v. 1.1, Effective as of 20 September 2021
1. INITIAL PROVISIONS
1.2.1 visit our website at eldison.com ("our website");
1.2.2 contact us via contact forms on our website; are applicants for a job;
1.2.3 are provided with our legal services; or
1.2.4 use our services via dharma grid.
1.3 We provide our services in the Czech Republic and the Slovak Republic. Therefore, your personal data may be processed either by:
1.3.1 Eldison, advokátní kancelář, s.r.o., with its registered office at Panská 854/2 Prague 1, 110 00, the Czech Republic, Company Reg. No. 056 78 064, registered in the Commercial Register maintained by the Municipal Court in Prague, File. No. C 268799; or
1.3.2 Eldison, advokátska kancelária, s.r.o, with its registered office at Mynské nivy 16, Bratislava 821 09, Slovak Republic, Company Reg. No. 47 257 431, registered in the Commercial Register maintained by the District Court Bratislava I, Section: Sro, Insert No. 103592/B
(jointly “Eldison” or “we”).
1.4 We process your personal data with high respect to you, your privacy and in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (the “GDPR”) and applicable national laws.
2. DATA PROCESSING
2.1 We process your personal data in the following situations:
2.1.1 Pre-contractual relationships
(a) When we process it: if you are an individual interested in a cooperation with Eldison (candidate for a job, prospective partner/supplier/customer), you may contact us via the contact forms available on our website.
(b) What personal data we process: your full name, email address and other personal data which you share with us in your message. When your message is sent, your IP address and the date and time of your message will be also saved.
(c) Why we process this personal data (the purpose): we need to handle your request regarding our future cooperation.
(d) Legal grounds for processing this personal data: performance of a contract or in order to take steps at your request prior to entering into a contract according to Article 6 (1) b) of GDPR.
2.1.2 Contractual relationship
(a) When we process it: we process personal data of our existing customers in order to provide them our services.
(b) What personal data we process: The data processed for such purpose may include: full name, company email, phone number, company name, industry and other data and information which you share with us.
(c) Why we process this personal data (the purpose): it is necessary for the provision of our services.
(d) Legal grounds for processing this personal data: performance of a contract according to Article 6 (1) b) of GDPR.
(a) When we process it: if you apply for a job, we may process personal data of unsuccessful candidates for a job in our internal database for the period of up to three (3) years.
(b) What personal data we process: personal data in your CV and resumes.
(c) Why we process this personal data (the purpose): we need to handle your request regarding our future cooperation.
(d) Legal grounds for processing this personal data: consent according to Article 6 (1) a) of GDPR during the hiring process or through a third-party website (e.g., jobs.cz).
(e) Objections and erasure. You can withdraw your consent at any time by sending an email to firstname.lastname@example.org
2.1.4 Compliance with legal obligations
(a) When we process it: in some instances, legal regulations impose obligations on us under which we are obliged to process your personal data (e.g., laws governing provision of legal services, anti-money laundering laws, accounting laws, taxes and/or provision of any data to public authorities based on law). Thus, we also process your data for the purpose of keeping internal records and fulfilling our legal obligations.
(b)What personal data we process: as required by legal regulations.
(c) Why we process this personal data (the purpose): we need to stay compliant with our legal obligations.
(d) Legal grounds for processing this personal data: legal obligations according to Article 6 (1) c) of GDPR.
2.1.5 Legitimate interest
(a) When we process it: Eldison may process your personal data serving legitimate purposes (e.g., some data are required to be retained by legal regulations, some data are necessary to maintain the mutual relationship with you – for instance billing purposes, statutory archiving duty or to comply with any other legal, regulatory or reporting obligations or to assert or defend against legal claims).
(b) What personal data we process: as necessary to protect our legitimate interest.
(c) Why we process this personal data (the purpose): specific to the legitimate interest processed.
(d) Legal grounds for processing this personal data: legitimate interest according to Article 6 (1) f) of GDPR.
3. COOKIES ON OUR WEBSITES
3.1.1 essential cookies, which are essential for the proper functioning of our website, provide important features and ensure the security of our page; and
3.1.2 analytical and technological cookies, which are used for statistical purposes, for example to track and monitor, what country, what pages and what method was used to visit our website, and which help us to improve our website by collecting and reporting information on how our website is being used.
3.2 When you visit our website, you are informed through a cookie banner that we collect cookies. The essential cookies are necessary to visit our website. Analytical and technological cookies will only be used if you give your consent.
3.3 When shown the cookie banner you must make a choice whether you just want to accept the essential cookies, or you allow us to also use analytical and technological cookies.
3.4 The legal ground for the use of essential cookies is our legitimate interest according to Art. 6 (1) f) of GDPR, the legal ground for the use of analytical and technological cookies is your consent according to Art. 6 (1) a) of GDPR.
4. HOW WE COLLECT YOUR PERSONAL DATA?
4.1 We may collect your personal data directly from you or your devices if you visit our website or contact us via our website. We may also collect your personal data directly from you if we provide you with any legal services.
4.2 We may also collect your personal data from trusted third-party sources, especially if you are a job applicant.
5. THIRD-PARTY WEBSITES
5.1 Our website may contain links (which may take the form of hyperlinks, widgets, clickable logos, images, or banners) to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. We strongly recommend that you read their privacy policies and terms and conditions of use to understand how they collect, use, and share information. We are not responsible for the privacy practices or the content of third-party websites.
5.2 Eldison is currently using so-called social plugins from linkedin.com (“plugin”), which is indicated by the logos on our website. When you visit our website, your browser establishes a direct connection with the servers on which this plugin runs. The content of the plugin is transferred directly by LinkedIn to your browser, which then integrates it into our website. Integration of the plugin causes LinkedIn to receive the information that you have accessed on the corresponding page of our website. If you are logged with LinkedIn, it will be able to assign your visit to our website to your account on LinkedIn. Please note that an exchange of this information already takes place when you visit our website, regardless of whether you interact with the plugin or not. If you do not want LinkedIn to gather data about you via our website, you must log out of them before visiting our website.
6. WHO HAS ACCESS TO YOUR DATA?
6.1 Good teamwork makes every task more manageable. Therefore, your personal data may be shared among our team members. However, we may disclose your personal data only to our authorized employees, independent contractors, or associated attorneys who need your personal data for their task.
6.2 We may also disclose personal data to third parties that provide services to us for the provision of our services and managing or protecting our website.
6.3 If we process personal data of job applications, we may use services and applications of third parties to manage HR processes, whereas these third parties are processors of your personal data and act upon instructions of Eldison as the data controller
6.4 Subject to the previous paragraphs, your personal data shall not be shared or provided to any other third party without your consent except for the following cases:
6.4.1 we are obliged to provide your personal data on the basis of law or upon order of a public authority; or
6.4.2 it is specifically allowed by applicable legal regulations.
7. HOW LONG WE KEEP YOUR DATA
7.1 For how long we keep your personal data also depends on the legal basis on which your data is processed.
7.2 Shall the processing be based on legitimate interest; your data will be processed for as long as the given legitimate interest of Eldison exists and will be erased once this legitimate interest ceases to exist (see personal data processed for legitimate interest - clause 2.1.5).
7.3 For data kept based on legal obligations the data retention period is prescribed by applicable legal regulations and shall be deleted once the legally prescribed time period lapses.
7.4 For data processed based on performance of a contract the data is processed for the duration of the contractual relationship and for an applicable limitation period (see personal data processed for legitimate interest - clause 2.1.5).
7.5 Shall the processing be based on your consent your personal data shall be erased after you withdraw your consent. Please bear in mind that the same data may as well be processed based on other legal basis in which case your withdrawal of consent might not mean a full erasure of your data.
8.1 Eldison shall ensure that your personal data is stored securely. Therefore, we have introduced adequate physical, technical, and organizational measures and plans to protect and secure all information collected via our website or our services.
8.2 The aim is to eliminate unauthorized or unlawful processing of your personal data, or accidental, unauthorized or unlawful access, use, transferring, processing, copying, transmitting, alteration, loss or damage of your personal data. Despite all efforts and meeting all rules set out by applicable legal regulations, it is not possible to guarantee the security of your data if it is transferred or transmitted in an unsecured way.
9. YOUR RIGHTS
9.1 In connection with processing of your personal data and subject to GDPR you have the following rights:
9.1.1 right of access which means that you are entitled to be informed inter alia about what personal data Eldison processes about you, for what purposes, who are the recipients of your personal data subject to restrictions arising from GDPR and laws applicable to the provision of legal services;
9.1.2 right to rectification which means that you have a right for any of your incomplete, inaccurate or out-of-date personal data to be rectified;
9.1.3 right to erasure (‘right to be forgotten’) which means that you may be entitled, under certain circumstances, to erasure of personal data that we have collected and processed about you;
9.1.4 right to restriction of processing which means that in given cases such as when we process inaccurate personal data about you or you deem the processing as no longer necessary you may ask for a restriction of the processing;
9.1.5 right to data portability which means that you may have a right, under certain circumstances, to receive personal data you provided to us within a structured, commonly used and machine-readable format and have it transmitted to another controller where technically feasible; and
9.1.6 right to object which means that you are entitled to object, on grounds relating to your particular situation, at any time to the processing of personal data that concerns you and is carried out in the public interest or for the purposes of legitimate interests pursued by Eldison, including profiling.
9.2 Should you wish to exercise any of your rights you may contact us at: email@example.com.
9.3 The protection of personal data is supervised by your relevant supervisory authority. In Czech Republic, it is the Czech Office for Personal Data Protection with address: Pplk. Sochora 27, 170 00 Praha 7, tel. 234 665 111 (web: www.uoou.cz) and in Slovak Republic, it is Office for Personal Data Protection of the Slovak Republic, address: Hraničná 12, 820 07 Bratislava 27, tel. 232 313 214 (web: https://dataprotection.gov.sk/uoou/).
11. HOW TO CONTACT US