Terms of processing of personal data – notification of personal data processing under Art. 13 and Art. 14 et seq. of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the „Regulation“)

The controller processing your personal data is the company Prosman a Pavlovič advokátska kancelária, s.r.o., with its registered office at Hlavná 31, 917 01 Trnava, ID No. 36 865 281, registered in the Commercial Register of the District Court of Trnava, Section: Sro, File No. 24558/T (hereinafter referred to as the „Controller“).

  1. The Controller´s contact details

You can contact the Controller at the address Prosman a Pavlovič advokátska kancelária, s.r.o., with its registered office at Hlavná 31, 917 01 Trnava, by e-mail to the general e-mail address office@ppak.sk or by telephone +421 33/533 23 88.

  1. General information on processing of personal data

The Controller shall process your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the „Regulation“) and in accordance with Act No. 18/2018 Coll. onpersonal data protection (hereinafter referred to as the „Act“).

The Controller is an entity performing mainly activity concerning the provision of legal services in accordance with Act No. 586/2003 Coll. on Advocacy (hereinafter referred to as the „Advocacy Act“) as well as in accordance with the related legislation governing the Controller´s activity within the scope of provision of legal services. The purpose of processing of your personal data by the Controller is therefore mainly the provision of legal services by the Controller to its clients.

The Controller, as a lawyer, processes personal data of the Controller´s clients and other natural persons to the extent necessary for the purposes of advocacy in accordance with the Advocacy Act. When processing such Personal Data, the Controller always acts as the Controller processing Personal Data of the Data subjects (provisions of § 18 (5) of the Advocacy Act).
The Slovak Bar Association, as a professional organization of attorneys in the Slovak Republic, has drawn up a Code of Conduct for the processing of personal data by attorneys (hereinafter referred to as the “Code of Conduct“), which applies to all attorneys (the Controller including) registered in the list of attorneys maintained by the Slovak Bar Association. The aim of the Code of Conduct is in particular to support the relationship between the attorney and his client, as well as to increase and strengthen the transparency of the Controllerwhen processing personal data in the field of providing legal services by the Controller. The Controller is fully bound by this Code of Conduct.
When performing the attorney´s activities, the Controller is bound by professional secrecy according to the Advocacy Act (hereinafter referred to as the “Professional secrecy”), while the Controller is not obliged to provide information on processing of personal data, enable access or transfer of personal data if this could lead to a breach of the Professional secrecy.
The Controller obtains personal data directly from you as the data subject (hereinafter referred to as the “Data Subject“) or from another person who will provide the Controller with your personal data, or from other sources (public registers, etc.). Thus, a situation may arise that the Controller obtains personal data from another person than directly from you, therefore this document provides information to all Data Subjects in accordance with Art. 13, as well as in accordance with Art. 14 of the Regulations.
All personal data that the Controller processes about you are processed only for justified purposes, for a limited period of time and with the use of the maximum possible level of security, as a result of which the Controller also adopts the Personal Data Protection Directive. The protection of your personal data is a key priority of the Controller, and in this document and its appendix you may find information about what personal data we process about you, for what purpose, on what legal basis, to whom we may provide your personal data and especially what are your rights in relation to processing your personal data, etc.

  1. Purpose and legal basis of personal data processing

The Controller processes your personal data exclusively in accordance with the principle of legality for the purposes of personal data processing and based on the legal bases of personal data processing mentioned in the Report on the Controller´s processing activities annexed to this notification.

  1. Duration of personal data processing

The Controller processes your personal data for a period determined on the basis of various criteria:
The Controller determines the duration of personal data processing in accordance with the principle of minimizing the storage period of personal data, while the Controller is processing personal data according to the following specified periods:

  1. during the period stipulated by generally binding legal regulations, in the case when the Controller processes personal data on the basis of compliance with legal obligation,
  2. during the duration of the contractual relationship, or during the duration of the pre-contractual measures, in the case when the Controller processes personal data on the basis of performance of the contract or pre-contractual measures,
  3. during the duration of the Controller’s legitimate interest, in the case that the processing of personal data by the Controller is performed on the legal basis of the Controller’s legitimate interest,
  4. during the period of the granted consent to the processing of personal data, in the case that the Controller processes personal data on the basis of the Data Subject´s consent.

The Controller has determined duration of personal data processing during which the Controller is entitled to process personal data on the basis of the above-mentioned criteria, in accordance with the Resolution of the Slovak Bar Association Presidency on the recommended method of keeping the file agenda, while the specific duration of personal data processing is specified in the internal regulations of the Controller. You, as the Data Subject, may at any time contact the Controller with a request to specify a specific duration of processing your personal data.
After the expiry of the relevant duration of personal data processing, the Controller may process personal data only for special purposes, such as archiving or statistics.

  1. Categories of personal data

The Controller processes only those personal data that are necessary for the processing of personal data in accordance with the principle of minimization so that the Controller can fulfil its contractual and legal obligations, or process them on the basis of its legitimate interest, or with the consent of the Data Subject. The Controller processes common as well as special categories of personal data, always exclusively for legal reasons, especially identification data of natural persons – name, surname, address, position, signature, e-mail address, telephone number, image of a natural person, other necessary personal data etc.

  1. Rights of Data Subjects

The protection of your personal data as Data Subjects is extremely important for us, even in relation to your rights as a Data Subject whose personal data we process. Your rights in the position of as a Data Subject are regulated by the Regulation, the Act, as well as other legal regulations on the protection of personal data. Based on your request, you as theData Subject have the right to request from us:

Right of access

You have the right to a copy of the personal data we process about you, as well as information how we use your personal data. In most cases, your personal data will be provided to you via electronic means, unless requested by you otherwise.
Right to rectification
We take appropriate measures to ensure the accuracy, completeness and timeliness of information we have about you. In the case thatpersonal data we have are inaccurate, incomplete or out of date, we will modify, update or amend the personal data on the basis of your initiative.
Right to erasure
In certain circumstances, you have the right to ask us to erasure your personal data, for example if personal data we have obtained about you are no longer needed in order to fulfill the original purpose of the processing or if you withdraw your consent to the processing of personal data. However, your right must be assessed in the light of all the relevant circumstances. For example, we may have certain obligations under applicable law, which means that we will not be able to comply with your request.
Right to restriction of processing
You also have the right to ask us not to further process your personal data. In the case you think that your personal data that we process are incorrect, the processing is illegal and you request a restriction of processing, we do not need your personal data, but you need them as a Data Subject in the exercise of legal claims or if you think that the Controller has no legitimate reason to further process your personal data.
Right to data portability
In certain circumstances, you have the right to have the personal data transmittedto another entity of your choice. However, the right to portability only applies to personal data that we process on the basis of a contract to which you are a party, on the basis of consent you have given us or if we process personal data by automated means.

 

Right to object

You have the right to object to processing of personal data, for example if we process your personal data on the basis of a legitimate interest or within processing in which profiling takes place. If you object to such processing of personal data, we will not further process your personal data unless we demonstrate compelling legitimate grounds for such processing.
Rights related to profiling or automated decision making
In the case that we process personal data by profiling or automated decision-making, you have the right to refuse automated individual decision-making, including profiling, which will result in a legal or similar significant consequence for you. However, we do not use automated individual decision-making or profiling when processing personal data.
The right to lodge a complaint or initiative
You can lodge a complaint with the supervisory authority, which is the Office for Personal Data Protectionwith its registered office at Hraničná 12, 820 07 Bratislava 27; website: dataprotection.gov.sk, telephonenumber: 02 3231 3214; E-mail: statny.dozor@pdp.gov.sk.

  1. Exercising your rights

You may exercise your rights specified in the previous point 6 of this information obligation of the Controller before the contacts of the Controller mentioned in point 1 of this document.

The exercise of your rights may not be in conflict with the Professional secrecy binding on the Controller, nor with the Controller’s obligation to process personal data to the extent necessary to provide legal services in advocacy to the Controller’s clients, nor with other obligations of the Controller arising from applicable legislation etc.

We will provide you with an answer within one month from the day you exercised your rights. In certain cases, we are entitled to extend the deadline for providing an answer in the event of a high number and complexity of requests from the Data Subjects, but by a maximum of two months. We will always inform you about the extension of the deadline.

  1. Transfer to the third countries or international organisations

By default, the Controller does not transfer your personal data to the third countries as well as to international organizations, nor does intend to transfer personal data to the third countries or international organizations. In the event that the Controller intends to transfer personal data to the third countries or international organizations, it shall ensure that the Data Subjects are informed prior to such transfer.

  1. Cookies

On the website www.prosman-pavlovic.sk (hereinafter also referred to as the “Website”) the Controller uses “cookies” in order to use the website´s possibilities in the best way and to adapt to your requirements. Through “cookies”, the Controller does not record your personal data in databases and you are not identifiable to the Controller as the user of the website.

The cookies we collect are essential and analytical.

Essential “cookies” are used to maintain basic functionality and improve the user experience, e.g. we keep the completed data in the order form, in the contact form or in the career form, until the moment of sending each of the forms. This data is stored in your browser; it means that we do not have access to this data.

Analytical “cookies” are used to record your movement on the Website, as well as clicks and searched products. We also collect analytical “cookies” in order to improve services and your user experience.

The collection of essential and analytical “cookies” has been taking place since your first visit of the Website.

What do we know through cookies?

  • anonymous collection of information on how visitors and users use sub-sites, such as which sub-sites are visited most often, how much time does the visitor spend browsing the website etc.
  • anonymous collection of technical information about the device from which the sub-site is visited, such as information about the type and version of the browser, the type and version of the operating system, the type and version of the device from which the page is visited, etc.

If you are not interested in collecting your “cookies”, their collection can be turned off in the browser from which you visit our Website or by visiting our Website from a browser in incognito mode. However, using this you lose for example the possibility of storing pre-filled data in forms or you lose some other functions of the Website. We do not identify you as a Data Subject through “cookies”.

  1. Recipients

Your personal data may be provided to recipients – mainly to processors and third parties. The processors include companies we cooperate with – e.g. companies providing information services, information systems management services in the Controller’s environment, companies providing services in the field of security as well as companies providing services of accounting and tax advisors etc. In the case of the use of processors authorized to process personal data on behalf of the Controller, the Controller uses only processors who have taken appropriate technical and security measures through which the requirements of the Personal Data Protection Regulations are met for the secure processing of your personal data. We may also provide your personal data to our employees involved in the provision of the Controller’s services. Third parties to whom your personal data may be provided include, in particular, representative and cooperating attorneyscooperating with the Controller. We can also provide your personal data to legally authorized entities, which may include e.g. courts, law enforcement authorities, the tax office, etc.

The protection of personal data is not a one-off matter for us. The information we are obliged to provide to you with regard to our processing of your personal data may change or cease to be up to date. For this reason, we reserve the right to modify and change these conditions to any extent at any time. In the event that we change these conditions in a substantial manner, we will of course bring this change to your attention, e.g. by a general announcement on the Website or by a special announcement via email orby another form.