Privacy Policy

This privacy policy explains how we process personal data at Dagital Legal, s.r.o., registered seat at: Nové Záhrady I/9, 821 05 Bratislava, Slovak Republic, Company ID (IČO): 50 881 761 (hereinafter referred to as "we“ or „us“) as the controller. If you have any questions or queries you may contact us by phone on 0911 195 133, by sending an email to info@dagital.eu or by post at the registered seat.

We have appointed data protection officer internally, who is your contact point for answering any questions relating to the protection of personal data or the management of requests of data subjects. The contact details of the Data Protection Officer are: info@dagital.eu or the address of the registered seat of our Law office for the mailing correspondence. In the processing of personal data, we are primarily governed by the EU General Data Protection Regulation ("GDPR"), which also governs your rights as the data subject, provisions of the Slovak Data Protection Act applicable to us (in particular Sections 78 and 79), act on advocacy (Section 18) as well as other applicable legislation.

Below we answer the basic questions regarding the processing of personal data by our Law office in the light of Art. 13 and 14 GDPR:

Purpose

Legal ground according to GDPR 

Exercise of legal profession (provision of legal services) compliance with Code of Conduct and regulations Slovak bar Association

Compliance with legal obligation pursuant to article 6 (1) c) GDPR alternatively performance of contract pursuant to article 6 (1) b) GDPR.

Provision of non-legal services 

Compliance with legal obligation pursuant to article 6 (1) c) GDPR alternatively performance of contract pursuant to article 6 (1) b) GDPR.

Establishment, exercise or defense of legal claims of law office

Legitimate interest pursuant to article 6 (1) f) GDPR: establishment, exercise or defense of legal claims of law office.

Raising awareness about law office in the online environment (via social networks and the law office's website)

Legitimate interest pursuant to article 6 (1) f) GDPR: raising awareness about law office the online environment or consent pursuant to article 6 (1) a) GDPR  . 

Marketing communication 

Consent pursuant to article 6 (1) a) GDPR or legitimate interest pursuant to article 6 (1) f) GDPR: direct marketing purposes.

Personnel & Payroll 

Compliance with legal obligation pursuant to article 6 (1) c) GDPR alternatively performance of contract pursuant to article 6 (1) b) GDPR.

Accounting & Tax purposes 

Compliance with legal obligation pursuant to article 6 (1) c) GDPR.

Statistical purposes

Any other legal ground of above purposes (compatible purposes) in light of article 89 GDPR.

As maybe seen from the above, when processing personal data, we monitor the rely on following legitimate interests of our Law office: 

Legitimate interest 

Description

Establishment, exercise or defense of legal claims of law office

When we do not represent our clients in the case of judicial or out-of-court disputes, negotiations and communication about contractual relations, recovery of claims, disclosure of facts by public authorities and similar activities we establish, defend and exercise legal claims of our office. Hence, we rely on our legitimate interest.

Raising awareness about the firm in the online environment

When publishing content on our social networks (especially LinkedIn) and on our website, we may process personal data including profiling on the basis of our legitime interest on raising awareness about the firm in the online environment.

Direct marketing purposes

The purposes of direct marketing may constitute legitimate interests within the meaning of recital 47 of the GDPR. We rely mainly on pertinent legitimate interest mainly while sending a marketing communication in the form of a newsletter or post or in cases where the prior consent of the addressee of the communication is not required under applicable law.

We provide personal data of our clients and other natural persons only to the extent necessary while maintaining the confidentiality of the data recipient compliance with Code of Conduct and regulations of the Slovak bar Association .e.g. to our employees,  persons authorized to exercise legal actions within provision of legal services, representing or cooperating lawyers / attorneys, to our accounting or tax advisors, server repository providers, accounting software providers (visible on the invoice), the Slovak Bar Association (e.g. in the case of disciplinary proceedings) or to a provider of software equipment or the support of our Law office, including employees of those persons. As part of the operation of our website, we use the following suppliers:

  • FUGA B.V., Alkmaar Netherlands – webside cloud storage located in EU, Data Processing Agreement available here ;

  • Mailgun Technologies, Inc., San Francisco, USA  automatic email generator using with contact forms, data processing Agreement  available here (in the section "What is a Data Processing Agreement and do we need one?");

  • MapBox, Inc., -  map displaying on website, privacy policy available here.

Although we have a limited obligation to provide your personal data to public authorities for reasons of confidentiality, we are required to contravene the crime and we also have the obligation to communicate information on the prevention of money laundering and terrorist financing.

In general, we try not to transfer personal data to third countries outside the European Economic Area (EU, Iceland, Norway and Liechtenstein). Email communication and electronic copies of all legal documentation related to our activity remain stored on servers located in the territory of the Slovak Republic with back-up in EU. We use a global and verified cloud service provider.

However, mainly for communication with our online audience resp. to manage the online social network profiles of our law office, we also use the services of some leading suppliers as the Google,., Facebook, LinkedIn, Microsoft Corporation and Mailgun. We do not use them primarily for providing legal services, but for the purposes of our online activities on the web, blog, search engines, social networks, and marketing, where the link to the client is questionable (including public as data subjects).

These suppliers and facilities are located in the United States of America, which is generally regarded as a third country that does not ensure an adequate level of protection. Any transfer of personal data outside the EU and / or the European Economic Area is carried out only with strict compliance with the protection of personal data in accordance with the requirements of the GDPR. As the EU-US Privacy Shield mechanism has been invalidated by the Court of Justice of the EU in the Schrems II case on 16 July 2020, all of above mentioned cross-border transfers of personal data to the US are carried out on the basis of Standard Contractual Clauses approved by the European Commission.

According to above mentioned judgment, controllers should also adopt additional safeguards, if necessary. We have decided that the main safeguard for our visitors will be to not place any tracking codes, cookies or pixels on devices through our website that could be connected to advertising networks that track behavior on the internet.

 You can find a link to the Standard Contractual Clauses in relation to transfers to the United States below.

Supplier

Privacy policy

Appropriate safeguards accordance Art.46 GDPR

Google

https://policies.google.com/privacy?hl=en-US

https://privacy.google.com/businesses/controllerterms/mccs/

Facebook / WhatsApp

https://www.facebook.com/policy.php

https://www.whatsapp.com/legal/#privacy-policy-our-global-operations

https://www.facebook.com/help/566994660333381?ref=dp

LinkedIN

https://www.linkedin.com/legal/privacy-policy

https://www.linkedin.com/legal/l/dpa

https://www.linkedin.com/legal/l/eu-sccs

Microsoft Corporation

https://privacy.microsoft.com/en-us/privacystatement

https://docs.microsoft.com/en-us/microsoft-365/compliance/offering-eu-model-clauses?view=o365-worldwide

Mailgun

https://www.mailgun.com/privacy-policy/

https://www.mailgun.com/gdpr/

https://na3.docusign.net/Signing/?insession=1&ti=f6dee0c1ebc64aa58a8f25ed3c46f68f

None. But we're happy to hear your opinion if you think it's happening.

We keep your personal data as long as necessary for the purposes for which personal data are processed. When storing personal data, we follow the recommended retention periods in accordance to Resolution of chair of Slovak Bar Association n. 29/11/2011 e.g. 

  • The incoming mail book / registry and the posting book / registry after it has been filled by the lawyer for ten years from the date of receipt or posting in the last registered mail;

  • The inventory list is archived by the lawyer for ten years after writing;

  • If the lawyer manages clients' names and client records electronically, at the end of the calendar year he will print his printed form for the calendar year and store it in the office without any time limit;

  • The client's file shredding period is 10 years and starts from the day when all the conditions for saving the file to the archive are fulfilled.

Lawyers are subject to regulations of Slovak Bar Association that interpret lawyers' obligations under Advocacy Act, according to which there are certain circumstances that prolong our retention periods of personal data and explicitly prevent us from shredding some documents for rational reasons. e.g.:

  • The client file containing the original documents delivered to us by the client shall not be shredded;

  • It is not possible to shred the records of client files and names of client files;

  • It is not possible to shred the client's file or its part that lawyer is obliged to submit to the state archive;

  • It is not possible to shred the client file if any proceedings before the courts, state administration bodies, law enforcement authorities, the Slovak Bar Association that is/are related to the contents of the client file or the lawyer's legal action or omission in providing legal services in matters of the client.

In relation to other purposes, the following general retention periods apply:

Purpose of processing

General retention period

Provision of non-legal services

3 years after contract termination or  termination of services provided 

Demonstration, application and defense of legal claims of the office (legal agenda)

For the duration of the litigation, amicable settlement, but at the latest until the termination of the claim in question by limitation or prescription

Raising awareness of the office in the online environment (via social networks and the office's website)

3 years

Direct marketing communication

Until the withdrawal of consent or objection, as a rule not longer than 2 years, unless the consent is renewed

Personnel & Payroll purposes

Usually up to 10 years

Accounting & Tax purposes 

Usually up to 10 years

Statistical purposes

During the existence of other purposes of processing

However, the above general retention periods may be shortened in relation to selected data or if data are no longer necessary to achieve the purpose of processing.

If you are our client, we often obtain your personal data directly from you. In that case, obtaining your personal data is voluntary. Depending on the particular case, the failure to provide personal data by clients may affect our ability to provide high-quality legal services or in exceptional cases, our obligation to refuse to provide legal services. Personal data about our clients may also be obtained from publicly available sources, from public authorities or from other third parties.

If you are not our client, we often obtain your personal data from our clients or from other public or statutory sources such as requesting from public authorities, extracting from public registers, obtaining evidence in favor of the client, etc. In such a case, we may obtain your personal data without your knowledge and against your will on the basis of our legal authorization and the obligation to practice law in accordance with the Advocacy Act

The GDPR regulates the rights of data subjects in Articles 12 to 22. In general, as a data subject, you have in particular following rights:

§  The right to request access to personal data under Article 15 of the GDPR that we process about you. This right includes the right to confirm whether we process personal data about you, the right to access this data and the right to obtain a copy of the personal data we process about you, if technically feasible;

§  The right to correct and supplement personal data according to Article 16 of the GDPR, if we process incorrect or incomplete personal data about you;

§  The right to delete your personal data according to Article 17 of the GDPR;

§  The right to restrict the processing of personal data under Article 18 of the GDPR;

§  The right to data portability under Article 20 of the GDPR, if the processing of personal data is based on a legal basis of consent under the performance of the contract;

§  The right to object under Article 21 of the GDPR, if the processing is based on a legal basis of legitimate interest, the public interest or if it is for the purposes of direct marketing, including profiling;

§  The right to object to automated individual decision-making under Article 22 of the GDPR.

Dané obmedzenie sa však vzťahuje len na prípady, keby by poskytnutím daných informácií mohlo dôjsť k porušeniu povinnosti zachovávať mlčanlivosť podľa § 23 Zákona o advokácii. V takých prípadoch sme povinní požiadať klienta o súhlas s poskytnutím daných informácií. V prípade, ak sa domnievame, že pozbavenie povinnosti zachovávať mlčanlivosť by nebolo v záujme klienta, sme oprávnení rozhodnúť o neposkytnutí takých informácií aj napriek udeleniu súhlasu klienta (viď § 23 ods. 3 Zákona o advokácii). V prípade ak nejde o taký prípad, postupujeme podľa všeobecných podmienok vyplývajúcich z GDPR. Myslíme si, že k automatizovanému individuálnemu rozhodovaniu podľa článku 22 GDPR u nás nedochádza, ale radi si vypočujeme opačný názor a vyhovieme žiadosti o ľudský zásah ak bude opodstatnená. 

The data subject is any natural person about whom we process personal data. However, it is very important whether this idividual is or is not our client, because it may depend on whether we comply with the law or not. As a client, you have the right to consider access to your personal data, their correction, deletion, portability, the right to object to the processing or to request a restriction of processing under the conditions stipulated in the GDPR. In our opinion, the given rights also result from the Advocacy Act and the statutes of the Slovak Bar Association. The right of access, information and portability within the meaning of Art. 15 and Art. 20 GDPR does not have to have persons other than the client due to our legal obligation to maintain confidentiality and reference to § 18 par. 8 of the Advocacy Act: "A lawyer is not obliged to provide information on the processing of personal data, allow access or transfer of personal data under a special regulation, if this could lead to a breach of lawyers' duty of confidentiality under this law." However, the given restriction applies only in cases where the provision of the given information could lead to a breach of the obligation to maintain confidentiality pursuant to Section 23 of the Advocacy Act. In such cases, we are obliged to ask the client for consent to provide the information. If we believe that the waiver of confidentiality would not be in the client's interest, we are entitled to decide not to provide such information despite the client's consent (see section 23 paragraph 3 of the Advocacy Act). If this is not the case, we follow the general conditions arising from the GDPR. We do not think that there is an automated individual decision-making under Article 22 of the GDPR in our country, but we are happy to hear the opposite opinion and comply with the request for human intervention, if it is justified.

You also have the right to file a complaint at any time with the Office for the protection of personal data of Slovak Republic or the Slovak Bar Association or to file a motion to initiate proceedings pursuant to Section 100 of the Personal Data Protection Act.

“If we process your personal data on the basis of your consent to the processing of personal data, you have the right to withdraw your consent at any time. Withdrawal of consent shall not affect the lawfulness of the processing resulting from the consent prior to its withdrawal.

Nevertheless, you have the right to object at any time to the processing of personal data on the basis of a legitimate or public interest as well as for the purposes of direct marketing, including profiling. ”

Changes to the Privacy Policy

For us, the protection of personal data is not a one-time affair. The information we are obliged to provide to you with regard to our processing of personal data may change or cease to be up to date. For this reason, we reserve the right to modify and change these conditions to any extent at any time. In the event that we change these conditions in a significant way, we will bring this change to your attention, e.g. by general notice on this website or by special notice by email.

 

Dagital Legal, s.r.o.

 

October 2020

Widget powered by Dagital
Rodger

Use below form to send your GDPR request.