Privacy Policy

The protection of your personal data, as well as the protection of any other personal data you provide, is important to us and we will always follow this policy in our dealings with you. When you use our services, it is important to us that the processing of the information provided to you is completely understandable, transparent, accurate and that you are aware of all your rights.

Personal data is any information about an identified or identifiable data subject. An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier (name, number, network identifier) or to one or more specific elements of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

This Privacy Policy (“Policy“) explains:

  • what personal data we will process;
  • how we use the personal data we collect and on what legal basis;
  • who has access to the personal data;
  • for how long we will process the personal data;
  • how we process personal data in the Evolio information system;
  • how we secure personal data;
  • what cookies we use and
  • what rights you have in relation to data protection.

Our activity consists in providing the Evolio information system – software for law firms (hereinafter also referred to as “Software“) and related services (in particular providing updates, technical support and consulting services). We process the following information:

  • personal data that you provide to us for the purpose of licensing the Software and related services offered by us through the Evolio information system, whether yours or the personal data of your employees, statutory or other representatives, collaborators (e.g. Evolio, your personal data, the personal data of your clients, employees and statutory or other representatives of your clients, your business partners, or the personal data of other interested parties (such persons may include, but are not limited to, counterparties or business partners of your clients, parties to any proceedings, witnesses, experts, interpreters or, for example, legal representatives of such interested parties). This includes, in particular, personal data resulting from the concluded contract for our services, necessary for the performance of the contract and personal data stored by you in the database of the Software in the context of the use of its functionalities as software for the management of electronic attorney’s files and related agendas, consisting in moving, storing, migrating or splitting the database or its part for the purpose of identifying defects in the Software, analyzing the behavior of the Software, testing and commissioning new versions of the Software or its customization.
  • The most common categories of personal data will be:
    • identification data (e.g. name, surname, title, date of birth, birth number, ID number, VAT number, membership in professional chambers),
    • address details (e.g. home and business address, e-mail address, telephone number),
    • descriptive data (e.g. bank details, copies of documents, order history, etc.),
    • special – sensitive data (in particular, data relating to trade union membership, health or the sex life or sexual orientation of a natural person);
  • we also process information about your activity on our website. By visiting our website, your activity on our website is recorded. We use cookie technology to analyse traffic on our website. When you visit our site, we collect information about your behavior on the site, such as the number of pages visited, length of visit, pages visited, repeat visits, etc. We never associate this information with any of your personal data, such as information you fill in forms or your IP address. Further information on the use of cookies is set out below.
  • We use the data you provide (disclose) to provide you with the highest possible level of service, targeted to your specific needs, or, for example, to contact you and provide you with the information you have requested. At the same time, we need your personal data in order to fulfil our own statutory obligations as well as the obligations to which we have committed ourselves within the framework of our contractual relationship. We also use the information we collect to send you commercial communications, i.e. to keep you informed about events, upcoming changes or new services we provide.
  • We use the information collected from cookies (when you visit our website) to improve the user experience of the website and the overall quality of our services. We use several third-party services for this purpose (see below).
  • We may use the information obtained from third parties (central execution register, insolvency register, commercial register, trade register) to provide our services and to protect our legally protected interests.

We process your personal data in accordance with the above-mentioned Policy on the basis of the performance of a mutual contract or your request, on the basis of the performance of our legal obligations, on the basis of our legitimate interest or on the basis of your consent, if any, given for specific processing (in some cases for commercial communications). We will always carefully evaluate whether your consent is required before using information for a purpose other than those set out in this Policy. If so, we will inform you and ask for your consent.

Our legitimate interests on the basis of which we process your personal data are based on our relationship with each other. Our legitimate interests for processing your personal data are in particular:

  • Contacting and informing you in the course of mutual business relations, including, where appropriate, direct marketing and sending you newsletters; if you have received our newsletter, it is because you are our client. For this, we only use your email address and first and last name to personalize the message;
  • improving the services we provide to you;
  • the effective provision of customer support services; and
  • protection of our and your legal claims (e.g. in case of unpaid invoices).

We use personal data in our internal documentation, in which we keep records of where personal data is stored, how it is secured, whether it has been deleted, who within our company deleted it and when, so that we are able to demonstrate that our personal data handling practices comply with the law, as well as comply with other obligations under other legislation.

You can refuse the processing of your personal data for the purpose of sending commercial communications at any time and this will of course not affect our relationship with you. We will endeavour to send you only a reasonable number of communications that are relevant to you when working with the system. If you are unsure whether your consent to receive such communications has been granted, or if you wish to withdraw your consent, simply send us an email with the relevant request to podpora@evolio.cz or to any other address from which you have received commercial communications from us. Withdrawal of consent shall not affect the lawfulness of processing based on consent given before its withdrawal. When withdrawing or withholding consent, please note that our communications may contain important information about the use or updating of the system, and it may be that if you are not the recipient of these communications, the absence of certain information may result in limited use or outdated versions of the system you are using.

It is possible that if you do not provide basic data for the provision of our services, it may not be possible to provide our services at all or only to a limited extent.

AVE Soft cares about the protection of all personal data, therefore we only transfer personal data to third parties for the above purposes and only to the extent necessary and in compliance with all legal regulations relating to the protection of personal data. If we transfer your personal data to third parties, we always do so only to the extent necessary and on the basis of an adequate contract with these parties, so that we can best ensure that the personal data is handled properly.

The following recipients have access to your personal data (not the data entered by you into the Evolio information system):

  • cloud or IT service providers;
  • government authorities according to our legal obligations, in particular the Financial Administration of the Czech Republic and the Czech Social Security Administration;
  • the company that does our accounting for us.

If you are interested in finding out which specific recipients have access to your personal data, please do not hesitate to contact us.

We will only process your personal data for as long as necessary to fulfill the above purposes for which it was collected – the provision of the Software and related services. If the terms and conditions of the provision of the Software change in a way that will affect the personal data processing activities (in particular, if the licensing model for the provision of the Software changes), the processing period depends on the period for which the performance of the activities under the specific contract is necessary to fulfil AVE Soft’s obligations. We will process personal data primarily for the duration of the contractual relationship, i.e. when providing the services listed above.

In addition, we will retain personal data for the period of time specified by individual laws. In addition, we may retain personal data for a period of time specified by other regulations, in cases where our contractual relationship requires us to keep these documents for you for the legal length of time.

For purposes based on legal grounds of our legitimate interest, the period is 3 years from the execution of the contract/order or cancellation of access to the Software.

In the event that you enter any personal data into the Software, we are not entitled to involve any other processor (even as a hosting or data storage provider or server operator) in the processing of your personal data without your prior consent. In order to comply with the protection of personal data in the Software, we have adopted technical and organizational measures that are appropriate to the risks arising from the nature of the processing of personal data, in particular:

  • we encrypt the contents of the database,
  • we do not provide any third party with access to personal data and the means of accessing it (in particular personal computers, data carriers, servers, databases and Software and the keys and passwords that allow access to them);
  • we do not use any third party online services to store or otherwise process personal data without the prior consent of the controller;
  • we have secured any storage, equipment, networks or services used to process personal data with a password of at least 8 characters using a combination of upper and lower case letters and numbers by two-factor login;
  • we have ensured that servers used for personal data processing activities are located in the data centre with protection against unauthorised access and with sufficient protection against power and connectivity failures;
  • we have implemented electronic means of protection in the form of antivirus and anti-malware software on all devices used to process personal data;
  • we will comply with all of your internal rules regarding the security of data and electronic information if you require us to do so and demonstrably make us aware of them;
  • we will ensure that access to databases containing personal data processed by the Software is limited to employees who have been instructed to comply with security measures and who are bound by a duty of confidentiality to the extent necessary to enable them to fulfil their obligations under this clause, whereby the duty of confidentiality of such employees is not linked to the duration of the contractual relationship with you or limited in time in any way.

If we become aware that any personal data breach has occurred, we are obliged to inform you immediately, but no later than 24 hours after becoming aware of the breach, stating at least the manner of the breach, the categories of personal data affected, and the identification of the subjects whose personal data is affected, a description of the likely consequences of the breach, and a description of the measures we have taken to address the personal data breach, including, where appropriate, measures to mitigate any adverse effects, if the breach is attributable to us and if the information is discoverable by us through means appropriate to the purpose of providing the Software.

If you ask us to delete certain personal data processed in connection with the provision of the Software, we will do so no later than 24 hours after receiving your request and will send you a record or other proof of such deletion upon your request. Personal data processed by means other than electronic means (in particular in the form of documents) will be transmitted to you on the basis of this invitation in the form of actual transmission of the corresponding documents, unless you request another way of dealing with these data (their disposal).

In addition, we will enable you or persons authorised by you to check compliance with the obligations under this Policy, in particular to check the personal data security conditions.

We store personal data on computer servers with limited access in the Czech Republic or another member state of the European Union. All servers are located in secure facilities. Only selected AVE Soft employees have access to personal data to the minimum extent necessary to ensure the operation of the Software, the provision of related services and the performance of the contract.

Cookies are short text files that the server administrator places on the user’s computer when the website (www.evolio.cz) is loaded. Technically, it is a series of codes by which the browser collects and then sends information about the user’s behaviour back to the relevant server; it is information that is collected and tells about the user’s actions and behaviour.

Our website, like almost all websites, uses cookies to give you the best user experience. Specifically, our cookies help us to make our website work as you would expect it to, help make our site faster, more secure and better for the user. We will only store cookies for as long as is necessary for the proper functioning of the website, but no longer than one year.

We do not use cookies to collect any sensitive data, to pass personal data to third parties or to obtain commission on sales.

Unfortunately, for some cookies there is no way to prevent the use of these cookies other than to stop using our website.

Our website, like most websites, also includes functionality provided by third parties. A common example is the inclusion of YouTube videos on the site. Disabling these cookies is likely to prevent the operation of functionalities provided by these third parties.

We also use Google Analytics as part of third-party functions, but only to a basic extent for the creation of basic statistical reports (see statistical cookies).

Some features of our website are based on cookies. Even if you have consented to the use of cookies that track your behaviour on the website, you can subsequently block their use. If you choose to block cookies, you may not be able to log in or use these features and you may lose preferences that are based on cookies. The use of cookies can be set using your internet browser. Most browsers automatically accept cookies by default. You can refuse cookies or set your web browser to use only certain cookies.

You can find information about browsers and how to set preferences for cookies in your browser settings.

You have the following rights in relation to our processing of your personal data:

  • the right of access to personal data;
  • the right to rectification;
  • the right to erasure (“right to be forgotten”);
  • the right to restriction of data processing;
  • the right to object to processing;
  • the right to data portability;
  • the right to lodge a complaint about the processing of personal data.

Your rights are explained below to give you a clearer idea of their content.

Right of access means that you can ask us at any time to confirm whether or not the personal data concerning you is being processed and, if so, for what purposes, to what extent, to whom it is disclosed, for how long we will process it, whether you have the right to rectification, erasure, restriction of processing or to object, where we obtained the personal data and whether automated decision-making, including possible profiling, is taking place on the basis of the processing of your personal data. You also have the right to obtain a copy of your personal data, whereby the first disclosure is free of charge and we may charge a reasonable administrative fee for further disclosures.

The right to rectification means that you can ask us to correct or complete your personal data at any time if it is inaccurate or incomplete.

The right to erasure means that we must erase your personal data if (i) are no longer necessary for the purposes for which they were collected or otherwise processed, (ii) the processing is unlawful, (iii) you object to the processing and there are no overriding legitimate grounds for the processing, (iv) we are under a legal obligation to do so; or (v) you withdraw your consent in relation to the personal data you have consented to the processing of.

The right to restrict processing means that until we have resolved any disputed issues regarding the processing of your personal data, we may not process your personal data other than by storing it and, where appropriate, using it only with your consent or for the establishment, exercise or defence of legal claims.

The right to object means that you can object to the processing of your personal data that we process for direct marketing purposes or for legitimate interest, including profiling based on our legitimate interest. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. In the event of an objection to processing based on other grounds, this objection will be evaluated and we will then inform you whether we have complied with it and will no longer process your data, or that the objection was not justified and the processing will continue. In any case, processing will be restricted until the objection is resolved.

Right to portability means that you have the right to obtain personal data relating to you which you have provided to us on the basis of consent or contract and which is also processed by automated means, in a structured, commonly used and machine-readable format, and the right to have that personal data transmitted directly to another controller.

The right to withdraw consentmeans that you can withdraw your consent to the processing of personal data that you have given us at any time. In this case, we will cease to process your personal data on the basis of this legal title unless another legal title no longer exists.

If you have a comment or complaint about data protection or a query about the person responsible for data protection in our company or if you exercise any of your rights, please contact our responsible person at podpora@evolio.cz.

Our activities are also supervised by the Office for Personal Data Protection, to which you can lodge a complaint if you are dissatisfied. You can find out more on the Authority’s website (www.uoou.cz).

Our Policy may be amended from time to time. We will post any changes to the Privacy Policy at www.evolio.cz and if there are significant changes, we will notify you in more detail (for some services, we may notify you of changes to the Policy by email). We have archived previous versions of this Policy for you to access in the future.

This Policy is effective from 1. 5. 2020.