Alexander Mackanič, advokátní kancelář (hereinafter referred to as the “Law Firm”) values your privacy and processes all your personal data in accordance with GDPR and data protection laws. The privacy policy below provides detailed information on the processing of your personal data. If the Law Firm provides services to you, has a legal relationship with you, or you are in contact with them, you must qualify as a controller of your personal data described in this Privacy Policy.
This Privacy Policy does not apply to the processing of personal data of (candidates) employees, (candidates) trainees, (candidates) lawyers, and trainee lawyers (i.e., employees of a law firm). Such processing is subject to a separate privacy policy that is presented to staff directly when their data is collected.
The content of the privacy policy:
- CATEGORIES OF PERSONAL DATA, PURPOSES OF PROCESSING AND LEGAL BASES
- Clients who are natural persons themselves
- Representatives (natural persons) of clients
- Service providers who are themselves natural persons
- Representatives (natural persons) of service providers
- Persons who submit inquiries (in paper form, by email, by phone, in person, or otherwise)
- Other persons whose data is obtained in the course of providing legal services to customers
- Direct marketing
- SOURCES OF YOUR PERSONAL DATA
- SHARING YOUR PERSONAL INFORMATION
- PROCESSING LOCATION
- HOW LONG WE KEEP YOUR DATA
- AUTOMATED DECISION-MAKING, PROFILING
- YOUR RIGHTS AS DATA SUBJECTS
- WHO YOU CAN CONTACT REGARDING THE PROCESSING OF YOUR PERSONAL DATA
- CATEGORIES OF PERSONAL DATA, PURPOSES OF PROCESSING AND LEGAL BASES
1.1. Clients who are natural persons themselves
This section applies to cases where the data subject (natural person) is himself a client of the Law Firm. For example, Mr. Unknown turns to the Law Firm and asks for representation in a lawsuit. Mr. Neznámý himself signs a contract for the provision of legal services with the Law Firm and becomes its client. In these and similar cases (i.e., in cases where the data subject is a client themself), the following applies:
Categories of personal data | Purpose of processing | Legal bases for processing |
Identification data (e.g., name, surname, personal number, position, etc.) | This personal data is used to conclude and perform a contract for the provision of legal services with the client. | Conclusion of a contract with the data subject and performance of a contract (Art. 6 (1) (b) GDPR). |
Contact details (e.g., address, email address, telephone number, etc.) | ||
Information about the contract for the provision of legal services and its performance (e.g., terms and conditions, invoices, reports, etc.). | ||
Financial data (bank account, transactions according to invoices, etc.) | ||
Any other data in connection with a specific task (e.g., data contained in correspondence and/or documents related to a particular task). | ||
Information is provided in the “Know Your Customer” questionnaire (if applicable). | In certain circumstances (e.g., depending on the type and value of the task, the area of transactions, etc.), the law firm might be required to require the client to complete a “Know Your Customer” questionnaire in order to comply with legal obligations relating to the prevention of money laundering and terrorist financing. | Compliance with a legal obligation (Art. 6 (1) (c) GDPR). |
References and feedback from clients (e.g., description of the legal matters being addressed, client feedback on the services provided, etc.) | If the client agrees, the Law Firm promotes its activities by referring to specific clients, specific engagements, and/or client feedback. | Client’s consent Art. 6 para. 1 lit. a) |
1.2. Representatives (natural persons) of clients
This section applies to cases where the data subject (natural person) is not a client of the Law Firm themself but represents another entity, which in turn is a client of the Law Firm. For example, Mr. Unknown is the executive director of a company that wishes to obtain legal services from the Law Firm. The Company enters into a contract with the Law Firm for the provision of legal services and thus becomes its client. Mr. Unknown attaches his signature to the contract, conducts correspondence with the law firm on individual tasks, handles invoices, and represents the client in other matters related to the implementation of the contract. In these and similar cases (i.e., when the data subject is represented by another entity, which in turn is a client of the law firm), the following applies:
Categories of personal data | Purpose of processing | Legal basis for processing |
Identification data (e.g., name, surname, personal number, position, etc.) | This personal data is used to draw up a contract for the provision of legal services with a client represented by the data subject. | Legitimate interest in concluding and performing a contract with the represented entity (Article 6(1)(f) of the GDPR). |
Contact details (e.g., address, email address, telephone number, etc.) | ||
Any other data in connection with a specific task (e.g., data contained in correspondence and/or documents related to a particular task). | ||
Information is provided in the “Know Your Client” questionnaire (if applicable). | In certain circumstances (e.g., depending on the type and value of the task, the geography of the transactions, etc.), the law firm might be required to require the client to complete a “Know Your Customer” questionnaire to comply with legal obligations regarding the prevention of money laundering and terrorist financing. The representative could be asked to disclose participation in other companies or similar personal data. | Compliance with a legal obligation (Art. 6 (1) (c) GDPR). |
References and feedback from clients (e.g., description of the legal matters being addressed, client feedback on the services provided, etc.) | If the client agrees, the Law Firm uses references to specific clients and/or specific contracts and/or client feedback to promote its activities (e.g., to be listed as the best law firm in legal directories (e.g., Legal 500), to publish a portfolio of projects, etc.). A company representative may be asked to provide feedback on behalf of the client. | Consent of data subjects Art. 6 para. 1 lit. a) |
1.3. Service providers who are themselves natural persons
This section applies to cases where the data subject (natural person) is themself a law firm service provider. For example, Mrs. Unknown, who works as a natural person, provides translation services to the law firm on the basis of a service contract concluded between her and the law firm. In these and similar cases (i.e., if the data subject is a service provider themself), the following applies:
Categories of personal data | Purpose of processing | Legal bases for processing |
Identification data (e.g., name, surname, personal number, trade license number, trade license number, etc.), etc.) | This personal data is used to conclude and perform a contract for the provision of services between the service provider and the law firm. | Conclusion of a contract with the data subject and performance of a contract (Art. 6 (1) (b) GDPR). |
Contact details (e.g., address, email address, telephone number, etc.) | ||
Information about the service contract and its performance (e.g., terms, invoices, messages, etc.). | ||
Financial data (bank account, transactions according to invoices, etc.) | ||
Any other data in connection with a specific assignment of the Service (e.g., data contained in correspondence and/or documents related to a particular assignment of the Service). |
1.4. Representatives (natural persons) of service providers
This section applies to cases where the data subject (natural person) is not the law firm’s service provider themself. Still, it represents another entity, which in turn is the law firm’s service provider. For example, Mrs. Unknown is the managing director of a company that provides IT services to a law firm. The unknown lady attaches her signature to the contract, conducts correspondence with the law firm on individual service tasks, handles invoices, and represents the service provider in other matters related to the implementation of the service contract. In these and similar cases (i.e., when the data subject is represented by another entity, which in turn is a service provider to the law firm), the following applies:
Categories of personal data | Purpose of processing | Legal basis for processing |
Identification data (e.g., first name, last name, job title, etc.) | This personal data is used to conclude and perform a contract for the provision of services with a service provider represented by the data subject. | Legitimate interest in concluding and performing a contract with the represented entity (Article 6(1)(f) of the GDPR). |
Contact details (e.g., address, email address, telephone number, etc.) | ||
Any other personal data of the representative disclosed in connection with a specific service assignment (e.g., data contained in correspondence and/or documents related to a particular assignment of service). |
1.5. Persons submitting inquiries (in paper form, by email, by telephone, in person, or otherwise)
This section includes cases where the Office receives any inquiry, in any way, from a data subject who represents itself or on behalf of another entity.
Example 1: Mr. John Doe calls the office’s reception desk and asks to speak with a lawyer because he has seen an article on the Office’s website and would like to ask about his situation, similar to the one described in the article. After a brief conversation with a lawyer and after clarifying the problem, Mr. John Doe decides not to take any legal action.
Example 2: A law firm receives an email from the auditor of one of the clients (along with credential documents) requesting information on legal cases or legal claims against the client that are relevant to the completion of the audit.
Example 3: A law firm receives a court notice of an ordered court hearing by registered letter, together with the identification and contact details of the court registrar who prepared the notice.
In these and similar cases (i.e., if the law firm receives any inquiry, in any way, from a data subject who represents itself or on behalf of another entity), the following applies:
Categories of personal data | Purpose of processing | Legal basis for processing |
Identification data (e.g., first name, last name, job title, etc.) | These personal data are necessary for the Law Firm to receive, handle, and answer queries. | Legitimate interest to receive, respond to, and respond to inquiries (Art. 6 (1) (f) GDPR). |
Contact details (e.g., email address, telephone number, etc.) | ||
Content of the query, all personal data provided in the context of a specific communication following the query Information about the service contract and its performance (e.g., data contained in correspondence and/or documents related to the particular query). |
1.6. Other persons whose data are obtained in the course of providing legal services to clients
This section includes cases where the data subject is not in direct contact with the Law Firm. Still, the Law Firm processes their personal data as a natural consequence of providing legal services to clients.
Example 1: A Law Firm client enters into a business contract with company “X” (company “X” is not a client of the Law Firm). Mr. John Doe is the managing director of “X.” His personal data may thus appear in a business contract with a law firm client.
Example 2: A law firm represents a client in a lawsuit against Ms. Jane Doe (Ms. Jane Doe is not a client of the law firm). The law firm that represents the client in the dispute will handle procedural documents that may contain personal information of Ms. Jane Doe as a party to the dispute.
In these and similar cases (i.e., in cases where the data subject is not in direct contact with the Law Firm, but the Law Firm processes their personal data as a natural consequence of the provision of legal services to clients), the following applies:
Categories of personal data | Purpose of processing | Legal basis for processing |
All personal data made available in connection with the provision of legal services to the client as specified by the client. (E.g., data contained in correspondence, documents, and any other information that is processed in connection with the provision of legal services according to a specific assignment). | These personal data are necessary for the law firm to be able to provide the client with legal services as specified by the client. | Legitimate interest in the provision of legal services (Art. 6 (1) (f) GDPR) |
1.7. Direct marketing
This section covers the processing of personal data for direct marketing purposes.
Example 1: A law firm sends newsletters to clients by email.
Example 2: A law firm calls a client and asks if they would like to attend a “Business Breakfast” event hosted by a law firm.
With regard to the processing of personal data for direct marketing purposes, the following provisions apply:
Categories of personal data | Purpose of processing | Legal basis for processing |
Identification data (e.g., name, surname, position, etc.) | This personal data is used for direct marketing purposes if the client has given consent to this. | Consent of the data subject (Art. 6 (1) (a) GDPR). |
Contact details (email address, phone number, etc.) |
- SOURCES OF YOUR PERSONAL DATA
Most personal data are provided by data subjects directly to the law firm.
However, there are cases where the Law Firm obtains personal data indirectly (not from the data subject himself), e.g.:
- Subsection 1.6 describes cases in which the Law Firm comes to the processing of personal data in the course of providing legal services (for example, personal data contained in documents or correspondence related to a specific assignment).
- SHARING YOUR PERSONAL INFORMATION
3.1. Service providers
The Law Firm may share your personal data with third-party service providers who provide services necessary for the Law Firm to operate. Third-party providers may provide the Law Firm with the following services:
- hosting data
- IT services
- Accounting Services
- Communication services
- Translation services
- Marketing services
In order to protect personal data, the law firm has entered into data processing agreements with the above-mentioned third-party service providers.
3.2. State authorities
Depending on the scope of legal services or applicable legal requirements, the law firm may be required to transfer your personal data to local or state authorities, courts, or other institutions.
- PROCESSING LOCATION
We store and process personal data mainly within the European Union. In other cases, personal data may be processed by data processors (third-party service providers) operating outside the EU or using sub-processors operating outside the EU.
Where we transfer your personal data outside the EU, we rely on one of the following mechanisms:
- the European Commission’s adequacy decision;
- the European Commission’s Standard Contractual Clauses;
- other safeguards (e.g., specific clauses or specific technical and organizational security measures set out in data processing agreements).
- HOW LONG WE KEEP YOUR DATA
The Law Firm stores personal data in accordance with the applicable legislation and accordance with the rules of the Bar Association. The Law Firm will retain your personal data for no longer than is necessary for the purposes for which it was collected and processed.
The period for which personal data is stored depends on a number of criteria, including:
- the type of personal data;
- whether any dispute is ongoing (for the purpose of enabling the Law Firm (or a client of the Law Firm) to establish, exercise, or defend itself against legal claims);
- applicable legal obligations under laws and regulations to retain personal data for a certain period.
- AUTOMATED DECISION-MAKING, PROFILING
When processing your personal data, the Law Firm does not carry out automated decision-making or profiling.
- YOUR RIGHTS AS DATA SUBJECTS
As a data subject, you can exercise the following rights at any time:
7.1. Right of access:
You have the right to request access to any of your personal data that the Law Firm may process. For example, you may request information about whether the Law Firm processes your personal data, what exactly your personal data is processed by the Law Firm, for what purposes, on what legal basis, etc.
7.2. Right to rectification:
You have the right to ask the Law Firm to correct your personal data if it is inaccurate or incomplete.
7.3. Right to object:
You have the right to object to certain processing of personal data, including, for example, the processing of your personal data on the basis of a legitimate interest.
7.4. Right to erasure:
You can ask the law firm to erase your personal data if you believe that the processing is unlawful.
7.5. Right to data portability:
You can ask us to provide you with your personal data in a structured, commonly used, and machine-readable format. If this is technically feasible, you can also request the transfer of personal data to another controller.
7.6. Right to withdraw consent:
In cases where the processing is based on consent, you have the right to withdraw your consent.
You also have the right to complain to the Data Protection Authority if you believe that your personal data is being processed unlawfully or that the Law Firm has violated your rights.
- WHO TO CONTACT IN CONNECTION WITH THE PROCESSING OF YOUR PERSONAL DATA
You may contact the Law Firm with any questions or requests regarding the processing of your personal data. Please use the contact details below:
Alexander Mackanič, attorney at law
with seat Pechlátova 334/1a, 150 00 Prague 5, Czechia
The contact person for the purpose of fulfilling the obligations imposed on the basis of Act No. 253/2008 Coll., on Certain Measures against the Legitimization of the Proceeds of Crime and the Financing of Terrorism, as amended, is Alexander Mackanič, who can be contacted via email alexander@mackanic.eu.