Privacy Policy

Nexia Law — Header

Privacy Policy

1. General Provisions

1.1 Controller and Applicable Law. This Privacy Policy (“Policy”) sets out the rules for processing and protecting personal data on the website nexial-law.cz (“Website”). Personal data are processed by Nexial Law, a company registered in the Czech Republic (“Company,” “we,” “us”), in full compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, “GDPR”) and Czech Act No 110/2019 Coll. on the Processing of Personal Data, together with related legislation.

1.2 Scope of the Policy. The Policy applies to all personal data we collect from natural persons when they use the Website, request our services or receive our legal services. It explains what data are collected, for what purposes and on what legal grounds they are processed, how long they are retained, to whom they may be disclosed, what safeguards are applied and what rights data subjects have. By using the Website or otherwise providing personal data to us, you acknowledge that you have read this Policy.

1.3 Age Restrictions. The Website is not intended for persons under 15 years of age. We do not knowingly collect personal data from children under 15 without parental or guardian consent. If you are under 15, please do not submit personal data via our Website without such consent.

2. Categories of Personal Data
We Collect and ProcessWe observe the principle of data minimisation and collect only the personal data necessary for the purposes described below.

2.1 Ordinary (General) Personal Data. Depending on how you interact with us, we may collect:

Identification data – first name, surname, title or position (where you represent an organisation).
Contact data – e-mail address, telephone number, postal or residential address.
Enquiry data – information you provide when contacting us via the Website form, by e-mail, phone or otherwise (including personal data of third parties you provide).
Service-related data – when concluding a legal-services contract we may request ID-number, tax ID, employer or company details (for corporate clients), payment information, etc.
Technical data – IP address, browser type and version, cookies (see Section 4), on-site activity data collected automatically for security, functionality and analytics purposes.

2.2 Special Categories of Personal Data. You may voluntarily provide information that falls under Article 9 GDPR (e.g., health, religious beliefs) or Article 10 GDPR (criminal convictions). We do not intentionally request such data via the Website, but if you supply them we will process them only with your explicit consent or where Article 9 (2) (f) GDPR (establishment, exercise or defence of legal claims) or other GDPR grounds apply. Criminal-conviction data are processed only in accordance with Article 10 GDPR and Czech law, subject to additional safeguards.

Purpose	Legal Basis (GDPR)
3.1 Provision of legal advice and services – responding to enquiries, negotiating and performing contracts, representing you before authorities.	Contract performance or pre-contractual steps Art. 6(1)(b); explicit consent for special-category data Art. 6(1)(a) + 9(2)(a); or Art. 9(2)(f) where necessary for legal claims.
3.2 Compliance with legal obligations – AML/KYC checks, accounting, tax, court or law-enforcement requests.	Legal obligation Art. 6(1)(c); special-category bases Art. 9(2)(b)–(g).
3.3 Website operation and security – ensuring functionality, preventing fraud, analysing performance.	Legitimate interests Art. 6(1)(f). Analytical cookies only with consent.
3.4 Marketing communications – newsletters, legal updates, event invitations.	Consent Art. 6(1)(a) and § 7 Act 480/2004 Coll.; or legitimate interests Art. 6(1)(f) for service-related updates, with opt-out right.
3.5 Protection of Company rights – dispute resolution, debt collection, defence against claims.	Legitimate interests Art. 6(1)(f); Art. 9(2)(f) for special-category data.

4. Cookies and Similar Technologies
4.1 What Cookies Are. Cookies are small text files stored on your device when you visit the Website; they allow the site to recognise your browser and remember preferences.
4.2 Types of Cookies We Use.

Strictly necessary cookies – essential for core functions; used on legitimate-interest basis.
Analytical / functional cookies – help us improve the Website; set only with your consent (e.g., Google Analytics).
Marketing cookies – not currently used; would require separate consent if introduced.

4.3 Cookie Management. On first visit you can choose which cookies to allow (except strictly necessary). You can change preferences via the cookie banner or your browser settings. Disabling certain cookies may affect Website functionality.

5. Marketing Communications
5.1 Subscription. With your explicit consent we will send e-mails containing news, legal briefings, service information or event invitations.
5.2 Right to Opt Out. You may unsubscribe at any time via the “Unsubscribe” link or by e-mailing us; we will then cease marketing processing. Transactional or service messages may still be sent as they are not promotional.
5.3 Use of Third-Party Mailing Services. We may use specialised e-mail platforms acting as processors under data-processing agreements; your data are not sold or shared for third-party marketing.

6. Disclosure to Third Parties
We treat personal data confidentially and disclose them only:

to authorised Company staff bound by confidentiality;
to service providers (IT hosting, cloud storage, mailing platforms, analytics) under DPAs;
to partners involved in your mandate (experts, translators, notaries, other lawyers) with your consent or instruction;
to public authorities when required by law or necessary to protect rights.

Processors may use the data solely on our instructions and for specified purposes.

Data Category	Typical Retention
Enquiry data (no contract)	Up to 1 year after last contact; special-category data deleted immediately after response unless other grounds exist.
Client files (contract)	Up to 10 years after service completion, to meet legal and defence requirements.
Accounting / tax records	10 years after end of financial year, per Czech law.
Marketing contacts	Until consent withdrawn or objection received.
Cookies & logs	As per Section 4: session or 1 day–24 months for analytics; server logs 6–12 months.

After expiry we delete or anonymise data, unless needed for ongoing claims or audits.

8. Data-Subject Rights
Under GDPR you may exercise: right of access, rectification, erasure, restriction, data portability, objection, withdrawal of consent, and the right to lodge a complaint with the Czech Office for Personal Data Protection. Requests are answered within one month (extendable by two months where necessary).
The Company does not use automated decision-making that produces legal or similarly significant effects on you.

9. Data-Security Measures
We implement appropriate technical and organisational measures, including: role-based access control, encrypted TLS connections, infrastructure firewalls and IDS, encryption or pseudonymisation of sensitive data, regular audits and incident-response procedures. While no system is absolutely secure, we apply industry-standard safeguards to minimise risk.

10. Contact Details

Controller: Nexial Law, Prague, Czech Republic
E-mail: support@nexial-law.cz
Data Protection Officer (if appointed): support@nexial-law.cz

Use these contacts for any data-protection enquiries, rights requests or incident reports.

11. Changes to This PolicyWe may amend this Policy from time to time. Updated versions will be posted on this page with the effective date. Material changes may be announced on the Website or by e-mail where possible. Continued use of the Website after changes take effect constitutes acceptance of the updated Policy.