When providing legal services, Mgr. Milan Chytil, Attorney-at-Law, processes the personal data of his clients and other persons if it is necessary for the provision of these legal services. Personal data are processed in accordance with applicable legal regulations, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – hereinafter only the “GDPR”).
I. Basic information about the Attorney-at-Law (personal data controller)
Mgr. Milan Chytil, Attorney-at-Law with his registered office at Vrchlického Sad 1963/6, 602 00 Brno, Reg. No.: 66223997 (hereinafter only the “Attorney-at-Law”)
tel.: 542211713, e-mail: firstname.lastname@example.org, website: www.akchytil.cz
II. Data protection officer
A data protection officer has not been appointed.
III. The purpose of personal data processing
The personal data that the Attorney-at-Law processes in connection with the provision of legal services are processed for the following purposes
• the performance of a contract for the provision of legal services (Art. 6 (1) (b) of the GDPR);
• compliance with legal obligations imposed upon the Attorney-at-Law, as the controller of personal data, by applicable legal regulations (Art. 6 (1) (c) of the GDPR), in particular by Act No. 85/1996 Coll., on the Legal Profession, and Act No. 253/2008 Coll., on Selected Measures against Legitimisation of Proceeds of Crime;
• defending the legitimate interests of the Attorney-at-Law (Art. 6 (1) (f) of the GDPR).
IV. Legal basis for personal data processing
The legal basis for personal data processing is primarily constituted by applicable legal regulations of the CR and the GDPR.
V. The extent of personal data processing
The Attorney-at-Law processes personal data only to the extent necessary to fulfil the purpose for which they have been collected. The Attorney-at-Law processes personal data provided by his clients or ascertained in other ways in the following scope:
• Identification data (name, surname, title, date of birth or birth registration number, and address),
• Contact information (contact address, telephone/mobile phone number, and e-mail address),
• Account number,
• Data transferred to the Attorney-at-Law by his clients that are related to the provision of legal services or required by law.
VI. Recipients of personal data
The Attorney-at-Law is authorized to transfer personal data to:
• authorized recipients (e.g. public authority bodies, the Czech Bar Association in the case of a complaint, or a bank in the case of administration of entrusted financial means) for the purposes set forth by law,
• accounting and tax advisors or providers of information system maintenance,
• other Attorneys-at-Law or trainees of the Attorney-at-Law representing the Attorney-at-Law,
• other persons and entities, if the client has given an instruction or consent thereto, if it follows from the nature of provided services or if it is necessary for the reasons of the client´s legitimate interests.
VII. Transferring personal data to third countries or international organizations
The Attorney-at-Law processes personal data exclusively in the territory of the Czech Republic and has no intention to transfer them to a third country or to an international organization.
VIII. Personal data processing period
The personal data will be processed during the contractual relationship between the Attorney-at-Law and his client for the purpose of performing the contract. The Attorney-at-Law will retain the client´s personal data during a general limitation period commencing from the termination of the contractual relationship for the purpose of protecting his own rights and protected interests. For the purpose of performing a legal obligation, the Attorney-at-Law will store the client´s personal data during the period necessary to fulfil the archiving obligation of the Attorney-at-Law pursuant to applicable legal regulations.
IX. Rights of persons whose data is being processed
The client, as the data subject, has the following rights under the GDPR:
• the right to access personal data – the right of the client to obtain the information from the Attorney-at-Law as to whether he is processing his client´s personal data and, if so, the client has the right to obtain access to these data and related information under Art. 15 (1) of the GDPR.
• the right to rectification – the client has the right to ask the Attorney-at-Law for an immediate rectification of inaccurate personal data upon the client´s request. The client has the right to complete such inaccurate personal data.
• the right to erasure of personal data represents the obligation of the Attorney-at-Law to erase the personal data of the client that he is processing if the conditions defined by the GDPR are fulfilled and if their erasure is requested by the client.
• the client has the right to request the Attorney-at-Law to restrict the processing of his/her personal data in certain cases.
• the client has the right to object at any time to processing based on the legitimate interests of the Attorney-at-Law or a third party or processing that is necessary to perform a task in the public interest or to exercise public authority.
• the right to data portability gives the client the possibility to obtain the personal data that the client has provided to the controller in a regular and machine-readable form. These data may be subsequently transmitted to another controller or, if technically possible, the client has the right to request the controllers to transmit such personal data between them.
• the right to revoke the consent to personal data processing will not be applied, because the client´s personal data are processed for the reason of performing the contract concluded with the client and they are not processed based on the consent to processing.
• if the client is not satisfied in any way with his/her personal data processing carried out by the Attorney-at-Law, as the controller, he/she may lodge a complaint directly to the Attorney-at-Law or he/she may address the Office for Personal Data Protection with its registered office at Pplk. Sochora 27, 170 00 Prague 7.
• more information about the client´s rights is available on the website of the Office for Personal Data Protection. (https://www.uoou.cz/6-prava-subjektu-udaj/d-27276)
X. Automated individual decision-making, including profiling
No automated decision-making or profiling takes palce in the office of the Attorney-at-Law.
XI. The security of personal data
The Attorney-at-Law pays attention to the security of personal data that he has obtained during his activities. Organizational and technical measures have been adopted to protect and secure personal data.
XII. Final provisions
These rules of personal data protection come into effect on 25 May 2018.
Brno, 25 May 2018
Mgr. Milan Chytil