This document describes the policy of the Visoiu Ruxandra Law Office and translator [established by Decision no. 105/17.01.2017 of the Bucharest Bar and operating in accordance with Law 51/1995 on the organization and exercise of the legal profession, with headquarters in Romania, Bucharest, sector 6, Str. Zboina Neagra, no. 8-10, bl. 91-95, sc. 3, et. 2, ap. 99, having the Unique Registration Code 33825969] (hereinafter referred to as the “Company“)] to use and protect data with personal character (as defined by the legislation in force).
Exercising rights, according to Chapter IV, it can be done by sending a message to the Data Protection Officer at the e-mail address email@example.com. Requests are solved within the legal term.
Chapter I – Collected data
Art. 1 – In order to carry out the commercial activity, the Company collects personal data by the following means:
- a) Information we receive from Users who create an account:
- In order to communicate with users, the Company collects information such as e-mail address, name and surname, together with their particular situation through the contact form. This is the means of individualizing each User and responding promptly to the problems communicated by the User. Answers are sent by e-mail.
- In order to schedule a consultation for clients, the Company collects information regarding the e-mail address, name, surname, telephone number, residential address and the particular situation of the client through the scheduling page.
- In order to improve the Interface, the Company collects statistical data through cookies. In this sense, we reffer to the Cookies Policy.
Chapter II – How do we process this information? (purpose of processing)
Art. 2 – The company stores and processes this personal data for the following purposes:
- Formulation and transmission of punctual answers to the problems exposed by Users.
- Scheduling the virtual consultation and sending links for the virtual meeting room.
- Organization and study of statistical data (e.g. analyzing user flows to improve the Interface).
- Preparation of the legal documents necessary for the fiscalization of the payments made.
Art. 3 – The company processes personal data based on the consent of the data subject, by virtue of the execution of contractual obligations or for the execution of a legal obligation.
Chapter III – Duration of processing
Art. 4 – The company stores personal data in order to fulfill legal obligations or until the user is deleted, consent is withdrawn or by exercising the right to be forgotten. User accounts that have not been used for 5 years will be automatically deleted.
Chapter IV – Rights of Data Subjects
Art. 5 – According to the European Regulation on the protection of personal data, the Company recognizes and guarantees the following rights of the persons concerned:
- a) The right of access – the right of the data subject to obtain a confirmation from the Company regarding the processing of personal data and, if so, access to the respective data and to information regarding the manner in which the data are processed.
- b) The right to rectification – the right of the data subject to request the correction, without undue delay, of inaccurate personal data. The rectification will be communicated to each beneficiary, to whom the data were sent, unless this proves impossible or involves disproportionate efforts.
- c) The right to data portability – the right to receive personal data in a structured format, currently used, which can be read automatically and the right to have this data transmitted directly to another operator, if this is feasible from a tehnical point of view.
- d) The right to opposition – the right of the data subject to oppose the processing of personal data when the processing is not necessary for the performance of a task that serves a public interest or does not take into account a legitimate interest of the operator. When the processing of personal data is aimed at direct marketing, you have the right to oppose the processing at any time.
- e) The right to data deletion (“the right to be forgotten”) – the right of the data subject to request that his personal data be deleted, without undue delay, if one of the following reasons applies:
- they are no longer necessary to fulfill the purposes for which they were collected or processed;
- withdrawal of consent and there is no other legal basis for processing;
- the exercise of the right of opposition and the absence of legitimate reasons to prevail;
- personal data were processed illegally;
- personal data must be deleted to comply with a legal obligation;
- personal data were collected in connection with the provision of information society services.
- f) The right to restrict processing – The data subject may request the restriction of processing in the following cases:
- the data subject contests the accuracy of the data, for a period that allows the Company to verify the correctness of the data;
- the processing is illegal, and the person opposes the deletion of personal data, requesting the restriction instead;
- in case the Company no longer needs the personal data for the purpose of processing, but the person requests them for establishing, exercising or defending a right in court;
- if the person has objected to the processing for the period of time in which the Company checks whether there are other legitimate grounds for the processing of personal data.
Chapter V – Transfer of data to third parties
Art. 6 – The company does not transfer personal data to other operators without the prior notification or request of the person concerned.
Art. 7 – The Company may transfer information to other affiliated companies, service providers or other partners who process it on behalf of the Company, based on the Company’s instructions and ensuring the level of security according to the legislation in force. These companies can provide global services, including customer support, information technology, payments, sales, marketing, data analysis, research and surveys.
Art. 8 – All the company’s collaborators have implemented and respect the personal data protection standards imposed by Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Art. 9 – The company may keep or disclose information transmitted in order to comply with legal provisions, legal procedures or to respond to a request from public authorities. It may also use the data to exercise its legal rights, to defend itself in legal proceedings or to prevent, detect or report illegal activities, such as fraud, abuse, violations of terms and conditions or threats to the Company’s security or physical safety of any person.
Chapter VI – Information security
Art. 10 – The company works to keep the data safe. Does it use a combination of technical, administrative and physical controls to maintain the security of the processed data? However, no method of data transmission or storage is completely secure. For any additional security-related clarifications, please contact us at the e-mail address firstname.lastname@example.org
Art. 11 – In accordance with the European Regulation, the Company tracks, identifies, records, archives and reports, where appropriate, all security incidents.
Chapter VII – Competent authorities
Art. 12 – Notifications regarding the processing of personal data can be sent to the Company by sending a message to the e-mail address email@example.com to the attention of the person responsible with the protection of personal data (Data Protection Officer).
Art. 13 – Also, the persons concerned have the right to notify the National Authority for the Supervision of the Processing of Personal Data (ANSPDCP) regarding the illegal processing of personal data by sending a notification to the authority’s headquarters: Bucharest, B-dul G-ral. Gheorghe Magheru, no. 28-30, Sector 1, postal code 010336, e-mail: firstname.lastname@example.org