Personal data processing policy

Valid from 12.05.2024

  1. General aspects

We hereby explain the Privacy Policy of our Online Services, available at www.legaltobusiness.com or through our attorneys, through any means of communication you choose to use in your relationship with us.

By "Offer" / "Services" we understand our activity, which may consist of one or more services such as: legal consultations and requests; legal assistance and representation before the courts, criminal investigation bodies, authorities with jurisdictional powers, public notaries and bailiffs, public administration bodies and institutions, as well as other legal entities, under the law; the drafting of legal documents, the attestation of the identity of the parties, the content and the date of the documents presented for authentication; assisting and representing interested natural or legal persons in front of other public authorities with the possibility of certifying the identity of the parties, the content and the date of the concluded documents; the defense and representation with specific legal means of the rights and legitimate interests of natural and legal persons in their relations with public authorities, with institutions and with any Romanian or foreign person; mediation activities; fiduciary activities carried out under the terms of the Civil Code; the temporary establishment of the headquarters for companies at the professional headquarters of the lawyer and their registration, in the name and on behalf of the client, of the parties of interest, of the social parts or of the shares of the companies thus registered; special curatorship activities according to the law and the Statute of the lawyer profession; any means and ways specific to the exercise of the right of defense, under the law, intended for the general public and/or commercial customers. Our offers are generally not intended for contracting by persons under the age of 18.

  1. Presentation

We, i.e. Andreea ION – Law Firm based in Bucharest, Sector 1, Str. Av. Petre Crețu no. 49, Building C1, fiscal code 28635739 and Roman HAMED Law Office with headquarters in Bucharest, Sector 6, Str. Gurghiului Mountains no. 10 and work point in Bucharest, Sector 1, Str. Av. Petre Crețu no. 49, Building C1, fiscal code 31908626, Law Offices (hereinafter jointly referred to as ”The Office” or ”we”) which collaborate on the basis of a collaboration agreement registered at the Bar Bucharest, we are the operator of your personal data, as a beneficiary of our Services, in the sense of data protection regulations.

Our contact details:

Bucharest, sector 1,

Street Av. Petre Crețu no. 49, Building C1, 012051

Telephone / fax +40.314.33.44.48,

Mobile: +40.771.269.583,

e-mail: datepersonale[at]legaltobusiness.com

The Cabinet respects confidentiality and will process personal data under adequate technical and organizational security conditions, according to the Data Processing Policy, adopted in accordance with Regulation (EU) 2016/679 ("GDPR").

Through this document we want to inform you about (i) the nature of the personal data we process for our online and offline Services, (ii) the purpose of the processing and (iii) the legal basis of the processing.

  1. The data protection officer

You can contact the Data Protection Officer at datapersonale[at]legaltobusiness.com

  1. Personal data

Any information relating to an identified or identifiable natural person is personal data. An identifiable person is considered if the identification can be made directly or indirectly, in particular by reference to an identification element, such as name, surname, identification number, location data, an online identifier or one or more specific elements , specific to his physical, physiological, genetic, psychological, economic, cultural or social identity. Information that cannot be associated with your identity (such as the number of views of a Service or other statistical data) is not personal data.

In principle, you can consult our Services without disclosing personal data. using the online contact form or requesting an offer involves the disclosure of personal data.

We generally collect personal data directly from data subjects. If your personal data has been provided to us by a third party or has reached us in error, you have all the remedies provided by law for this purpose, for the deletion of the data.

  1. Storage of personal data

Your data is stored by our means, on specially protected servers, physically located in Romania. The data is protected by the technical and organizational measures we have taken to prevent loss, destruction, unauthorized access, modification and dissemination. Access to your data is allowed only to a limited number of authorized persons. Authorized persons are responsible for the technical, commercial or operational management of the servers and the activity.

Your data that is transmitted over the Internet is encrypted. We use SSL certificate (Eng. Secure Socket Layer) for data transmission.

  1. The legal basis of the processing

If we obtain your consent for the processing of personal data, Article 6 par. (1) lit. a) of the GDPR serves as the legal basis for our processing.

If we process personal data because they are necessary for us to execute a contract or in a quasi-contractual framework (e.g. to send you a strategy or a fee proposal, according to your request), then article 6 para. (1) lit. b) of the GDPR serves us as the legal basis for data processing.

If we process personal data to fulfill an obligation that falls to us, according to the law, then article 6 par. (1) lit. c) of the GDPR serves us as the legal basis for such processing.

Article 6 para. (1) lit. f) it can serve us as a legal basis, if the processing of personal data is necessary to serve a legitimate interest of the Cabinet or a third party, only to the extent that your interests, rights and fundamental freedoms are not affected.

Through this Data Processing Policy, we will present you precisely what is our legal basis for each of the categories of personal data processed.

  1. Deletion of personal data

We generally delete personal data if it has been processed for a single purpose, which has been achieved. However, certain personal data may be subject to retention obligations for certain periods of time, according to applicable legal provisions. The cabinet deletes or blocks access to personal data, under safe conditions, until the completion of the respective periods of time.

  1. Data processing when accessing the Offers

With each access to our Offers, we collect the following data regarding the device used to access: the device used, the IP address, the web browser used and the date and time of access. We collect information about the page viewed, the version of the web browser, the operating system and the Internet service provider. We also track the sites from which you were redirected to that page.

We resort to such processing in support of our legitimate interest, to allow us to display the respective pages accessed, in a manner compatible with the device you use to access them. Among other things, we process this data for the purpose of detecting certain errors, quantifying the interest generated by certain Services or items, and to adapt or improve the Services. This purpose justifies our legitimate interest, legally based on Article 6 para. (1) f) of the GDPR.

The IP address is only kept for the duration of the session and is deleted or encrypted when the session is closed. All data processed for this purpose is kept for limited periods of time.

  1. The use of cookies

We use cookies to personalize content and ads, provide social networking features, and analyze traffic. We also provide our social media, advertising and analytics partners with information about how you use our website. They may combine it with other information you provide or collect through your use of their services. If you choose to continue using our website, you agree to our use of cookies.

We invite you to consult our cookie policy to express your options.

  1. Request for Offer

Our website gives you the opportunity to request a quote. For this purpose, the boxes will be filled with your personal data, such as your name and email address. In this context we collect the date and time of registration and the IP address.

The legal basis for the processing of this data is article 6 para. (1) lit. b) from the GDPR, the fulfillment of the steps necessary to conclude a contract, i.e. the legal basis for the processing is Article 6 para. (1) lit. b) from the GDPR.

The Request for Quotation is a preliminary step, necessary for the execution or in order to initiate a contractual relationship with us, for the provision of certain Services by us, in accordance with and within the limits of the situation, as described by you.

The personal data disclosed in this way are processed by us for the time necessary to fulfill the contract. We process this data including for the fulfillment of obligations subsequent to the fulfillment of the contract, such as the provision of services subsequent to the fulfillment of the assumed contractual mandate or the fulfillment of professional or fiscal obligations, for the period of time provided by law. The legal term for data retention is 10 years, starting from the year following the one in which the services were invoiced.

In the context of the execution of its contractual and/or post-contractual obligations or related services, the Cabinet processes personal data directly, in collaboration with other forms of professional organization or ensures the interface with related service providers.

For the execution of the contractual obligations resulting from the acceptance of our Offer, we work with various companies specialized in the provision of various services that make up our Offer or related to it (such services include, but are not limited to: translations, notary services, bailiff services, consultancy fiscal, payment processing, document archiving, etc.).

Depending on the characteristics of the Offer, your personal data may be transmitted to entities based outside the European Union, including countries that have not been recognized by the European Commission as having an adequate level of personal data protection. We consider that your acceptance of the Offer through which you are informed about the transfer of data represents the express and unequivocal consent regarding the transfer of personal data, of you and of the other beneficiaries of the Offer, to these recipients.

In this context, we are exclusively responsible for the transmission of data necessary for the execution of contractual obligations. We cannot be responsible for how these entities protect the personal data disclosed by us through your express choice.

Despite the measures taken to protect your personal data, we draw your attention to the fact that the transmission of information over the Internet in general or through other public networks is not completely secure, there is a risk that the data will be seen and used by third parties unauthorized. We cannot be responsible for such vulnerabilities of systems beyond our control.

We constantly monitor our partners' compliance with the provisions regarding the processing of personal data, at least at a level equal to ours. The personal data we disclose to them is limited exclusively to those necessary to provide the respective Service included in the Offer.

  1. Data processing when submitting the application

You have the opportunity to apply for one of the open positions for employment or collaboration within the Cabinet by using the email addresses indicated on the website. Upon receipt of an application, your documents sent by electronic means of communication will be stored in electronic and written form. If your professional profile, as it appears from the submitted documents, does not correspond to any open position within our organization, then the submitted documents will be deleted from our records within 3 months from the date of receipt.

In any case, during the time period provided for the storage of the documentation, you have the opportunity to exercise any of the rights that we guarantee to the data subjects, according to the law, as detailed in this Policy.

In the context of submitting the application, the legal basis for the processing is based on your initiative to conclude a contract and is regulated by art. 6 para. (1) lit. b) from the GDPR.

  1. Communication

You have the possibility to contact us directly, using the address indicated on the website, the mobile phone number for voice call or messaging or through Social Media applications developed by third parties, to whose services both we and you have subscribed.

Contact

You can contact us using any of the means of contact that we stated in the introductory part of this Policy or at any of the data presented on the website, i.e. by phone, fax, e-mail, post or express courier, the applications of the Meta group to which I subscribed. In this context, we will exclusively process personal data related to the communication channel you choose, namely: telephone number, mailing address, e-mail address or fax number, user account associated with your profile.

We will use the personal data so collected solely for the purpose of responding to your request or to remedy the matter brought to our attention by any of these means.

In any case, during the period of time provided for the storage of personal data in these communications, you have the opportunity to exercise any of the rights that we guarantee to data subjects, according to the law, as detailed in this Policy.

An exception to the processing time mentioned above is the situation in which such requests create commercial or fiscal obligations for us. In such situations, the personal data relevant to the solution of the request will be kept in compliance with the applicable legal terms.

The legal basis for processing personal data in communications with us is art. 6 para. (1) lit. b) of the GDPR.

  1. Connections with other websites

On our website you can find connections to the social networks Facebook, Instagram and LinkedIn. Accessing these links takes you outside the website. Our data processing policy does not apply to these websites. You can find details of the data processing policy for each of these links at the following addresses:

Facebook: https://www.facebook.com/privacy/policy

Instagram: https://www.facebook.com/privacy/policy

LinkedIn: https://www.linkedin.com/legal/privacy-policy

  1. Rights regarding personal data

According to the GDPR, data subjects have several rights. If you wish to exercise any of these rights or obtain additional information regarding the processing of your personal data, please contact us. The main rights of data subjects are the following:

  1. The right to be informed means that you are informed about the purpose, means and duration of the processing carried out by us on your personal data. Through this Policy, we appreciate that we have informed the persons concerned about the processing carried out. If you do not consider yourself fully informed by the publication of this policy and the information provided, we invite you to exercise one of the rights below:
  2. The right of access means that you have the right to obtain access to the personal data processed by us and in relation to the purpose, means and duration of the processing. To exercise this right, we recommend that you complete the application available here;
  3. The right to rectify data allows you to intervene, under the terms of Article 16 of the GDPR, whenever your personal data processed by us is incorrect or incomplete. To exercise this right, we recommend that you complete the application available here;
  4. The right to restrict processing allows you, under the conditions set out in Article 18 of the GDPR, to demand that we restrict the processing of certain personal data concerning you. To exercise this right, we recommend that you complete the application available here;
  5. The right to object to processing gives you the possibility to object to processing, whenever the processing of your personal data by us is done with your consent as the only legal basis for the processing of said data. To exercise this right, we recommend that you complete the application available here;
  6. The right to data portability can only be exercised in relation to personal data processed by automated means and allows you to receive the data processed by us in a structured, commonly used and readable format automatic. To exercise this right, we recommend that you complete the application available here;
  7. The right to data erasure can be exercised within the limits described by Article 17 of the GDPR and allows you to ask us, under certain conditions, to delete your personal data. To exercise this right, we recommend that you complete the application available here.
  1. Additional Information

We are obliged to respond to any of your requests regarding the exercise of a right within 30 days of the date of receipt of the complete request. If you have not received a response from us within this term, you have the right to contact the National Authority for the Supervision of Personal Data Processing:

www.dataprotection.ro

B-dul. G-ral. Gheorghe Magheru no. 28-30, Sector 1, postal code 010336, Bucharest, Romania,

e-mail: anspdcp[at]dataprotection.ro

fax: +40318.059.602.

We reserve the right to modify, when we deem it appropriate or the law requires us, our data protection practices and to update and modify the Data Processing Policy at any time. This Data Processing Policy is updated on the date it appears at the top of the document, and previous versions are accessible here.