Controller of personal data and data subject
The controller of personal data is Mgr. Radomil Kožuský, attorney at law, with its registered office at Nekvasilova 692/29, Karlín, 186 00 Praha 8, ID no.: 714 48 101, registered with the Commercial Register maintained by the Municipal Court in Prague, Section C, file 172818 (the controller). It is possible to contact the controller in writing at the aforementioned address or via e-mail at firstname.lastname@example.org.
The data subject is a natural person who provided the controller with his/her personal data on the basis of an agreement on provision of legal services or any other agreement entered into with the controller or on the basis of a consent with processing of the personal data in terms of the subscription to newsletter sent by the controller. The data subject is also another natural person, whose personal data is processed by the controller for the purpose of defense of its clients’ legal claims, fulfilment of the legal obligations of the controller and/or its clients or protection of legitimate interests of the controller and/or its clients.
Scope of processing of personal data
The controller processes the personal data in scope in which it is provided to the controller by the data subject or in scope in which the controller obtains the data from other sources. Taking into account the nature of services provided by the controller, i.e. provision of legal services to natural and legal persons, it is not possible to specify the scope of the processed personal data unambiguously. The processed personal data are e.g.: name, surname, sex, date of birth, e-mail, telephone number, place of residence, ID no., birth no., place and district of birth etc.
Purpose of personal data processing
The controller processes the personal data of the data subject for the purpose of performance of a contract concluded between the data subject and the controller (provision of legal services), defense of legal claims of controller’s clients, accounting records of the controller, registration with the database of the controller and for the purpose of direct marketing (i.e. offering of products and services of the controller) including sending of commercial communications pursuant to the Act no. 480/2004 Coll., on Information Society Services. The commercial communications are sent by the controller only if the data subject has subscribed to the newsletter or if the controller acquired the electronic contact of the data subject in connection with the sale of the controller’s services. The data subject has the possibility to unsubscribe in a simple manner and free of charge from the newsletter by sending a message to the e-mail address email@example.com.
Evaluation of necessity of the processing
The controller pays attention to the privacy of the data subjects, and therefore, processes only personal data that is necessary for the intended processing purposes.
Legal basis of personal data processing
The legal basis of the processing is the performance of the contract concluded between the controller and the data subject (provision of legal services), protection of legitimate interests of the controller and/or its clients (defense of legal claims), fulfilment of legal obligations of the controller and/or its clients, prospectively the consent of the data subject with processing of the personal data in case of subscription to the newsletter.
Duration of processing of personal data
In case of processing of personal data for the purpose of performance of a contract the controller processes the personal data for the period of the duration of the relevant contractual relationship and subsequently for a further period of 10 years, taking into account the length of the limitation period for damages. In case of processing of personal data for the purpose of fulfilment of a legal obligation of the controller the controller processes the personal data for the period stipulated by legal regulation. In case of the personal data processed on the basis of a consent of the data subject the controller processes the personal data for the period of 10 years, unless the consent with processing of the personal data is withdrawn. This does not affect the obligation of the controller to process the personal data for the period determined by the relevant legal regulation or in compliance with it.
Withdrawal of consent with processing of personal data
If the data subject granted the controller a consent with processing of his/her personal data, the data subject has the right to withdraw its voluntarily given consent with processing of personal data at any time and free of charge by sending an e-mail message to the e-mail address: firstname.lastname@example.org. The withdrawal of consent does not affect the lawfulness of the processing based on the consent given before its withdrawal. The withdrawal of the consent also does not affect the processing of personal data which is being done by the controller on another legal basis than a consent (e.g. in particular if the processing is necessary for the performance of a contract, fulfilment of a legal obligation or due to other reasons stated in the valid legal regulation).
Access to personal data
The personal data can be accessed by the controller, its employees and associates, who are bound by confidentiality obligation in accordance with the valid legal regulation.
Proof of identity of data subjects
The controller is entitled to require a proof of identity of the data subjects in order to prevent unauthorized
persons from accessing the personal data.
Rights of data subjects in relation to the personal data
In relation to the personal data, the data subject has in particular the following rights:
- right to withdraw his/her consent anytime;
- right to correct or amend his/her personal data;
- right to request restriction of processing of the personal data;
- right to object to or file a complaint against the processing in certain cases;
- right to data portability;
- right of access to the personal data;
- right to be informed about the breach of security of the personal data in certain cases;
- right to erasure (“right to be forgotten”) in certain cases; and
- further rights stipulated in the Act on Personal Data Protection, the Act on Processing of Personal Data and in the General Data Protection Regulation No. 2016/679.
What does it mean that the data subject has the right to object to processing?
According to the Article 21 of the General Data Protection Regulation No. 2016/679 the data subject has, among others, the right to object to the processing of the personal data if the controller processes the personal data on the basis of a legitimate interest, including the processing for the purposes of direct marketing. The objection shall be filed with the controller on the e-mail address: email@example.com. In case that the data subject objects to the processing for direct marketing purposes, the personal data shall no longer be processed by the controller in this scope. More information about this right can be found particularly in the Article 21 of the General Data Protection Regulation No. 2016/679.
Obligation to provide personal data
The personal data is provided by the data subject voluntarily. The data subject has no obligation to provide it. There are no sanctions pending to the data subject for not providing the personal data. However, if the data subject does not provide his/her personal data to the controller, it will not be possible to conclude and duly perform a contract between the controller and the data subject. Nevertheless, it is solely up to the data subject whether he/she wishes to enter into a contractual relationship with the controller or not.
Security of personal data
All personal data is secured by standard procedures and technologies. However, it is not objectively possible to fully guarantee the security of the personal data. Therefore, it is also not possible to absolutely ensure that no third party may gain access to personal the data, that it cannot be copied, published, changed or destroyed by a breach of security measures of the controller. Nonetheless, the controller ensures that the controller regularly inspects the system for vulnerabilities and attacks and uses such security measures that can be reasonably required from the controller, so that no unauthorized access to the personal data occurs, and which provide sufficient security with regard to the current state of technologies. The security measures adopted are subsequently regularly updated.