RIHA legal
RIHA legal — law firm

Privacy

Privacy notice

How RIHA legal processes data when you visit the static website, communicate directly, or receive legal services.

Paid booking link status

Paid booking links are not offered from this static website while we verify the booking, payment and consumer process. This static website currently contains no paid booking link; arrange an appointment directly with the firm.

Before paid booking links are published, we will update this notice to reflect the actual providers, roles, processing destinations, transfer mechanisms and retention periods.

Controller and contact

The Controller is RIHA legal advokátní kancelář s.r.o., Company ID 21006601, registered office at Moulíkova 2239/3, 150 00 Praha 5, data box cfiuk4i. Legal services are provided by JUDr. Vojtěch Říha, Ph.D., Czech Bar registration no. 18591.

Send privacy questions and requests to vojtech.riha@riha-legal.com, call +420 606 182 522, use the data box, or write to the registered office.

Contact the Controller →

Scope of this notice

The website is static, has no local contact or booking form, and sets no analytics or marketing cookies. Contact takes place directly by e-mail, phone, data box or post.

Do not send sensitive documents by ordinary e-mail without prior agreement; we will select a secure delivery method for the matter.

Categories of personal data

We process only data proportionate to the specific purpose and the way you contact us.

  • technical and security data for the static website, such as IP address, time, requested URL, browser identifier and security event;
  • identity and contact data, communication content, and preferred appointment or contact method;
  • data necessary for the legal service, contractual and accounting records; special-category data only where necessary and supported by a condition under Article 9 GDPR.

Purposes and legal bases

We do not use consent as a blanket basis for handling an enquiry or providing legal services.

  • website security and availability — legitimate interest under Article 6(1)(f) GDPR;
  • handling an enquiry, arranging and providing legal services — pre-contractual steps and contract performance under Article 6(1)(b) GDPR;
  • accounting, tax and professional obligations — Article 6(1)(c) GDPR;
  • security and establishing, exercising or defending claims — Article 6(1)(f), and for necessary special categories in particular Article 9(2)(f) GDPR.

Categories of recipients

Access is limited to authorised attorneys and staff bound by confidentiality. External providers may receive only data necessary for technical, communications, accounting or security activities.

  • static hosting and security logs
  • office e-mail and telecommunications infrastructure
  • accounting, security, backup and IT services to the extent necessary for their task;
  • courts, public authorities and other authorised recipients where disclosure is required by law or necessary for a legal claim.

Processing outside the European Economic Area

Some technical or communications infrastructure providers may process data outside the EEA. Such a transfer is permitted only in compliance with Chapter V GDPR, in particular under an adequacy decision or another applicable safeguard.

Before paid booking links are published, this notice must reflect the actual recipients and transfers in the booking and payment flow.

Retention criteria

We retain data only as long as necessary for the purpose. The period depends on statutory archiving duties, professional rules, operational and security needs, the duration of the legal service, infrastructure settings and limitation periods for protecting claims.

  • ordinary technical logs until the operational and security need ends; an incident record for its investigation and protection of claims;
  • an enquiry until resolved and thereafter only as necessary to evidence communication and protect claims;
  • contractual, accounting and legal records under the applicable statutory duty, file purpose and claim periods; where disputed, until final resolution.

Source of data and whether it is required

We obtain data mainly from you. In legal work it may also come from your representative, an opposing party, a public authority or public register. We provide Article 14 information where required and not prevented by a specific statutory exception or professional secrecy.

Data necessary for identity, contact and the legal service is a contractual or statutory requirement; without it, the enquiry may not be assessable or the service may not be provided.

Rights

Subject to the GDPR, you have rights of access (Article 15), rectification (16), erasure (17), restriction (18), recipient notification (19), portability (20), objection (21), and protection against solely automated decisions with legal or similarly significant effects (22). Where consent is exceptionally used, it may be withdrawn without affecting prior lawfulness.

Rights are not absolute, especially where data must be retained by law or for legal claims. After verifying identity, we respond without undue delay and generally within one month. Send a request to vojtech.riha@riha-legal.com or another Controller contact.

Right to complain

Under Article 77 GDPR, you may complain to the Czech supervisory authority, the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, e-mail posta@uoou.gov.cz, data box qkbaa2n. Contacting RIHA legal first is not a condition of complaining.

Czech supervisory authority complaint information →

Automated decision-making

RIHA legal performs no solely automated decision-making or profiling with legal or similarly significant effects on the static website or when deciding whether to provide legal services.

Related terms

The online consultation terms describe the future electronic order, consumer rights and consultation rules.

Online consultation terms →

Last legally reviewed on 14 July 2026.