Contact us now
POLICY ON PERSONAL DATA PROCESSING
 
  1. WHO ARE WE

 

Radu Plesca Law Office, a Romanian law firm having its headquarters located in Bucharest, at 5 Complexului Street, Building 60, 4th floor, Office no. 64, Sector 3, authorized by decision no. 1270 issued by the Bucharest Bar on 04.06.2014, fiscal identification code RO 21725419, e-mail office@plesca.ro, (hereinafter referred to as the „Company” or „Controller”) is a personal data controller.

 

This policy aims to inform the data subjects on the conditions under which the personal data are processed by the Controller.

 

The services supplied by the Company may be used only after taking note of such policies.

 

  1. Definitions

 

Under this policy, the terms mentioned will have the meanings specified below:

 

  1. Personal data of the data subject” – any information on a person that may be identified directly or indirectly from this information (e. name, forename, e-mail address, bank account);
  2. Supervisory authority – means an independent public authority which is established by a Member State being competent for supervision of personal data protection within EU in whose jurisdiction it has its registered office and performs the processing of personal data, as controller;
  3. Processingmeans any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  4. Controller” – means the legal person, as it is in the present case the Company, or the natural person that, solely or jointly with others, determines the purposes and means of the processing of personal data;
  5. Consent” of the data subject – means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or to her;
  6. „Breach of the security of personal data” – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of personal data transmitted, stored or otherwise processed, the unauthorized or access to such data;
  7. ”Regulation” – means the Regulation (UE) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

 

  1. general provisions

 

Whereas we value the confidentiality of your information, the Controller undertakes to observe the provisions of this policy, as well as the provisions mentioned in the Regulation and the rules provided by the national law on the personal data processing, on their security and confidentiality.

 

In case that we will modify this policy, we will notify you on this page and publish an updated version.

 

  1. SUBJECT MATTER, term, nature, purpose, TYPE OF PERSONAL DATA PROCESSED

 

Personal data means any data or information that helps us identify you directly (example: your name, forename) or indirectly (example: data collected through cookie technology). Certain information is less obvious (such as the IP of your computer), but related to you and corroborated with other persons, might help us, at least in theory, to identify you. In this manner, all this is included to the notion of “personal data”.

 

Sensitive data refers to data including details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political views, membership in labor unions, information on your health status and genetic and biometric data. We do not collect any information about beliefs, life or sexual orientation, political opinions, membership in unions, health information, genetic or biometric data or about any crimes.

 

Data we receive directly from you

When you contact us for collaboration

When you contact us through the contact form of the website, we may process the following data:

  • name and forename;
  • e-mail;
  • telephone number;

 

The ground of processing is the establishment of a contractual relationship.

 

The data retention period shall be 3 years, calculated as from 1st of January of the year following to collection.

 

When we sign an agreement for legal services

When we agree to conclude an agreement for the performance by the Controller of legal services in you benefit, we may process the following:

  • identification details;
  • contact details;
  • details on your case;
  • political opinions, membership in unions, health information in case such data is relevant for the performance of services;

 

The ground of processing is the execution of the agreement for legal services.

 

The data retention period shall be 5 years, calculated as from 1st of January of the year following the year when the agreement for legal services has been terminated.

 

When you pay an invoice for the services provided by us

Every time you make a payment to us we may process the following data:

  • name and forename;
  • address;
  • bank account;

 

The grounds of processing is the execution of the contract.

 

The data retention period shall be 3 years, calculated as from 1st of January of the year following to collection.

 

Accounting and reporting

We shall process your data (those specified in the tax invoices) in order to keep the accounting books, for the annual financial audit, as well as for filing the tax and accounting statements with the tax authorities.

 

The grounds of processing is the contractual relationship and the legal obligation.

 

The data retention period shall be 5 years as from the date of collection.

 

Defending the rights before the courts of law

When we defend our rights before the courts of law in order to recover certain amounts due to us or when we protect our interests against unjustified pretentions/claims, we will process your data (provided to us by you) necessary to formulate certain actions in court, other specific applications and documents.

 

The grounds of processing is our legitimate interest.

 

Procedures before authorities

When we are bound according to certain legal provisions, we will provide to the competent authorities and institutions the data we hold and have been legally requested.

 

The grounds of processing is the legal obligation.

 

Aquatically collected data

Data collected through the cookie technology

 

When you visit our site as a visitor or when you log in to your client account, we also collect through cookies the data obtained from your computer, telephone, tablet or other device used by you, information with which we can identify you online and that we use in profiling for direct marketing purposes:

  • The Internet browser that you use and the operating system version of the device with which you connect;
  • The HHTP/HTTPS protocol data;
  • The duration of your visit / activity on the website;

 

„Cookies” – are files that a server sends to your device, placed on the site or by downloading. The way we process cookies is detailed in the Policy on the use of cookies, available on the Company’s website.

 

The ground of processing is our legitimate interest for implementing, configuring and maintaining the security measures for the Company’s website

 

The data retention period shall be detailed in the cookie policy.

 

 

  1. FOR HOW LONG WE PROCESS YOUR DATA

 

The Company processes your data for the period necessary to achieve the purposes for which such data was collected and according to our policies on the personal data retention, as detailed in the table in item 4 above. In some cases, some legal provisions may require or allow us to keep the data for a longer period.

 

The retention period depends mainly on the following aspects:

 

  • on the period we need your data in order to provide you our services and to fulfill our obligations to you, as well as for the purposes mentioned above in this Policy;
  • legal or contractual obligations require us to keep your data for a certain period of time, for example the periods provided by law for the defense of our rights in a court of law (generally, a period covering the prescription period).

 

For the purposes for which you gave us your consent on the data processing, highlighted in the table above, we shall process your data for that purpose until you withdraw your consent for the processing for that purpose, unless we are bound to maintain such data for a longer period of time, according to the law, for reporting to public authorities or to defend our rights in the courts of law.

 

  1. TO WHOM WE CAN DISCLOSE YOUR DATA

 

  1. Your personal data may be transmitted to and processed by our trusted partners to provide you our services.

 

We can share your data with our trusted partners. We select very carefully the partners and suppliers who perform support operations for our activity. We share with such partners only the personal data necessary to perform the specific activities entrusted to them.

 

When we outsource certain activities to our trusted partners, we make every reasonable effort to check, in advance, whether they ensure the protection of your data by strict data security measures and we will conclude with each of them a data processing agreement. In detail, we can forward some data in the future to third parties (our suppliers and partners) to perform the functions and services required to operate the Company’s activities, such as:

 

  • hosting site services.
  • third party couriers authorized by us to deliver documents;

 

  1. Transmission of data to public authorities and institutions or judicial bodies

 

We may transmit some of your personal data to the competent public authorities or institutions, when required by law (e.g. fraud investigation; money laundering prevention; filing of statements, financial statements with tax authorities, etc.) or we can transmit this data to the courts. when we defend ourselves in court or in front of other public authorities.

 

We may transmit some of your personal data to the competent public authorities or institutions, when required by law (i.e. fraud investigation; money laundering prevention; filing of tax statements, financial statements with tax authorities, etc.) or we can transmit such data to the courts of law when we defend us in the courts of law or before other public authorities.

 

  1. Access of auditors and advisors

 

We may transmit some of your personal data to the accounting, legal, human resources, audit, bank service providers etc.

 

 

  1. INTERNATIONAL TRANSFERS

 

As a rule, your data shall not be stored in a country outside the European Union or outside the European Economic Area.

 

If we transferred your data to other categories of partners / suppliers of the Company located in States that do not provide an adequate level of protection of the transmitted data, we undertake to take all necessary measures to ensure that those partners / suppliers comply with the terms and conditions set out in this Policy.

 

Such measures may include the implementation of data protection standards (i.e. ISO 27001), if certain standard contractual clauses adopted by the Commission of the European Union, as well as certain systems of direct control of such mechanisms.

 

 

  1. DATA SECURITY

 

The Controller has implemented appropriate security measures in order to prevent your personal data from being accidentally lost, used or accessed, modified or disclosed in an unauthorized way. Moreover, we shall limit the access to your personal data to those employees, agents, contractors and other third parties who have a commercial need to know such data. They shall process your personal data at our instruction and are subject to the obligation of confidentiality.

 

We have implemented procedures to deal with any suspicious breach of your personal data and we will notify you and any competent regulatory authority on such a breach, when we are legally obliged to do so.

 

We may keep your data on hard-copy and soft-copy. In some circumstances, we may make anonym your personal data (so that it will no longer be associated with you) for research or statistical purposes, in which case we may use this unlimited information without informing you.

 

 

  1. YOUR RIGHTS

 

In completing most of the items mentioned on this Policy, in certain circumstances, the data subjects have certain rights in accordance with the laws on personal data protection. These rights include:

 

  1. Right of access

You may request us:

  • – to confirm if we process your personal data;
  • to provide you a copy of such data;
  • to provide you other information on your personal data, such as the data we have, for what we use such data, to whom we disclose such data, if we transfer the data abroad and how we protect them, for how long we keep them, what rights do you have, how can you submit a complaint, where we have obtained your data from and whether we have made any automated decision making or profiling, as long as the information has not already been provided to you in this Policy.

 

  1. Right to rectification

You may request us to rectify the inaccurate personal data. It is possible to seek to check the accuracy of the data before rectifying them.

 

  1. Right to erasure (“right to be forgotten”)

You may request us to erase your personal data, but only in case that:

  • they are no longer necessary in relation to the purposes for which they were collected; or
  • you have withdrawn your consent (when the data processing was based on consent); or
  • as a result of a well-grounded right to object (see Objection below); or
  • they were illegally processed; or
  • – a legal obligation must be observed, the subject of which is the Company.

 

We are not obligated to respond to your request to delete your personal data if the processing of your personal data is required:

  • in order to comply with ah legal obligation; or
  • in order to establish, exercise or defend certain rights in the courts of law;

 

There are a few other circumstances in which we are not required to respond to your request for deletion, event of these two are probably the most common situations in which we will refuse this request.

 

 

  1. Right of restriction

You may request us to restrict your personal date (namely to keep them without using them) only when:

  • the accuracy of the personal data is contested (see Rectification), in order to enable us to verify their accuracy; or
  • the processing is illegal, but you oppose the erasure of the personal data; or
  • the personal data are no longer necessary for the purposes for which were collected, but we continue to need them in order to establish, exercise or defend rights in the courts of law; or
  • you have exercised your right to object and the verification of the solid grounds is pending.

 

We may continue to use your personal data following a restriction request, in case that:

  • we have your consent; or
  • in order to establish, to exercise or to defend rights in the courts of law; or
  • in order to protect the rights of another natural or legal person.

 

  1. Right of data portability

You are entitled to ask us to provide your personal data in a structured, commonly used format or which can be automatically processed or you can request that such data to be “ported” directly to another data controller, but in any case, only when:

  • the processing is based on your consent or on a contract signed with you.; and
  • the processing is made by automatic means.

 

  1. Right to object

You may object to any processing of your personal data having as a legal basis “our legitimate interests” if you believe that your fundamental rights and freedoms take precedence over our legitimate interests.

 

Once you have objected, we have the opportunity to show you that we have conclusive legitimate interests, which take precedence over your rights and freedoms.

 

  1. Right to lodge a complaint

You have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing. Please try to settle any issue by discussing with us first, although you have the right to contact the supervisory authority at any time.

 

  1. Right to withdraw your consent

You have the right to withdraw your consent if the Company processes the personal data based on it.

 

The data subject shall not pay any commission or any other fee to access your personal data (or to exercise any of the other rights). However, the Company, in its capacity as controller, may impose a reasonable fee if the request made is manifestly unsubstantiated, repetitive or excessive. Alternatively, the Company may refuse to respond to a request received in such circumstances.

 

The Company shall be entitled to request certain information in order to confirm the identity of the data subject who made the request and to secure the personal data (or to exercise any of the other rights). This is a security measure to make sure that the personal data is not disclosed to persons who are not entitled to receive it. We may contact you to request further information about your request to speed up our response.

 

The Company shall take all the necessary steps to respond to all the legitimate requests within one month. Occasionally, it may take more than one month if the data subject’s request is very complex or the data subject has made several requests. In this case, the Company shall notify you and keep you updated.

 

  1. LET US KEEP IN TOUCH

 

The first point of contact for all matters arising from this Policy, including the requests to exercise the rights of the subjects, in by contacting us in the following ways:

 

  • By e-mail to office@plesca.ro;
  • By postal services at the address: 12 Intrarea Iuliu Valaori St., Sector 3, Bucharest, Romania.

 

If you have a complaint or if you are concerned about how we use your personal data, please contact us first and we will try to solve the issue as soon as possible.