Privacy policy

1. IDENTITY AND CONTACT DETAILS OF DATA CONTROLLER:

On account of and for the performance of the professional activity, ”Constantinof & Asociații” Law Firm processes personal data in the capacity of data controller.

Our headquarter is located in Bucharest, District 2, Vasile Lascar Street, no. 204, postal code: 020513, phone: +40 31 432 88 00, e-mail: office@constantinof.ro.

2. PURPOSE OF THIS PRIVACY POLICY:

Being aware of the need to ensure the confidentiality and protection of your personal data, we summarize here how we process such data, when you interact with our company either for our legal services or for auxiliary and support activities of our professional activity.

Please read this Privacy Policy carefully to understand our practices related to your personal data.

3. DEFINITION OF TERMS:

(1) The terms used in this Policy have the following meaning:

  • “Personal Data” means any information related to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is the person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • “Processing” means any operation or set of operations performed on personal data or on personal data sets, with or without the use of automated means, such as the collection, recording, organization, structuring, storage, adjustment or amendment, extraction, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction;
  • "Controller" means the natural person or legal entity, public authority, agency or other body who, individually or with others, determines the personal data processing purposes and means;
  • “Processor” means a natural person or a legal entity, public authority, agency or other body that processes personal data on behalf of the data controller;
  • “Recipient” means a natural person or legal entity, public authority, agency or other body to whom (which) personal data is disclosed, whether or not it is a third party. Public authorities to whom personal data may be communicated in the context of a certain investigation in accordance with Union law or national law are not deemed recipients;
  • “Third Party” means a natural or legal person, public authority, agency or body other than the Data Subject, Data Controller, Processor and persons who, under the direct authority of the Data Controller or Processor, are authorized to process Personal Data;
  • “Profiling” means any form of automatic personal data processing consisting in the use of personal data to assess certain personal aspects relating to an individual, in particular to analyze or predict aspects of performance at the workplace, economic situation, health, personal preferences, interests, reliability, behavior, location of the individual or their movements;
  • “Pseudonymization" means the processing of personal data in such a way that they can no longer be assigned to a particular Data Subject without the use of additional information, provided that such additional information is separately stored and is subject to measures of a technical and organizational nature, ensuring that such personal data are not assigned to an identified or identifiable individual;
  • "Consent" means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
  • "Cross-border Processing" means either: (a) processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or (b) processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State;

 

2) In the text of this Policy, Constantinof & Asociații Law Firm, may be referred to, simply, as the "Company" or the "Controller".

4. CATEGORIES OF PERSONAL DATA THAT CAN BE PROCESSED BY THE COMPANY:

Depending on the situation, the Company can process:

  • Contact details, such as mailing address, e-mail address and telephone number, name, company where the Data Subject is employed, job or position held;
  • Identity information, such as marital status, full name (including patronymic or form of address), date and year of birth, gender, other data from the ID documents, personal code, citizenship, country of origin;
  • Professional information (for instance, from the Resume);
  • Employment information (for example, information on the date of employment, position, salary, benefits, workplace, performance and education information);
  • Financial information (for example, bank and account details);
  • Technical information, such as information obtained as a result of you accessing the Internet from our premises or the materials and communications we send to you in electronic format;
  • Other personal information provided by you or obtained by us from public or third-party sources.

5. PURPOSES OF PERSONAL DATA PROCESSING BY THE COMPANY AND THE GROUNDS OF PROCESSING.

Purpose:Grounds:
•To assess potential collaborations with existing or prospective clients or with other contractual partners (suppliers of products or services) of our Company.

•Legitimate Interest

•Legal obligations, in particular according to Anti-money laundering and countering the financing of terrorism legislation.

•Providing legal assistance and client representation.

•Execution of the legal assistance contract.

•Legitimate Interest

•If required, the client’s consent

•Auxiliary activity to that of legal assistance, namely the administrative monitoring of clients files, as well as of the contracts that are logistically required to carry out the company's activity (for example, suppliers of IT, telephony, accounting, human resources, medical services, insurers, suppliers of products, etc.), including invoicing and debt recovery;

•Execution of contracts.

•Legitimate Interest

•If required, the client’s consent

•Legal protection of the Company.

•Legitimate Interest

•Legal obligations.

•Legislative compliance (for example: for the purpose of drawing up the recruitment, employment or, as the case may be, collaboration documents; for the purpose of complying with legal obligations as an employer or beneficiary of the services of collaborating lawyers; for the performance of the employment relationship and for the fulfillment of the employment contract (for example, for the management of salaries and benefits) and other related contracts (for example, with meal ticket providers); for the purpose of complying with legal archiving obligations, in the field of accounting and finance, prevention and money laundering, etc.)

•Legal obligations.

•Contract execution.

•Legitimate interest.

•Recruitment of human resources

•Legitimate interest.

•Legal obligations.

•If required, the consent

•Carrying out professional internships

•Legitimate interest.

•As the case may be, contract execution or consent.

•Management of relations with various authorities, mass media, various other entities.

•Legitimate interest.

•If required, the consent

•Development, promotion and administration of our professional activities and knowledge, according to the rules of the profession, for example through debates, classes, specialty conferences.

•Legitimate interest.

•If required, the consent

6. CATEGORIES OF PERSONAL DATA RECIPIENTS:

Categories of personal data recipients can be, as applicable:

  • public authorities and institutions (for example, courts of law, arbitration courts, Trade Registry, Land Registry, Electronic Archive, National Tax Administration Agency, other local and central public administration authorities, etc.);
  • experts, professionals from various areas of activity, involved in the legal assistance services we offer;
  • other persons involved in the projects we are part of or their designated representatives;
  • contractual partners of the Company (for example: external suppliers in the technical field (IT), insurance, telephony, e-mail, archiving, accounting and human resources).

7. POSSIBILITY OF PERSONAL DATA TRANSFER TO A THIRD COUNTRY

As a rule, in connection with the vast majority of the purposes mentioned above, the Company does not transfer personal data to countries outside the European Union. Occasionally, there is the possibility of data transfers to a third country, in the context of professional activity (for example, to external experts or consultants), respectively for activities auxiliary to the performance of our profession (for example, names and contact details, in the case of collaboration with lawyers from such jurisdictions or with entities that provide ratings and professional hierarchies). Any personal data transfer to countries outside the European Union will be carried out only to the extent necessary for the processing purposes mentioned above and in compliance with the legislation in force.

8. STORAGE PERIOD

The company aims to minimize processing by storing personal data. However, personal data processed by the Company may be stored for different periods of time, respectively: (i) the periods stipulated by the legislation in certain business areas (for example, the financial-accounting legislation, tax regulations, labor law or the law of National Archives); (ii) the legal statutory terms (for example, the statute of limitations) within which matters of legal liability could be incurred against the Company or by the Company; (iii) the duration of the collaboration. The period of time necessary for anonymization or effective destruction will be added to the above-mentioned periods.

9. THE EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS, INCLUDING PROFILING

Currently, the Company does not use such processes

10. IS THERE AN OBLIGATION TO PROVIDE PERSONAL DATA TO THE COMPANY? CONSEQUENCES OF REFUSAL TO PROVIDE SUCH DATA.

Considering the specifics of our activity, providing personal data does not correspond to a legal obligation of the Data Subject, but, as a rule, it corresponds to a contractual obligation undertaken by the latter.

The refusal to provide personal data may lead, as the case may be, to the impossibility of engaging the Company in a contractual relationship or to the limitation/termination of collaboration.

11. RIGHTS AND LIMITATIONS OF THE RIGHTS OF DATA SUBJECTS:

În situația în care datele dvs. cu carater personal sunt prelucrate de către Societate, aveți și puteți exercita drepturile specific reglementate de legislația din acest domeniu, respectiv:

  1. Data Subject's right of access (obtaining a copy of the personal data
  2. Right to rectification of personal data (correction, in case of inaccurate data)
  3. Right to delete data ("the right to be forgotten"), with the following legal limits: i) the existence of another legal ground for personal data processing than the consent; ii) the existence of legitimate reasons of the Company that prevail with regard to the processing of personal data; iii) if the processing of personal data involves the exercise of the right to freedom of speech and information; iv) in case the processing of personal data involves compliance with a legal obligation or the fulfillment of a task performed in the public interest or in the exercise of an official power; v) for reasons of public interest in the field of public health; vi) for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes; vii) if the processing of personal data involves establishing, exercising or defending a right in court.
  4. Right to restrict processing, only in the following cases: (i) the Data Subject challenges the accuracy of the data, for a period which enables the Data Controller to verify the correctness of the data; (ii) the processing is illegal and the Data Subject objects to the deletion of the personal data, instead requesting the restriction of use; (iii) if the Data Controller no longer needs the personal data for the purpose of processing, but the Data Subject requests them for establishing, exercising or defending a right in court; or (iv) the Data Subject has objected to the processing, as per Art. 21(1), for the period of time in which it is verified whether the legitimate rights of Data Controller prevail over those of the relevant Data Subject.
  5. Right to data portability, inapplicable if: (i) the processing is not based on consent or a contract; or (ii) the processing is not carried out by automated means.
  6. fRight to object, which does not apply if: (i) the processing is based on the grounds of legitimate interest, or on the grounds represented by the necessity of the processing for the performance of a task that serves a public interest. (ii) the Company demonstrates that it has legitimate and compelling reasons that justify the processing and that prevail over the interests, rights and freedoms of the Data Subject or that the purpose concerns the establishment, exercise or defense of a right in court.
  7. Right to lodge a complaint to the supervisory authority: The right can be exercised at the National Supervisory Authority for the Processing of Personal Data on General Gheorghe Magheru Avenue, no. 28 - 30, Bucharest, District, postal code 010336, phone: +40.318.059.211, e-mail: anspdcp@dataprotection.ro or in the courts of law, in case you deem that your rights have been violated.
  8. Right to withdraw your consent, specifying that the withdrawal of consent does not affect the legality of the processing carried out based on the consent, prior to its withdrawal, or when the processing takes place on other grounds.

For requests related to the protection of personal data, please send your written application to our seat in Bucharest, District 2, Vasile Lascar Street, no. 204, postal code: 020513, respectively by phone: +40 31 432 88 00.

The Company is entitled to request the provision of additional information regarding the identity of the applicant, if it has reasonable doubts as to the identity of the person submitting such an application.

To the extent that applications from a Data Subject are overtly unsubstantiated or excessive, the Company may either charge a reasonable fee or refuse to comply with the request.