“REVNIC CRISTIAN ŞI ASOCIAŢII” – SOCIETATE CIVILĂ DE AVOCAŢI (“The Company”) applies this policy in order to respect the confidentiality and protection of personal data and to fully fulfill its obligations and responsibilities in its capacity as a personal data controller, as well as as a processor of other entities operating personal data.

In creating and implementing this policy, the Company has taken into account the provisions of the applicable legislation in this field, including, but not limited to, European Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“GDPR”). 

Categories of Personal Data Processed

The Company processes a series of personal data belonging to Clients, Clients' representatives or proxies, Clients' contact persons or third parties, disclosed directly by the Client, representative or proxies or of which the Company becomes aware in the exercise of its professional mandate, namely:

• identification and contact data (surname, first name, citizenship, date and place of birth, address of domicile or residence, series and number of the identity card or passport, personal identification number, bank accounts, e-mail addresses, telephone numbers and the like);
• biometric data (copies of identity documents), considered by the GDPR to be sensitive data;
• information relating to employment and income, wealth, studies, scientific and professional titles, civil status data, skills, concerns, characteristics, tendencies, talents and inclinations, official or personal relationships, as well as the like;
• data considered by the GDPR to be sensitive data such as: political or philosophical opinions, beliefs and views, medical or health data, data about sexual orientation or sex life, data about ethnic or racial origin, genetic data, biometric data contained in photographs or recordings;
• data relating to criminal convictions and related offences and security measures.

The Ways we Process Personal Data

The Company, as a legal services provider, determines the purposes and means of processing personal data according to its own terms and conditions applicable to the services provided and/or according to the purposes stipulated in its task based on the applicable legislation (Law no. 51/1995 on the exercise of the legal profession, the Statute of the legal profession and Law no. 656 of 7 December 2002 for the prevention and sanctioning of money laundering, as well as for the establishment of measures to prevent and combat the financing of terrorism) and, therefore, with regard to these processing operations, will act as an Independent Operator. Operator Independent.

The Company also processes personal data as a Person Empowered by the Operator (when the Client has the capacity of Operator), in which case the Client is the one who determines the purposes of the processing.

In processing personal data under the Legal Assistance Agreement, the Company undertakes to comply with all its obligations under the legislation on the protection of personal data, including, but not limited to, the provisions of the GDPR.

The Company ensures that it adequately informs the persons who provide it with personal data regarding their rights, the data processed and the purposes for which the data is processed.

The Company has designated a data protection officer, who can be contacted by any interested person for matters related to the protection of personal data, at the following e-mail address: luminita.salagean@revnic.ro luminita.salagean@revnic.ro

Purpose of Personal Data Processing

The company processes personal data for:

• for the purpose of concluding and executing the Legal Assistance Contract (for carrying out activities specific to the capacity of a lawyer, such as, but not limited to: consultations and requests of a legal nature, legal assistance and representation before courts, criminal investigation bodies, authorities with jurisdictional attributions, public notaries and bailiffs, public administration bodies and institutions, as well as other legal entities, from Romania and from other countries, under the terms of the law, drafting legal documents, attesting the identity of the parties, the content and date of the documents submitted for authentication, assisting and representing interested natural or legal persons before other public authorities with the possibility of attesting the identity of the parties, the content and date of the concluded documents, defending and representing with specific legal means the legitimate rights and interests of natural and legal persons in their relations with public authorities, institutions and any Romanian or foreign person, mediation activities and fiduciary activities carried out under the terms of the law Civil Code);
• for the purpose of performing a task that serves the public interest;
• for the purpose of fulfilling a legal obligation of the Company (such as our tax and financial-accounting obligations; our professional obligation to keep records of legal assistance contracts and dated documents; legal archiving obligation);
• based on a legitimate interest.

We process biometric data (copies of identity documents), considered sensitive data under the GDPR, submitted by the Client to the Firm based on Law no. 51/1995 on the practice of the lawyer profession, the Statute of the legal profession, and Law no. 656 of December 7, 2002 on the prevention and sanctioning of money laundering, as well as on the establishment of measures for preventing and combating the financing of terrorism.

Pursuant to art. 9 of the GDPR, we process data considered sensitive, disclosed by the Client to the Company or of which the Company becomes aware in the exercise of the mandate granted by the Client, regarding the Client or third parties, such as: opinions, beliefs and political or philosophical views, medical data or data relating to health, data on sexual orientation or sex life, data on ethnic or racial origin, genetic data, biometric data contained in photographs or recordings, to the extent that such data are necessary or useful for the execution of the legal assistance contract, for arguing and proving the procedural position of the Client before the courts, other bodies or institutions or for issuing legal opinions requested by the Client.

Pursuant to art. 10 of the GDPR, of the role, powers and duties that fall to us in the criminal trial or in other jurisdictional or administrative procedures, we process data relating to criminal convictions and offenses, being authorized in this regard by the legal provisions contained in Law no. 51/1995 on the practice of the legal profession, the Statute of the legal profession, the Criminal Code, the Criminal Procedure Code or other special laws.

We do not use personal data for automated processing or profiling.

We never make automated decisions regarding the data subjects or their data

We do not process data for secondary purposes that are incompatible with the purposes for which it was collected."

Third Parties to Whom we Transmit Personal Data

In order to execute the legal assistance contract, to fulfill our legal obligations or for other legitimate purposes, it is possible to transmit personal data to courts, criminal prosecution bodies, authorities with jurisdictional attributions, notaries public, bailiffs, public administration bodies, external consultants, financial and banking institutions, proxies to whom we have outsourced the provision of certain services and other categories of recipients, from Romania or outside it or the European Union/European Economic Area, always ensuring that we establish adequate guarantees for data protection.

How Long We Process Personal Data

Personal data is processed throughout our contractual relationship and, after its completion, at least for the period imposed by the legal provisions applicable in the field, including, but not limited to, the provisions regarding archiving.

We periodically review the data collected, analyzing to what extent their retention is necessary for the stated purposes, for legitimate interests or for the fulfillment of legal obligations by the lawyer. Data that is no longer necessary will be deleted, and documents destroyed or anonymized. The standard archiving period, according to our policy, is between 7 and 10 years from the termination of the legal assistance contract.

Privacy Policy

As a personal data controller and as a processor of other controllers, the Company implements appropriate technical and organizational measures to ensure the security and confidentiality of data.

We strictly respect and ensure professional secrecy. Confidentiality is not only a professional obligation of a lawyer for us, but also an essential value.

To ensure the protection of the data we process, we use internal practices and strategies comprising appropriate technical and organizational measures.

We have adopted physical security measures (professional protection and security services, access to all our premises only based on the use of the access code) and electronic security measures (use of encrypted databases, use of high-performance antivirus programs), to protect our premises and systems from any unauthorized access and other possible threats to the security of the data and information we process.

The technology we use, including applications for document management, Client database management and billing, ensures the security of personal data and information we process. We use professional technical support and maintenance services for the technological systems used, software and hardware.

We ensure that we include in the contracts with our service providers and with those we authorize to process data on our behalf or on behalf of our Clients, appropriate clauses to ensure the protection of data and information.

We strictly restrict access to the personal data we process, using confidentiality levels that allow access strictly to collaborating lawyers, auxiliary staff and external collaborators who need to access them to fulfill the obligations we have assumed through legal assistance contracts and to fulfill our legal obligations.

We use appropriate internal practices regarding the flow of information, data and documents within the Company, which ensure the minimization of the risks of data leakage to unauthorized persons.

We ensure that we introduce strict confidentiality clauses into contracts with collaborating lawyers, employees and external collaborators.

We are constantly concerned with the adequate training of employees and collaborators regarding the legislation and best practices in the field of personal data processing.

The Company complies with its obligations in case of a breach of personal data security, informing the Client without undue delay about any such incident. 

Rights of Data Subjects and How to Exercise These Rights

As of May 25, 2018, according to the GDPR, any data subject (person whose personal data we process) has the following rights:

• Right to information – can request information regarding the processing activities of his/her personal data;
• Right to rectification – can rectify inaccurate personal data or complete them;
• Right to erasure of data (“right to be forgotten”) – can obtain the deletion of data, if their processing was not lawful or in other cases provided by law;
• Right to restriction of processing – can request the restriction of processing if he/she contests the accuracy of the data, as well as in other cases provided by law;
• Right to opposition – can oppose, in particular, data processing based on our legitimate interest;
• The right to data portability – may receive, under certain conditions, the personal data he/she has provided to us, in a machine-readable format and has the right to transmit this data to another operator, without obstacles from the Company;
• Right to withdraw consent – ​​in cases where the processing is based on consent, it can be withdrawn at any time. The withdrawal of consent will only have effect for the future, the processing carried out prior to the withdrawal remaining valid;
• Right to file a complaint – can file a complaint regarding the processing of personal data with the National Supervisory Authority for the Processing of Personal Data;

Data subjects can exercise these rights either individually or collectively, by sending a request to our headquarters in Cluj-Napoca, str. Pavel Roșca, no. 1, ap. 7, Cluj county, at Fax no. 0264 599 743 or by E-mail, at: office@revnic.ro