Last updated: May 2018
Responsibility for your personal data
Volciuc-Ionescu SPARL (a limited liability professional partnership of lawyers incorporated under Romanian law, registered with the Bucharest Bar Association under Decision no. 590/2018, with registered office at 70 Unirii Boulevard, sector 3, Bucharest, Romania and with offices at 10 Gheorghe Manu Street, 2nd Floor, Sector 1, Bucharest, Romania) is responsible for and controls your personal data, as data controller.
Types of personal data we collectThe personal data we collect may include:
- Contact information, such as your name, job title, phone number, fax number, email address, business address, including your home address (where you have provided this to us);
- Details of your meetings and visits to our premises;
- Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
- Further business information necessarily processed in a project or client contractual relationship with Volciuc-Ionescu or voluntarily provided by you, such as instructions given, payments made, requests and projects;
- Information collected from publicly available resources;
- Information about your membership of a professional or trade association or union; and/or
- Other personal data regarding your preferences where it is relevant to legal services that we provide.
Ways in which your personal data is collected
We may collect personal data about you in a number of ways, including:
- When you or your organisation browse, make an enquiry or otherwise interact on our website;
- When you or your organisation seek legal advice from us or when we or one of our lawyers do;
- When you or your organisation attend a meeting with us or one of our lawyers;
- When you or your organisation are in touch with us or with one of our lawyers via e-mail or otherwise;
- When you attend a seminar or another Volciuc-Ionescu event or sign up to receive personal data from us, including training; or
- When you or your organisation offer to, or request us to, provide services.
In some circumstances, we may collect personal data about you from a third party source, such as from a publicly available record or from your organisation or other organisations with whom you have dealings.
Purposes for using your personal data
We may use your personal data for the following purposes only (“Permitted Purposes”):
- To provide legal advice or other services or things you or your organisation may have requested;
- To monitor and assess compliance with our policies and standards;
- To send legal updates and other publications and to promote our services;
- To manage and administer our relationship with you and our clients, including processing payments, accounting, auditing, billing and collection, support services;
- To comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;
- To analyse and improve our services and communications to you;
- To protect the security of and managing access to our premises, IT and communication systems, online platforms, websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
- For insurance purposes;
- To identify persons authorised to trade on behalf of our clients, customers, suppliers and/or service providers;
- To comply with court orders and exercises and/or defend our legal rights; and
- For the purposes of recruitment.
Using your information for Marketing Purposes
We may ask whether you wish to receive marketing from us. We will not send you marketing if you ask us not to. If you change your mind and no longer wish to receive marketing, please let us know so we can remove you from our databases and distribution lists, by contacting us at firstname.lastname@example.org or your regular contacts.
Legal grounds for processing your personal dataDepending for which of the above Permitted Purposes we use your personal data, we may process your personal data on one or more of the following legal grounds:
- To perform a client instruction or other contract with you or your organisation;
- Based on our legitimate interest or those of any third party recipients that receive your personal data, provided that such interests are not overridden by your interests or fundamental rights and freedoms;
- To comply with our legal and regulatory obligations;
- For the establishment, exercise or defence of legal claims or proceedings; and/or
- Your consent where you have expressly given that to us.
Sharing your personal data
We may share your personal information with certain trusted third parties in accordance with contractual arrangements in place with them, including:
- Our professional advisers and auditors
- Suppliers to whom we outsource certain support services such as word processing, translation, photocopying and document review;
- IT service providers;
- Third parties engaged in the course of the services we provide to clients and with their prior consent, such as external lawyers and technology service providers like data room and case management services;
- Third parties involved in hosting or organising events or seminars.
Where necessary, or for the reasons set out in this policy, personal information may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies. While it is unlikely, we may be required to disclose your information to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.
Storage of your personal data
We will take appropriate technical and organisational measures to keep your personal data confidential and secure in accordance with our internal procedures covering the storage, disclosure of and access to personal data. Personal data may be kept on our personal data technology systems, those of our contractors or in paper files.
Your personal data will be deleted when it is no longer reasonably required for the Permitted Purposes or you withdraw your consent (where applicable) and we are not legally required or otherwise permitted to continue storing such data. However, we will retain your personal data where required for Volciuc-Ionescu to assert or defend against legal claims until the end of the relevant retention period or until the claims in question have been settled.
The European Union’s General Data Protection Regulation and other applicable data protection laws provide certain rights for data subjects.
You are entitled to request details of the information we hold about you and how we process it. You may also have a right in accordance with applicable data protection law to have it rectified or deleted, to restrict our processing of that information, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to another organisation. You may also have the right to lodge a complaint in relation to Volciuc-Ionescu’s processing of your personal information with a local supervisory authority.
In general, it is entirely your free will if you provide us with your personal data – there are generally no detrimental effects for you if you choose not to consent or to provide personal data. If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.
Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above or that you may not be able to make use of the services and products offered by us. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.
We must ensure that your personal information is accurate and up to date. If any of the personal data that you have provided to us changes, for example if you change your email address or if you wish to cancel any request you have made of us, or if you become aware we have any inaccurate personal data about you, please let us know by sending an email to your regular contacts or to email@example.com. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete Personal Data that you provide to us.
Personal data about other people which you provide to us
Transfer abroad of your personal data
Volciuc-Ionescu regularly work for global corporations and/or on cross-border matters. We may transfer your personal data abroad if required for the Permitted Purposes as described above. This may include countries which do not provide the same level of protection as the laws of your home country (for example, the laws within the European Economic Area).
We will ensure that any such international transfers are made subject to appropriate or suitable safeguards as required by the General Data Protection Regulation (EU) 2016/679 or other relevant laws. This includes entering into the EU Standard Contractual Clauses which are available here.
We will also require our agents, consultants and sub-contractors and others who are outside the European Economic Area and to whom we transfer your personal data to ensure a similar level of data protection.
When doing so we will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of your personal data.