GDPR

Personal Data Protection

INFORMATION FOR CLIENTS

 

The company KOREJZOVA LEGAL v.o.s., entered in the companies register kept by the Municipal Court in Prague, section A, insert 50452, having its registered office at the address Korunní 810/104E, 101 00 Prague 10, Business ID No: 261 51 103, as the personal data controller (hereafter "Controller"), would like to inform you of the means and scope of personal data processing in connection with the provision of its services.

 

In connection with the performance of legal services and provision of services of patent attorney, the Controller gathers and processes, amongst other things, personal data about its clients. The Controller processes this personal data in compliance with legal regulations, primarily with Act No 85/1996, concerning legal services, as amended, and Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereafter the "Regulation" or "GDPR").

 

1)         Contact data of controller - where can you reach us?

You can contact us at the personal data controller at any time via the responsible contact person: Pavel Míčka (tel.: 246 090 111).

 

2)         Joint controllers - who are the joint controllers?

The joint controllers along with the Controller in the sense of article 26 of the GDPR are the cooperating lawyers and patent attorneys given on the internet pages of the Controller, www.korejzova.cz (hereafter the "Joint Controllers").

The Joint Controllers process personal data in the context of mutual cooperation. They have joint records of personal data and are governed by the principles for the processing of personal data given in the Controller's internal regulation. The Controller provides technical resources for securing and protecting personal data and also designates the rules about how to handle the personal data. Each of the Joint Controllers is liable independently for a breach of the Regulation and internal regulation of the Controller.

 

3)         Categories of personal data - which personal data will we process?

  • identification data  - personal data serving for the unique and unmistakable identification of the client (form of address, given name, surname, academic title, birth ID No if assigned, date of birth, address of permanent and/or temporary residence, delivery or other contact address, data about identity documents, official ID card number, passport number or other comparable document, place and state of birth, signature, citizenship, in the case of a client - natural person entrepreneur also place of trading, tax ID No and business ID No);
  • contact data - personal data allowing contact with the client (in particular telephone number, fax number, email address, ID of data box and other contact data allowing electronic communication);
  • other personal data associated with the contractual relationship - number of client's bank account and other personal data provided by the client with the aim of the due provision of the Controller's services.

 

4)         Purpose of processing – how do we utilise the personal data?

  • provision of legal services and services of patent attorney on the basis of contract or instruction by court, Chamber of Patent Attorneys or Czech Bar Association (inter alia, keeping the file of a client, communication with courts, authorities or public-administration bodies, managing disputes etc.);
  • fulfilment of legal duties (inter alia, pursuant to Act No 85/1996 Coll., on legal services, Act No 235/2004 Coll., on value added tax, Act No 563/1991 Coll., on accountancy, Act No 253/2008 Coll.,  concerning certain provisions against laundering the proceeds of crime and terrorism financing, Act No 499/2004 Coll., on archiving and records service, and other legal regulations);
  • records of employees and cooperating lawyers and patent attorneys (inter alia, performance of duties arising from the Labour Code and employment act, fulfilment of contracts with cooperating lawyers and patent attorneys);
  • existing legitimate interest of Controller (associated, for example, with operation of office of Controller or suppliers).

 

5)         Legal basis – what is the legal foundation allowing us to process the personal data?

  • fulfilment of service provision contracts;
  • entrusting by court or Czech Bar Association for provision of legal services, i.e., fulfilment of legal duties;
  • fulfilment of legal duties arising in particular from Act No 85/1996 Coll., the legal services act, Act No 235/2004 Coll., on value added tax, Act No 563/1991 Coll., on accountancy, Act No 253/2008 Coll.,  concerning certain provisions against laundering the proceeds of crime and terrorism financing, Act No 499/2004 Coll., on archiving and records service and the amendment of certain acts, and other acts applicable in concrete cases;
  • legitimate interest constitutes the legal grounds for processing in a case where we keep and archive the personal data for a period of 10 years, in particular in a case where we would have to submit this personal data or the documents where this personal data is as evidence in court or administrative proceedings or during the inspection of an inspection authority. Our legitimate interest is thus our legal protection, this being for the period of an objective statute of limitations.

 

6)         Sources of personal data - where do we get the personal data from?

We process the data that clients give us in connection with the provision of our services, data from available public registers, and data which we have gained from state authorities and bodies of public administration. It involves in particular these sources of personal data:

  • client providing personal data during the provision of the Controller's services;
  • third parties in connection with the provision of services of the Controller (witnesses, experts, interpreters and other suppliers);
  • publicly available and accessible information (such as the internet);
  • registers, lists and records (such as companies register, trades licensing register, cadastre of property, public telephone directory etc.);
  • public-administration bodies (courts, prosecuting authorities, notaries, bailiffs, public authorities);
  • court and administrative files;
  • other subjects if so designated by special regulation.

 

7)         Period of processing - how long do we process the personal data for?

We process the personal data for the period necessary for the due provision of our services. For the reason of our legitimate interest, we will keep your personal data for another 10 years after the end of service provision, both in order to  protect ourselves and in order to comply with duties designated by special laws (laws concerning lawyers, tax, accounting etc.). 

 

8)         Means of recording personal data - where and how is personal data kept?

We keep both hard-copy and digital records:

  • hard-copy records means that all hard copies are kept in the client's file, and the file itself is kept in lockable cabinets or an archive at the address of the Controller. The office of the Controller is lockable, and entry to it is also protected  by an electronic security system via passwords and chips, information about entries to the office spaces is recorded and archived. 
  • digital records are kept in the digital system of files, access to which is protected by a password which is unique for every user. We also use a shared disk, where access to this disk is also protected by a password which is unique for every user;
  • for administration of the accounting system of the office we use a digital commercial system protected by passwords, and only verified persons have access to it.

Personal data is constantly updated on the basis of information from clients, public-administration bodies, third parties and potentially from public sources (internet and public registers).

 

9)         Personal data protection - how do we ensure the protection of personal data?

 Personal data is under constant physical, electronic and procedural control. The Controller has modern inspection, technical and security mechanisms ensuring the maximum possible protection of the processed data from unauthorised access or transfer, from its loss or destruction, and from other possible abuse. All persons who come into contact with personal data during the performance of their working or contractually assumed duties are bound by a legal and contractual non-disclosure duty.

Due to the nature of their work, lawyers and patent attorneys apply a high standard of protection of their IT and other systems, i.e., all data is adequately protected. Based on the regular performance of risk analyses, we implement many measures to reduce these risks, such as:

  • inspection procedures and procedures in the area of data,
  • procedures to prevent data loss,
  • procedures for managing user identities and access rights,
  • physical securing of office, security in building in communication with electronic security system,
  • protecting data transfers,
  • securing of end stations and servers (antivirus, firewall, data encryption).

 

10)       Access to personal data – who has access to personal data, who do we pass it to?

The only people with access to the personal data are employees of the Controller, Joint Controllers or external accountancy, tax and IT suppliers, who have access to the personal data only to the extent essential and who are bound by a non-disclosure duty. All of these subjects have been trained properly.

We pass on personal data if it is essential to fulfil our contractual and legal duties, to public-administration bodies (courts, administrative bodies) and other recipients according to the needs and instructions of the client.

The data can also be provided to other subjects with the consent of the client or at its express order.

 

11)       Rights of personal data subjects - what are your rights according to the GDPR?

  • right to access to personal data - the client has the right to gain from the Controller information about who is processing his personal data, and if so, what data is involved and how it is processed;
  • right to correction of personal data - the client has the right for the Controller to correct incorrect personal data concerning the client at the request of the client and without undue delay. The client has the right to add to incomplete personal data at any time. For other subjects this right is restricted in view of the legal non-disclosure duty;
  • the client also has, amongst other things, the right to require a restriction of processing, to assert an objection against the processing of personal data, to require the transfer of data, to be informed about a breach of security of personal data, a right to erasure and the other rights designated in the GDPR.

 

More information about rights according to GDPR is available on the internet pages of the Office for Personal Data Protection

 

12)       Supervision – who performs supervision in the area of personal data protection?

If there has been no success in the proper resolution of your question, objection or complaint in the area of personal data protection, you have the right to contact the supervisory authority. This is the Office for Personal Data Protection having its registered office at the address Pplk. Sochora 27, 170 00 Praha 7.

In case of any inquiry, contact us immediately.