This Privacy Policy (hereinafter referred to as "Policy") informs you how ARROWS advokátní kancelář, s.r.o., with registered office at Plzeňská 3350/18, 150 00 Prague, ID No. 067 17 586, registered in the Commercial Register maintained by the Municipal Court in Prague under file No. C 287750 (hereinafter referred to as "ARROWS" or "Company") obtains, stores and further processes your personal data in connection with your client or other relationship with the Company.
The purpose of this Personal Data Processing Policy pursuant to Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27. April 2016 (hereinafter referred to as the "GDPR") is to provide information on what personal data the Company, as a data controller, processes about individuals in the provision of its services and for what purposes and for how long the Company processes such personal data in accordance with applicable law, to whom and for what reason it may transfer them, as well as to inform about what rights individuals have in connection with the processing of their personal data and how they can exercise them.
This Policy applies to the processing of the data of our clients, i.e. you, if you are an individual, and/or your employees or members of your bodies, if you are a legal entity, or visitors to the ARROWS website, always to the extent of the personal data corresponding to your position in relation to ARROWS. All services we provide are intended for you as our Client acting in the course of your trade or other business and/or profession for your employer who is our Client ("Client" or "you").
This Policy is effective from 25 May 2018 and is issued in accordance with the GDPR to ensure the Company's information obligations as a controller under Article 13 of the GDPR.
The Company is the data controller of your personal data, with current contact details available at https://www.arws.cz/kontakt.
The Company is not obliged to appoint a data protection officer. The Company has not appointed a data protection officer.
ARROWS, as data controller, can be contacted directly at
ARROWS law firm s.r.o.
Plzeňská 3350/18, Prague 5 - Smíchov, 150 00
Tel.: +420 245 007 740
E-mail: office@arws.cz
Personal data is any information relating to a natural person, i.e. you, which the Company is able to identify you. In connection with the provision of services, the Company may process the following categories of personal data.
This is such data as is or in certain cases may be necessary to enter into a contract with you and includes in particular the following personal data:
This includes the following personal data:
This includes the following personal data:
This data is such data as is necessary for the provision of legal services and may include a wide range of personal data that you provide to us in order to protect your legal interests, which may include in particular the following personal data:
This is mainly personal data contained in email and written communications with the Client.
This includes your email address and name in case of personalization of the newsletter sent to you.
In order to provide you with its services, the Company needs to know your personal data, which it must then process. In particular, we process your personal data for the purpose of concluding and performing a contract for the provision of legal services between the Client and the Company, where the legal title of the processing is therefore the performance of the contract. For these purposes, personal data within the scope of the Basic Personal Identification Data as defined in Article 4.1 of this Policy is processed.
The personal data processed in this way is obtained from you directly at the time of entering into the service contract and also prior to the conclusion of the contract, in the course of negotiating the content of the contract and in the course of providing legal services.
Such personal data is processed by the Company only for the duration of the contractual relationship between the Client and the Company and for a period of five years after the termination of the provision of legal services between you and the Company, or for as long as the Company is required to do so by law.
When providing the services, the Company is obliged to comply with the obligations arising from the following legal regulations, namely Act No. 563/1991 Coll., on Accounting (hereinafter referred to as the "Act onAccounting"); Act No. 586/1992 Coll., on Income Taxes (hereinafter referred to as the "Act on Income Taxes") and Act No. 235/2004 Coll., on Value Added Tax (hereinafter referred to as the "Act on ValueAdded Tax"), Act No. 253/2008 Coll., on Certain Measures against the Legalization of Proceeds of Crime (hereinafter referred to as the "AML").
Some personal data may be included on accounting documents (i.e. invoices or other documents). The following laws: AML Law, ZÚ, ZDP or ZDPH require the Company to keep such documents, for up to 10 years. Therefore, if the Company is legally obliged to archive these documents, your personal data on the relevant document will be stored with them.
In the event that you are late in making a payment, we have not fulfilled our obligation or we have not received payment from you at all, or we have suffered other damage or harm from you, we may also process personal data on the basis of a legitimate interest in the recovery of our claims and/or the establishment, protection and enforcement of the Company's legal claims. We may retain your personal data for this purpose for the period of the limitation period pursuant to Act No. 89/2012 Coll., Civil Code.
The Company processes your personal data principally in cases where this is required by law, where the processing is necessary for the performance of a contract or where it is done on the basis of a legitimate interest of the Company. Only exceptionally do we process personal data on the basis of your consent, in accordance with the purpose and for the period of time specified in that consent.
The Company may send you as a client newsletters offering similar services related to services already provided to you, based on the legitimate interest of the Company or on the basis of your consent. We will send you newsletters for as long as you are a client of the company or unless you withdraw your consent earlier. You can stop receiving the newsletter at any time by simply unsubscribing at the bottom of each email or by sending an email to info@arws.cz.
The Company may also send the newsletter to third parties on the basis of their consent.
The Company uses the professional and specialized services of other entities in the performance of its obligations and duties under contracts. If these suppliers process personal data transmitted by the Company, they have the status of data processors and process personal data only within the framework of instructions from the Company and may not use it otherwise.
These include:
We have entered into data processing agreements with the data processors referred to in the preceding paragraph which guarantee at least the same level of protection for your personal data as this Privacy Policy.
The Company transmits your personal data to the administrative authorities and authorities specified by the applicable legislation in the performance of its legal obligations.
The Company has established and maintains the necessary reasonable technical and organizational measures, internal controls and information security processes in accordance with the best interests of users and with respect to their rights, commensurate with the potential risk to data subjects. It also takes into account the state of technological development in order to protect personal data from accidental loss, destruction, alteration, unauthorized disclosure or access. These measures may include, but are not limited to, taking reasonable steps to ensure accountability of employees who have access to sensitive data and documents, training of employees, regular backups, data recovery and incident management procedures, software protection of devices on which personal data are stored, among others.
The Company's employees are bound by a duty of confidentiality about all facts concerning you, even after termination of employment. A signed confidentiality statement is part of the Company's employee's employment contract.
If you exercise any of your rights under this Article 8 or under applicable law, we will inform any recipient to whom such data has been disclosed pursuant to Article 6 of this Policy of the action taken or the erasure of your personal data or the restriction of processing in accordance with your request, provided that such communication is feasible and/or does not require disproportionate effort.
If you wish to exercise these rights and/or obtain relevant information, you may contact us by email at info@arws.cz or in writing at the Company's registered office.
If you exercise your rights, we may require you to provide certain identifying information that you have provided to us. The provision of such information is necessary to verify that the relevant request was actually sent by you. We will respond to you within one month of receiving your request, but we reserve the right to extend this period by two months.
According to Article 15 of the GDPR, you have the right to access your personal data, which includes both the right to obtain from the Company:
where the rights and freedoms of others will not be adversely affected, a copy of the personal data.
In the event of a repeated request, the Company will be entitled to charge a reasonable fee for a copy of the personal data.
According to Article 16 of the GDPR, you have the right to rectification of inaccurate personal data that the Company processes about you. The User is also obliged to notify changes to his/her personal data and provide evidence that such a change has occurred. He is also obliged to provide the Company with assistance if it is found that the personal data processed about him is inaccurate. We will carry out the rectification without undue delay, but always taking into account the given technical possibilities.
Pursuant to Article 17 of the GDPR, you have the right to erasure of personal data concerning you, unless the Company demonstrates legitimate grounds for processing such personal data. The Company has set up mechanisms to ensure the automatic anonymisation or erasure of personal data in the event that they are no longer needed for the purpose for which they were processed.
According to Article 18 of the GDPR, the data subject will have the right to restriction of processing until the complaint is resolved if he or she contests the accuracy of the personal data, the grounds for processing or objects to the processing.
Pursuant to Article 20 GDPR, you have the right to the portability of data concerning you that you have provided to us as controller in a structured, commonly used and machine-readable format. You also have the right to ask us to transfer this data to another controller.
If the exercise of this right could adversely affect the rights and freedoms of third parties, your request cannot be granted.
According to Article 21 GDPR, you have the right to object to the processing of your personal data by the Company.
If the Company does not demonstrate that there is a compelling legitimate reason for the processing which overrides the interests or rights and freedoms of the data subject, the Company will terminate the processing without undue delay on the basis of the objection.
If you have given the Company your consent to the processing of personal data, you may withdraw it at any time. The revocation must be made by an express, intelligible and specific expression of will, either in writing to the Company's registered office or via the email address info@arws.cz.
You have the right to lodge a complaint regarding our processing of your personal data with the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7.
Please note that we may modify or update this Privacy Policy. Any changes to this Policy will become effective upon posting on the Company's website.
