bodnarlegal

Privacy Policy

This document is intended to provide information about the rights of data subjects (our clients and other individuals) whose personal data is processed by our law firm, BodnarLegal s.r.o., located at Žriedlová 3, 040 01 Košice, Slovakia, ID No.: 51 865 459, registered in the Commercial Register of the Košice District Court, Section Sro, Insert No. 44372/V, as the controller (hereinafter also referred to as the "Controller") in accordance with Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, GDPR) (hereinafter referred to as the "GDPR"), Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments to Certain Laws (hereinafter referred to as the "ZoOOÚ"), Act No. 586/2003 Coll. on Advocacy and on Amendments to Act No. 455/1991 Coll. on Business (Trade Act) as amended (hereinafter referred to as the "Advocacy Act"), as well as other regulations. Our law firm processes personal data in accordance with the Code of Conduct adopted by the Slovak Bar Association (hereinafter referred to as the "SBA"), which further explains the processing of personal data by attorneys. The Code of Conduct of the SBA can be found on the website www.sak.sk.

Activities of the Controller

Our law firm primarily performs activities including:

• Practicing law under the Advocacy Act, such as representing clients in proceedings before courts, public authorities, and other legal entities, defending in criminal proceedings, providing legal advice, drafting legal documents, preparing legal analyses, managing clients' assets, and other forms of legal consultancy and assistance if performed continuously and for remuneration;

• Fulfilling various legal, professional, and contractual obligations;

• Protecting our legitimate interests as well as the interests of our clients and other persons.

What are personal data and what does processing personal data mean?

Personal data, as defined by applicable law, refers to information relating to an identified or identifiable natural person, who can be identified directly or indirectly, particularly by reference to an identifier, such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

Processing personal data means any operation or set of operations performed on personal data, such as collection, recording, organizing, structuring, storing, altering, retrieving, consulting, using, transmitting, disseminating, or otherwise making available, aligning, or combining, restricting, erasing, or destroying, whether performed by automated means or otherwise.

On what legal basis do we process your personal data?

We are authorized to process your personal data only in a lawful manner, ensuring that your fundamental rights are not infringed. We process your personal data on the basis of (at least one of) the following legal grounds:

• Your consent to the processing of your personal data for at least one specific purpose, if processing cannot be performed on another legal basis;

• Processing of your personal data is necessary for the performance of a contract (e.g., a legal services contract, employment contract), to which you are a party, or to take steps prior to entering into a contract at your request (pre-contractual relationships);

• Processing of your personal data is necessary for compliance with our legal obligations as a controller, especially duties arising from the Advocacy Act, accounting regulations, the Archives and Records Act, as well as obligations to state authorities;

• Processing of your personal data is necessary for the purposes of legitimate interests pursued by us or a third party, particularly:

• Sending newsletters to our clients to inform them about legislative changes or legal updates, and sending holiday greetings;

• Monitoring website traffic and improving website functionality (via cookies), but in such a way that it does not disproportionately affect your rights;

• Monitoring the external and internal premises of our office building for the purpose of protecting our property from destruction, damage, or theft, as well as ensuring the health and safety of persons in the office.

What is the purpose of processing your personal data?

We process your personal data to the extent and in the manner defined by the following categories of purposes:

What personal data do we process?

If you are our client, we usually collect your personal data directly from you. In this case, providing your personal data is voluntary. Depending on the specific case, failure to provide personal data may impact our ability to offer high-quality legal advice or, in exceptional cases, even lead us to refuse to provide legal advice. We may also collect personal data from publicly available sources, from public authorities, or from other persons.

If you are not our client, we usually collect your personal data from our clients or from other public or legal sources, such as requesting data from public authorities, extracts from public registers, gathering evidence in favor of the client, etc. In this case, we may collect your personal data without informing you or even against your will, based on our legal entitlement and obligation to practice law in accordance with the Advocacy Act.

Processing of Cookies

Cookies are small text files that enhance the use of the website by, for example, allowing recognition of previous visitors during login to the user interface, remembering user preferences when opening a new window, measuring website traffic, or improving its use. Our website uses cookies for the operation of the website. These cookies allow us to analyze how you interact with the website. We learn from these cookies how you react to our website by providing information about which areas of the website you visited, how long you spent on it, and whether any issues occurred during your visit.

You can prevent the storage of these files on your device at any time by adjusting your web browser settings. Setting your browser is considered your consent to the use of cookies on our site under Section 55(5) of the Electronic Communications Act.

Who do we provide personal data to?

When fulfilling our contractual, legal, or other obligations, we use third-party services that are authorized to process personal data on behalf of our law firm to the extent necessary and provide adequate guarantees for the lawful processing of personal data.

We provide your personal data to the following categories of recipients:

• Employees of our office and other persons authorized to process personal data based on an employment contract or other similar agreements, such as a mandate agreement, or as specified in their job description;

• Collaborating or representing attorneys;

• Providers of payroll and accounting consulting and services;

• Providers of IT services (network, server, and other information systems administrators);

• Providers of document archiving services containing personal data;

• Providers of postal and courier services;

• Providers of support, technical, or organizational services;

• The Slovak Bar Association;

• Public authorities (state bodies, organizations, and institutions, law enforcement agencies).

We provide personal data to public authorities only to the necessary extent (in accordance with our obligation to maintain confidentiality) and always while ensuring the confidentiality of the recipient. Although we have a limited obligation to provide your personal data to public authorities due to confidentiality, we are required to prevent the commission of a criminal offense and also have an obligation to report information on the prevention of money laundering and terrorism financing.

We do not intend to transfer your personal data to third countries (outside the European Economic Area). We use only secure cloud services from a verified provider with servers located within the EU jurisdiction.

How long are personal data stored?

We store personal data only for as long as necessary to fulfill the purposes for which the personal data was collected. In storing personal data, we follow the recommended retention periods set out in the Resolution of the Presidium of the Slovak Bar Association No. 29/11/2011, such as:

• Attorneys are subject to professional regulations interpreting the duties of attorneys under the Advocacy Act, which include certain circumstances extending retention periods for personal data or preventing the destruction of certain documents for understandable reasons. For example:

• Client files containing original documents provided by the client cannot be destroyed;

• Protocols of client files and client lists cannot be destroyed;

• A client file or its part that an attorney is obliged to submit to the state archive cannot be destroyed;

• A client file cannot be destroyed if any legal proceedings are ongoing before a court, public authority, law enforcement agency, or the Slovak Bar Association that are related to the contents of the client file or concern the attorney’s conduct in providing legal assistance to the client.

Your personal data, which we process for the purpose of fulfilling obligations arising from a contractual relationship (e.g., a contract for the provision of legal services), may be stored for the duration of the contractual relationship or until all rights and obligations arising from the contractual relationship have been fulfilled. If the storage of personal data is necessary to fulfill obligations under specific legal regulations, to the extent necessary to fulfill these obligations (e.g., the Archives and Registries Act), we are authorized to process your personal data even after the above-mentioned period.

If we process your personal data based on your consent, we are authorized to process your personal data for the duration of your consent, as well as for the duration of the purpose of personal data processing for which you have given consent. Withdrawal of consent does not affect the lawfulness of processing based on consent before it was withdrawn. If the storage of personal data is necessary to fulfill our obligation under specific legal regulations, to the extent necessary to fulfill this obligation, we are authorized to process your personal data even after the above-mentioned period.

In the case of processing personal data based on our legitimate interest, we are authorized to process your personal data for the duration of this legitimate interest, except in cases where your interests or your fundamental rights and freedoms override such interests.

Personal data for the purpose of fulfilling accounting and tax obligations is processed primarily based on Act No. 431/2002 Coll. on Accounting as amended, Act No. 222/2004 Coll. on Value Added Tax as amended, and Act No. 40/1964 Coll. Civil Code as amended.

What are your rights?

Under the applicable law, you have the following rights as a data subject:

• Request access to personal data - You have the right to obtain confirmation on whether we are processing your personal data and to access it.

• Request correction of personal data - You have the right to have your incorrect personal data corrected without undue delay, and to complete incomplete personal data, considering the purposes of processing.

• Request erasure of personal data (right to be forgotten) - You have the right to request the deletion of your personal data if it is no longer necessary for the purposes for which it was collected, if you have withdrawn your consent (and no other legal basis for processing exists), or if you have objected to the processing based on legitimate interests, and no overriding legitimate grounds for processing exist.

• Request restriction of processing - You have the right to request temporary restriction of processing of your personal data in the following cases:You contest the accuracy of the data, during a period allowing the controller to verify the data’s accuracy.The processing is unlawful, and you object to the erasure of the personal data and request instead a restriction on its use.The controller no longer needs your personal data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims.You have objected to processing under Article 21(1) of the GDPR, pending verification of whether the controller’s legitimate grounds override your rights and freedoms.

• Object to the processing of personal data - You have the right to object to the processing of your personal data based on the legitimate interest of the controller, including profiling. The controller must cease processing unless it can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims. You also have the right to object to the processing of your personal data for direct marketing purposes, including profiling in so far as it is related to such direct marketing.

• Data portability - You have the right to obtain your personal data that you have provided to the controller in a structured, commonly used, and machine-readable format, and the right to transmit those data to another controller without hindrance from the controller, if processing is based on your consent or a contract and is carried out by automated means.

• Withdraw your consent - You can withdraw your consent to process personal data at any time (if processing is based on consent).

• Lodge a complaint - You have the right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov SR) at Hraničná 12, 820 07 Bratislava 27.

For the processing of personal data (especially regarding individuals other than clients) in the provision of legal services, the exemptions in Article 14(5) of the GDPR apply to us, as per Section 23(1) and the following provisions of the Act on Advocacy. We are obliged to maintain confidentiality about all matters learned in connection with legal practice (professional secrecy), and therefore we are not required to provide information to the affected person as stated in Article 14 of the GDPR.

When processing personal data in the provision of legal services, clients and other individuals (e.g., opposing parties) do not have the right to object to such processing under Article 22 of the GDPR. If the personal data pertains to a client (whether a legal entity or individual), the right of access or data portability does not apply to others due to our legal obligation to maintain confidentiality, referencing Article 15(4), 20(4) of the GDPR, and Section 18(8) of the Act on Advocacy: “A lawyer is not obliged to provide information on the processing of personal data, grant access to, or portability of personal data under special regulations if this would violate the lawyer’s obligation to maintain confidentiality according to this Act.”

Contact details of the Controller:

bodnarlegal s.r.o.

Address: Žriedlová 3, 040 01 Košice, Slovakia
Phone: +421 917 933 544
Email: info@bodnarlegal.sk