Our law firm is committed to implement the highest standards of confidentiality and transparency in relation to personal data that we process in connection with the performance of our legal services.
We take utmost care to process your personal data in accordance with the principles set forth in the data protection legislation applicable in Romania, including (EU) Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
Who are we and what we do
Mitel & Asociatii, having its headquarters at 143 Calea Grivitei, 1st District, Bucharest, Romania, registered with the Bucharest Bar Association under Decision 336/30.01.2003, having sole registration code RO15213953, acts as controller of your personal data for the purposes specified below.
What personal data we process
We may collect and process different types of personal data when you request legal advice or representation from us, when you use, access, navigate, request information or interact with our website and/or social media platforms (Facebook and LinkedIn) or when you render or offer to render services to us. We may collect information from other sources, such as social media platforms that may share information about how you interact with our social media content.
Personal data that we may collect and process are:
- Basic personal details (including identity and contact data), such as your name, address, telephone number, date of birth, marital status, passport number, employment history, name of the company you work for, educational or professional background, tax status, employee number, job title and function and other personal data concerning your preferences relevant to our services;
- Business information, including information provided in the course of the contractual or client relationship between you or your organization and Mitel & Asociatii or otherwise voluntarily provided by you or your organization which may, where relevant, include special categories of personal data (including, but not limited to, personal identification number, identity card series and number, data on your political opinions, religious beliefs, physical or mental health, as well as genetic or biometric data, data on union membership and data relating to criminal convictions and offences, information on relevant and important litigation or other court actions initiated against you or by you against one of your third party affiliates);
- Details and information about your visits to our offices or any other details on how you interact with us;
- Website usage and other technical data such as information collected during your visits to our website, the Internet Protocol (IP) address, login data, browser type and version, device type, time zone setting, browser plug-in types and versions, operating system and platform and other details of your visit to our site and the resources you access;
- Data that you voluntarily give us when you choose to participate in various activities related to social media platforms, such as user ID, your comments and opinions, evaluating posts and responding to feedback;
- Financial and payment data, including your bank account and other data necessary for processing payments and fraud prevention, including credit/debit card numbers;
- Identification and other background verification data such as a copy of IDs or passports or evidence of beneficial ownership or the source of funds to comply with “know your customer”/anti-money laundering laws and collected as part of our client acceptance and ongoing monitoring procedures;
- Recruitment-related data such as your curriculum vitae, education and employment history, details of professional memberships and other information as contained in your job application, as well as any references provided or obtained for the purposes of processing your application and for general recruitment and selection purposes;
- Video and other data relating to details of your visits to our premises or when you send us videos of you during the recruitment and selection process;
- Any other personal data relating to you that you willingly provide to us from time to time.
- Where we need to collect personal data by law or in order to process your instructions or perform a contract we have with you and you fail to provide that data when requested, we may not be able to carry out your instructions or perform the contract we have or are trying to enter into with you. In this case, we may have to cancel our engagement or contract you have with us, but we will notify you if this is the case at the time.
Do we collect personal data about other people?
If you provide personal data to us about any person other than yourself, your employees, counterparties, your advisers or your suppliers, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it or there is a legal ground that justifies such disclosure.
How we obtain personal data
The circumstances in which we may collect personal data about you include:
a. Where you provide it to us directly, for example:
- when you or your organization seek legal advice from us or use any of our online client services;
- when you or your organization offer to provide or provide services to us;
- when you interact with us by phone, email or other electronic means, or in writing, or when you provide other information directly to us, including in conversation with our lawyers, consultants and staff;
- when you or your organization browse, fill out a form or make an enquiry or otherwise interact on our website or other online platforms;
- when you attend our seminars or other events or sign up to receive personal data from us, including training;
- for recruitment purposes.
b. In certain circumstances, we collect your personal data from a third-party source. For example, we can collect personal data from your employer, other companies or individuals with which/whom you are connected, governmental agencies, credit bureaus, information or service providers or from public databases (such as the Electronic Archive for Secured Transactions, Trade Register, Insolvency Proceedings Bulletin, etc.).
How we use personal data
We may use your personal data for the following purposes:
- In the performance of a contract (or for taking steps linked to a contract) with you or your organization, at your request. This may include registering you as a client of Mitel & Asociatii, providing and managing legal services or ancillary services or solutions, as instructed by you or your organization, processing payments, billing and collection.
- When we have a legitimate interest in using your personal data, for example to manage our relationship with you or the company on behalf of which you instruct us, including identifying persons authorized to represent our clients, suppliers or service providers, to manage access to our premises and for security purposes, when you visit our offices, to facilitate use of our website and social media platforms and to ensure that content from our website is presented in the most effective manner for you and for your device, to protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities, for insurance purposes, to recover any payments due to us and, where necessary, to enforce such recovery, to exercise or defend our legal rights or to comply with court orders, to keep records of the work we have carried out for you or the company on behalf of which you instruct us;
- For compliance with a legal obligation, including maintaining records, compliance checks or screening and recording (e.g., anti-money laundering, commercial register checks, financial and credit checks, fraud and crime prevention and detection, trade sanctions and embargo laws, etc.). This may include automatic checks of personal data you provide about your identity against relevant databases and contacting you to confirm your identity, or making records of our communications with you for compliance purposes.
- Where you give us your consent – to communicate with you, to keep you up-to-date on the latest developments, announcements and other information about our services and solutions (including briefings, newsletters and other information), events and initiatives, to enable us to process applications for employment, internships or professional training for any position for which you may apply at our law firm.
If you have provided your consent to the processing and transfer of your personal data, you have the right to fully or partly withdraw your consent at any time. To withdraw your consent, please use the contact details provided in Section 12 below. While exercising this right, please also take into account that withdrawal of consent does not affect the lawfulness of processing based on consent before such withdrawal.
Who we share personal data with
While, as a rule, we will not disclose your personal data to any third parties, we may transmit such data to:
- third parties including certain service providers we have retained in connection with the legal services we provide, such as other legal specialists, translators, couriers or other necessary entities;
- courts, law enforcement authorities, regulators, government officials or attorneys or other parties where it is reasonably necessary for the dispute resolution process;
- insurers, insurance brokers and banks;
- IT services provider, whenever it is and strictly to the extent that it is necessary;
Please note this list is non-exhaustive and there may be other cases where we need to share data with other parties in order to provide the legal services.
We may also process your personal data to comply with our regulatory requirements or in the course of the dialogue with our regulators, as applicable, which may include disclosing your personal data to government, regulatory or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. Where permitted, or unless doing so prejudices the prevention or detection of a crime, we will direct any such request to you or notify you before responding.
Which countries we transfer personal data to
We will not transfer, as a rule, any of your personal data outside the European Economic Area (EEA).
To the extent that, in the context of the operations described above, your personal data may be transferred abroad to states in the European Union or EEA (for example, in the context of granting legal assistance requested by the client in transactions involving several jurisdictions), any transfer performed by Mitel & Asociatii to a European Union or EEA member state will observe the legal requirements laid down by the GDPR.
How long we keep personal data
We have implemented technical and organizational measures to organize the process and specific criteria for the retention of your personal data (including in accordance with our archiving policies).
We will cease any processing of your personal data when it is no longer reasonably required for the purposes for which they were collected or when you withdraw your consent (if applicable) and (i) there are no compelling legitimate grounds for us to continue processing your personal data (including our legal obligation to continue storing such data) which override your interests, rights and freedoms or (ii) if personal data are no longer necessary to us for the establishment, exercise or defense of legal claims.
How we protect personal data
We are highly committed to observing data privacy and, thus, we have implemented a range of commercially reasonable physical, technical and procedural measures to help protect personal data from unauthorized access, use, disclosure, alteration or destruction.
Furthermore, our staff and lawyers, as well as any third-party service providers we may engage that process personal data on our behalf (for the purposes listed above) are also contractually obligated to respect the confidentiality of your personal data.
What rights you have in relation to your personal data
In your capacity as data subject, the GDPR provides you with a series of rights including:
- Right of access, which allows you to obtain confirmation that your personal data are being processed by us and, if so, the relevant details of such processing activities;
- Right to rectification, which allows you to rectify your personal data if inaccurate;
- Right to erasure, which allows you to obtain the erasure of your personal data;
- Right to restriction, which allows you to obtain the restriction of processing your personal data;
- Right to object, which allows you to object to further processing of your personal data within the conditions and limits set forth by law;
- Right to data portability, which allows you to receive personal data concerning you that you have provided to us, in a structured, commonly used and machine-readable format or to transmit this data to another data controller.
You may exercise your aforementioned rights and find out more about such rights by filing with us, as data controller, a request at the contact details provided in Section 12 below.
You also have the right to file a complaint with the Data Protection Authority, having its headquarters at 28-30 G-ral. Gheorghe Magheru Blvd., 1st District, Bucharest, 010336, Romania.
Please be informed that our website uses strictly necessary cookies. These cookies are essential in order to enable you to move around our website and use features, such as accessing secure areas of the site. Without these cookies, services like enabling appropriate content based on your type of device cannot be provided.
In general, cookies are text files containing small amounts of information which are downloaded to your device when you visit a website.
How you can contact us