Personal Data Protection

We would like to inform you that the protection and processing of Personal Data is governed by the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “Regulation”) from May 25, 2018.

It is our priority to protect your privacy and your Personal Data and information about any other natural persons.

The purpose of this webpage is to inform you what Personal Data do we process when we provide our legal services, for what purposes, in what manner and on the basis of which legal title we do that, who else – with or without your consent – can process your Personal Data, where and how you can obtain information about your Personal Data which are processed and what are your rights in the area of the protection of Personal Data.

Who is the controller of Personal Data?

Law Office JUDr. Pavlína Vanická, identification number 72015578, with her registered office at Kašparovo náměstí 2271/5, Prague 8, postal code 180 00, Czech Republic.

Controller’s contact information:

Who are the Data Subjects?

The Data Subjects are our Clients whom we provide our legal services under the legal services contract. Personal Data of third parties (provided by Clients or obtained during the provision of legal services) may also be processed. If our attorney is appointed ex officio as defence counsel in criminal proceedings or otherwise appointed by a court, or by the Czech Bar Association (within free legal aid), the recipient of legal service is a Data Subject as well.

What is the purpose of processing and legal basis for processing the Personal Data?

Foremost providing our legal services to our Clients. The processing is necessary for the performance of a contract to which a Client as a Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract. Processing is also necessary for compliance with a legal obligation to which the Law Office is subject, especially

  • Act on advocacy
  • Act on verification
  • Act on anti-money laundering
  • Act on criminal proceeding
  • Act on accounting

Additionally, processing may be based on our legitimate interest to keep all the data especially until we receive the payment for our legal services.

What Personal Data do we process?

Name, date of birth, email and/or phone number, other miscellaneous data provided by Clients as Data Subjects. The nature of these other miscellaneous data may also be of special categories under Art. 9 of Regulation. If the Personal Data have not been obtained directly from Data Subjects but by third party, we also record from which source the Personal Data originate.

We do not use automated decision-making nor profiling in respect of the Personal Data.

Who are the recipients and processors of Personal Data?

Personal Data collected while providing legal services may be to the full extent disclosed to associate attorneys and employees of our Law Office. All the attorneys are legally obliged to maintain confidentiality of all facts he/she learned in connection with the provision of legal services. All our employees are contractually obliged to maintain confidentiality of Personal Data to which they have access within their job assignment.

To the limited extend Personal Data may be disclosed to other legal service providers, e.g. notary persons, non-associate attorneys, or to the public authority, agency or another bodies (as further controllers) under the instructions of Clients or if it is necessary for achieving the purpose of legal service or if it is in his interest.

Processors are bodies who process Personal Data on our behalf. In our case these are our external accounting firm and tax advisor and the provider of remote data storage.

Do we transfer Personal Data to the Third countries?

We do not transfer your Personal Data or any other data processed within the provision of legal services to a third (non-EU or EEA) country or international organisation unless (i) the client expressly requests us to do so, or (ii) we have a legal obligation to do so or there is a decision of a governmental or foreign authority that is enforceable in relation to us in the territory of the Czech Republic and we are obliged to comply with it.

How long do we store the Personal Data?

We process Personal Data only for the necessary period.

We store Personal Data collected within the provision of legal services to the Clients in Client files in accordance with the professional regulations for a period of 10 years from the time when the provision of legal services ends unless the law (e.g. Act on anti-money laundering, or Act on archiving) specifies longer periods of storage with respect to certain documents containing Personal Data, in which case Personal Data are stored for the period stipulated in these special legal regulations.

After expiry of the period specified above, Personal Data may be stored – in case of ongoing court or administrative proceedings/inspection/inquiry – for a period necessary for the exercise of the rights of our Law Office (or the rights of its associate attorneys or employees), or for the exercise of the rights of our clients.

After expiry of the storage period, all Personal Data are safely destroyed or (with respect to certain documents) handed over to the Client.

Security incident reporting

We have a duty to report security incidents to the Personal Data Protection Office and when there are risks to rights and freedoms the Data Subjects concerned, as well as to report such incidents without delay to those Data Subjects.

Data Subjects’ rights

Under the Regulation, the Data Subjects have certain rights in respect of their Personal Data processed by us. These are:

  • Right of access: You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and information under Art. 15 of Regulation.
  • Right to rectification: You have the right to obtain from us the rectification of inaccurate your Personal Data and in some cases to complete your Personal Data if it is incomplete under Art. 16 of Regulation.
  • Right to be forgotten: You have the right under certain grounds specified in Art. 17 of Regulation to have your Personal Data erased, e.g. you think your Personal Data are not necessary for the purposes mentioned above.
  • Right to restriction of processing: You have the right under certain grounds specified in Art. 18 of Regulation to have your Personal Data processing to be restricted, e.g. you contest the accuracy of your Personal Data, then for a period enabling us to verify the accuracy the processing should be restricted.
  • Right to be notified: If you have exercised your right to rectification, right to be forgotten or right to restriction of processing, you also have right to be notified if we communicate such steps to each potential recipient.
  • Right to data portability: You have the right under certain grounds specified in Art. 20 of Regulation to receive your Personal Data or to transmit those data to another controller.
  • Right to object: You have the right under certain grounds specified in Art. 21 of Regulation to object to processing based on necessity for the performance of a task carried out in the public interest or in the exercise of official authority vested in us or based on legitimated interests.
  • Right to lodge a complaint: If you think that your rights under Regulation were infringed you have general right to lodge a complaint with a supervisory authority, that is Personal Data Protection Office – e-mail