The protection of the personal data of our clients and other natural persons is important to us. This Privacy Policy provides an explanation of how we process personal data when providing legal services at MADEJ & PARTNERS s.r.o., a law firm with its seat at Mýtna 42, 811 05 Bratislava, Slovak Republic, ID No.: 53 035 038, registered in the Commercial Register of the Municipal Court of Bratislava III, Section: Sro, File No.: 144124/B.
If you have any questions, you can contact us by phone at +421 2 212 919 91, by email at office@madej.sk or by post at our registered office.
In the processing of personal data, we are primarily governed by the EU General Data Protection Regulation (the “GDPR”), which also governs your rights as the data subject [1] the provisions of the Act on Personal Data Protection [2] applicable to us (in particular Section 78), the Act on Legal Profession [3] (Section 18) as well as other applicable legislation. We comply with the Code of Conduct adopted by the Slovak Bar Association (the “SBA Code“) that explains the processing of personal data by attorneys. You can familiarize yourself with the SBA Code in more detail here
Why do we process personal data?
In particular, the processing of personal data is necessary in order to:
- provide legal services to our clients and to practice law;
- comply with various legal, professional and contractual obligations; and
- protect the legitimate interests of ourselves, our clients and others.
What are our purposes of processing personal data and on what legal grounds are they made?
| Purposes of processing | Legal basis under GDPR |
| Provision of legal services | Compliance with a legal obligation pursuant to Article 6 (1) (c) GDPR or performance of a contract pursuant to Article 6 (1) (b) GDPR |
| Provision of non-legal services | Performance of a contract pursuant to Article 6(1)(b) GDPR or performance of a legal obligation pursuant to Article 6(1)(c) GDPR |
| Ensuring compliance with the laws and regulations of the Slovak Bar Association | Compliance with a legal obligation pursuant to Article 6 (1) (c) GDPR or public interest pursuant to Article 6(1) (e) GDPR |
| Increasing awareness of our firm | The legitimate interest of the firm pursuant to Article 6 (1) (f) GDPR or Consent of data subject pursuant to Article 6 (1) (a) GDPR |
| Statistical purposes | The legal basis that allowed the collection of personal data for original purposes (compatible purposes) in the light of Article 89 GDPR |
| Personnel and payroll | Compliance with a legal obligation pursuant to Article 6 (1) (c) GDPR, the performance of a contract pursuant to Article 6 (1) (b) GDPR |
| Accounting and tax purposes | Compliance with legal obligation pursuant to Article 6 (1) (c) GDPR |
What are our legitimate interests that we pursue?
| Legitimate interest | Explanation |
| Increasing awareness of our firm | When publishing content on our social networks (LinkedIn) and on our website, personal data may be processed based on our legitimate interest in increasing awareness of our firm in the online environment. We may publish information about legal advice (including references) and provide personal data to participate in ratings, rankings, and lists of recommended law firms. |
Who are the recipients of our personal data?
We provide the personal data of our clients and other natural persons only to the extent necessary and always while maintaining the confidentiality of the data recipient, for example to our employees, persons authorized to take individual legal actions within the provision of legal services, substituting or cooperating attorneys, our accountancy, the Slovak Bar Association (e.g. in the case of disciplinary proceedings) or to providers of software or the support to our law firm, including employees of those persons.
Although our obligation to provide your personal data to public authorities[4] is limited for confidentiality reasons, we are obliged to prevent the commission of a criminal offence and we also have the obligation to report information regarding the prevention of money laundering and terrorism financing.
To which countries do we transfer your personal data?
We do not intend to transfer your personal data outside the EU and/or European Economic Area (EU, Iceland, Norway and Lichtenstein). Email communication and electronic copies of all legal documentation related to our activity remain stored on servers located in the territory of the Slovak Republic.
How long do we store your personal data?
We store personal data as long as is necessary for the purposes for which personal data are processed. When storing personal data, we follow the recommended retention periods under the Resolution of Council of Slovak Bar Association no. 29/11/2011, for example::
- The incoming mail book / register and the outgoing mail book / register, after it has been filled, are kept by the attorney for ten years from the date of receipt or sending of the last mail registered in such book;
- The inventory list is archived by the attorney for 10 years after it is made;
- If the attorney keeps a list of client names and client records electronically, at the end of the calendar year he or she will make its printed form for the calendar year and store it in the office without any time limit;
- The client files shredding period is 10 years and starts to run on the day when all the conditions for the deposition of the file to the archive are fulfilled.
Attorneys are subject to professional regulations of the Slovak Bar Association that interpret their obligations under the Act on Legal Profession, according to which there are certain circumstances that extend our retention periods of personal data and explicitly prevent us from shredding some documents on reasonable grounds, such as:
- A client file that contains original documents delivered to us by the client cannot be shredded;
- It is not possible to shred client file protocols or lists of client file names;
- It is not possible to shred the client file or its part that the attorney is obliged to submit to the state archives;
- It is not possible to shred the client file if any proceedings before the courts, state administration bodies, law enforcement authorities, the Slovak Bar Association are pending that have a material relation to the contents of the client file or that concern the attorney’s legal action or omission in providing legal services in that client’s matter.
How do we obtain your personal data?
If you are our client, we often obtain your personal data directly from you. In that case, obtaining your personal data is voluntary. Depending on the particular case, the failure to provide personal data by clients may affect our ability to provide high-quality legal services or, in exceptional cases, may give rise to our obligation to refuse to provide legal services. Personal data about our clients may also be obtained from publicly available sources, from public authorities or from other third parties.
If you are not our client, we often obtain your personal data from our clients or from other public or statutory sources by making requests to public authorities, through extracts from public registers, obtaining evidence in favour of our client, etc. In such a case, we may obtain personal data without your knowledge and against your will on the basis of our statutory authorization and the obligation to practice law in accordance with the Act on Legal Profession.
If you are interested in a career at our firm, sending a CV and application request to our firm is voluntary. No candidate has any legal or contractual duty to provide us with their personal data during the admission proceedings. However, if a candidate refuses to provide any information, we may not be able to process a candidate’s request properly or at all. We only use the personal data of each candidate to assess their suitability for a position at our firm. CVs and application requests to our firm may be included in our firm’s database with the consent of the candidate and may be used for a future admission process. Candidates may withdraw their consent at any time by sending a notice to the e-mail address above. Please note that we can retain personal data on candidates in the extent of first name, surname and at least one other appropriate personal identification data for the list of unsuccessful candidates. We need to maintain such a list to administer admission proceedings effectively. A candidate has the right to object to such data processing.
What rights do you have?
If we process personal data based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You have a right to object to any processing that is based on legitimate interest or public interest as well as to any direct marketing purposes including profiling.
As a client, you have the right to request access to your personal data and request their rectification. When processing personal data during the provision of legal services, you have no right, as a client or any other natural person (e.g. a counterparty), to object to such processing under Article 22 of the GDPR. If personal data relate to a client (regardless of whether the client is a legal or natural person) other persons do not have the right of access to such data or the right to data portability, due to our legal obligation to maintain confidentiality with reference to Articles 15 (4), 20 (4) of the GDPR and Section 18 (8) of the Act on Legal Profession.
Changes to this Privacy Policy
Protection of your data is not a one-time issue for us. The information we give you with regard to the processing of personal data may change or cease to be up to date. For these reasons, we may change this Privacy Policy at any time and to any extent. If we change this Privacy Policy substantially, we will bring such changes to your attention through a general notice posted on our website.
[1] See Articles 12 to 22 of the GDPR (http://eur-lex.europa.eu/legal-content/SK/TXT/HTML/?uri=CELEX:32016R0679&from=EN).
[2] Act no. 18/2018 Coll. on protection of personal data (the “Act on Personal Data Protection”).
[3] Act No. 586/2003 Coll. on the Legal Profession and on Amending Act No. 455/1991Coll. on the Business and Self-Employment Services (Business Licensing Act) as amended (the “Act on Legal Profession”).
[4] Which, in terms of Article 4 Section 9 GDPR, are not considered recipients.