This page provides an English summary of our personal data processing notice. The authoritative and complete legal text is available in Slovak at Oznámenie o ochrane osobných údajov. In case of any interpretation discrepancy, the Slovak version prevails.
1. Controller and contact
Daligence, s. r. o., a law firm with registered office at Priemyselná 668/9, 821 09 Bratislava – mestská časť Ružinov, Slovak Republic, Reg. No. (IČO): 57 596 638, registered in the Commercial Register of the Bratislava III City Court, Section: Sro, Insert No. 198854/B (the "firm" or "we") is the controller of your personal data within the meaning of Article 4(7) of Regulation (EU) 2016/679 ("GDPR") and § 18(6) of Act No. 586/2003 Coll. on the Legal Profession ("Legal Profession Act").
Business name: Daligence, s. r. o.
Address: Priemyselná 668/9, 821 09 Bratislava – mestská časť Ružinov, Slovak Republic
Email: office.daligence@gmail.com
We process personal data in accordance with GDPR, Act No. 18/2018 Coll. on personal data protection (in particular §§ 17 and 78), the Legal Profession Act (in particular § 18), and the Code of Conduct for attorneys adopted by the Slovak Bar Association ("SBA") under Article 40 GDPR.
After assessment under Article 37 GDPR, we have not appointed a Data Protection Officer. Please contact us directly using the details above.
2. Why we process your personal data
Processing of personal data is necessary in particular to:
- provide legal services to our clients and practice as attorneys;
- comply with various statutory, professional and contractual obligations;
- protect our legitimate interests, those of our clients and other persons.
3. Sources of personal data
We obtain personal data primarily from clients, from data subjects themselves, from public registers, from public authorities, from counterparties, from other parties to proceedings and from third parties depending on the nature of the specific legal matter. Where our client is a legal entity, the data subjects include its statutory bodies, employees, contact persons, ultimate beneficial owners and other individuals whose personal data we process in providing legal services.
4. Purposes and legal bases
We apply the data minimisation principle. The legal basis for processing depends on the specific purpose and category of data subject. Main processing purposes include:
- Provision of legal services — Art. 6(1)(b), (c) or (f) GDPR depending on category; special categories under Art. 9(2)(f) GDPR (assertion of legal claims); data on convictions and offences under § 17 of Act No. 18/2018 Coll. + § 18(6),(7) of the Legal Profession Act;
- Statutory activities of attorneys (register of public sector partners, contract authorisation, guaranteed conversion) — Art. 6(1)(b) + (c) GDPR;
- Compliance with legal and SBA rules — Art. 6(1)(c) and (f) GDPR;
- AML obligations under Act No. 297/2008 Coll. — Art. 6(1)(c) GDPR;
- Accounting and tax obligations — Art. 6(1)(c) GDPR;
- Data and IT security — Art. 6(1)(c) + Art. 32 GDPR, and Art. 6(1)(f) GDPR;
- Premises security — Art. 6(1)(f) GDPR;
- Recruitment — Art. 6(1)(b) GDPR; candidate database only with consent under Art. 6(1)(a);
- Marketing — legal basis varies by channel per Article 6 GDPR and § 116 of Act No. 452/2021 Coll. on electronic communications (consent, soft opt-in, or legitimate interest);
- Correspondence records — Art. 6(1)(f) GDPR;
- Legal claims assertion and defence — Art. 6(1)(f) GDPR; special categories under Art. 9(2)(f) GDPR;
- GDPR requests handling — Art. 6(1)(c) GDPR;
- Website operation, contact form, technical cookies and server logs — Art. 6(1)(f) GDPR and Art. 6(1)(b) GDPR (pre-contractual measures via contact form); technical cookies do not require consent under § 109 of Act No. 452/2021 Coll.
5. Recipients of personal data
Categories of recipients:
- Processors (Art. 28 GDPR): IT service providers, email and cloud storage providers, interpreters and translators, accounting and administrative providers, printing services, physical and cyber security providers;
- Independent controllers: banks and financial institutions, accounting firms and tax advisors, notaries, experts, bailiffs, court interpreters, cooperating external attorneys where they act as independent controllers;
- Joint controllers (Art. 26 GDPR): in some cooperation with external attorneys or joint projects;
- Public authorities: courts, police, prosecutor's office, Office for Personal Data Protection of the Slovak Republic, Slovak Bar Association, tax authorities, Social Insurance Agency, health insurance funds, real estate cadastre — always within the limits of applicable law and attorney-client privilege under § 23 of the Legal Profession Act;
- Authorised persons within the firm: managing director, attorneys, trainees, employees;
- Others upon your instruction.
6. Retention periods
We keep personal data only for as long as necessary for the purposes for which they are processed, unless a legal regulation permits or requires longer retention. Key retention periods:
- Client file — 10 years from meeting conditions for archiving (SBA rules);
- Accounting records — 10 years following the year concerned (Act No. 431/2002 Coll.);
- AML documentation — 5 years from end of relationship / transaction;
- Contact form messages — for the time needed to handle the request, then up to 3 years;
- GDPR data subject requests — 5 years from resolution;
- Server logs — 6 to 12 months.
Special rules apply to client files under SBA regulations — in particular, files containing client originals cannot be destroyed, and files related to ongoing proceedings cannot be destroyed either.
7. Automated individual decision-making
We do not carry out automated individual decision-making under Art. 22 GDPR that would produce legal effects concerning data subjects or similarly significantly affect them.
8. Transfers to third countries
Where we use providers whose services may involve processing personal data in third countries (in particular the United States) or remote access from third countries, we ensure that any such transfer is subject to safeguards under Articles 44 to 49 GDPR (adequacy decisions such as the EU–U.S. Data Privacy Framework, Standard Contractual Clauses, or other appropriate safeguards).
9. Your rights as a data subject
Under GDPR you have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), object (Art. 21), not be subject to automated individual decision-making (Art. 22), and lodge a complaint with the supervisory authority (Art. 77).
Restrictions due to attorney-client privilege
Where processing is necessary for provision of legal services, compliance with an attorney's statutory obligations, or protection of client's rights, the exercise of your rights may be restricted by the attorney's statutory duty of confidentiality under § 18(8) of the Legal Profession Act (in conjunction with Art. 14(5)(d), Art. 15(4) and Art. 20(4) GDPR).
Supervisory authority
You may lodge a complaint with the Office for Personal Data Protection of the Slovak Republic, Galvaniho 7/B (Galvaniho Business Centrum II), 821 04 Bratislava (effective from 1 June 2026; until 31 May 2026 at Námestie 1. mája 18, 811 06 Bratislava), email: statny.dozor@pdp.gov.sk, website: www.pdp.gov.sk.
Exercising your rights
You may exercise your rights electronically or in writing at the contact details in Section 1. We will inform you of measures taken within one month of receiving the request, extendable by two months where necessary. Where we have reasonable doubts about the requester's identity, we may request additional information for verification (Art. 12(6) GDPR).
10. Changes to this notice
We reserve the right to amend this notice at any time. Where the amendment is material, we will draw it to your attention (for example by notice on the website or by separate communication). Each substantive change is versioned with a new version number and effective date.
For the complete legal text with detailed provisions on processing purposes, recipient categories, retention tables, marketing regimes and your rights, please refer to the Slovak version: Oznámenie o ochrane osobných údajov.