Grigorescu, Ştefănică şi Asociaţii SPARL (“bpv Grigorescu Ștefănică“, ”we” or “us”) is a limited liability law firm registered with the Bucharest Bar Association.

This privacy statement concerns the personal data processing carried out by bpv Grigorescu Ștefănică (“Privacy Statement“), through its website, as well as on the occasion of providing the services described in this document.

bpv Grigorescu Ștefănică  is a personal data controller and the owner of the website accessible at one of the following web addresses:

www.bpv-grigorescu.com
www.bpv-grigorescu.ro
www.bpv-grigorescu.eu

At bpv Grigorescu Ștefănică, we go to considerable lengths to provide our clients and partners with legal assistance and representation of the highest quality for their businesses.

In addition to our services, in order to further our current business relationships and develop future relationships, we support and contribute to a better understanding of the legal framework, and we make relentless efforts to inform you with regard to legal, economic or industry matters relevant to you or your business. To that end, we also organize events for our clients, contacts and partners, and we produce alerts, notifications, newsletters, reviews, and other information materials, both in relation to matters in our areas of expertise and to our professional activity as a firm or as members of the firm (jointly referred to as the “Information Service”).

A. Personal data processed by us

For the development of the contractual relationship, we collect the following personal data from you:

a. identification data such as name, surname, academic title, title or position, work-place, relationship with another person with whom we have an established connection (g. with an employee, another contact or client, with a person who facilitated our connection with you);

b. copy of your identity document, if the case;

c. contact details, such as the physical work or, as the case may be, personal address, email address, phone number;

d. bank account and other financial information necessary for the development of the contractual relationship, if the case;

e. data you make available to us or which we collect as part of the KYC process and of the observance of legal obligations on the prevention of money laundering;

f. any data made available to us by you during our interactions in connection with the fulfilment of the mandate you have entrusted to us.

B. How we collect personal data

We only collect the personal data that you provide voluntarily (in physical or electronic format), as well as information and data available from public sources:

a. during the client-attorney interactions, on the basis of an engagement letter;

b. during preliminary discussions, as part of negotiation and preparation of such agreement, including through our online form (Client Data Sheet) used to draft the engagement letter, open the customer account, invoice and to fulfil the KYC legal obligations and prevent money laundering;

c. when you contact us by email, phone or mail, if you express your interest in our services;

d. in the context of a meeting at a business event or other such events (g. by exchanging business cards).

C. Legal grounds and purposes of processing

Based on the agreement we concluded with you, as a client of bpv Grigorescu Ștefănică, we will process all personal data you make available to us, as well as any other data necessary to exercise our profession and to provide you with our services, according to the contractual provisions, to the applicable law and regulations governing the lawyer’s profession (e.g. Law no. 51/1995 for the organisation and practice of the lawyer’s profession and the Statute of the lawyer profession approved by the National Romanian Bars’ Association). The same applies to all personal data collected prior to the conclusion of an agreement with us, including through our online form (Client Data Sheet), regardless if the discussions and negotiations led to the conclusion of an agreement or not. We assure you that all your personal information and all your personal data remain under the protection of confidentiality applicable to client-attorney communications, even if you have not entered into an agreement with us.

If you are the legal representative or contact person for a legal entity, we will process your personal data based on our legitimate interest in order to ensure the exercise of the rights and fulfilment of the obligations resulting from the concluded contracts.

A. Personal data processed by us

For the performance of the contractual relationship, we collect the following personal data from you:

a. identification data such as name, surname, academic title, title or position, work-place, relationship with another person with whom we have an established connection (g. with an employee, another contact or client, with a person who facilitated our connection with you);

b. copy of your identity document, if the case;

c. contact data, such as the physical work address or, as applicable, personal address, e-mail address, phone number;

d. bank account and other financial information necessary for the performance contractual relationships, if the case;

e. any data made available to us by you during our interactions.

B. How we collect personal data

We only collect the personal data that you provide voluntarily (in physical or electronic format), as well as information and data available from public sources:

a. when you contact us by email, phone or mail, if you are interested in becoming our supplier or business partner;

b. in the context of a meeting at a business event or other such events (g. by exchanging business cards).

C. Legal grounds and purposes of processing

Based on the agreement concluded with you, as a supplier or business partner of bpv Grigorescu Ștefănică, we will process the personal data you provide us, as well as any other data necessary for the performance of our contractual and/or legal obligations. The legal basis for processing is the execution of an agreement with you or if you are the legal representative or contact person for a legal person, based on our legitimate interest in ensuring the exercise of rights and fulfilment of obligations arising from agreements.

Also, as regards the performance of financial-accounting operations, we process your personal data based on our legal obligations to ensure compliance with the applicable financial-fiscal provisions.

A. Personal data processed by us

The processed personal data include:

a. identification data, such as name, surname, job, employer;

b. contact details, such as e-mail address and phone number;

c. other data that you provide to us on the occasion of registration, updating of data or cancellation of the Information Service;

d. any other data made available to us during our interactions.

B. How we collect personal data

We collect only those personal data that you provide to us voluntarily (in physical or electronic format), as well as information available from public sources, through our website, when registering with the Information Service, if you are our client or if you have contacted us for professional purposes, including if you have expressed an interest in, registered for or participated in an event organized or held by us or when accessing other information available on the basis of registration.

C. Legal grounds and purposes of processing

When you subscribe to the Information Service directly through the website or other form of direct request, we will ask for your consent to processing personal data in order to provide those services to which you have requested to subscribe.

If you are a client or have contacted us for professional purposes, including if you have expressed an interest in, registered for or participated in an event organized or supported by us, we will process your personal data on the basis of our legitimate interest in sending you Information Service specific communications that are of interest to you and your business, including invitations to our events.

You can apply for a position within bpv Grigorescu Ștefănică by email or by mail or courier or by physically submitting your application to our office.

We will use your personal data regarding the recruitment process to:

a. assess whether you are suitable for a position within bpv Grigorescu Ștefănică;

b. contact you about your application;

c. manage the recruitment process;

d. contact you about the positions that become available later and for which we consider you have the right professional profile; and

e. keep records of any previous recruitment process of ours in which you participated and of the reasons for which an offer was not addressed to you or for which the offer was rejected.

A. Personal data processed by us

When you apply, we will limit the processing of your data to what is strictly necessary for the purpose of recruitment.

The processed personal data include:

a. identification data, such as full name, email address, phone number and postal address, any other data that you present to us through the application documents;

b. the data included in the CV and the letter of intent sent by you (including education, professional experience, hobbies);

c. any other data made available to us during our interactions.

B. How we collect personal data

We collect only those personal data that you provide to us voluntarily (in physical or electronic format), as well as information available from public sources, when you contact us by email, phone or mail if you express your interest in being employed by us or to collaborate with us.

C. Legal grounds and purposes of processing

We collect necessary information in the recruitment process in order to assess whether you are suitable for a position within bpv Grigorescu Ștefănică and for the purposes mentioned above in this section. The processing of personal data in the recruitment process is based on the execution of an agreement with you, as legal ground, this processing representing the pre-contractual phase.

Also, your further contacting, as a rejected candidate, for information on other career opportunities within bpv Grigorescu Ștefănică and your invitation to another interview or evaluation, can only be made based on your consent. We will keep track of the persons who participated in the evaluation processes and the reasons why they were not addressed an offer or why the offer was rejected, based on our legitimate interest in being able to respond to any complaints or requests made in connection with the recruitment process.

A. Personal data processed by us

We will collect the following personal data from you:

a. identification data, such as full name;

b. details related to the purpose of the visit, time of arrival and of departure;

c. video images of access to the office;

d. any other data you make available to us during our interactions.

B. How we collect personal data

We collect your personal data directly from you upon arrival at our headquarters. Furthermore, you may be recorded by our video surveillance system installed in the supervised areas (e.g. entry-exit access area), properly marked.

C. Legal grounds and purposes of processing

The collection of your personal data is strictly limited to what is necessary to ensure security within bpv Grigorescu Ștefănică, by keeping track of visitors and by video surveillance of properly marked areas. Any processing of your data for the purpose mentioned above is based on our legitimate interest in ensuring the security of our assets and personnel.

A. Personal data processed by us

We will collect the following personal data from you:

a. identification data, such as name, surname, email address, phone number, postal address;

b. photo-video images;

c. voice (if applicable, in the case of a recorded webinar);

d. data on special requirements and needs;

e. any data you make available to us during our interactions.

B. How we collect personal data

We only collect those personal data that you provide to us voluntarily (in physical or electronic format), reported at the time of your registration in order to participate in the event organized by us, as well as later, during its performance, when you contact us by email, phone or mail if you are interested in registering and participating in events organized or supported by us.

C. Legal grounds and purposes of processing

The collection of your personal data is strictly limited to what is necessary for the purposes envisaged by bpv Grigorescu Ștefănică and will be strictly limited to these purposes, namely the organization and conducting the events.

Any processing of your data, including the photo-video images in panoramic format, is based on the legitimate interest of bpv Grigorescu Ștefănică to make and promote the respective event. The processing of close-up photo/video images is done only on the basis of your consent, expressed also through gestures, behaviour (e.g. your posture in those images). If you do not wish to appear in such images, you can always contact the photographer directly.

If you participate in a webinar organized or supported by us, the processing of your personal data is based on our legitimate interest arising from the need to keep records with the people participating in the webinar and also to prevent possible security issues.

If the webinar is recorded, we may also process other personal data of yours, such as voice or images. This data will only be processed based on your consent. We consider that you agree to this when you connect to the webinar with the audio and/or video features on. Please note that you can always log in to the webinar with these features disabled, in case you do not want your data to be processed in this context.

A. Personal data processed by us

Our website contains cookies that collect personal data. The collection of personal data is strictly limited to what is necessary to provide you with the highest quality experience regarding the use of our website. We process technical data (including IP address), collected through cookies, such as information about your visits to our website or in applications developed by us or accesses of materials and communications that we send you electronically.

B. How we collect personal data

We collect your personal data through cookies placed on the website. Details regarding the processing of personal data by such tools are available in our Cookie Policy.

C. Purposes of processing

We use such cookies in order to provide you with a better user experience when you browse our website. For more information on the use of cookies on our website, please access our Cookie Policy available at https://www.bpv-grigorescu.com/cookies-policy/.

If you have chosen to receive communications from the Information Service or you receive such communications based on our legitimate interest as it is described under art. 6 above, we will store your personal data to provide this service for 2 years from your enrolment in our Information Service. Afterwards, following this period, we will ask again for your consent in order for you to keep benefiting from the Information Service.

If at any moment in time, you decide you do no longer want to benefit from the Information Service and you withdraw your consent, we will respect your decision, and we will stop processing your personal data for this purpose.

The personal data of the rejected candidates which are collected in the recruitment process and used for the purpose of keeping track of previous recruitment processes are stored for a period of 3 years from the moment you applied to bpv Grigorescu Ștefănică. Also, if you are not recruited for the position in question, you may be contacted in the future to find out about other career opportunities within bpv Grigorescu Ștefănică, if you have given your consent in this respect, in which case we can contact you for a period of 1 year after the completion of the recruitment process. After this period, you will not be contacted for possible career opportunities unless you have expressly requested otherwise.

The images captured on the video cameras will be kept, as a rule, for a maximum period of 30 days.

We shall delete your personal data when it is no longer necessary for the purposes for which they have been collected or when you withdraw your consent (if the processing of your data is based on consent), provided that we are not legally required or otherwise permitted to continue to hold such data. We may retain your personal data for an additional period, in case their immediate deletion would require us to overwrite our automated disaster recovery and backup systems.

As a rule, we do not share with or transfer your personal data to third parties. However, if the disclosure or transfer is required or if we are obliged by law, we shall inform you in the shortest possible time with regard to such transfer, unless the applicable law, including the rules of governance for the obligation to maintain professional secrecy, prevents us from sending such notification.

If we disclose or transfer your personal data to third parties, we shall do so according to the applicable laws and take the necessary measures reasonably available to us to ensure their integrity and protection.

For the processing of personal data, we may use data processors, e.g., providers of IT solutions necessary for business management, including financial accounting solutions, providers of contact management solutions or conference organisers. We shall conclude agreements for the processing of personal data with all data processors, which will include adequate clauses to ensure that data processors undertake obligations to process personal data (including to delete it) in full accordance with applicable laws and which provide an adequate level of protection to your personal data.

Personal data is secured against threats, and we make sure they are protected by appropriate IT infrastructure and security measures. Moreover, we have implemented internal measures that allow us to discover, notify, and document personal data breaches in the shortest possible time.

If we discover any personal data breach that poses a risk for your rights and freedoms, we shall notify the National Supervisory Authority for Personal Data Processing. You will be informed with regard to your personal data breach if it leads to a high risk for your rights and freedoms.

You have the following rights regarding the processing of your personal data:

a. The right to access your personal data.

b. The right to rectification or deletion of inaccurate personal data.

c. The right to restriction of processing of personal data. This right is available to you when:

i) you contest the accuracy of your personal data;

ii) the processing of your personal data is unlawful,

iii) we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or

iv) you have objected to processing of your personal data, pending the verification of our legitimate interest ground.

d. The right to data portability.

e. The right to oppose to processing of your personal data.

Should you have any questions related to the processing of your personal data or if you would like to submit a request, as well as to exercise any of the rights on the processing of personal data, please contact us at:

– e-mail address: data.protection@bpv-grigorescu.com

– phone: 40 21 2641650.

– head office: 33 Dionisie Lupu Street, District 2, Bucharest, Romania.

We will review each request and notify you with regard to the undertaken actions in the shortest possible time, but no later than one month since the registration of your request. Should we require more information from you or experience difficulties in the settlement of your request, we shall notify you without delay with regard to the fact that we need additional time to perform a proper review of your request.

Should you consider that we have failed to settle all your requests or are discontent with our answers, you may file a petition with the National Supervisory Authority for Personal Data Processing. You may also refer to the courts of law.

In the event we decide to amend this Privacy Statement, we will publish the new version on our website, which will supersede the current version.

Thank you for trusting us with your personal data and for finding the necessary time to read our Privacy Statement. Please feel free to contact us if you have any questions related to our processing of your personal data.