Principles of Processing and Protection of Personal Data
If you are our customer, newsletter subscriber or website visitor, you are entrusting us with your personal data. We are responsible for their protection and security. Please familiarize yourself with the data protection, policies and rights you have in relation to the GDPR (General Data Protection Regulation).
WHO IS THE DATA CONTROLLER?
We are EPPINGER & KOLÁROVÁ LEGAL s.r.o., a law firm, ID No.: 14038285, with registered office at Bucharova 1314/8, 158 00 Prague 5, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, Insert 359333, represented by Mgr. Aleš Eppinger and Mgr. Irena Kolárová, as managing directors and partners.
We operate the website www.eak.legal. We process your personal data as a controller, i.e. we determine how the personal data will be processed and for what purpose, for how long and we select any other processors who will assist us with the processing.
HOW CAN YOU CONTACT US?
If you wish to contact us during the processing, you can contact us by phone at +420 602 311 562 / +420 724 993 990 or by e-mail at firstname.lastname@example.org or email@example.com and firstname.lastname@example.org.
We declare that, as the controller of your personal data, we comply with all legal obligations required by applicable legislation, in particular the Data Processing Act and the GDPR, and therefore that:
- we will only process your personal data on the basis of a valid legal ground, namely legitimate interest, performance of a contract, legal obligation or consent,
- we comply with the information obligation under Article 13 of the GDPR before we start processing personal data,
- enable and support you in exercising and fulfilling your rights under the Data Processing Act and the GDPR
THE SCOPE OF THE PERSONAL DATA AND THE PURPOSES OF THE PROCESSING
We process personal data that you entrust to us for the following reasons (to fulfil these purposes):
- Provision of services, performance of a contract
We necessarily need your personal data (billing data and contact details) to provide our legal services according to your assignment and according to our contract with you and also to initiate communication with you according to your request.
If you are our customer, we necessarily need your personal data (billing data) to comply with our legal obligation to issue and record tax documents.
- Marketing - sending newsletters
We use your personal data (email and name), gender, what you click on in the email and when you open it most often for direct marketing purposes - sending you commercial communications. If you are a customer of ours, we do so out of legitimate interest, as we reasonably expect you to be interested in our legal news and tips, for a period of 5 years from the last order for services.
If you are not our customer, we only send you these newsletters on the basis of your consent, for a period of 5 years from the date of issue.
In either case, you may withdraw this consent by using the unsubscribe link in any email sent to you.
- Photos and video recordings of seminars
We take photographic documentation or video footage at some of our live events - training sessions, seminars, client events. We use the photos in promotional materials, especially on the website. Video footage is used for online course participants to view. You will never find the names of the participants in these materials, unless it is a reference and then by consent. If you would prefer not to be on the recordings, please let us know on our contact details before the live event.
We retain your personal data for the duration of the limitation periods, unless the law provides for a longer period to retain it or we have specified otherwise in specific cases.
DATA SECURITY AND PROTECTION
We protect personal data as far as possible by using modern technologies that correspond to the level of technical development. We protect it as if it were our own. We have adopted and maintain all possible (currently known) technical and organisational measures to prevent the misuse, damage or destruction of your personal data.
TRANSFER OF PERSONAL DATA TO THIRD PARTIES
Your personal data is accessible by our employees and associates who are bound by confidentiality and trained in the security of personal data processing.
For some specific processing operations that we cannot provide on our own, we use the services and applications of processors who specialize in the processing and are GDPR compliant.
These are providers of the following platforms and services:
- SmartEmailing for sending newsletters
- Google - Google Analytics
- Accounting firm for the processing of accounting
- IT support to ensure the smooth running of information systems
- Parcel carrier for the forwarding and delivery of your parcel
We may decide to use other applications or processors in the future to facilitate and improve the quality of processing. However, we promise you that in such a case, we will place at least the same demands on the processor for security and quality of processing as we do on ourselves.
Transfer of data outside the European Union
We only process data in the European Union or in countries that provide an adequate level of protection based on a decision of the European Commission.
YOUR RIGHTS IN RELATION TO DATA PROTECTION
You have a number of rights in relation to data protection. If you wish to exercise any of these rights, please contact us by email: email@example.com.
You have the right to information, which is already fulfilled by this information page with the personal data processing policy.
Thanks to the right of access, you can challenge us at any time and we will document within 30 days what personal data we are processing and why.
If something changes or you find your personal data outdated or incomplete, you have the right to have your personal data completed and amended.
You can exercise your right to restrict processing if you believe that we are processing your inaccurate data, if you believe that we are processing unlawfully but do not want to delete all your data, or if you have objected to the processing.
You can limit the scope of personal data or the purposes of processing (for example, by unsubscribing from the newsletter you limit the purpose of processing for sending commercial communications).
Right to portability
If you would like to take your personal data and transfer it to someone else, we will follow the same procedure as when you exercise your right of access - the only difference is that we will deliver the information to you in machine-readable form. Here we need at least 30 days.
Right to erasure (to be forgotten)
Your next right is the right to erasure (to be forgotten). We don't want to forget you, but if you wish, you have the right to do so. In this case, we will delete all your personal data from our system and from the system of all sub-processors and backups. We need 30 days to secure the right to erasure.
In some cases, we are bound by a legal obligation and, for example, we must keep records of tax documents issued for a period of time specified by law. In this case, we will therefore delete all such personal data that is not bound by another law. We will inform you by e-mail when the deletion is completed.
Complaint to the Data Protection Authority
If you feel that we are not treating your data in accordance with the law, you have the right to contact the Data Protection Authority at any time with your complaint. We would be very pleased if you first inform us of this suspicion so that we can do something about it and correct any wrongdoing.
Unsubscribing from newsletters and commercial communications
We send you emails with inspiration, articles or products and services if you are a customer based on our legitimate interest.
If you are not yet a customer, we only send them to you on the basis of your consent. In either case, you can stop receiving our emails by pressing the unsubscribe link in each email sent.
We would like to assure you that our employees and associates who will process your personal data are obliged to maintain confidentiality of personal data and security measures, the disclosure of which would compromise the security of your personal data. This confidentiality shall continue even after the end of the contractual relationship with us. Your personal data will not be released to any other third party without your consent.
This personal data processing policy applies from 22.3.2023