Privacy Statement

Privacy Statement

Privacy Statement on personal data processing

Last update: May 2018

  1. Introduction

Grigorescu, Ştefănică şi Asociaţii SPARL (“bpv Grigorescu Ştefănică”) is a limited liability law firm registered with the Bucharest Bar.

This Privacy Statement concern the personal data processing carried out by bpv Grigorescu Stefanica. The Privacy Statement is applicable to all personal data processing we carry out, as well as to all interactions with our website hosted on the domains, or

  1. Name of the data controller and of the website owner

bpv Grigorescu Stefanica is a personal data controller and the owner of the website accessible at one of the following web addresses:

  1. Our business

At bpv Grigorescu Ştefănică, we make all efforts to provide our clients and partners with legal assistance and representation of the highest quality for their businesses.

In addition to our services, in order to further our current business relationships and develop future relationships, we support and contribute to a better understanding of the legal framework and we make relentless efforts to inform you with regard to legal, economic or industry matters relevant to you or your business. To that end, we also organise events for our clients, contacts, and partners, and we produce alerts, notifications, newsletters, reviews, and other information materials, both with respect to our areas of expertise and to our  professional activity (jointly referred to as “Information  Service”).

  1. Personal data we process

The collection of your personal data is strictly limited to what is necessary to provide you with an experience of the highest quality with regard to our services and to the use of our website.

Personal data we process may include:

  1. basic data for identification purposes, such as surname, name, academic title, title or position, work place, relationship to another person with whom we have an established connection (e.g., with an employee, with another contact or client, with a person who facilitated our connection with you);

  2. contact data, such as the physical work address or, as applicable, personal address, e-mail address, phone number;

  3. bank account and other financial information that allows us to perform contractual relationships of any kind, if the case;

  4. data you make available to us or which we collect as part of the know-your-customer process and of the observance of legal obligations on the prevention of money laundering;

  5. data you make available to us during registration, update of data or when unsubscribing from the Information Service, as well as during the registration and the attendance of events organised or supported by us, including, if available, data on special requirements or needs;

  6. data received or collected during your visits to one of our offices (including video records of you accessing the office);

  7. technical data (including the IP address), such as information on your visits on our website or in applications developed by us or by accessing materials and communications we send you electronically;

  8. any data you make available to us during our interactions.

Also, if you wish to join our team, we will process the personal data necessary for recruitment, such as your full name, e-mail address, phone number and mail address, any other data you make available to us by the application documents, which you provide by applying directly on the website, by submission or handing over in physical format at our office or via e-mail. Please see the dedicated section below “Information on the recruitment process” for more details on the recruitment process.

  1. How we collect personal data

We only collect the personal data that you provide voluntarily (in physical or electronic format), as well as information and data available from public sources:

– during the client-attorney interactions, on the basis of an engagement letter or during preliminary discussions, as part of negotiation and preparation of such agreement;

– by means of our website, when subscribing to the Information Service or when accessing other available information based on registration;

– when you contact us via e-mail, if you are interested in our services or in becoming employed or contracted by our company or express desire to cooperate with us, and

– upon meeting at business events (e.g., by the exchange of business cards).

  1. Legal grounds and purposes of processing

You are entitled to know the purpose for which we process your personal data and we will inform you prior to processing your personal data for other purposes than that for which you disclosed your personal data to us.

Performance of the contractual relationships with our clients

Based on the agreement we concluded with you, as client of bpv Grigorescu Ștefănică, we will process all personal data you make available to us, as well as any other data necessary to exercise our profession and to provide you with our services, according to the contractual provisions, to the applicable law  and regulations governing the lawyer’s profession  (Law no. 51/1995 for the organisation and practice of the lawyer’s profession and the Statute of the lawyer profession approved by the National Romanian Bars’ Association).

Professional communications

If you are our client or if you have contacted us for professional purposes, we will process your personal data based on the legitimate interest to send you communications specific to the Information Service which are of interest to you and your business, including invites to our events.

When you subscribe to the Information Service directly, by means of the website or another form of direct request, we will ask your consent for the processing of personal data in order to be able to supply those services for which you have requested the subscription.


We collect information necessary in the recruitment process, in order to be able to evaluate if you are appropriate for a position within bpv Grigorescu Ştefănică and for the purposes given below in the dedicated section “Information on the recruitment process”. The processing of personal data during the recruitment procedure is legally based on the performance of the agreement to be concluded with you, this processing representing the pre-contractual phase.

Also, we will keep records of the persons who have participated in the evaluation procedure and of the reasons for which they did not receive an offer or for which they rejected the offer, based on our legitimate interest, for the purpose of streamlining the recruitment procedure.

  1. Information on the recruitment process

You may apply for a position within bpv Grigorescu Ştefănică in the dedicated section on our website, via e-mail or by submission or hand-over of your application in physical format at our offices.

When you apply via the dedicated section on the website, we will request your full name, e-mail address, phone number and mail address, as well as a CV and a letter of application with the format and content of your choice.

We shall use your personal data related to the recruitment process to:

– evaluate whether you are appropriate for a position at bpv Grigorescu Ştefănică,

– contact you with regard to your application,

– manage the recruitment process,

– contact you with regard to subsequently vacant positions which we deem suitable for you, and

– keep records of prior recruitment processes of our company in which you participated and of the reasons why you have not been presented with an offer or why our offer has been rejected.

  1. Storage duration

If you have chosen to receive communications from the Information Service, we will store your personal date to provide this service for 2 years from your last interaction with our communications. Afterwards, following this period, we will ask again for your consent in order for you to keep benefiting from the Information Service.

If at any moment in time, you decide you do not want to benefit from the Information Service and you withdraw your consent, we will respect your decision and we will stop processing your personal data for this purpose.

Personal data collected in the recruitment process is stored and used for the purpose of keeping records on past recruitments for a period of 10 years from the date when you applied at bpv Grigorescu Ștefănică.

We shall delete your personal data when it is no longer necessary for the purposes for which they have been collected or when you withdraw your consent (if the processing of your data is based on consent), provided that we are not legally required or otherwise permitted to continue to hold such data. We may retain your personal data for an additional period to the extent deletion would require us to overwrite our automated disaster recovery backup systems.

  1. Third parties

As a rule, we do not share with or transfer your personal data to third parties. However, if the disclosure or transfer is required or if we are obliged  by law, we shall inform you in the shortest possible time with regard to such transfer, unless the applicable law, including the rules of governance for the obligation to maintain professional secrecy, prevents us from sending such notification.

If we disclose or transfer your personal data to third parties, we shall do so according to the applicable laws and take the necessary measures to ensure their integrity and protection.

For the processing of personal data, we may use data processors, e.g., providers of IT solutions necessary for business management, including financial accounting solutions, providers of contact management solutions or conference organisers. We shall conclude agreements for the processing of personal data with all data processors, which will include adequate clauses to ensure that data processors undertake obligations to process personal data (including to delete it) in full agreement with applicable laws and which provide an adequate level of protection to your personal data.

  1. Security of personal data

Personal data is secured against threats and we make sure they are protected by appropriate IT infrastructure and security measures. Moreover, we have implemented internal measures that allow us to discover, notify, and document persona data breaches in the shortest possible time.

If we discover any personal data breach that poses a risk for your rights and freedoms, we shall notify the National Supervisory Authority for Personal Data Processing. You will be informed with regard to your personal data breach if it leads to a high risk for your rights and freedoms.

  1. Your rights regarding the processing of personal data

You have the following rights regarding the processing of your personal data:

1. The right to access your personal data.

2. The right to rectification or erasure of personal data.

3. The right to restriction of processing of personal data. This right is available to you when:

a. you contest the accuracy of your personal data;

b. the processing of your personal data is unlawful,

c. we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or

d. you have objected to processing of your personal data, pending the verification of our legitimate interest ground.

4. The right to object to the processing of your personal data.

5. The right to data portability.

Should you have any questions related to the processing of your personal data or if you would like to submit a request, as well as to exercise any of the rights on the processing of personal data, please contact us at:

– e-mail address:

– phone: +40212641650.

– head office: 33 Dionisie Lupu Street, District 2, Bucharest, Romania.

We will review each request and notify you with regard to the undertaken actions in the shortest possible time, but no later than one month since the registration of your request. Should we require more information from you or experience difficulties in the settlement of your request, we shall notify you without delay with regard to the fact that we need additional time to perform a proper review of your request.

Should you consider that we have failed to settle all your requests or are discontent with our answers, you may file a petition with the National Supervisory Authority for Personal Data Processing. You may also refer to the courts of law.

  1. Amendments of the Privacy Statement

If we decide to amend this Privacy Statement, we will publish the new version on our website, which will supersede the current version.

Thank you for trusting us with your personal data and for finding the necessary time to read our Privacy Statement. Please feel free to contact us if you have any questions related to your personal data and our processing of your personal data.