INFORMATION REGARDING PERSONAL DATA PROTECTION

 

The controller

The controller of the personal data is „Markó & Udrea” Attorneys At Law, having its headquarters in  Bucharest, 10 General Gheorghe Manu Street, 1st Floor, Sector 1, telephone:  +40-21-3151088, fax: +40-21-3167947, e-mail: office@marko-udrea.ro (hereinafter referred to as „Markó & Udrea”)

If you have any questions/suggestions or wish to exercise any of your rights as a data subject regarding your personal data, please contact us, by any means, by using the above contact details. All requests will be resolved promptly, in accordance with the applicable legislation, and free of charge.

We do not use cookies or other similar technologies that would lead to the identification or monitoring of the users of our website, www.marko-udrea.ro.

Categories of personal data processed and categories of data subjects

The personal data we process are mainly those voluntarily offered by the data subjects when interacting with us, or by their colleagues/collaborators, within the company or group of companies in which the data subjects activate, the data being necessary in the context of the contractual relationships we have with our clients or potential clients, in order to carry out activities specific to the legal profession.

We may also, in accordance with the applicable legal provisions, depending on the specific legal services requested by our clients and in connection with the supply thereof, perform verifications and/or obtain information or personal data about individuals from any competent institution (public authorities and institutions, autonomous authorities and institutions, courts of law, offices for the registration of certain rights), public registers, archives, public databases, electronic databases or third-party holders of such information and data.

Markó & Udrea processes categories of personal data, which may include, as the case may be:

  1. contact details and information, such as: first and last name, domicile/residence or business address, phone number and e-mail address of our existing or potential collaborators or partners, or of the employees/legal or conventional representatives thereof;
  2. personal data processed in the context of a legal assistance contract or in order to take the necessary steps prior to entering a legal assistance contract, such as: first and last name of the client/legal or conventional representatives of the client, citizenship, domicile/residence or business address, banking data and signature;
  3. personal data processed in the context of any legal matter, contract or other legal act, dispute or litigation, regarding which Markó & Udrea provides legal services, in which the data subjects are involved in any way (as a contracting party or as a party to a dispute, representative/employee/collaborator of one of the parties, participant in the procedure/formalities, witness, notary, expert, evaluator, public functionary, current or previous holder of any rights subject to legal analysis etc.);
  4. in the context of the provided services, we may also occasionally collect and process special categories of personal data, such as: personal identification number, serial number and identity card number/passport number, disciplinary sanction data, contravention sanction data, data on union membership, health data;
  5. personal data inserted into CVs and other data necessary to be processed in the context of a recruitment/employment/internship process or in the context of a work or collaboration relationship such as: first and last name, telephone number, home address, profession, workplace, professional training, date and place of birth, etc., which are disclosed to us voluntarily by candidates/employees/lawyers or which are acquired by us through our recruitment accounts, or whenever you write to us or contact us at your own initiative for sending us CVs, or when you manifest your desire to become our employee or collaborating lawyer (regardless of the means of communication - email, telephone, fax etc.).
  6. details of visits at Markó & Udrea headquarters as well as the visitor’s image, given the video surveillance of the premises where we carry out our activity;
  7. in the context of the SARS-CoV-2 virus pandemic, during the state of alert or as long as the controller has the legal obligations to take preventive measures against the spread of the SARS-CoV-2 virus, we collect data regarding the presence of any SARS-CoV-2 specific symptoms, such as: coughing, sneezing, rhinorrhea, difficulties in breathing, fever, generally altered state etc., data regarding body temperature or any other similar health data, of our collaborating lawyers/employees or of any visitor at Markó & Udrea headquarters. These types of data are disclosed by the data subjects verbally or by displaying specific symptoms, as well as by measuring/allowing the measurement of their body temperature at the beginning of work hours or when visiting the headquarters;
  8. in the context of the SARS-CoV-2 virus pandemic, during the state of alert or as long as the controller has the legal obligations to take preventive measures against the spread of the SARS-CoV-2 virus, we may collect data regarding visits to certain regions or areas that are considered risk areas in the context of the SARS-CoV-2 virus pandemic or data regarding any contact with infected people/people that are at risk of infection, concerning our associate lawyers/employees or any visitor at Markó & Udrea headquarters. These types of data are disclosed verbally by the data subjects;
  9. personal data voluntarily disclosed by the data subjects or that are disclosed to us and processed by us through our Facebook account or whenever data subjects write to us or contact us at their own initiative to send us requests, applications, suggestions, referrals and so on (regardless of the means of communication - email, phone, fax etc.).

Purposes and legal grounds for data processing by Markó & Udrea

We process personal because:

  1. the processing is necessary to enforce a contract to which the data subject is a party to, or to take measures prior to the conclusion of a contract, at the request of the data subject, when we process personal data:
    • for the purpose of commencing, carrying out or terminating activities specific to the legal profession, namely for the effective supply of legal services to our clients;
    • for the purpose of concluding or carrying out an employment, collaboration or supply of goods or services contract.
  1. the processing is necessary for complying with legal obligations of the controller, such as those situations where we process data:
    • for the purpose of complying with legal obligations regarding economic, financial and administrative management (in order to maintain and organize our bookkeeping in compliance with the law, to issue invoices, make payments etc.);
    • for the purpose of fulfilling our obligations of identifying our clients, and taking all the necessary legal measures for preventing and combating money laundering or combating the financing of acts of terrorism;
    • for the purpose of fulfilling our obligations to report to and inform fiscal authorities, as well as other authorities and/or institutions, agencies or other public bodies, where disclosure of personal data is required, according to the applicable legal provisions;
    • for the purpose of fulfilling our obligations regarding archiving documents and information;
    • for the purpose of fulfilling our obligations arising from the employment relationships with our employees, or from the collaboration with our associate lawyers;
    • for the purpose of ensuring the security of the premises used by us, as well as that of the persons and assets located therein;
    • in regard of the following categories of data: data regarding the presence of any SARS-CoV-2 specific symptoms, data regarding body temperature or any other similar health data, for the purpose of fulfilling our legal obligations to take preventive measures against the spread of the SARS-CoV-2 virus and to ensure that our professional activity is carried out in a healthy and safe work environment, by limiting the exposure of our collaborating lawyers/employees or of any visitor at our headquarters to the SARS-CoV-2 virus infection. These obligations are set out in Joint Order of the ministry of labour and social protection and ministry of health no. 3577/831/2020, as well as in Joint Order of the ministry of health and ministry of internal affairs no. 874/81/2020 and are as follows:
      • ensuring the epidemiological triage of our associate lawyers and employees by measuring their body temperature at the beginning of work hours and as many times as necessary during work hours;
      • ensuring the epidemiological triage of any visitor at Markó & Udrea headquarters in order to deny access to any person displaying symptoms that are specific to the SARS-CoV-2 virus infection and, respectively, to allow access to visitors that don’t display any such symptom, in accordance with the applicable legal requirements;
      • ensuring the isolation and the referral to their general practitioner of any associate lawyer/employee that displays respiratory symptoms (coughing, sneezing, rhinorrhea etc.) and/or whose body temperature is higher than 37,3 C° during work hours, as well as taking other measures, as provided by law;
      • interrupting any contact between the people inside the premises and any individual displaying specific symptoms;
      • informing all individuals who came into prolonged contact with the associate lawyer/employee that was diagnosed or is suspected of being infected with the SARS-CoV-2 virus (meaning any exposure that lasted more than 20 minutes, at a distance that is under 1,5 m and without wearing a protection mask) and taking all subsequent measures, as provided by law;
      • monitoring the health status of our employees and associate lawyers so that they may benefit from the preventive and prophylactic measures that were established at national level for the purpose of combating the spread of the SARS-CoV-2 coronavirus.
    • in regard of the following categories of date: data regarding visits to certain regions or areas and data regarding any contact with infected people/people that are at risk of infection, for public interest reasons concerning public health, in order to take preventive measures against the spread of the SARS-CoV-2 virus and to ensure that our professional activity is carried out in a healthy and safe work environment, by limiting the exposure of our associate lawyers/employees or of any visitor at our headquarters to the SARS-CoV-2 virus infection.
  1. the processing is necessary for protecting our legitimate interests or, subsequently, those of a third party (the latter being, generally, a customer, partner or collaborator of Markó & Udrea) - unless the interests or rights and freedoms of the data subjects prevail over these interests -, more precisely when we process data:
    • for the purpose of commencing, carrying out or terminating activities specific to the legal profession, namely for the effective supply of legal services to our clients (for example: providing legal advice, legal assistance and representation before the courts of justice, before authorities with judicial powers, public notaries and bailiffs, public administration bodies and institutions, as well as other legal entities, in accordance with the law; drafting legal documents, attesting the identity of the parties, the content and date of the documents presented for certification; or other activities permitted by the law or specific to our profession), when processing is made in the context of any legal matter, contract or other legal act, dispute or litigation, in which the data subjects are involved in any way (as a contracting party or as a party to a dispute, representative/employee/collaborator of one of the parties, participant in the procedure/formalities, witness, notary, expert, evaluator, public functionary, current or previous holder of any rights subject to legal analysis etc.);
    • for the purpose of concluding or carrying out a collaboration or services supply contract, or any other type of contract, which has as object goods or services that are necessary for Markó & Udrea, when the processing is necessary for the conclusion or carrying out of a contract to which the employer of the data subject (or the organization/structure of which the data subject is a part) is a party;
    • for the purpose of managing the relationships with our clients, partners or collaborators, including when processing is required to manage the relationship with the employer of the data subject (or the organization/structure of which the data subject is a part);
    • for the purpose of managing and preparing internal audit reports;
    • for the purpose of complying with internal rules or regulations, codes of conduct or general practices applicable to Markó & Udrea or our clients/partners;
    • for the purpose of collecting debts and recovering assets, as well as exercising and/or defending Markó & Udrea’s rights;
    • for the purpose of carrying out a recruitment/employment/internship process or in the context of an existing employment or collaboration relationship;
    • for the purpose of monitoring/ensuring the security of the security of the premises used by us, as well as that of the persons and assets located therein.

Generally our legitimate interests are mainly to carry out our activity in good faith, in accordance with the applicable legal provisions and with the standards and deontology applicable to organizing and practicing the lawyers’ profession, and the legitimate interests of our clients, partners or collaborators are mainly to carry out their business in full compliance with the law, in good faith and to benefit from legal services for that purpose, in accordance with the applicable standards and in compliance with the internal or corporate regulations to which they are subject.

In the situation of special categories of data, as a rule, the processing will be based on: the consent of the data subject, the existence of a legal obligation to process such data categories, or the fact that the processing is necessary for the ascertainment, exercise or defence of a right in front of the courts of justice.

The need to provide data and the consequences of non-fulfilment of such an obligation

The provision of personal data is a contractual obligation, necessary for the conclusion of a contract for the purposes referred to in point A above, respectively a legal obligation regarding the purposes referred to in point B above. Consequently, the refusal to provide personal data correctly and completely, for the purposes specified at points A or B above, may prevent us from properly fulfilling our contractual or legal obligations and may result in the impossibility to contract our services, or the termination or restriction of the legal services, as the case may be.

Categories of recipients of personal data

Within our processing operations we may, in order to comply with any applicable legal provision or for supplying the contracted services, disclose personal data to certain natural or legal persons (recipients) for the purposes mentioned above, on a case-by-case basis, such as: courts of law, arbitration courts; parties involved in the legal relations or their contact persons/employees/legal or conventional representatives, including contractual partners of our clients, counsellors, auditors, experts, evaluators, notaries, other lawyers and other forms of exercising the profession; service providers providing to us operational/functional services (accountancy, security, internet, telephony etc.); law enforcement authorities and/or agencies or other public authorities, at local or international level, or their contact persons/employees/legal or conventional representatives; any other persons in regard of which you have authorized us to disclose your personal data.

In case of suspicion/confirmation of SARS-CoV-2 virus infection, these categories of data shall be disclosed to all individuals whom the data subject came into prolonged contact with (meaning any exposure that lasted more than 20 minutes, at a distance under 1,5 m and without wearing a protection mask), to their general practitioner and, as the case may be, to the public health authorities entitled to take mandatory subsequent measures.

Transfer of data to third countries and security measures

If transfer of data is necessary for the above mentioned purposes, we only transfer data to Member States of the European Union or the European Economic Area. However, depending on the locations of the recipients of the data or the locations of the servers on which the transferred data are stored, it is possible that, if necessary for the above-mentioned purposes, some data are transferred to a third country, outside the European Union or the European Economic Area. In the case of such international transfers, we will make our best efforts to ensure that these transfers take place based on a decision on the adequacy of the level of protection (to third countries recognized by the European Commission as ensuring an adequate level of protection) or under the condition of other adequate protection measures (e.g. standard terms assumed by the recipients), according to the applicable legislation in the domain.

Storage period/Criteria for determining the storage period

We will keep your personal data for the amount of time required to comply with our contractual obligations, specifically for a period of time established by the legal provisions regarding the archiving of information when providing legal services, by the applicable tax/financial legislation and by other regulations. In order to determine the period for which the data will be stored, we take into account the contractual duration, as well as the archiving terms applicable to the documents created by us. We shall store personal data for a period not exceeding 10 years from the termination of the contract in connection with which we have collected/processed data, except if the law requires a longer period of time.

Personal data inserted into CVs and other data necessary to be processed in the context of a recruitment/employment/internship process shall be kept for a period not exceeding 2 years.

The categories of data collected for the purpose of taking preventive measures against the spread of the SARS-CoV-2 virus and ensuring that our professional activity is carried out in a healthy and safe work environment, by limiting the exposure of our associate lawyers/employees or of any visitor at Markó & Udrea headquarters to the SARS-CoV-2 virus infection, are used and stored strictly for the above mentioned purposes, during the state of alert or as long as the controller has the legal obligations to take preventive measures against the spread of the SARS-CoV-2 virus.

Data regarding body temperature, as well as data regarding visits to certain regions or areas that are considered risk areas in the context of the SARS-CoV-2 virus pandemic are not stored in any electronic or physical form.

Data subjects rights with respect to personal data

Data subjects have certain rights that can be exercised under the law, including the following:

The right of access

Data subjects have the right to obtain from us a confirmation that personal data concerning them are processed or not, and, if so, access to such data and relevant information in connection with such data, such as: the purposes of the processing; the categories of data concerned; the recipients or categories of recipients to whom the data has been or are to be disclosed, in particular recipients from third countries or international organizations; where possible, the period for which data is expected to be stored or, if that is not possible, the criteria used to establish that period; or, where the data are not collected from the data subjects, any available information on their source.

The right to rectification

Data subjects have the right to obtain from us the rectification of inaccurate personal data concerning them. Taking into account the purposes for which data was processed, data subjects have the right to obtain the completion of incomplete personal data, including by providing an additional statement.

The right to erasure (“the right to be forgotten”)

Data subjects have the right to obtain, without undue delay, from us, the deletion of their personal data, if personal data are no longer necessary for the purposes for which they were collected or processed; if data subjects withdraw their consent on the basis of which processing is carried out and there is no other legal basis for processing; or if personal data must be deleted for compliance with a legal obligation of Markó & Udrea.

The right to restriction of processing

Data subjects have the right to obtain a restriction on the processing of their personal data in the cases and conditions provided by the law, such as the situation in which the accuracy of the data is disputed.

If the processing has been restricted, such personal data may be processed, except for storage, only with the consent of the data subjects or for the establishment, for exercising or for the defence of a right in court or for the protection of the rights of another natural or legal person; or for reasons of public interest.

The right to data portability

Data subjects have the right to receive their personal data that they have provided to us in a structured, commonly used, auto-readable format, and they are entitled to transmit this data to another controller, without any obstacles from us, where the processing is based on their consent or the need to execute a contract, and the processing is carried out by automatic means.

In exercising the right to data portability, data subjects are entitled that their personal data to be transmitted directly from us, where this is technically feasible.

The right to object

At any time, data subjects have the right to object, for reasons related to their particular situation, to the processing based on the legitimate interest of Markó & Udrea or of third parties, including to the profiling related to such processing. Where the data subject exercises his/her right to object, the controller will no longer process personal data unless the controller demonstrates that it has legitimate and compelling grounds for the processing which override the interests, rights and freedoms of the data subject; or that the purpose of processing is the establishment, exercise or defence of a right in court.

The right to lodge a complaint

In the event that a data subject considers that his/her rights have been infringed, he/she is entitled to address the National Supervisory Authority for Personal Data Processing located in 28-30 Blvd. General Gheorghe Magheru, Sector 1, post code 010336, Bucharest, Romania (fax: +40 318 059 602, e-mail: anspdcp@dataprotection.ro), at any time, with a complaint or referral in this respect. Also, data subjects are entitled to submit a legal claim before the competent courts of justice.

The security of personal data

We make every effort to protect personal data that are in our possession or under our control, by establishing appropriate security measures to prevent unauthorized access, collection, use, disclosure, copying, modification or disposal, as well as other similar risks. These security measures are constantly updated and evaluated to ensure that personal data are processed safely at all times.