# Privacy Policy — IUSTORIA > Privacy policy and data processing principles of IUSTORIA law firm. - Canonical URL: https://www.iustoria.cz/en/privacy/ - Markdown URL: https://www.iustoria.cz/en/privacy/index.md - Language: en - Content type: page ## Content # Privacy Policy pursuant to Regulation (EU) 2016/679 (GDPR) and Czech Act No. 110/2019 Coll., on personal data processing ## 1. Data Controller The controller of your personal data is: **IUSTORIA, advokátní kancelář, s.r.o.** IČO: 173 53 866 Registered office: Slovákova 279/11, Veveří, 602 00 Brno Registered in the Commercial Register maintained by the Regional Court in Brno, Section C, File 129769 E-mail: [info@iustoria.cz](mailto:info@iustoria.cz) Phone: +420 777 366 857 The controller has not appointed a Data Protection Officer, as this obligation does not arise under applicable law. For all matters related to the protection of personal data, please contact us at the e-mail address above. ## 2. What Personal Data We Process In connection with the provision of legal services and the operation of our website, we may process the following categories of personal data: ### a) Clients and prospective clients - **Identification data:** name, surname, date of birth, company ID (IČO), tax ID (DIČ) - **Contact details:** e-mail, phone number, address, data box (datová schránka) - **Case-related data:** all information and documents you provide in connection with your legal matter - **Payment data:** bank account number, information on invoices paid - **Audio recordings:** recordings of telephone calls and in-person meetings (where made pursuant to Art. 8 of our General Terms and Conditions) ### b) Website visitors - **Contact form:** name, e-mail, phone number, and message content - **Newsletter:** e-mail address, if you subscribe to our updates (processing based on consent; the service is provided by Ecomail.cz) - **Analytical cookies:** we use Google Analytics 4 to measure website traffic and Leadinfo for company identification of visitors (reverse IP lookup). Both services are activated only with your consent (Consent Mode v2). Fonts are loaded locally. ## 3. Legal Bases for Processing We process your personal data on the following legal bases under Art. 6(1) GDPR: - **Performance of a contract (Art. 6(1)(b)):** processing is necessary to provide legal services under a legal services agreement - **Legal obligation (Art. 6(1)(c)):** compliance with obligations under Act No. 85/1996 Coll., on the Legal Profession, Act No. 253/2008 Coll. (AML), and applicable tax and accounting regulations - **Legitimate interest (Art. 6(1)(f)):** documenting client communications, protecting our rights in potential disputes, making audio recordings pursuant to the General Terms and Conditions - **Consent (Art. 6(1)(a)):** where processing goes beyond the purposes listed above (e.g. sending commercial communications) ## 4. Purposes of Processing - Providing legal services and communicating with clients - Client identification and due diligence under AML regulations - Invoicing, accounting, and tax record-keeping - Documenting client instructions and the substance of legal consultations - Protecting the legitimate interests of the controller (defence in potential disputes) - Handling enquiries submitted through the website contact form ## 5. Recipients of Personal Data As a rule, we do not share your personal data with third parties. Only the attorneys and employees of our firm who need the data to perform their duties have access to it. All are bound by a duty of confidentiality. Where necessary, data may be disclosed to: - Courts, public authorities, and administrative bodies — on the basis of a legal obligation - External collaborators (e.g. accountants, tax advisors) — always under a data processing agreement - Hosting and IT service providers — under a data processing agreement - Leadinfo B.V. (the Netherlands) — identification of companies visiting the website based on IP address, only with your consent We do not transfer personal data to third countries outside the EU/EEA. ## 6. Retention Period We retain personal data for the period necessary to fulfil the purpose of processing: - **Client file:** for the duration of the contractual relationship and subsequently for 10 years after the termination of legal services (in accordance with the regulations of the Czech Bar Association) - **Accounting and tax documents:** for the period required by law (typically 10 years) - **Audio recordings:** for the period necessary for the purposes set out in Art. 8 of the General Terms and Conditions, but no longer than the applicable limitation period - **Contact form:** for the time needed to handle the enquiry, up to a maximum of 1 year - **AML data:** for 10 years after the end of the business relationship (Act No. 253/2008 Coll.) Once the retention period expires, data is securely deleted or anonymised. ## 7. Your Rights As a data subject, you have the following rights under the GDPR: - **Right of access (Art. 15 GDPR):** you have the right to obtain confirmation as to whether we process your personal data, and if so, to access the data and information about the processing - **Right to rectification (Art. 16 GDPR):** you have the right to have inaccurate data corrected and incomplete data completed - **Right to erasure (Art. 17 GDPR):** you have the right to request the deletion of your personal data where the purpose of processing has ceased to exist, you have withdrawn your consent, or the processing is unlawful. This right is limited by the attorney's obligation to retain the client file. - **Right to restriction of processing (Art. 18 GDPR):** you have the right to request restriction of processing, e.g. where you contest the accuracy of the data - **Right to data portability (Art. 20 GDPR):** you have the right to receive your data in a structured, commonly used format - **Right to object (Art. 21 GDPR):** you have the right to object to processing based on legitimate interest - **Right to withdraw consent:** where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out prior to the withdrawal - **Right to lodge a complaint:** you have the right to file a complaint with the Office for Personal Data Protection (Úřad pro ochranu osobních údajů, Pplk. Sochora 27, 170 00 Praha 7, [www.uoou.cz](https://www.uoou.cz)) To exercise your rights, please contact us at [info@iustoria.cz](mailto:info@iustoria.cz). We will respond to your request without undue delay, and no later than within 30 days. ## 8. Security of Personal Data We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, destruction, or loss. All members of our team are bound by attorney-client privilege and a duty of confidentiality. ## 9. Cookies and the Website Our website uses the following types of cookies: - **Necessary cookies:** ensure basic website functionality (storing your cookie preferences). These cannot be disabled. - **Analytical cookies (Google Analytics 4 + Microsoft Clarity + Leadinfo):** measure traffic and user behaviour. Microsoft Clarity records heatmaps and session recordings (anonymised). Leadinfo identifies companies visiting the website based on IP address (it does not identify individuals). Both services are activated **only with your express consent** (Consent Mode v2). GA4 data is stored on Google servers within the EU. Clarity data is processed by Microsoft (EU servers). Leadinfo data is processed by Leadinfo B.V. (the Netherlands, EU). - **Marketing cookies:** we do not currently use these. The option is available for potential future use. On your first visit to the website, a cookie banner will be displayed allowing you to make a granular selection. You can change your preferences at any time by clicking the "Cookie settings" link in the website footer. Fonts (Cormorant Garamond and DM Sans) are loaded directly from our server — no data is sent to third-party servers. ## 9a. Newsletter If you subscribe to our updates, we process your e-mail address on the basis of your consent (Art. 6(1)(a) GDPR). E-mails are sent via the **Ecomail.cz** service (JEDC s.r.o., IČO: 07360380), which acts as a data processor under a data processing agreement. You may unsubscribe at any time by clicking the link in each e-mail or by contacting us at info@iustoria.cz. Your e-mail address will be deleted within 30 days of unsubscribing. ## 10. Automated Decision-Making Your personal data is not subject to automated decision-making or profiling within the meaning of Art. 22 GDPR. ## 11. Effective Date This Privacy Policy is effective as of 1 January 2025. We reserve the right to update it at any time. The current version is always available on this page.