Privacy policy
Welcome to Nicolescu & Partners!
This page reflects our privacy policy which falls under the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC („General Data Protection Regulation” or „GDPR”) and the national legislation on data protection and data security in force.
The General Data Protection Regulation lays down rules relating to the protection of the personal data belonging to natural persons and rules relating to the free movement of personal data. This Regulation applies directly in all EU Member States.
We understand the importance and sensitivity of the information you entrust us with and we commit to treat it entirely under the terms of this privacy policy.
This Privacy Policy explains how we process your personal data when you interact with our website, engage our legal services, and communicate with us.
As described by art. 4 point 2 of the GDPR, the processing of the personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The identity of the data controller:
The data controller who will process your personal information is Andrada-Mihaela Nicolescu, the coordinator lawyer of Nicolescu & Partners, with the headquarters in Bucharest, Romania, Nordului Street, 82 – 92B, ap. 16, having the fiscal code 33897477, postal code 014104, email address: andrada@nicolescu.law.
I. CATHEGORIES OF PERSONAL DATA WE MIGHT COLLECT
We may collect certain types of information about you, such as:
- Personal information: Name, Surname, email address, phone number, fax, or any other contact details, payment information.
- Legal information: Information related to your legal case, requests, projects, including documents, communications, and any other data relevant to the provision of legal services. We might also collect data from public sources and databases, such as information regarding relevant disputes/court actions submitted by you or against you/against a third party affiliated to you, or from third parties (such as other institutions/entities/data subjects).
- Usage information such as the IP address, date and time of your visit, data relating to your operating system and browser type and other information collected by visiting our website.
In order to execute our mandate, we may also process certain special categories of personal data about you, such as your political opinions, data concerning health, trade union membership, the Identity Card code, series and number, data on criminal convictions and offences. We will always process this type of data with your prior and explicit consent or when it is necessary for the establishment, exercise or defence of your legal claims. There might be cases when the processing of such data is necessary for reasons of substantial public interest, on the basis of Union or national law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard your fundamental rights and interests.
We collect your Personal Data directly from you when you:
a) interact with us on our website or contact us on our email address;
b) seek legal advice or representation from us;
c) provide or offer to provide services for us.
II. THE LEGAL GROUNDS AND THE PURPOSES FOR COLLECTING AND PROCESSING YOU PERSONAL DATA
In case you contact us by email/website, we will process your personal data for the purpose of solving your request, based on your consent.
In all the circumstances, we will process your personal data:
- only with your consent – in accordance with the provisions of Article 6 paragraph 1 letter a) GDPR;
- for the performance of a contract or in the pre-contractual stage – in accordance with the provisions of Article 6 paragraph 1 letter b) GDPR;
- to ensure the compliance with a legal obligation we are subject to – in accordance with the provisions of Article 6 paragraph 1 letter c) GDPR. Therefore, we might share your personal data to legal authorities, as the case may be, in order to fulfil a legal obligation or in response to a valid legal request;
- for the fulfilment of the purpose and legitimate interest pursued by us, which resides in the efficient processing of the requests sent to us by you – in accordance with the provisions of Article 6 paragraph 1 letter f) GDPR.
Whenever the applicable legal provisions require your prior and explicit consent for the processing of special categories of personal data, we will only process such data with your prior and explicit consent.
We will only process your personal data to the extent that it is necessary for the following purposes: to communicate with you, to conclude legal service agreements, to provide our legal services, for the fulfilment of any legal, regulatory, accounting or reporting purpose, or for any other purpose for which you provide your personal data to our firm.
III. DATA RETENTION
The personal data processed for the purposes mentioned herein will be retained by us only for the period of execution of our mandate and thereafter for the retention periods imposed by applicable law.
Subsequently, upon the expiration of these periods or upon the exercise of one of your rights (see Section VI), we will delete your personal data from our records.
IV. DATA TRANSFERS
Given the complexity of cases we are handling, we might share your personal information both to our team of attorneys, paralegals, and support staff involved in your case, but also to third-party service providers who assist us in providing legal services.
Please be aware that communications between you and our attorneys are protected by attorney-client privilege. This means that we will not disclose information related to your legal matters without your consent, except as required by law or ethical standards.
For potential data transfers outside the EU/ the European Economic Area, please note that the European Commission issued modernised standard contractual clauses under the GDPR to be concluded between us and the controllers or processors established outside the EU/EEA, thus ensuring that all other recipients outside the EEA provide an adequate level of data protection for personal data.
For more information regarding the standard contractual clauses, please check the link below:
Google Maps
To facilitate the identification of the location of our office, this site allows for the redirection to Google Maps once you click on our address.
Please note that once you have activated this service, Google Maps will store your IP address. As a rule, it is subsequently transferred to a Google server in the United States, where it is stored. The provider of this website has no control over this data transfer once Google Maps has been activated.
V. SECURITY OF YOUR PERSONAL DATA
Nicolescu & Partners has implemented appropriate technical and organizational measures (industry-standard security measures) to preserve the confidentiality and security of your personal data. However, please understand that no method of data transmission or storage is entirely secure, and we cannot guarantee absolute security.
VI. YOUR LEGAL RIGHTS
According to the relevant legal framework, you have the following rights:
- The right to withdraw your consent – when the processing of your personal data is based on your consent, you can withdraw it at any time. Such withdrawal of the consent will operate only for the future.
- Right of access: Upon request, you have the right to be informed whether your personal data are being processed.
If your personal data are being processed by us, you have the right to request access to them. This information includes, inter alia, the categories of personal data affected, the purposes of the processing and the recipients or categories of recipients to whom your personal data have been or will be transmitted. Where possible, the envisaged period for which the personal data will be stored or, where this is not possible, the criteria used to determine that period.
You also have the right to obtain a copy of your processed personal data.
- Right to rectification: You have the right to obtain from us the rectification of your incorrect personal data or to complete them.
- Right to erasure („the right to be forgotten”): You have the right to ask us to delete your personal data.
- Right to restriction of processing: You have the right to request the restriction of the processing of your personal data, in which case such data may be processed by us only for certain purposes.
- Right to data portability: You have the right to receive the personal data you have provided us with, in a structured, common, and machine-readable format, and you have the right to transmit this data to another entity/data controller.
- Right to object: You have the right to object to the processing of your personal data by us, especially when the processing is necessary for the purposes of the legitimate interests pursued by us. Once you have exercised this right, we will no longer process your personal data for that purpose.
- The right not to be the subject of a decision based solely on automatic data processing – you can request and obtain human intervention on that processing or you can express your own point of view with regard to this type of processing.
- The right to lodge a complaint and to address the courts of law – you can file a complaint about the way your personal data are processed with the National Supervisory Authority for Personal Data Processing and /or you can address the courts for the observance of your rights.
VII. RECORDS OF PROCESSING ACTIVITIES
As a data controller, we must keep a record of the processing activities, which shall contain the following information:
(a) our name and contact details;
(b) the purposes of the processing;
(c) a description of the categories of data subjects and of the categories of personal data;
(d) the categories of recipients to whom the personal data have been or will be disclosed including recipients in third countries or international organisations;
(e) where applicable, transfers of personal data to a third country or an international organisation;
(f) where possible, the envisaged time limits for erasure of the different categories of data;
(g) where possible, a general description of the technical and organisational security measures.
For enterprises with less than 250 employees, the obligations set out in this section are binding only if the processing is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data or personal data relating to criminal convictions and offences.
VIII. Notification of a personal data breach to the supervisory authority
In light of art. 33 paragraph 1 of the GDPR, if a personal data breach occurs, we will notify it to the National Supervisory Authority for Personal Data Processing without undue delay and if possible, not later than 72 hours from the date on which we became aware of it, unless it is unlikely to create a risk to the rights and freedoms of natural persons.
IX. Informing the data subject about the personal data breach
Considering art. 34 of the GDPR, when the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, we will inform you without undue delay of this breach, unless:
- appropriate technical and organizational protection measures have been implemented and these measures have been applied to the personal data affected by the personal data security breach, in particular, measures to ensure that personal data become unintelligible to any person not authorised to access it, such as encryption;
- further steps have been taken to ensure that the high risk to your rights and freedoms is no longer likely to materialise;
- it would require a disproportionate effort. In this situation, public information is instead carried out or a similar measure is taken whereby you are informed in an equally effective manner.
VERSIONS OF THIS PRIVACY POLICY
This Privacy Policy may be updated from time to time. Any update will become applicable from the moment the new version is published on our website or from the moment it has been communicated to you in any other way.
Please review this Privacy Policy periodically to stay informed about how we protect your information.