high-quality legal advice or in exceptional cases also our duty to refuse to provide legal advice. Personal data about our clients can also be obtained from public sources, from public authorities or from other parties.
If you are not our client, we obtain your personal data most often from our clients or from other public or statutory sources, such as for example, by requesting them from public authorities, extracts from public registers, obtaining evidence in favour of the client, etc. In such a case, we may obtain personal data without informing you and also against your will on the basis of our legal authorization and the obligation to practice advocacy in accordance with the Act on Advocacy.
We may obtain your personal data also from you directly by receiving a request or information containing such personal data provided to us by you (mainly by electronic means or telephone).
What rights do you have as data subject?
If we process personal data based on your consent with processing personal data, you have the right to revoke your consent at any time. Revocation of your consent does not affect the lawfulness of processing based on consent prior to its revocation. Nevertheless, you have the right to object to the processing of personal data at any time based on legitimate interest, including direct marketing. Furthermore, you have the right to correct incorrect personal data that concerns you; the right to delete; the right to information; the right to transferability of data and the right to limit the processing; all provided that the legal conditions are met. |
As our client, you have the right to request access to your personal data, as well as to correct it. If we process personal data when providing legal services, you have no rights as a client, or other natural person (e.g. a counterparty) to object to such processing under Article 22 of GDPR. If personal data relate to a client (regardless of whether the client is a legal or natural person), the right of access to the data, or the right to transferability does not apply to other persons due to our legal obligation to keep confidentiality and with reference to Art. 15 par. 4 of GDPR, Art. 20 par. 4 GDPR and Section 18 par. 8 of the Act on Advocacy: “An attorney is under no obligation to provide information on the processing of personal data, to allow access or transferability of personal data under special regulation, if this could lead to violation of an attorney´s duty to observe confidentiality under this Act.“ You also have the right to lodge a complaint at any time with the Personal Data Protection Authority for violating protection of your personal data by an attorney.
Processing cookies
Cookies are small data files that download to your internet browser when using our website. These files ease the movement on this site. Cookies can be disabled at any time in your browser settings. Note however, that such a step may make it impossible for you to use some of the site features. Cookies are stored on your computer for various periods of time. Through the website (cookies) we collect data about the IP address, about the browser, from which the website http://www.pisak.eu was visited, the location from which it was viewed and the duration of the viewing. We use cookies for both marketing, as well as business communication.
Changes to privacy terms
Personal data protection is not a one-time issue for us. Information we are obliged to disclose you due to our processing of personal data, may change or cease to be up to date. For this reason, we reserve the right to modify or amend these terms at any time and to any extent. If we change these terms in a substantive manner, we will put this change to your attention, for example, by a general notice on our website or other appropriate form.
If you have any questions regarding processing of your personal data when providing legal services, you can contact us by e-mail at pisak@pisak.eu, or by mail to our address.
[1] See Art. 12 to 22 of GDPR: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN
[2] Which in accordance with Art. 4 par. 9 of GDPR are not considered to be recipients.