We recognize the importance of maintaining the confidentiality, integrity and security of your personal information ("Personal Data") and have written this privacy policy (“Policy”) to explain how your Personal Data is collected, stored, used and disclosed by Paul Băbuș – Cabinet de avocat, having its headquarters at 126 Vasile Lascăr Street, Bucharest, Romania, Tax Code 47781617 ("Law of Tech", “us”), as a data controller, with respect to your access and use of our website available at the URL www.lawoftech.com („Site”).
1. CATEGORIES OF PERSONAL DATA, PURPOSES OF PROCESSING, AND LEGAL GROUNDS
1.1. Browsing data
Computer systems and software procedures used for the Site’s operation acquire, during their normal operation, some Personal Data (so-called log files), the transmission of which is implicit in the use of internet communication protocols.
This information is not collected in order to be associated to identified persons, but due to its nature can, by means of processing and integration with data held by third parties, allow users to be identified. Such information includes the IP addresses, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, and other parameters concerning the user’s operating system and computer environment.
Insofar such information leads to the identification of a user, the provisions of this Policy shall become applicable.
Purpose of processing We use this data for the sole purpose of obtaining anonymous statistical information concerning the use of the Site and to check its correct operation.
1.2. Contacting Law of Tech
You can contact us in different ways: by e-mail or, by phone, by support form, or by chat. In this case, in general, we will process the following Personal Data: first name, last name, email, telephone number, company and any other information you voluntarily provide when you contact us.
Purpose of processing: In this situation, we will use your Personal Data only to contact you in connection with the requested offer or in connection with the resolution of the problem.
Legal ground: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (art. 6 para. 1, let. b GDPR);
1.3. Feedback
You can give us suggestions for improving our services through the feedback forms. In this case, we will process the following Personal Data: e-mail and any other information we willingly provide when you give us feedback.
Purpose of processing: In this situation, we will only use your Personal Data to contact you in the related to the resolution of the problem indicated.
Legal ground: Our legitimate interest in improving our services (art. 6 para. 1, let. f GDPR).
1.4. Testimonials
We can ask you for testimonials about the services we provide. In such a case, if you agree to, we can publish the testimonial on the website or social media, together with your name and the company.
Purpose of processing: In this situation, we will only use your Personal Data to publish the testimonial on the website or social media.
Legal ground: Your consent (art. 6 para. 1, let. a GDPR).
1.6. Marketing messages
You can opt in to receive marketing messages via email and telephone.
Purpose of processing: If you opt to receive such marketing messages, we will use your e-mail and/or telephone number to send you marketing messages about our activities and promotions.
Legal ground: Your consent (art. 6 para. 1, let. a GDPR).
1.7. Online payment processing
When contracting the legal services we provide, you have the option to pay the invoice by using your card. For clarity, this section applies only in relation to the legal services we provide outside the Site.
To offer you the option of online payment, we use the NETOPIA PAYMENTS payment processing platform.
When you opt for online payment, you will be redirected to the NETOPIA PAYMENTS platform where will be asked for certain personal data depending on the payment method you choose - for example, card details (card number, cardholder name & surname, expiry date and security code on the back of the card). This data is used strictly for payment processing through the NETOPIA PAYMENTS platform and is not communicated to us.
In certain situations, we may transmit directly to the NETOPIA PAYMENTS platform a series of information concerning the transaction, namely: the value of the transaction, telephone number and e-mail address (if any have been completed in the customer’s account).
To ensure the tracking of transactions and the settlement of payments, NETOPIA PAYMENTS provides us reports on the payments we receive. These reports may include personal data of payers (name, surname, e-mail, telephone number, billing address). NETOPIA PAYMENTS send us this data as part of payment processing services.
If there are any issues with your payment processing, you may be contacted directly by NETOPIA PAYMENTS representatives for solving the issue.
The NETOPIA PAYMENTS platform processes your personal data as an independent controller for online payment processing. See more details about their policy for the processing of your personal data collected for payment processing here: https://netopia-payments.com/nota-de-informare-gdpr-platitori/
2. PROVIDING PERSONAL DATA
You may refuse to provide certain Personal Data (indicated above) but, in such a case, you may not be able to benefit from services specific to the contractual relationship described in this Policy.
3. AUTOMATIC PROCESSING OF PERSONAL DATA
Your Personal Data will not be processed for taking decisions based solely on automatic processing that would result in legal effects concerning you or could similarly significantly affect you.
4. STORAGE DURATION
As a rule, we will retain your Personal Data for as long as it is necessary for delivering our services and fulfilling the other purposes listed in this Privacy Policy. In some circumstances, we may retain your Personal data for longer periods of time, for instance where we are required to do so in accordance with legal or regulatory requirements.
In specific circumstances we may also retain your Personal Data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings.
5. TRANSFER OF PERSONAL DATA
We may transfer Personal Data, as far as necessary, to the following categories of recipients:
- contractual partners;
- payment processors;
- companies offering IT services;
- marketing companies;
- public authorities, courts of law or arbitral tribunals, and authorities competent to investigate criminal offence.
These recipients can be located in the European Union and/or in the European Economic Area. Where recipients are located outside the European Union and the European Economic Area, including in countries not recognized as ensuring an adequate level of protection, the transfer of Personal Data shall be carried out only if there are appropriate guarantees, in accordance with applicable law. In this respect, we rely on several guarantees, such as the standard contractual clauses issued by the European Commission. You may receive from us a list of recipients from third countries, as well as a copy of the agreed provisions that ensure an adequate level of protection of Personal Data. For any request to this effect, please contact us at the contact details mentioned below.
6. SECURITY
The security of your Personal Data is important to us. Your Personal Data will therefore be processed by applying reasonable technical and organizational measures to protect Personal Data, such as limiting access to Personal Data, encryption or anonymization of Personal Data, storage on secure environments. However, despite our efforts, we cannot always guarantee the effectiveness of the security measures implemented, and therefore we cannot guarantee the security of Personal Data at any time.
7. RIGHTS IN CONNECTION WITH THE PROCESSING OF YOUR PERSONAL DATA
7.1 Your rights
You have the following rights in connection with the processing of your Personal Data:
Access right: You have the right to obtain from us confirmation that your Personal Data is processed by us, as well as information on the specific processing, such as: the purposes of processing, categories of processed Personal Data, recipients of Personal Data, the period for which Personal Data is stored, if we transfer the Personal Data abroad and how we protect it, your rights, the right to lodge a complaint before the supervisory authority, the source of your Personal Data.
Right to rectification: You have the possibility to request rectification of your Personal Data, provided that the applicable legal requirements are met. In the event of errors, after notification, we will immediately correct your Personal Data.
Right to erasure: In certain cases, you have the possibility to request the deletion of Personal Data, namely when: (i) the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) you withdraw consent on which the processing is based according and where there is no other legal ground for the processing; (iii) you exercise the right to object to the processing; (iv) the Personal Data have been unlawfully processed. We are not obliged to comply with your request when the processing is necessary (among others) for compliance with a legal obligation or for the establishment, exercise or defense of legal claims. There are also other circumstances in which we are not obliged to comply with this request for the deletion of Personal Data.
Restriction of processing: You may request us to restrict the processing of your Personal Data in the following circumstances: (i) you contest the accuracy of the Personal Data, for a period enabling us to verify the accuracy of the Personal Data; (ii) the processing is unlawful and then you oppose to the erasure of the Personal Data and request the restriction of their use instead; (iii) we no longer need the Personal Data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims; (iv) you have objected to processing, pending the verification whether our legitimate grounds override yours. However, we can continue to process your Personal Data (i) when you consent; (ii) for the establishment, exercise or defense of legal claims or (iii) for the protection of the rights of another natural or legal person.
Right to data portability: Insofar the Personal Data is processed based on your consent or on the execution of the agreement and the processing is carried out by automated means, you have the right to have your data Personal Data provided to you in a structured format, which is currently used and can be read automatically and you have the right to request us to transfer this Personal Data to another controller. This right shall not adversely affect the rights and freedoms of others.
Right to opposition: In certain situations, such as when we process your Personal Data on the basis of a legitimate interest, or for the purpose of sending marketing messages, you have the right to object to the processing of your Personal Data by us. In the event of unjustified objection, StartGDPR is entitled to continue processing Personal Data.
Withdrawal of consent: Insofar you consented to the processing of your Personal Data, you can at all times revoke your consent, without affecting the lawfulness of processing based on consent before its withdrawal.
Right not to be subject to any automatic individual decisions: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Such right cannot be exercised when the decision: (i) is necessary for entering into, or performance of, a contract between you and us; (ii) is authorized by law which lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or (iii) is based on your explicit consent.
Right to lodge a complaint with the supervisory authority: You have the right to lodge a complaint with The National Supervisory Authority for Personal Data Processing (“DPA”) in relation to any breach of your rights regarding the processing of your Personal Data. The contact details of the DPA are: 28-30 Gheorghe Magheru Boulevard, District 1, Postal Code 010336, Bucharest, Romania; e-mail: [email protected]
7.2. How to exercise your rights
To learn more about the manner in which you may exercise the aforementioned rights, please contact us at address below.
Identity verification: We take utmost care of the confidentiality of all Personal Data and we reserve the right to verify your identity if you make a request in relation to your Personal Data.
Fees: As a rule, you can exercise your rights free of charge. However, we reserve the right to request a reasonable fee if your claims are manifestly unfounded or excessive, in particular because of their repetitive nature.
Response Time: We make every effort to respond to your request within one month of receiving the request. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests, in which case we will inform you of any such extension and of the reasons for the delay.
8. CONTACT
If you have any questions or concerns about this Policy or its implementation, you may contact us at [email protected] .