PERSONAL DATA PROCESSING AGREEMENT
This document describes the type of personal data processed by Buduşan & Asociaţii for the purpose of providing legal attorney services, under Law no. 51/1995, namely, the manners in and the scope for which Buduşan & Asociaţii colects and/or processses or, as the case may be, transfers personal data, as well as the rights and options of the clients of Buduşan & Asociaţii in respect of personal data protection, and is issued in line with the recent modifications in the data protection regulations at EU level, under which the explicit approval of the client is required in order to process personal data, including for the scope envisaged in this document.
1. This document is intended for Buduşan & Asociaţii, headquartered in Bucharest, 43 Calea Dorobanților , first floor, ap. 2, 010553, 1st District, Bucharest, authorized by Bucharest Bar Association Decision no. 2868/20.12.2019 (“BA”), www.budusan.ro.
2. BA colects and/or processes personal data in the following situations:
(i) For the purpose of signing or performing a contract made by BA;
(ii) For the purpose of complying with a legal obligation of BA;
(iii) Based on the explicit consent of the personal data owner;
(iv) For protecting the legitimate rights and interests of the personal data owner or of other individuals, including those of BA, in accordance with the legal provisions regulating attorney services;
(v) In order to ascertain, exercise or defend a legitimate right or interest in front of public, judicial or administrative authorities.
3. BA colects and/or processes personal data for the following scope:
(i) Provision of legal attorney services in any manner provided for by the law;
(ii) Legal services contract management and management of the contractual relation;
(iii) Compliance with legal (including reporting) obligations;
(iv) Compliance with or enforcement of judicial or jurisdictional decisions and/or defence of BA legitimate rights or interests;
(v) Management of and performance of communications and access security in BA headquarters, of BA IT systems, as well as in any scope auxiliary to those above.
4. BA colects and/or processes, in principle, the following categories of personal data:
(i) Contact information, as well as KYC information (e.g., name, address, phone, fax, email, identity data etc.)
(ii) Information communicated in the context of a contractual relation with BA, and/or communicated by clients in the course of or in relation with the signing or performance of a legal services contract;
(iii) Special categories of personal data, to the extent that such are communicated to BA in the context of the provision of professional services (e.g., data on health situation, criminal record, criminal charges etc.)
(iv) Data on the client-attorney interractions;
(v) BA webpage accessing / traffic data.
5. BA may disclose personal data to other attorneys/professional law offices colaborating with BA, as well as, required by the scope of the legal services contract, to other persons, skilled professionals collaborating with BA (e.g., consultants, experts), namely, to judicial bodies, courts or other public authorities, in the disputes of the client or to other entities in the context of the legal services provision (e.g., communication services suppliers, insurance companies etc.).
6. BA may transfer personal data into European Economic Area states or states acknowledged by the EU Commission as ensuring an appropriate personal data protection level, if such transfer is required for processing as per those above. In exceptional situations, if necessary under Art. 3 herein, BA may transfer personal data to third-party states that have not been acknowledged by the EU Commission as ensuring an appropriate personal data protection level. International transfers shall be subject to appropriate data protection means (e.g., standard contract clauses approved by the EU Commission), as required under the General Data Protection Regulation EU 2016/679 or any applicable law.
7. BA shall request the clients periodically but no less than once a year to update their personal data. Clients shall inform BA when modifications of personal data provided to BA occur.
8. BA shall not be liable for any loss resulting out of or in connection with the supply to BA of incorrect, incomplete or insufficient personal data.
9. To the extent compliant with the applicable law, BA shall cease all personal data processing when such is no longer necessary, under Article 3 herein, or in case the consent of the client is expressly withdrawn.
10. The personal data owner has, under the terms and conditions in the applicable law, the following rights: to request a copy of the personal data in possesion of BA; to rectify any incomplete or incorrect personal data; to data portability; to oppose to or restrict the use of personal data by BA; to withdraw the consent; to erase the personal data when consent is withdrawn, the processsing is no longer necessary or is against the law; to withdraw consent for consent-based processing . The owner of personal data shall notify BA according to the contract for the purpose of exercising any of the rights above.