Introduction

The right to the protection of your personal data is a right intrinsic to your personality and imposes our correlative obligation to respect it and, if we obtain such personal data, to provide the necessary security and protection of them.

This privacy policy concerns the processing of personal data by Counselors through this site, namely, the transmission of your name and email (the latter, if it is personal) by filling in the contact form provided by this site, if you contact us through this method, your telephone number (if it is personal) which will be communicated indirectly by displaying it on our phone screen - if you call us, as well as any other personal data, which you consider necessary to provide thorugh any contact method provided by this site (hereinafter defined as the "Processed Personal Data").

This privacy policy reflects your rights regarding Processed Personal Data, as well as our obligations, governed by Regulation no. 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, ("GDPR"), by Law no. 506/2004 on personal data processing and protection of privacy in the electronic communications sector, as well as any other laws or regulations applicable to the processing of personal data (hereinafter defined as the "Applicable Law").

Changes to the privacy policy

We reserve the right to periodically update and modify this privacy policy, to reflect any changes in the way we process Processed Personal Data or any amendments to the legal requirements. In the case of any such changes, we will display on our site the modified version of the privacy policy, which is why you should periodically check the contents of this privacy policy.

Who are we and how you can contact us

Counselors and this site are used by TRAILESCU AND ASSOCIATES LAW FIRM (Romanian: TRĂILESCU ȘI ASOCIAȚII SPARL), a Romanian limited liability professional law firm, established under the Bucharest Bar Decision no. 2419 of 29 November 2022, having the fiscal registration code 47308792, with the professional headquarters at 9 Visarion Street, building A, 3rd floor, Sector 1, Bucharest (" Counselors", "we", "our"). The official registration of the law firm can be found on the Bucharest Bar's website, here: https://www.baroul-bucuresti.ro/avocati/11820/trailescu-si-asociatii.

For the purposes of the Applicable Law, we are the data protection officer responsible with the Processed Personal Data.

For any information or requests, we encourage you to contact our data protection officer at the email address gdpr@counselors.legal or by mail or courier at the following address: 57 Iuliu Maniu Boulevard, postal code 061081, block OD16, en. E, 2nd floor, app. 188, Sector 6, Bucharest, in the attention of the data protection officer.

What categories of personal data we process

We collect personal data only if you contact us and only for the purpose of keeping track of our internal mailing history, customer database and potential customers.

These Processed Personal Data are:

• if you contact us by filling in the form on the site, your filled name and email address; and
• if you call us, the phone number used when contacting us.

We do not collect or process other personal data.

The grounds and purpose of the personal data processing

We collect and process personal data for the purpose of correspondence between you and us, keeping track of our mailing history, client database and potential customers.

Also, if we conclude a legal assistance contract with you, the same or some of the Processed Personal Data may be used to fulfill the mandate, as the case may be (for example, in the preamble of a court claim, a complaint, another request, etc., for identification of the person on whose behalf we perform the respective steps).

The Processed Personal Data can be taken into account in the internal improvement actions of our activity, in the interaction with the client.

There may be situations in which we will use or transmit information to protect our rights and activity. Such may include:

• measures to protect the site and its users against cyber attacks;
• measures to prevent and detect fraud attempts, including transmission of information to the competent public authorities; and
• measures to manage various other risks.

All the above purposes are pursued by prioritizing your fundamental rights and freedoms, taking special care in their processing.

The general grounds of these types of processing is our legitimate interest in defending our professional activity, being understood that we make sure that all the measures we take guarantee a balance between our interests and your fundamental rights and freedoms.

Also, in some cases we base our processing on other legal provisions such as the obligation to ensure the protection of assets and values ​​as provided by the Applicable Law.

Period of retention of the Processed Personal Data

As a rule, we will store the Processed Personal Data as long as there is a real possibility of you returning with future requests, but not more than 3 years from the last interaction.

To whom we transmit the Processed Personal Data

As the case may be, we may transmit or provide access to the Processed Personal Data to the following categories of recipients, strictly for the purposes specified above:

• to our collaborators;
• courier service providers; and
• IT service providers.

If we have a legal obligation, or if necessary to defend a legitimate interest, we may also disclose certain Processed Personal Data to public authorities.

We ensure that access to your data by third parties is carried out in accordance with the Applicable Law, on the basis of contracts concluded with them.

Countries where we transfer Processed Personal Data

Currently, we store and process personal data on the territory of Romania and France (Paris).

You can contact us anytime, using the contact details above, to find out more information about the countries in which we transfer the Processed Personal Data, as well as the guarantees you benefit from regarding these transfers.

The security of the Processed Personal Data

We are committed to ensuring the security of our Processed Personal Data by implementing appropriate technical and organizational measures, according to industry standards.

We keep your Processed Personal Data on secure servers, using state-of-the-art encryption algorithms and ensuring storage redundancy.

Despite the measures taken to protect the Processed Personal Data, we would like to point out that the transmission of information via the internet in general or through other public networks, is not completely secure, with the risk that the data will be viewed and used by unauthorized third parties. We cannot be held responsible for such vulnerabilities of systems that are not under our control.

What rights do you have?

GDPR recognizes a number of rights in connection with your Processed Personal Data. You may request access to your data, correct any errors in our files and/or you may object to their processing. You may also exercise your right to complain to the competent supervisory authority or to file a claim in court. If applicable, you may also have the right to request the deletion of such data, the right to restrict their processing and the right to data portability.

More information on each of these rights can be obtained by consulting the information below.

In order to exercise your rights, you may contact us using the contact details set out above.

We will not charge a fee to exercise any rights with respect to your Processed Personal Data.

We aim to respond to any valid requests within a maximum of one month, unless such are very complicated or if you have made several requests, in which case we will respond within a maximum of two months, respectively within one month of your last request.

We shall not comply with a request if it would adversely affect the rights and freedoms of other parties.

Access

You can ask us to:

• confirm if we process your personal data;
• make available a copy of such data; and
• provide you with other information about your personal data, such as the data we have, at what we use them, to whom we disclose them, if we transfer them abroad and how we protect them, how long we keep them, what rights do you have, how can you make a complaint, where did we get your data, as far as tsuch information has not already been provided under this policy.

Correction

You may ask us to rectify or supplement your inaccurate or incomplete personal data, as the case may be.

We may try to verify the accuracy of the data before rectifying it.

Deleting data

You can ask us to delete your Processed Personal Data, but only if:

• they are no longer necessary for the purposes for which they were collected;
• you have withdrawn your consent (if the data processing was based on your consent);
• enforce a legal right to object;
• these were processed illegally; or
• we have a legal obligation in this regard.

We have no obligation to comply with your request for deletion of your personal data in the case in which their processing is necessary for:

• compliance with a legal obligation; or
• finding, exercising or defending a right in court.

Restriction of data processing

You can ask us to restrict the processing of your personal data, but only if:

• their accuracy is challenged (see the correction section), to allow us to check their accuracy;
• processing is illegal, but you do not want the data to be deleted;
• they are no longer needed for the purposes for which they were collected, but you need them to find, exercise or defend a right in court; or
• you have exercised your right to oppose it, and verifying whether our rights prevail is in progress.

We may continue to use your personal data following a restriction request, in the following cases:

• we have your consent;
• to ascertain, exercise or ensure the defense of a right in court; or
• to protect the rights of another natural or legal person.

Data portability

You can ask us to provide your personal data in a structured format, commonly used and automatically readable, or you can request it to be "ported" directly to another data protection officer, but in each case only if:

• the processing is based on your consent or the conclusion or performance of a contract with you; and
• the processing is done by automatic means.

Opposition

You may at any time oppose the processing of your personal data on the basis of our legitimate interest, if you consider that your fundamental rights and freedoms prevail over such interest.

Automatic decision making

You may request not to be the subject of a decision based solely on automatic processing, but only when that decision:

• creates legal effects on you; or
• it affects you in a similar way and to a significant extent.

This right does not apply if the decision reached following the automatic decision making:

• is necessary for us to conclude or perform a contract with you;
• is authorized by law and there are adequate guarantees for your rights and freedoms; or
• is based on your explicit consent.

Complaints

You have the right to file a complaint with the supervisory authority regarding your personal data processing. In Romania, the contact details of the supervisory authority for personal data processing are as follows: The National Supervisory Authority For Personal Data Processing, with the address on 28-30 General Gheorghe Magheru Boulevard, Sector 1, postal code 010336, Bucharest, Romania, phone: +40.318.059.211 or +40.318.059.212, e-mail: anspdcp@dataprotection.ro.

Without affecting your right to contact the supervisory authority at any time, please contact us in advance, and we promise that we will make every effort to resolve any issues amicably.