The Data Protection Policy of,,Andrei Ștefănescu – Law Firm”
Introduction
The private Law Firm ,,Andrei Ștefănescu – Law Firm” (hereinafter referred to as ,,Our Cabinet” or ,,Our law firm”) informs about the Privacy Policy of the Law firm, in order to provide an overview of our practices regarding collecting, registering, modifying and the usage in any form of your personal data. All these practices are based on total protection and transparency regarding the processing of your personal data, throughout the juridical services that we provide.
The confidentiality policy includes, firstly, the categories of your personal data that we process and protect and, secondly, the ways and purposes in which we collect and use this information and your rights regarding this topic. Furthermore, the confidentiality policy includes the way we use this information in the relationships with our clients, mostly because we will always inform you about your cases and their evolution.
For a complex description of how we use cookies and other similar technologies, you should consult our webpage to read the “Terms and conditions” and “Policy regarding cookies” documents, available at www.a-stefanescu.ro.
Personal data operator
Your personal data operator is represented by Andrei Ștefănescu- Law Office, headquarterd in Bucharest, Bulevardul Decebal nr. 1, bl. H2, sc. 2, et. 7, ap. 62, Sector 3 and with the bureau of work in Bucharest, str. Alexandru D. Xenopol nr. 15, camera 5, Sector 1, CUI 32630357.
Categories of personal data
Personal data will include, without this being an exhaustive enumeration, on one hand, your personal basic data and some extra information and, on the other hand, special categories of personal data.
The basic personal information is represented by your contact data, such as name and surname, your address and postal address, working address, your phone numbers, fax numbers, e-mail addresses, your working position.
The extra personal information are: your given instructions, payments made, juridical information, litigation issues or other court actions with any quality (accuser, accused), criminal records, details about your visits at our law office, information from public sources and data bases, information that we have from your activity on our website, information that we received through the cookies or other technologies.
In the special personal data categories, you will mostly find data regarding your political options, data about your syndicate activity, data regarding the state of your health.
The reasons of personal data processing
In the permitted means or demanded by applicable law, your personal data is processed for the following reasons:
- Legal services in civil, commercial and administrative matters or any other procedures, which include the representation and legal support in front of the court of law, court of arbitration and competent authorities;
- Facilitating the communication with you, with the purpose of you being constantly informed with the evolution of your demanded services and for a constant improvement of the services and communication with you;
- Management and administration of the contractual relations with our clients, including the payment processing services, accountancy, billing and return of money, legal assistance;
- Compliance with legal obligations of our office (like compliance verification or registration, anti- money laundering and anti-terrorism financing obligations), which includes automatic checks of your personal data or the direct interaction with the client which could prove relevant in those purposes;
- Managing access and security in our headquarters, protecting our IT software (which includes our webpage or other communication systems we use), this including preventing and detecting any security threats, frauds or other criminal
- Ensuring, monitoring and evaluating the conformity with our policies and standards, for detecting the authorized persons to make actions on behalf of our clients, beneficiaries, service
- Compliance of court judgements, exercising or defense of legal
- For any other purpose related or ancillary of the
Regarding the communications related to other matters than those mentioned above (marketing communications or legislative informations), if it is legally required, our law office will provide our clients information, only after they express their prior agreement, and it also offers the possibility of any time unsubscribe, in case the client do not wish any further communications. In the situation you express your consent and you do receive marketing content, your personal data will not be used in the decision-making process directly or indirectly in creating profiles, at least none that are not mentioned above.
Legal ground for processing your personal data
Taking in consideration the applicable law and of your consent regarding collecting, stocking and using of your personal data, any operation that fits the definition of personal data processing will be done taking in consideration the following juridical grounds:
- The necessity to conclude or execute a contract in which the legal person is taking part
- The necessity to conclude or execute a contract in which your organization or your company is taking part, excluding the cases in which interests or fundamental rights of the legal person prevails in those interests
- The necessity to respect a legal obligation or a contractual obligation
- The necessity of protecting your primary interests or other juridical/legal
- The necessity to process data in legitimate purposes of our law office or a third party or the legal necessity of our office to process of those data categories
- The necessity to establish, exercise or defend a right or an interest in front of the legal courts, arbitral tribunal or other competent authorities
Given the situation where it is necessary to process some special data, adjacent to a general legal basis of data processing, it is mandatory to fulfill on of the following conditions:
- The express and prior consent of the person
- The existence of a legal obligation to process those data categories in the service of our office, establish, exercise or the defense of a right in front of a court of law, arbitral tribunals or other competent authorities.
Regarding the marketing communications, we remind you that you always have the choice to withdraw your consent through the simple accessing of the “unsubscribe” button at the bottom of each and every newsletter.
Disclosure and transfer of personal data, recipients and legal basis
In carrying our activities, your personal data can be disclosed and sent towards:
- Other soliciting lawyers ( including other forms of legal practice with whom our firm collaborates) and legal specialists ( including mediators, notaries, advisers and consultants or experts involved in the causes we manage), if the transmission of data is required in your specific case;
- Plaintiff’s lawyers or foreign law firms, for the purpose of getting foreign legal advice, in the case such advice is required by your specific case;
- Courts of law or arbitral tribunals, as well as public authorities or entities indicated by yourself, if it proves necessary for the ascertainment, the exercise or the defense of a right in court or in another alternative method;
- Parties involved in your case, which could also be our client or a third party involved, if it proves necessary in the exercise of the mandate entrusted to yourself or your company;
- Other entities that provide services towards the firm (such as insurance providers, phone providers, e-mail providers, in the case it proves necessary for their opinion in the specifics of your case. The providers will act only on our behalf and in conformity with our instructions;
- Any third party with whom we have an assignment contract or a novation contract whose rights and obligations are in accordance with the law;
Personal data will be disclosed and shared in any of these situations only with your consent and in accordance with the given instructions, or when it is required by applicable law or through requests of judicial bodies or other official authorities.
The transfer of personal data in foreign countries
Your personal data can be transfer outside of the country when the law requires or when the specifics of your case necessitates such a transfer, taking into account the aforementioned purposes.
The data can be transferred in states which are part of the European Economic Area (“EEA“) or in other states recognized by the European Commission as capable of ensuring an adequate level of protection of personal data.
In exceptional situations, if it’s strictly necessary for the aforementioned purposes, the personal data can be transferred to third party states which were not recognized by the European Commisssion as capable of ensuring an adequate level of protection, such as the United States of America or other locations that are not part of Europe.
Recipients located outside the EEA are certified either through their euro-american confidentiality agreement “EU-US Privacy Shield”, either through decisions issued by the European Commission, in their case, the transfer is recognized as being able to offer an adequate level of protection of personal data, taking into account the European legislation.
Also, based on the Standard Contractual Clauses given through the European Commission 2010/87/UE and/or the European Commission 2004/915/CE and based on art. 46 align. (5) of the General Data Protection Regulation (EU) 2016/679 (“GDPR“), we conclude data transfer contracts, ensuring that all other recipients located outside of the EEA will provide an adequate level of protection regarding the data and there are security measures in place which are adequate for the protection of personal data.
Our firm will make sure that these international transfers comply with the appropriate protection measures, such as the aforementioned one, and are in accordance with the provisions of the GDPR or other applicable legal provisions.
For any information regarding these measures, we are at your disposal at any moment at the contact information situated below.
Security of personal data
Our firm has taken all the necessary measures to implement an appropriate organizational system to maintain the confidentiality and security of your personal data, in accordance with internal legal provisions on the transmission and access of data. It has also ensured that measures are taken against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access and against all other illegal forms of processing of your personal data.
Updating personal data
If any of the provided data suffers modifications, such as changing the name, the e-mail address, please make sure to contact us immediately at andrei.stefanescu@a-stefanescu.ro or at our phone number +40 (726) 677 176.
The retention period of personal data
The personal data processed to meet the purposes will be kept as long as absolutely necessary, without exceeding the duration of your relationship with our firm. In exceptional situations, the storage of data can be maintained even after this period has expired, based on the applicable legislation, based on an organizational system that meets the specific criteria for the storage of such data.
In the case the relationship established with our firm consists in initiating a legal action, the personal data can be kept until the conclusion of this action. (which may include possible phases of appeal, recourse or enforcement). The data will then be deleted or archived, based on applicable legislation, or will be anonymised, if their retention is necessary for the future.
Special cases that determine the cessation of the processing of personal data, when you no longer express your consent in this matter, are:
- The disappearance of legitimate and necessary reasons which would justify the further processing of your data by our firm, given these reasons prevail over the interests, rights and fundamental freedoms of the client;
- The disappearance of necessity in regards to processing data by our firm for the establishment, exercise or defense of a right before the courts, arbitral tribunals or other competent
Your legal rights
Subject to applicable law, you have the following rights in regards to the processing of your personal data:
- Right of access – refers to the right to be informed, upon request, of any processing of your personal data, and in the case of an affirmative response, the right to request access to
- The right to request a copy of your processed personal
- Right to deletion – the right to delete your personal data, at the time you have withdrawn your consent, when the processing is no longer necessary or when the processing is
- Right to rectification – the right to correct and complete any incorrect or incomplete personal data.
- Right to restriction – the right for certain personal data to be marked and processed by our firm only for certain, specific
- Right to opposition – the right to request that we no longer process your personal data for reasons related to your situation, this right can be invalidated especially if the processing of data is necessary for the formalities of concluding a contract or for fulfilling a contract already
- Right to data portability – the right to receive your personal data provided to us and the right to transfer this data to another party without objections from our
- Right to withdraw consent – the right to withdraw consent for the processing of your data, when the consent was necessary in advance and explicitly, with effect for the future. Withdrawal of consent will not effect the lawfulness of the processing of data carried out before its withdrawal. After this moment, our firm will no longer process the data for which there is no consent and will take the appropriate measures to delete the
However, if there is another legal basis for processing the data, our firm will still be able to process it.
If you wish to exercise any of the aforementioned rights, please contact us using the following contact details:
Address – Bucharest, Alexandru D. Xenopol no. 15, room 5, sector 1; E-mail – andrei.stefanescu@a-stefanescu.ro;
Phone number: +40 (726) 677 176
In terms of marketing communications, you can also withdraw consent any time by simply accessing the “unsubscribe” link at the footer of each message received from our firm.
It’s possible that, whenever the client exercises any of these rights, he/she may be required to prove his identity by using a copy of his/her identification document, or through any other relevant information, in order to verify whether the request comes from the data subject, and, in this way, to comply with the legal obligations of data security and confidentiality.
Furthermore, all requests or complaints received by our firm will be taken into consideration promptly and we will send you a response to them, within the deadlines provided by law. If you are dissatisfied with the response of our firm or consider that the data processing is done in violation of applicable law, you can file a complaint to the Romanian data supervisory authority, respectively the National Authority for Personal Data Processing, based in Bucharest, Gheorghe Magheru Boulevard, no. 28-30, sector 1.
The policy may be updated and changed periodically, and any update will become applicable as soon as the new version is published on the firm’s website or when it will be communicated to you in any other way.