TaubelLegalAdvokátní kancelář

Privacy notice

Controller of personal data and data subject

The controller of personal data is the company TAUBEL LEGAL, advokátní kancelář s.r.o., ID no.: 247 69 321, with its registered office at Sokolovská 68/105, Karlín, 186 00 Praha 8, registered with the Commercial Register maintained by the Municipal Court in Prague, Section C, file 172818 (the controller). It is possible to contact the controller in writing at the aforementioned address or via e-mail at office@taubellegal.com.

The controller has not appointed a Data Protection Officer.

The data subject is a natural person who provided the controller with his/her personal data on the basis of an agreement on provision of legal services or any other agreement entered into with the controller or on the basis of a consent with processing of the personal data in terms of the subscription to newsletter sent by the controller. The data subject is also another natural person, whose personal data is processed by the controller for the purpose of defense of its clients’ legal claims, fulfilment of the legal obligations of the controller and/or its clients or protection of legitimate interests of the controller and/or its clients.

Scope of processing of personal data

The controller processes the personal data in scope in which it is provided to the controller by the data subject or in scope in which the controller obtains the data from other sources. Taking into account the nature of services provided by the controller, i.e. provision of legal services to natural and legal persons, it is not possible to specify the scope of the processed personal data unambiguously. The processed personal data are e.g.: name, surname, title, gender, date of birth, social security number, place of birth, e-mail, telephone, contact address, domicile, place of business, ID, VAT number, marital status and family situation, financial situation, bank account number, pending / terminated / threatened court / execution / administrative proceedings, data on possible criminal proceedings and criminal matters, personal data obtained from cookies, etc.

Purpose of personal data processing

The controller processes the personal data of the data subject for the purpose of performance of a contract concluded between the data subject and the controller (provision of legal services), defense of legal claims of controller’s clients, registration with the database of the controller and for the purpose of direct marketing (i.e. offering of products and services of the controller) including sending of commercial communications pursuant to the Act no. 480/2004 Coll., on Information Society Services. The commercial communications are sent by the controller only if the data subject has subscribed to the newsletter or if the controller acquired the electronic contact of the data subject in connection with the sale of the controller’s services. The data subject has the possibility to unsubscribe in a simple manner and free of charge from the newsletter by sending a message to the e-mail address office@taubellegal.com.

Evaluation of necessity of the processing

The controller pays attention to the privacy of the data subjects, and therefore, processes only personal data that is necessary for the intended processing purposes.

Legal basis of personal data processing

The legal basis of the processing is the performance of the contract concluded between the controller and the data subject (provision of legal services), protection of legitimate interests of the controller and/or its clients (defense of legal claims), fulfilment of legal obligations of the controller and/or its clients, prospectively the consent of the data subject with processing of the personal data in case of subscription to the newsletter and cookies.

Duration of processing of personal data

In case of processing of personal data for the purpose of performance of a contract the controller processes the personal data for the period of the duration of the relevant contractual relationship and subsequently for a further period of 10 years, taking into account the length of the limitation period for damages. In case of processing of personal data for the purpose of fulfilment of a legal obligation of the controller the controller processes the personal data for the period stipulated by legal regulation. In case of the personal data processed on the basis of a consent of the data subject the controller processes the personal data for the period of 10 years, unless the consent with processing of the personal data is withdrawn. This does not affect the obligation of the controller to process the personal data for the period determined by the relevant legal regulation or in compliance with it.

Withdrawal of consent with processing of personal data

If the data subject granted the controller a consent with processing of his/her personal data, the data subject has the right to withdraw its voluntarily given consent with processing of personal data at any time and free of charge by sending an e-mail message to the e-mail address: office@taubellegal.com. The withdrawal of consent does not affect the lawfulness of the processing based on the consent given before its withdrawal. The withdrawal of the consent also does not affect the processing of personal data which is being done by the controller on another legal basis than a consent (e.g. in particular if the processing is necessary for the performance of a contract, fulfilment of a legal obligation or due to other reasons stated in the valid legal regulation).

Access to personal data

The personal data can be accessed by the controller, its employees and associates, who are bound by confidentiality obligation in accordance with the valid legal regulation. In some cases the personal data can be accessed also by third parties – the recipients who provide appropriate guarantees and whose processing complies with the requirements of applicable laws and which ensures the proper protection of the data subject’s rights. The recipients of the personal data are providers of accounting / payroll services and systems, IT system administrators, legal and tax advisors, marketing service providers and public authorities to whom the controller is obliged to provide personal data (e.g. the Czech Bar Association).

The Personal data is only transferred within the Member States of the European Union, with the exception of online services used on the website of the administrator www.taubellegal.com from Google (Google Analytics), located in the United States. In this case, the transfer is based on the standard contractual clauses.

Proof of identity of data subjects

The controller is entitled to require a proof of identity of the data subjects in order to prevent unauthorized persons from accessing the personal data.

Rights of data subjects in relation to the personal data

In relation to the personal data, the data subject has in particular the following rights:

  1. right to withdraw his/her consent anytime;
  2. right to correct or amend his/her personal data;
  3. right to request restriction of processing of the personal data;
  4. right to object to or file a complaint against the processing in certain cases;
  5. right to data portability;
  6. right of access to the personal data;
  7. right to be informed about the breach of security of the personal data in certain cases;
  8. right to erasure (“right to be forgotten”) in certain cases; and
  9. further rights stipulated in the Act on Personal Data Protection, the Act on Processing of Personal Data and in the General Data Protection Regulation No. 2016/679.

What does it mean that the data subject has the right to object to processing?

According to the Article 21 of the General Data Protection Regulation No. 2016/679 the data subject has, among others, the right to object to the processing of the personal data if the controller processes the personal data on the basis of a legitimate interest, including the processing for the purposes of direct marketing. The objection shall be filed with the controller on the e-mail address: office@taubellegal.com. In case that the data subject objects to the processing for direct marketing purposes, the personal data shall no longer be processed by the controller in this scope.

More information about this right can be found particularly in the Article 21 of the General Data Protection Regulation No. 2016/679.

Obligation to provide personal data

The personal data is provided by the data subject voluntarily. The data subject has no obligation to provide it. There are no sanctions pending to the data subject for not providing the personal data. However, if the data subject does not provide his/her personal data to the controller, it will not be possible to conclude and duly perform a contract between the controller and the data subject. Nevertheless, it is solely up to the data subject whether he/she wishes to enter into a contractual relationship with the controller or not.

Security of personal data

All personal data are secured by standard procedures and technologies. Personal data processed electronically are stored within the internal system and are accessible only to authorized users working with the personal data through devices secured by login and password. The controller uses a professional antivirus protection and firewall, which are regularly updated. The controller periodically checks the system for vulnerabilities and attacks, and uses security measures that can reasonably be required of the controller to prevent unauthorized access to the personal data provided and that provide sufficient security with respect to the state of the art. Personal data, which are processed in writing, are stored in the secure premises of the controller, to which only authorized persons have access. All security measures taken are regularly updated.

Even though, the controller secures the personal data by appropriate technological and organizational measures, it is not objectively possible to fully guarantee the security of the personal data. Therefore, it is also not possible to absolutely ensure that no third party may gain access to the personal data, that it cannot be copied, published, changed or destroyed by a breach of security measures of the controller. However, the controller ensures that it does everything possible to keep personal data secure and regularly checks for security breaches.

Cookies

The controller uses so-called cookies on its www.taubellegal.com website which are stored on the data subject's device. These cookies serve especially for the purpose of monitoring movement of the data subjects on the web site (analysis of visitor’s behavior done by Google Analytics and Hotjar).

Publisher/Cookie Name Type Durability Description
Hotjar
(_hjid a _hjIncludedInSample)
Analytical Persistent
(11 months after storing/refreshing)
It is used to distinguish individual users for traffic analysis. The cookie is refreshed each time data is sent to Hotjar (a third party based in Malta).
Google Analytics
(_ga a _gid)
Analytical Persistent
(2 years after storing/refreshing)
It is used to distinguish individual users for traffic analysis. The cookie is refreshed each time data is sent to Google Analytics (a third party based in Ireland and USA).

Standard web browsers (Safari, Internet Explorer, Firefox, Google Chrome, etc.) support cookie management. As part of the browser settings, the data subject may manually delete, block or completely prohibit the use of cookies, or block or allow them only for individual websites. For more detailed information, the data subject can use the help of his/her browser.

Cookie setting

Final provisions

This Privacy notice may change in the future. The current privacy notice is always available on the administrator's website at www.taubellegal.com.

The data subject has the right to file a complaint concerning the processing of personal data by the controller with the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, website: www.uoou.cz. Alternatively, he/she may apply for judicial protection before the competent court.