PRIVACY NOTICE CONCERNING THE PROCESSING OF PERSONAL DATA
Providing high quality legal services, in particular in data protection and information security, mandates us to apply high data protection standards. Please see below information on how we are processing your personal data.
Who we are. We are CyberReact, a collective of lawyers specialising in advice and assistance in all things data protection and information security. We are the individual legal practices managed by Costin Sandu, Dragoș Alexandroaiei and Andrei Talambă, respectively, operating as joint controllers in respect of your data (hereinafter „we” or „CyberReact”).
Purpose of this document. This privacy notice accounts for the transparency requirements of the General Data Protection Regulation no. 2016/679 („GDPR”). This document details how we are processing personal data. The document is addressed essentially to the persons that access our website and to our clients and clients’ representatives, as well as to our clients’ counterparties.
Personal data that we process; processing purposes, lawful basis. We process only limited types of data in relation to you, and for limited purposes, as follows:
|
Purposes |
Lawful basis |
Processed data |
Recipients of your data |
|
Communicating with you (i.e., delivering our newsletters to you or communicating for business purposes) |
Our legitimate interests to communicate with our potential clients (art. 6.1 (f) GDPR) Preparing the entry into our legal services contracts and their performance (art. 6.1 (b), GDPR) Your consent to receive our newsletters (art. 6.1 (a) GDPR) |
Identification data Contact data Information concerning the legal situation for which you need our services |
Technical services consultants Other parties that you may involve Courts, public authorities Lawyers, consultants, experts Counterparties |
|
Providing our legal assistance |
Entering into and performing our services contract (art. 6.1 (b) GDPR) Our legitimate interests to perform our services to your employer (art. 6.1 (f) GDPR) |
Identification data Contact data Information concerning the legal situation on which we provide our advice |
Other parties that may need to be involved (other companies, counterparties, other consultants, lawyers, experts) |
|
Meeting our legal obligations in relation to our services |
Our legal obligations (such as conducting KYC, storing fiscal and financial documentation, etc.) (art. 6.1 (c) GDPR) |
Identification data Financial data Other data we may require to meet our legal obligations |
Public authorities and bodies |
|
Performing and maintaining our legal relationship with our business partners |
Entering into and performing our services contract (art. 6.1 (b) GDPR) Our legitimate interests to perform the contracts concluded with your employer (art. 6.1 (f) GDPR) Our legal obligations (such as financial obligations) (art. 6.1 (c) GDPR) |
Contact data Financial data |
Public authorities and bodies |
|
Providing our legal services to our clients (when you are a counterparty to our client) |
Our legitimate interests to conduct our activity and provide our services to our clients (art. 6.1 (f) GDPR) |
Identification data Contact data Other information that may be relevant in the legal situation on which we are advising |
Our clients Other entities that may be involved in the legal situation (including courts and public authorities and bodies, consultants, lawyers, experts, other companies, etc.) |
|
Ensuring the functioning of the website, monitoring traffic on our website, improving our website’s content, ensuring our website’s security |
Our legitimate interests to ensure the functioning and security of our website (art. 6.1 (f) GDPR) Your consent for the use of certain cookies (art. 6.1 (a) GDPR) |
Electronic identification data Data concerning the equipment you use to connect to our website |
IT and security services providers |
|
Analysing your behaviour on our website via cookies |
Your consent (art. 6.1 (a) GDPR) |
Electronic identification data Information on your actions on our website |
IT services providers |
|
Managing the cookies from our website |
Our legitimate interests to offer a safe and useful content via our website (art. 6.1 (f) GDPR) Your consent (art. 6.1 (a) GDPR) |
Electronic identification data Information on your actions on our website |
Cookies-related services providers |
|
Managing our social media accounts |
Our legitimate interests to offer relevant content on our social media accounts and interact with you (art. 6.1 (f) GDPR) |
Your public data on the social media network Any information that you share with us on our social media accounts |
The social media operators |
|
Managing your data subject rights pursuant to the GDPR |
Our legal obligation pursuant to the GDPR (art. 6.1 (c) GDPR) |
Identification data Contact data Other data we may hold in relation to you |
Your representatives |
|
Defending our interests and rights |
Our legitimate interests (art. 6.1 (f) GDPR) |
Identification data Contact data Other data that may be relevant to defend our interests and rights |
Courts and public authorities and bodies Bailiffs Consultants, lawyers, experts |
Please also see our cookies policy for further details on the cookies from our website.
Disclosure of your data. We rely on a few services providers to conduct our activity and make our website and everything around it work; in doing so, they may have access to your data. We listed the recipients of your data in the table above. In addition to those providers, we are using certain data processors for technical processing activities related to your data, i.e., website hosting services providers (we are using hosting by Raisis Software, Romania) and cloud computing services providers (currently, our email is powered remotely by Outlook, provided by Microsoft Ireland Ltd.).
We do not transfer your data outside the European Union and generally select only services providers that process and store data within the European Union.
For how long we are keeping your data. We are keeping the data that you provide us for as long as we need it to provide our services to our clients or generally to carry out our activities.
If you subscribe to our newsletters, we will keep your contact data for as long as you do not unsubscribe from our service or the address that you give us is no longer valid. We will send you reminders on what we are doing with your data every once in a while. If you unsubscribe from our services, we will delete your data from our systems within one month; meanwhile, we will make sure you will no longer receive our materials.
If you connect with us to discuss a potential collaboration, we will use your data to communicate with you. If you become our client, we will keep your data, including the data that you provide us, throughout the performance of our services to you and up to 5 years after that, unless we will be required under law to maintain your data for longer. If you do not become our client, we will keep your data for up to 3 years after our discussions are over.
What are your rights in connection with our processing of your data. You, as data subject, have the following legal rights in connection to the personal data that you provide to us, subject to the applicable legislation:
- Access right to your personal data, which may include the right to request a copy of the personal data concerning you that we hold, subject to our confidentiality duties to third parties;
- Right to rectification of any personal data that are inaccurate or incomplete;
- Right to object to, or to restrict the, processing of your personal data that we carry out;
- Right to withdraw your consent when we use your data relying on this ground;
- Right of erasure of your personal data, when you withdraw your consent, the processing is no longer necessary or is against the law;
- Right to portability of your data.
We kindly ask you to contact us for the exercise of any of the above rights using the following contact details:
E-mail: office@cyberreact.ro
We will address your request within the applicable legal deadlines (one month after receipt), or sooner; in case of complex requests, we may need to delay our response with up to two additional months, as permitted by the applicable law.
When you exercise of any of the above rights, we may need to require proof of your identity; we will approach you in this respect as soon as possible after you send your request.
If you have objections or complaints concerning our processing of your personal data, we kindly ask you to send them over to us. We will deal with them with all consideration and subject to the shortest delays possible. If you are not satisfied with our answers, you may send your complaint to the personal data protection authority in Romania (the National Supervisory Authority for Personal Data Processing), headquartered at 28-30 Gheorghe Magheru Blvd., Bucharest, Romania.
***
This document is released and valid from 25 December 2021. This notice may be updated from time to time; updates will be posted on our website or included in our communications and will become applicable after posting or delivery.
