We appreciate your trust you give us by providing us with your personal data. That is why we care how your privacy is handled and how your personal data is protected. We have accepted the following principles, which we undertake to observe regarding your data.
All personal data including these principles are processed in accordance with applicable data protection legislation, in particular with Regulation (EU 2016/679 of the European Parliament and of the Council, on the protection of the individuals with regard to the processing of personal data and the free movement of such data („GDPR“).
We process your personal data correctly and transparently and for specific, explicit and legitimate purposes only. We process your personal data to the extent necessary for the purpose of processing, we try to process it accurately to the fullest extent possible, but always no longer than it is necessary. We protect your data from unauthorized or unlawful processing or misuse and from accidental loss, destruction or damage.
Our goal is to always know what data we collect about you, what we do with them and how they are secured, how long we keep them and who we hand them over. We also want you to be informed who you can contact if you have any doubts about our processing. Please contact us by contact detail stated below if you have any questions. If you are not sure regarding any term, you can look into our glossary below.
1. Who are we and how can you contact us?
The company DRV Legal, s.r.o. Law Office, seated at Hlinky 505/118, ZIP 603 00, Brno, Czech Republic, Company ID: 29315883, Company Register: C 77238 maintained by Regional Court in Brno, as data controller, processes your personal data in compliance with the requirements described in the applicable legal regulations on personal data protection, in particular the GDPR. Our company, as data controller, determines the purposes and means of processing personal data and is responsible for processing personal data.
We process personal data manually and also automatically, in accordance with the purpose for which we obtained them for; the processing of personal data does not result in any automated decision-making or profiling of the data subject.
In case of any questions or in order to exercise of your rights (see data subject rights below), please, contact us via e-mail at firstname.lastname@example.org or in writing to the address Hlinky 505/118, ZIP 603 00 Brno, Czech Republic.
2. What personal data do we process?
We care about the security of your personal data, we process only the necessary data that are needed for specific processing purposes. Based on the relevant legal reason and purpose of processing, we process the following personal data: a) identification data (name and surname, date of birth, birth number, company ID, VAT number), b) contact data (e-mail address, telephone number and other contact information), c) other information you provided to us.
3. Why do we process your personal data and what is the legal basis for processing?
The personal data controller may only process personal data if there is a legal reason for the processing. Our activity consists in providing legal services, so the basic reason why we process your personal data is the provision of legal services. However, we also have to comply with some legal obligations and we may use your personal information to protect our rights and assert our claims.
3.1. Provision of legal services
If you contact us requiring legal services, we will process submitted personal data for the purposes of provision of legal services. The legal basis for processing personal data in such a case is the performance of a contract (or pre-contractual measure).
3.2. Fulfilment of legal obligations
Your personal data will also be processed by us in order to fulfil legal obligations arising in particular from Czech act no. 85/1996 Coll., on Advocacy, Czech act no. 499/2004 Coll., on Archiving and Records Service and Czech act no. 253/2008 Coll., on Selected Measures against Legitimisation of Proceeds of Crime and Financing of Terrorism. The legal basis for processing personal data is the fulfilment of legal obligations.
3.3. Protection of our rights and exercising claims
We may also use your personal data for the purposes of protecting our rights and pursuing our legal claims. Legal basis for personal data processing in this case is our legitimate interest.
4. Website and cookies
In order to monitor traffic on our website www.drvlegal.cz, we may process your personal data, such as cookies, IP address and other data related to browsing our website due to our legitimate interest.
If you wish to restrict the processing of your cookies, when visiting our website simply use one of the browsers that support the anonymous browsing function, as such function prevents the storing of data about the websites you visit, or you can set your browser to disable saving any cookies. However, such option may limit some features of our website.
5. Who do we share your personal data with?
Your personal data that you provide us will be available only to authorized employees, cooperating advocates or individual processors who provide guarantees to implement appropriate technical and organizational measures so that the processing of personal data complies with the requirements of the relevant data protection legislation under the Czech Republic and EU law (in particular GDPR). Processors process personal data only within our instructions and such processors are primarily IT system administrators, software providers, advisors and other processors with whom a processing agreement has been concluded regulating the rights and obligations of processing personal data.
If you would like to know who can process your personal data in our company, we will provide you with such a list on request. It is important for us that data is processed in accordance with the principles set out here, so your data are made available to third persons only to the extent necessary for the fulfilment of the individual processing purposes.
In certain cases, we may also provide your personal information to public authorities, if we are obliged to do so under applicable law.
6. Do we transfer your personal data to a third country or international organisation?
Your personal data are processed within the territory of member states of the European Union and may in future be processed in a third country only in accordance with applicable legal regulation (e.g., if in accordance with a decision of the European Commission the country ensures adequate level of protection, if other appropriate data protection safeguards exist).
7. For how long we store your personal data?
Your personal data will be stored as long as necessary for the specific purpose of personal data processing. The data retention period may vary in each individual case however it is always the case that we keep your personal data for at least the duration of the legal service contract. Subsequently, personal data will be stored for the period prescribed by the respective legal regulation.
8. What rights do you have as a data subject?
8.1. Rights of the data subject
The legislation grants any data subject with respect to the processing of personal data with certain rights that the data subject may exercise at any time. It is the right of access to personal data, the correction and completion of personal data, the deletion of personal data, the limitation of the processing of personal data, the right to data portability, the right to object and the right to contact the supervisory authority (the Office for Personal Data Protection).
- Right of access to personal data: You have the right to receive information about whether we process your personal data and, if so, you also have the right to access your personal data. However, if unjustified, inappropriate or repeated requests for such information were made, we may request a reasonable fee for providing this information and personal data or refuse the request. This applies similarly for the application of another data subject's right. Please note that requests for access to personal data relating to client records filed by person or entities other than client will be dismissed due to the duty of confidentiality of our office.
- Right to correct personal data: If you believe that we are processing inaccurate personal information about you, you have the right to request their correction and completion. We shall then, in our technical abilities, make requested change without undue delay.
- Right to erasure: If you request to erase some of your personal information, we will be obliged to confirm that they are no longer needed for the purposes for which they were processed or if you object to the processing of your data and there are no overriding legitimate reasons for such processing. The data will be also erased if legislation imposes such obligation upon us or if the processing has proved unlawful.
- The right to limit the processing of personal data: If you request a restriction on the processing of your personal data, for example in the form of restriction of access to your personal data, temporary removal or retention of data, we will perform such acts as will be necessary for the proper exercise of your rights.
- Right to data portability: If you would like to transmit your personal data to a third party, you can use your data portability right and we can transfer your data if requested. Please note, however, that we will not be able to comply with your request if the exercise of this right adversely affects the rights and freedoms of others.
- Right to object: The right to object may be used against processing of personal data based on the necessity for the performance of a task carried out in the public interest or in the exercise of public authority, or processing necessary for the purpose of protecting our legitimate interests. If we fail to prove that there is a serious legitimate reason for such processing, we will terminate the processing without undue delay.
8.2. Contact for data controller
As we outlined above, in order to exercise your rights, please contact us at email@example.com or in writing to our (correspondence) address: Hlinky 505/118, ZIP 603 00 Brno, Czech Republic. We reserve the right to verify the identity of the applicant for the rights in question in an appropriate manner.
8.3. Contact for supervisory authority
The Office for Personal Data Protection
Pplk. Sochora 27
ZIP 170 00, Prague 7
data postbox: qkbaa2n
In compliance with GDPR, the terms in this document have a following meaning:
- supervisory authority means an independent public authority which is established by a Member State to supervise the data processing; in Czech Republic the supervisory authority is The Office for Personal Data Protection;
- personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
- controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; by the controller in this document is also meant our office DRV Legal, s.r.o. Law Office, seated at Hlinky 505/118, ZIP 603 00, Brno, Czech Republic, Company ID: 29315883, Company Register: C 77238 conducted by Regional Court in Brno;
- data subject means any identified or identifiable natural person (not legal person – company or organization);
- third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
- processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.