I, Mgr. Martin Hýbl, solicitor, registered office at Korunní 1740/129, 130 00 Praha 3, CRN: 09932577, reg. no. ČAK: 19588 (hereinafter also referred to as ‘Solicitor’ or ‘Controller’), hereby inform natural persons, as data subjects, what personal data I process, for what purpose and on what legal basis in connection with my legal practice, to whom I pass on this data, how I protect it, and what rights natural persons, as data subjects, have in relation to their personal data.
I take the protection of your personal data very seriously, and I make sure that your personal data is safe with me. I process your personal data for the purpose of providing legal services and for my business practice. I am a personal data controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (‘GDPR’). When I provide legal services in the form of permanent cooperation, I am a joint controller with the solicitor/law firm I cooperate with.
I process personal data pursuant to the law, particularly Act no. 85/1996 Coll., on the legal profession, as amended (hereinafter the ‘LPA’), GDPR and Act no. 110/2019 Coll., on personal data processing.
2. IDENTIFICATION DATA AND CONTACT DETAILS OF THE CONTROLLER
Mgr. Martin Hýbl, solicitor
Korunní 1740/129, 130 00 Praha 3
Reg. no. ČAK: 19588
Email address: firstname.lastname@example.org
Tel. no.: +420 607 060 064
3. PERSONAL DATA PROCESSED BY ME
In my practice, I may obtain your personal data (i) when you contact me through the contact form or through other contact details provided on my website, (ii) when we meet at the introduction meeting, (iii) when you provide them during the term of our contractual relationship, (iv) when you apply for a job, and/or (v) when I obtain them from other sources, including publicly available sources.
The personal data I process particularly include the data subject’s name and surname, title, date of birth, personal birth number, contact address, CRN, TIN, registered office or other addresses, ID numbers or copies thereof, email address, telephone number, postal address, bank account number and other transaction data, information provided in a CV, information on education, professional experience, or any other personal data concerning my clients , business partners or third parties.
I do not process special category data within the meaning of Article 9 of the GDPR (e.g. data on racial or ethnic origin or health status), with the exception of situations when it is necessary and in accordance with applicable legislation (e.g. in cases of criminal defense or for a medical opinion on the ability to perform a certain job).
I would also like to note that failure to provide personal data consisting in contact details will prevent me from answering your questions. For this reason, if you use the contact form on my website, you must fill in all required fields, or provide the necessary information in another way (e.g. in an email or in person). If you provide the personal data of third parties, it is your responsibility to ensure that the provision of such personal information is in accordance with the law and that you are authorised to give me this personal data for processing.
4. PURPOSES OF PERSONAL DATA PROCESSING AND LEGAL BASIS
Depending on the circumstances, I process personal data for the purposes of (i) negotiating a contract, (ii) providing legal services and for my business practice, (iii) protecting my legitimate interests, (iv) fulfilling my legal obligations, (v) reasons listed in the data subject’s consent, (vi) selection processes for vacant jobs, (vii) and advertising and promotion of my services.
I only process personal data to the extent necessary, and only if there is a legal basis for their processing. The legal basis for processing personal data is one or more of the following, depending on the circumstances: (i) The processing is necessary for the performance of a contract to which the data subject is party (e.g. a contract for the provision of legal services) or prior to the conclusion of a contract at the request of the data subject, (ii) processing is necessary to fulfil the legal obligation that applies to the Controller (e.g. obligations arising from the LPA or Act no. 253/2008 Coll., on selected measures against the legitimisation of the proceeds of crime and financing of terrorism), (iii) processing is necessary to protect the vital interests of the data subject or another natural person, (iv) the processing is necessary for the legitimate interests of the Controller or a third party, or (v) the data is processed based on the data subject’s consent.
5. RECIPIENTS OF PERSONAL DATA AND TRANSMISSION OF PERSONAL DATA
To the extent necessary to process relevant personal data, the Solicitor may share the personal data of a data subject, particularly with his staff and cooperating solicitors, notaries, accountants, auditors, tax advisors, experts, translators or interpreters, postal and courier service providers, IT service providers, other contractual recipients, processors or other personal data controllers.
The Solicitor may transfer the personal data of a data subject if he or she has a legal obligation or the right to do so (e.g. at the request of public authorities or in court or other proceedings, or to banks in order to identify the owner of finances in an escrow account).
The Solicitor uses the services of Google Ireland Limited, a company incorporated and operated under the laws of Ireland (registration number: 368047), registered office at Gordon House, Barrow Street, Dublin 4, Ireland. For this reason, personal data may be transferred outside the European Union when the countries to which the personal data are transferred are included in the list of countries with sufficient guarantees and appropriate personal data protection issued by the European Commission in accordance with Article 45 (8) of the GDPR.
In addition to the personal data transfer listed above, in other (rare) cases personal data may also be transferred to a third country, e.g. when the services of a law firm from a third country are used. In this case, the transfer of personal data abroad would always take place in accordance with the requirements of the GDPR and other applicable legislation.
6. HOW I PROCESS PERSONAL DATA AND HOW THEY ARE PROTECTED
I only process your personal data manually. There is no automated processing involving profiling on my part. Profiling can be characterised by the fact that the result of the processing of the personal data of the data subject is decided by a computer without human intervention. I do no such thing with your personal data. Pursuant to Article 32 of the GDPR, I keep appropriate technical and organizational measures to protect the personal data I process from loss, misuse or unauthorised access, disclosure, alteration or destruction.
7. DATA RETENTION PERIOD
I process and retain personal data for the time necessary to ensure all rights and obligations arising from the relevant contractual relationship and for the period during which I, as the controller, am obliged to retain the personal data in accordance with applicable law. In other cases, the processing period depends on the purpose of the processing, which must be reasonable (e..g when an inquiry is made via a contact form) or is determined by applicable regulations.
8 RIGHTS OF DATA SUBJECTS
Below are the rights you have as a data subject in connection with the processing of personal data.
As a data subject, you have the right of access to your personal data that is being processed. The right of access to personal data means that you have the right to ask me, the controller, whether I am processing your personal data and, if so, which data and how it is processed (for more details, see Article 15 of the GDPR).
If you believe that I am processing personal data that is inaccurate or incomplete, you have the right to request their rectification. As controller, I will rectify the data without undue delay with regard to my technical possibilities (see Article 16 of the GDPR).
You also have the right to erasure of your personal data. In other words, this right represents my obligation as a controller to destroy your personal data processed by me if certain conditions are met and if you request it (for more details, see Article 17 of the GDPR).
You also have the right to request that I, the controller, restrict the processing of your personal data in certain cases (see Article 18 of the GDPR).
You also have the right to data portability. The right to data portability allows you to obtain the personal data you have given the Controller in a common and machine-readable format. You can subsequently give the data to another controller or, if technically possible, request that the controllers pass it on to each other (for more details, see Article 20 of the GDPR).
You have the right to object to processing that is based on the legitimate interests of the Controller or a third party, or that is necessary for the performance of a task performed in the public interest or in the exercise of official authority, for direct marketing purposes or for scientific or historical research. You can only apply the first option in the above list with me, as I do not perform the remaining activities (for more details, see Article 21 of the GDPR).
Last but not least, you have the right to withdraw your consent to the processing of your personal data at any time (provided that the processing is based on your consent). The right to withdraw consent means that any consent you have given is always fundamentally revocable, and after its revocation, unless I have another relevant reason (e.g. a statutory obligation to process your personal data), I may not process your personal data further.
I would like to note that in the case of repeated or manifestly unfounded requests for the exercise of the above rights, I am entitled to charge a reasonable fee for the exercise of the right, or to refuse to exercise it. I will inform you of such procedure.
If you are in any way dissatisfied with the processing of your personal data, you can file a complaint with the supervisory authority, which is the Office for Personal Data Protection, based in Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz.
For more information about your rights, visit the website of the Office for Personal Data Protection (https://www.uoou.cz/6-prava-subjekt-udaj/d-27276).
When I visit this website, I process cookies. Cookies are small text files that are stored via a web browser locally on the computer or mobile device used to access the website. These files are stored on your mobile device or computer.
I process cookies in order to ensure functionality and to analyse website traffic. Cookies do not contain personal data directly, but in connection with other data they may constitute personal data. In these cases, these data are processed on the basis of the legitimate interests of the Controller. You can find more information about cookies at this website https://www.uoou.cz/prohlaseni-cookies/ds-3099 and at the links provided there.
10. EFFECTIVE DATE
|_ga_9H5YLNELQ5||Installed by Google Analytics||2 years||Analytic|
|_ga||The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also tracks website usage for a website analytics overview. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.||2 years||Analytic|
|pll_language||The pll _language cookie is used by Polylang to remember the language selected by the user when returning to the web page, and also to obtain language information when it is not available in any other way.||1 year||Functional|
|Google Fonts||Requires user´s IP address||No||functional|
|Cookiebot||Stores the user’s cookie consent state for the current domain||1 year||HTTP|
Korunní 1740/129, 130 00 Praha 3
Plhovská 340, 547 01 Náchod
+420 607 060 064
Data box ID
Reg. no. ČAK