We value the protection of the personal data of our clients and other individuals. These privacy terms explain how personal data is processed by the law firm LEGATE, s.r.o., with its registered seat at Dvořákovo nábrežie 8/A, 811 02 Bratislava, Company ID: 35 846 909, registered in the Commercial Register of the Bratislava III City Court, Section: Sro, File No.: 27692/B (hereinafter referred to as “LEGATE” or “We”) in connection with the provision of legal services. If you have any questions, you may contact us by phone at +421 2 6252 7561, via email at info@legate.sk, or by post at our registered address.

These terms apply to our clients, website visitors, individuals contacting us via our website, our employees and job applicants, entities providing services or goods to LEGATE, and contact persons or other persons authorized to act on behalf of the aforementioned entities.

When processing personal data, we primarily adhere to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”), which also governs your rights as a data subject, as well as the relevant provisions of Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments to Certain Acts (the “Data Protection Act”), particularly Section 78, Act No. 586/2003 Coll. on Advocacy and on Amendments to Act No. 455/1991 Coll. on Trade Licensing (the “Advocacy Act”), and other applicable legislation. We observe the Code of Conduct adopted by the Slovak Bar Association (“SBA”), which further explains the rules for processing personal data by attorneys. The SBA’s Code of Conduct is available at www.sak.sk/gdpr.

Why do we process personal data?

The processing of personal data is necessary on our part in particular in order to:

• provide legal services to our clients and carry out the legal profession;
• fulfil various statutory, professional, and contractual obligations;
• protect the legitimate interests of ourselves, our clients, and other persons;
• inform our clients and potential clients about legal developments and, where appropriate, also about the achievements of the LEGATE law firm.

For What Purposes and on What Legal Grounds Do We Process Personal Data?

1. Performance of the Profession (Provision of Legal Services)

Legal Basis
Compliance with a legal obligation under Article 6(1)(c) of the GDPR – (Act No. 311/2001 Coll., the Labour Code, as amended, and other labour law regulations), and the performance of a contract under Article 6(1)(b) of the GDPR.
Compliance with a legal obligation under Article 6(1)(c) of the GDPR – (Act No. 586/2003 Coll. on Advocacy and on the Amendment of Act No. 455/1991 Coll. on Trade Licensing (the Trade Licensing Act), as amended), and the performance of a contract under Article 6(1)(b) of the GDPR.
Legitimate interest under Article 6(1)(f) of the GDPR.

Related Legislation
Advocacy Act, Code of Conduct for Lawyers, Act No. 40/1964 Coll., the Civil Code, as amended, and Act No. 513/1991 Coll., the Commercial Code, as amended.

Categories of Data Subjects and Processed Personal Data
Clients, clients’ counterparties, and other data subjects whose personal data must necessarily be processed in the course of providing legal services.

Scope of Processed Personal Data: Personal data is processed to the extent necessary for the provision of legal services.

Data Retention Period
The list of clients and the client file protocol maintained electronically shall be printed by the attorney at the end of each calendar year and stored at the office without time limitation. Other data shall be retained for 10 years from the date on which all conditions for archiving the file pursuant to applicable regulations are met.

2. Compliance with Legal Regulations and the Rules of the Slovak Bar Association

Legal Basis
Compliance with a legal obligation under Article 6(1)(c) of the GDPR.
Legitimate interest of lawyers or third parties under Article 6(1)(f) of the GDPR.
Public interest under Article 6(1)(e) of the GDPR.

Related Legislation
Advocacy Act, Code of Conduct for Lawyers, Act No. 297/2008 Coll. on the Prevention of Money Laundering and Terrorist Financing and on Amendments to Certain Acts, and Act No. 583/2008 Coll. on the Prevention of Criminality and Other Antisocial Conduct and on Amendments to Certain Acts.

Categories of Data Subjects and Processed Personal Data
Data subjects serving in statutory bodies of companies or cooperatives, shareholders, cooperative members, employees, close persons, and other data subjects whose personal data must necessarily be processed for the relevant purpose of personal data processing.

Scope of Processed Personal Data: Personal data is processed to the extent necessary to fulfil the obligations arising from applicable legal regulations.

Data Retention Period
10 years from the date on which all conditions for archiving the file are met in accordance with applicable regulations.

3. Marketing Purposes, Advertising and Business Communication

Legal Basis
Consent of the data subject under Article 6(1)(a) of the GDPR.
Legitimate interest under Article 6(1)(f) of the GDPR (promotion of the law firm and its services, increasing awareness in the online environment).

Our legitimate interest is to inform data subjects (clients, former clients, prospective clients) about our services, planned events, marketing campaigns, legal and business news, and to share the achievements of our law firm through electronic messages, telephone or personal communication.

Categories of Data Subjects and Processed Personal Data
Clients, potential clients, prospective clients, and individuals who have provided consent for their data to be processed for marketing or advertising purposes.

Scope of Processed Personal Data: Name, surname, email address, telephone number, company (if specified), and other contact details where applicable.

Data Retention Period
3 years from the date consent was granted by the data subject, or for the duration of the legitimate interest, or until the data subject objects to further processing or withdraws their consent for the processing of personal data.

4. Purposes Related to the Protection of Legitimate Interests, Including Premises Monitoring for the Protection of Property and Health

Legal Basis
Legitimate interest under Article 6(1)(f) of the GDPR (ensuring the protection of property and safety).

Categories of Data Subjects and Processed Personal Data
Video recordings of the data subject (visual recording of the face, visual recording of distinct physical features, visual recording of expressions of a personal nature, walking style, gestures, proxemics, etc., as well as visual recordings of (possible) communication between the data subject and another individual).

Scope of Processed Personal Data: Video recordings of the data subject.

Data Retention Period
15 days after the recording is made.

5. Statistical Purposes, Archival Purposes in the Public Interest, and Purposes of Historical and Scientific Research

Legal Basis
Article 89 of the GDPR

Related Legislation
Act No. 395/2002 Coll. on Archives and Registries and on Amendments to Certain Acts.

Categories of Data Subjects and Processed Personal Data
Clients, clients’ counterparties, and other data subjects whose personal data must necessarily be processed in the course of providing legal and other services.

Scope of Processed Personal Data: Personal data contained in archival documents.

Data Retention Period
10 years from the date on which all conditions for archiving the file are met pursuant to applicable regulations.

6. Accounting and Tax Purposes

Legal basis
Performance of a legal obligation pursuant to Article 6(1)(c) of the GDPR – in particular Act No. 431/2002 Coll. on Accounting, Act No. 595/2003 Coll. on Income Tax, Act No. 22/2004 Coll. on Value Added Tax.

Categories of data subjects and personal data processed
Employees, collaborators, suppliers, customers and their employees, and other data subjects whose personal data arise from tax and accounting records.

Scope of personal data processed: Personal data of data subjects contained in accounting and tax documents.

Retention period
10 years following the end of the calendar year to which the data relate.

7. Business Communication

Legal basis
The legitimate interest of the law firm pursuant to Article 6(1)(f) GDPR.

Our legitimate interest is to identify the most suitable service providers for the needs of the firm.

Categories of data subjects and personal data processed
Suppliers, customers and their employees, or other persons communicating on their behalf.

Scope of personal data processed: Common personal data of data subjects (primarily identification and contact details).

Retention period
5 years following the end of the calendar year in which the communication was concluded.

8. Management of Business Records and Registration and Notification of Changes to the Slovak Commercial Register, Trade License Register, and Register of Partners of the Public Sector

Legal basis
Performance of a legal obligation pursuant to Article 6(1)(c) GDPR.

Relevant legislation
Act No. 530/2003 Coll. on the Commercial Register and on Amendments and Supplements to Certain Acts, Act No. 513/1991 Coll. Commercial Code, as amended, Act No. 455/1991 Coll. on Trade Licensing (Trade Licensing Act), as amended, Act No. 757/2004 Coll. on Courts and on Amendments and Supplements to Certain Acts, Act No. 315/2016 Coll. on the Register of Partners of the Public Sector and on Amendments and Supplements to Certain Acts.

Categories of data subjects and personal data processed
Executives, partners, employees, and close persons.

Scope of personal data processed: Personal data processed to the extent strictly necessary for the fulfillment of obligations arising from the applicable legal regulations.

Retention period
5 years following the calendar year in which the organization ceased to exist.

Data concerning the beneficial owner are retained for 5 years from the date of cessation of the beneficial owner’s status in the respective business company, unless such data are part of a verification document publicly available online.

9. Sending Legal Newsletters

Legal basis
The legitimate interest of the law firm pursuant to Article 6(1)(f) GDPR or consent pursuant to Article 6(1)(a) GDPR.

Categories of data subjects and personal data processed
Clients and persons who have given consent to the processing of their email address for the purpose of receiving legal newsletters.

Scope of personal data processed: email address

Retention period

• Based on consent – for a period of 3 years from the date of consent or until its withdrawal, whichever occurs first.
• Based on legitimate interest – for the duration of the contractual relationship with the client and at most 1 year after its termination, or until the data subject objects to such processing.

10. Company Promotion (Including Publication of Client References and Feedback on Cooperation with Us)

Legal basis
Consent of the data subject pursuant to Article 6(1)(a) GDPR.

Categories of data subjects and personal data processed
Executives, employees, and collaborators.

Scope of personal data processed: Contact details and photograph of the data subject.

Retention period
Until the end of the calendar year in which the employment, cooperation agreement, or contractual relationship ended.

11. Communication with Potential Clients Contacting the Law Firm via the Contact Email Address

Legal basis
The legitimate interest of the law firm pursuant to Article 6(1)(f) GDPR.

Categories of data subjects and personal data processed
Potential clients.

Scope of personal data processed: email address and personal data provided during the communication.

Retention period
For the necessary period required to fulfill the purpose of providing a response.

12. Correspondence (Written and Electronic), Registry Management, and Mail Records

Legal basis
Performance of a legal obligation pursuant to Article 6(1)(c) GDPR. Legitimate interest pursuant to Article 6(1)(f) GDPR.

Categories of data subjects and personal data processed
Senders and recipients of correspondence, as well as other data subjects whose personal data are recorded in the mail registry.

Scope of personal data processed: Title, first name, last name, email address, and possibly other identification data; data regarding outstanding amounts, possible enforcement proceedings, disputes conducted in favor of or against the data subject; and other personal data contained in the correspondence or electronic mailbox.

Retention period
10 years after closing the incoming and outgoing mail logs, i.e., from the date of receipt or dispatch of the last item recorded in the log.

13. Employee Selection and Pre-Contractual Employment Relations

Legal basis
Consent of the data subject pursuant to Article 6(1)(a) GDPR.
Performance of a legal obligation pursuant to Article 6(1)(c) GDPR.
Performance of a contract pursuant to Article 6(1)(b) GDPR.
Legitimate interest pursuant to Article 6(1)(f) GDPR.

Relevant legislation
Act No. 311/2001 Coll., Labour Code, as amended.

Categories of data subjects and personal data processed
Job applicants.

Scope of personal data processed: Personal data contained in the CV, and possibly data from certificates of highest attained education.

Retention period
6 months from the date of conclusion of the selection process.

14. Human Resources and Payroll

Legal basis
Performance of a contract pursuant to Article 6(1)(b) GDPR.
Performance of a legal obligation pursuant to Article 6(1)(c) GDPR.
Legitimate interest pursuant to Article 6(1)(f) GDPR.

Relevant legislation
Act No. 311/2001 Coll., Labour Code, as amended;
Act on Advocacy, as amended;
other legislation in the field of labor law, including the Social Insurance Act, the Old-Age Pension Savings Act, the Health Insurance Act, as amended.

Categories of data subjects and personal data processed
Employees, former employees, cooperating persons, and close persons.

Scope of personal data processed: Personal data processed to the extent necessary for compliance with legal obligations.

Retention period
Personal files until the age of 70;
payroll records – 50 years after termination of employment;
pay slips, sickness insurance documents (registrations, deregistrations, changes, benefits), sick leave and other payroll documentation – 10 years following the year they relate to;
tax declarations related to payroll, wage deductions, payroll documents – 5 years;
vacation, occupational health and safety records, attendance – 5 years after termination of employment.

15. Network Security

Legal basis
Legitimate interest of the law firm pursuant to Article 6(1)(f) GDPR (ensuring network and other security).

Our legitimate interest is to ensure the security of data stored within the law firm’s IT environment by recording logs of actions performed by individuals within the firm’s network infrastructure.

Categories of data subjects and personal data processed
Employees, cooperating persons.

Scope of personal data processed: Identification data and data related to the activities of the data subject.

Retention period
1 year after the year in which the log was recorded.

16. Data Subject Requests

Legal basis
Compliance with a legal obligation pursuant to Article 6(1)(c) GDPR.

Categories of data subjects and personal data processed
Data subjects exercising their rights as data subjects.

Scope of personal data processed: Identification and contact data included in the request and the response to the request.

Retention period
5 years following the calendar year in which the request was fulfilled.

To whom do we disclose your personal data?

We disclose the personal data of our clients and other natural persons only to the extent necessary and always ensuring the confidentiality of the data recipient. This includes, for example, our employees, persons authorized to perform specific legal services, representing or cooperating lawyers, our accounting advisors, IT service providers, software vendors or support providers for our office, including their employees, the Slovak Bar Association (e.g., in case of disciplinary proceedings), the Office for Personal Data Protection of the Slovak Republic, tax authorities, competent courts, law enforcement authorities, and other relevant public authorities to whom we disclose personal data of natural persons as required by applicable legal obligations.

Although our obligation to disclose your personal data to public authorities is limited due to confidentiality requirements, we are obliged to prevent the commission of a criminal offense and to report information related to the prevention of money laundering and terrorism financing.

To which countries do we transfer your personal data?

The transfer of personal data of newsletter recipients containing legal updates to a third country outside the European Economic Area (EEA) (EU, Iceland, Norway, and Liechtenstein), or to an international organization, does not take place, and such cross-border transfer is not intended.

We use secure cloud services from a verified provider with servers located within the jurisdiction of the EU.

We do not carry out any automated individual decision-making, including profiling, based on your personal data.

How long do we retain your personal data?

We retain personal data only as long as necessary for the purposes for which the personal data are processed. In retaining personal data, we follow the recommended retention periods pursuant to Resolution No. 29/11/2011 of the Presidium of the Slovak Bar Association, for example:

• The incoming and outgoing mail books are kept by the lawyer for ten years from the date of receipt or dispatch of the last entry recorded in the book after it is filled;
• The inventory list is archived by the lawyer for ten years from the date of its creation;
• If the lawyer keeps a client register and client file protocol electronically, a printed version for the calendar year is prepared at the end of that year and stored indefinitely in the office;
• The retention period for the client file is 10 years and begins from the day when all conditions for filing the file in the archive are met.

The professional regulations applicable to lawyers interpret the obligations under the Act on Advocacy and specify certain circumstances that extend our data retention periods or prevent the destruction of certain documents for understandable reasons, such as:

• A client file containing original documents handed over by the client to the lawyer cannot be destroyed;
• Client file protocols and client registers cannot be destroyed;
• A client file or its part that the lawyer is obliged to submit to the state archive cannot be destroyed;
• A client file cannot be destroyed as long as any proceeding before a court, administrative authority, law enforcement agency, or the Slovak Bar Association is ongoing, which is related to the contents of the client file or concerns actions or omissions by the lawyer in providing legal assistance to the client.

How do we obtain your personal data?

If you are our client, we most often obtain your personal data directly from you. In such cases, providing your personal data is voluntary. Depending on the specific situation, failure to provide personal data may affect our ability to provide quality legal advice or, in exceptional cases, may oblige us to refuse to provide legal services. We may also obtain personal data about our clients from publicly available sources, public authorities, or other persons.

If you are not our client, we typically obtain your personal data from our clients or from other public or lawful sources, such as requests from public authorities, extracts from public registers, collection of evidence in favor of a client, and similar. In such cases, we may obtain your personal data without informing you and even against your will based on our lawful authorization and obligation to perform advocacy in accordance with the Act on Advocacy.

What rights do you have as a data subject?

If we process your personal data based on your consent to such processing, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Regardless of this, you have the right to object at any time to the processing of your personal data for direct marketing purposes, including profiling. As a client, you have the right to access your personal data and to request their correction.

When we process personal data in connection with providing legal services, you, as a client or any other natural person (e.g., opposing party), do not have the right to object to such processing under Article 22 GDPR. If the personal data concern a client (regardless of whether the client is a legal entity or a natural person), other persons do not have the right of access or the right to data portability due to our legal obligation to maintain confidentiality, pursuant to Article 15(4) GDPR, Article 20(4) GDPR, and Section 18(8) of the Act on Advocacy:
“An attorney is not obliged to provide information about personal data processing, allow access or data portability under a specific regulation if it could lead to a breach of the attorney’s duty to maintain confidentiality under this Act.”

You also have the right to file a complaint at any time with the Office for Personal Data Protection or with the Slovak Bar Association.

Processing of Cookies

Cookies are:

Small text files stored on your computer that enable analysis of your use of the website. Information stored in cookies can be retrieved by the website when you visit it again later. Cookies are also necessary to ensure that all processes on the website run smoothly. Furthermore, cookies make it easier for the user to reuse the website: information stored in cookies during the first visit, such as language settings, does not need to be entered again. This way, the website adapts to your individual needs to some extent (if you use the same device to access it).

Our website uses the Cookiebot CMP platform for cookie processing, which allows us to monitor and document any type of tracking on our website, display relevant information to website users, and automatically obtain and record all user consents. Users may give their consent to the use of cookies either fully, partially, or may refuse consent altogether. Our website is fully functional even without granting this consent or if consent is granted only in a limited scope. You can change or withdraw your consent to cookies on our website at any time.

Use of Cookies Upon Consent

If consent is granted, we use cookies for the following purposes:

• To provide an optimal service tailored to the client’s needs. For example, some information displayed to you during your first visit will not be shown again on subsequent visits.
• We ensure organizational and technical measures to protect your personal data and to prevent data loss or unlawful processing.

We use the following types of cookies:

• Necessary Cookies – These help make the website accessible by enabling basic functions such as page navigation and access to secure areas of the website. Without these cookies, the website cannot function properly.
• Preferences Cookies – These allow the website to remember information that changes the way the website behaves or looks, such as your preferred language or the region you are in.
• Statistics Cookies – These help us understand how users interact with our website by anonymously collecting and reporting information.
• Marketing Cookies – These are used to track users on our website with the aim of displaying advertisements that are relevant and engaging to individual users, thereby providing greater value to publishers and third-party advertisers.

Changes to the Privacy Policy

Protecting personal data is not a one-time matter for us. The information we are obliged to provide to you in connection with our processing of personal data may change or become outdated. For this reason, we reserve the right to modify and update these terms at any time and to any extent.

If we make material changes to these terms, we will bring such changes to your attention, for example, by a general notice on this website or by a separate notification via email.