GDPR Compliance Privacy Policy

 

The privacy of the personal data of our users is one of the fundamental commitments of ZINCĂ&ZIDARU („the Firm” or „us”) which shall take into account and respect the applicable legal principles so that all data processing be lawful, fair and transparent and the collected data be appropriate, relevant and limited to what is required in relation to the purposes for which it is processed.

The following Privacy Policy describes:

  • the purposes for which we collect and use your personal data;
  • the processing reasons for such purposes;
  • the categories of personal data we collect from you and which we process;
  • the length of processing of these data;
  • your rights as individuals and how you can exercise them;
  • to whom can we disclose the personal data.

The Firm processes such personal data as a subject to the Privacy Policy, in accordance with the principles set forth in the applicable data protection legislation in Romania, including the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC („GDPR”).

We reserve the right to update and periodically modify this Privacy Policy to reflect any changes to the legal requirements of the way we process your personal data or any changes to the applicable legal provisions.

 

1. Who are we? How can you contact us about issues related to personal data?

Our firm, ZINCĂ&ZIDARU SCA, is a Romanian law firm, identified by CIF 40661028. The headquarters of our firm are located in Bucharest, district 2, 68 Dacia Bd., ground floor, ap. 1. You can also contact us via e-mail, at: This email address is being protected from spambots. You need JavaScript enabled to view it.

 

2. What categories of personal data do we process?

In general, we collect your personal data directly from you:

  • When filling in the form to obtain an appointment, you usually send us your name, surname, e-mail address, telephone number;
  • When you send us your CV, you usually send us your name, surname, e-mail address, telephone number, social status, mailing address, date of birth, photo and other personal data contained in it, which you personally decide to send us;
  • When we issue the invoices for the legal services rendered to you, you usually send us the CIF / CUI, bank account, etc. (if applicable)
  • Any personal data you transmit to us on the occasion of your correspondence with us.

We do not want to collect or process data of minors who are under the age of 18.

 

3. What are the purposes and grounds of processing?

We will use your personal data for the following purposes:

 

  1. To deliver the Firm’s services in your benefit:

    This general purpose may include, on a case-to-case basis, the following:

    • Providing legal services;
    • Drafting offers following your request;
    • Carrying out recruitment procedures;
    • Solving various requests/questions/notices submitted by you.
     

    Processing your data for these purposes is, in most cases, based on your consent or on the conclusion and performance of the contract between the you and the Firm.

  2. To improve our services

    We may collect and use certain information about your user behavior, or we can conduct research and market research directly or through partners. We base these activities on our legitimate interest in doing business, always taking care that your fundamental rights and freedoms are not affected.

    (!) You may, at any time, request us, by the means described above, to disable the processing of your personal data for marketing purposes. We will, as soon as possible, but no later than 30 calendar days, comply to your request.

  3. To defend our legitimate interests

    There may be situations in which we use or transmit information with the purpose of protecting our rights and activity. These may include:

    • Measures to protect our website from cyber attacks;
    • Measures to prevent and detect fraud attempts, including the transmission of information to competent public authorities;
    • Measures aimed at the legitimate interest of the Firm; for example, for the purpose of establishing, exercising or defending a right, for internal administrative purposes, to invoice the services rendered and make the related payments; to protect copyright and related rights;
    • Measures to manage various other risks.

 

5. How long do we keep your personal data?

As a general rule, we will store your personal data as long as the relationship between you and the Firm lasts. These will be deleted when they are no longer reasonably required for the authorized purposes or when you withdraw your consent (where applicable) and it is no longer legally necessary for us to continue storing the data.

Under certain circumstances, we may keep your personal data for longer periods of time (up to 3 years) so we can accurately record your relationship with us in case of any complaints or problems that may arise or if we reasonably believe that a litigation has the potential of occurring.

In the case of personal data covered by the legal provisions governing the archiving process of documents, the storage of such data will be done throughout the time required by the respective legal provisions.

(!) You may, at any time, ask us to delete certain data by sending us a written request at the e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it.. Requesting deletion of certain personal data does not affect the lawfulness of the processing based on consent prior to its withdrawal.

 

6. To whom do we submit your personal data?

As a rule, your data is processed in complete confidentiality only by the members of the Firm.

However, we may give access to certain personal data to:

  • the Firm’s technical support team
  • the Firm’s accounting team
  • public authorities, state bodies or courts

Only if:

  • we have your consent and / or
  • we have a legitimate interest in entering into direct and necessary reports with these third parties/entities
  • if we have a legal obligation
  • if it is necessary to protect our legitimate interest

 

7. In which countries do we transfer your personal data?

We currently store and process your personal data on the territory of Romania.

 

8. How do we protect the security of your personal data?

  • by implementing appropriate technical and organizational measures, according to the industry’s standards
  • by keeping your personal data on secured servers using state-of-the-art encryption algorithms

Despite the steps taken to protect your personal data, we draw your attention to the fact that sending information via the Internet in general or through other public networks is not completely secure; there is a risk that the data may be seen and used by unauthorized third parties. We can not be responsible for such vulnerabilities of systems that are not under our control.

 

9. What rights do you have?

In order to exercise your rights, you may contact us by email using the contact details listed above. Please note the following if you wish to exercise these rights:

  • Identity and requests. Please send us any request regarding such records in writing using the e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it. and including the reason for your request. We reserve the right to verify your identity by requesting additional information with this specific purpose;
  • Response time. We plan to respond to any valid requests within a maximum of 30 days, unless this is particularly complicated, the Firm has a very large volume of requests to resolve or if you have submitted various requests - in which case we will respond within 60 days.;
  • Third party rights. We do not have to respect a request if it adversely affects the rights and freedoms of other persons concerned.

 

10. Concerned rights and their description

Access

You can request from us:

  • to confirm that we process your personal data;
  • to provide a copy of these data;
  • to give you other information about your personal data.

Rectifications

You may ask us to rectify or complete your inaccurate or incomplete personal data.

Deleting data

You may ask us to delete your personal data, but only if:

  • these are no longer necessary for the purposes for which they were collected; or
  • you have withdrawn your consent (if the data processing is based on consent); or
  • you have a legal right to oppose; or
  • the data have been illegally processed; or
  • we have a legal obligation to do so.

We are not obliged to comply with your request for deletion of your personal data if processing the data is required:

  • to comply with a legal obligation; or
  • for acknowledging, exercising or defending a right in court.

Restriction of data processing

You may ask us to restrict the processing of personal data, but only if:

  • the accuracy of the data is contested (see rectification section) to allow us to verify their accuracy; or
  • processing is illegal, but you do not want the data to be deleted; or
  • the data are no longer necessary for the purposes for which they were collected, but you need them to acknowledge, exercise or defend a right in court; or
  • you have exercised the right to oppose and verifying whether our rights are prevailing is ongoing.

We may continue to use your personal data following a restriction request if:

  • we have your consent; or
  • to acknowledge, exercise or secure the defense of a right in court; or
  • to protect the rights of other individuals or legal entities.

Data portability

You may ask us to provide your personal data in a structured, commonly used and readable form or request it to be "ported" directly to another data operator, but in each case only if:

  • processing is based on your consent or on the conclusion or performance of a contract with you; and
  • processing is done by automatic means.

Opposition

You may oppose at any time, for reasons related to your particular situation, to the processing of your personal data based on our legitimate interest if you believe that your fundamental rights and freedoms prevail over this interest.

Automated decision-making

You may ask not to be the subject of a decision based exclusively on automatic processing, but only when that decision:

  • produces legal effects on you; or
  • affects you in a similar way and in a significant measure.

This right does not apply if the decision taken following an automatic decision-making process:

  • is necessary to us in order to conclude or perform a contract with you;
  • is authorized by law and there are adequate safeguards for your rights and freedoms; or
  • it relies on your explicit consent.

Complaints

You have the right to complain to the competent supervisory authority about the processing of your personal data. In Romania, the contact details of the competent data protection authority are as follows:

The National Supervisory Authority For Personal Data Processing

Address: 28-30 G-ral. Gheorghe Magheru Bd, district 1, postal code 010336, Bucharest, Romania

Telephone: +40.318.059.211 or +40.318.059.212

E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Without affecting your right to contact the supervisory authority at any time, we kindly ask you to contact us in advance, we will do our best to resolve any issues amicably.

© 2019 Zinca & Zidaru

Zincă&Zidaru