GHICA Innovative Law Firm is committed to protecting your privacy. This notice explains how we collect and use your personal data. It also describes the rights you have and control you can exercise in relation to it.
This Privacy Notice was last updated on November 15th, 2018.
WHO WE ARE
The terms “GHICA” and “the firm” mean one or more Legal Practices (also referred to below as “we”, “us” or “our”). Any reference to “partner” means the partner, member, consultant or employee with equivalent standing and qualifications in at least one Legal Practice. This Privacy Notice applies to the specific webpage www.ghica.biz referred to below as “this Website”.
If you have any questions about GHICA’ use of your personal data, please contact us using the following email address email@example.com
WHAT CATEGORIES OF PERSONAL DATA ARE WE PROCESSING?
The personal data that we process may include:
- Contact information including your name, position, role, company or organization, postal address, telephone number (including mobile phone where provided), email address, date of birth and other personal data;
- Business information: data identifying you in relation to matters on which you instruct us or in which you are involved;
- Information from public sources: e.g. linked in and similar professional networks, directories or platforms;
- Further information processed before the contractual relationship with us or voluntarily provided by you, such as instructions given, payments made, information on any legal matters, disputes, litigation or other legal claims in which you are involved in any capacity (e.g. defendant, plaintiff, intervenor, barrister, counsel, expert, etc.);
- In the context of the recruitment process, you may send us your contact details and other information as contained in your job application, curriculum vitae and cover letter, as well as any references provided or obtained, for the purposes of processing your application and for general recruitment and selection purposes;
- Details of your visits at our offices for security purposes or any other details on how you interact with us;
- Events data: attendance at and provision of feedback forms in relation to our events;
- Supplier data: contact details and other information about you or your company or organization where you provide services to GHICA;
- Social Media: posts, likes, tweets and other interactions with our social media presence;
- Data resulting from your browsing on our Website, collected via cookies according to our Cookies Policy and our technology services being IP address, browser type and version (e.g. Internet Explorer, Firefox, Safari, etc.), time zone setting, browser plug-in in types and versions, operating system you are using (e.g. Vista, Windows XP, MacOS, etc.);
- Online data: when you access this Website and our technology services, information about your visit including URL clickstream to, through and from our website (including date and time), information about your network as such as information about devices, nodes, configurations, connection speeds and network application performance; pages viewed or searched for, page response times, download errors, length of visits and interaction information (such as scrolling, clicks, mouse-overs) and whether you click on particular links or open our emails;
As a visitor, you do not have to submit any personal information in order to use the Website. This Website only collects personal information that is specifically and voluntarily provided by visitors, except for the personal data collected by cookies. GHICA does not collect personal data about your online activities across third party websites or online services.
- Special categories of personal data: such as dietary, disability or similar requirements for events and meetings. If you do not provide this information, we may not be able to respond to your particular needs or preferences;
- Criminal record data: where permitted by national law or appropriate to do so, such as existence of prior criminal offenses (or confirmation of clean criminal record).
The above data will be provided to us by you, your employer, the company or organization who is our client or screening providers who assist us with our legal obligations to conduct under anti-money laundering, sanctions screening and regulatory checks.
PURPOSES FOR THE PROCESSING OF YOUR PERSONAL DATA
We may use your personal data for the following purposes:
- Providing legal services including legal representation before the courts of law, arbitral tribunals or other competent authorities;
- Business and contractual relationship: managing our relationship with you, your company or organization including keeping records about business contacts and of the work we have carried out for you (or the company on behalf of which you instruct us), services and payments so we can customize our offering for you, develop our relationship and target our marketing and promotional campaigns;
- Communication sending emails, newsletters and other electronic marketing materials relating to legal developments, market insights and of our services, to invite you to seminars or other events hosted by us or in cooperation with us;
- Events for running legal briefings, round-tables and other events;
- Client surveys and feedback: including events feedback and client listening exercises as well as answering issues and concerns which may arise;
- Complying with our legal obligations: client due diligence (such as anti-money laundering and anti-terrorism financing obligations, obligations of reporting to the tax authorities, sanctions screening and other crime prevention and detection laws and regulatory requirements). This may include automated checks of personal data you provide about your identity against relevant databases and contacting you to confirm your identity, or making records of our communications with you for compliance purposes;
- Website monitoring: to check the website and our other technology services are being used appropriately and to optimize their functionality;
- Online security: protecting our information assets and technology platforms from unauthorized access or usage and to monitor for malware and other security threats;
- Managing suppliers: who deliver services to us;
- Site security: to provide security to our offices (normally collecting your name and contact details on entry to our buildings);
- Legitimate interest: to pursue the legitimate business interests.
LEGAL BASIS FOR THE DATA PROCESSING
Your personal data may be processed using the following legal grounds:
- your personal data sent to us voluntarily by you via this Website (recruitment section and contact section) are processed on the ground of express consent;
- the data is necessary for us to perform an agreement with you or your organization;
- this is necessary to deal with legal claims;
- compliance with our legal obligations as well as to keep records of our compliance processes or tax records;
- processing is necessary for our legitimate interests or those of a third party provided that those interests are not overridden by your interests or fundamental rights and freedoms.
Special category of data in the EU and certain other jurisdictions refers to sensitive data such as your racial or ethnic origin, religious beliefs or health data. We may also collect data about criminal convictions. We will process this data where:
- we have your explicit consent for the particular processing;
- this is necessary to protect your vital interests or those of another person: for example, in medical emergencies; you have manifestly made the data public: e.g. where you have published it on social media;
- this is necessary to deal with legal claims: e.g. involving court proceedings;
- this is necessary for substantial public interest: e.g. to prevent or detect unlawful acts;
- as permitted by applicable law: outside the EU and other jurisdictions where these restrictions apply.
We have legitimate business interests in:
- providing legal services;
- managing our business and relationship with you or your company or organization;
- understanding and responding to inquiries and client feedback;
- understanding how our clients use our services and websites;
- identifying what our clients want and developing our relationship with you, your company or organization;
- improving our services and offerings;
- enforcing our terms of engagement and website and other terms and conditions;
- ensuring our systems and premises are secure;
- managing our supply chain;
- developing relationships with business partners;
- ensuring debts are paid;
- operating suppressors to exclude you from direct marketing if you unsubscribe;
- sharing data in connection with acquisitions and transfers of our business.
HOW LONG DO WE KEEP YOUR DATA?
In case we reach an agreement for providing our Legal Practices, we keep your personal data as needed to provide our legal services and to deal with claims, as well as afterwards, according to the legal obligations incumbent upon us or regulatory requirements and our legitimate interest. Typical retention periods will range from 3 to 15 years.
In case the data is not collected in the context of a legal assistance agreement and only via this Website, (recruitment or contact), such data will be kept for as long as necessary in order to attain the purpose of the envisaged data collection. In the case of recruitment, the data will be kept only for the period of the recruitment process. In case of sending us information via the contact email address, we will keep your personal data until we decide to reach an agreement or not.
WITH WHOM DO WE SHARE YOUR DATA?
We may share your personal data with other as follows:
- GHICA members firm: including our management, lawyers, staff and contractors in order to provide legal services;
- Suppliers: who support our business including IT and communication suppliers, outsourced business support, marketing and advertising agencies, back up and DR suppliers. Our suppliers have to meet minimum standards as to information security and they will only be provided data in line with their function;
- Other law firms: including other local law firms, barristers, expert witnesses and arbitrators/mediators;
- Law enforcement bodies and our regulators: or other competent authorities in accordance with legal requirements or good practice;
- Appropriate parties in the event of emergencies: in particular to protect health and safety of our clients, staff and organizations;
- Your company or organization: in relation to us providing legal services;
- Screening service providers: so that we can comply with legal obligations in relation to the prevention or protection of crime, ant-money laundering, sanctions screening and other required checks;
- Advertising networks and analytics service providers: to support and display ads on our website, apps and other social media tools;
- Third parties: in the context of the acquisition or transfer of any part of our business or in connection with the business reorganization;
- Other delegates: where your name will appear on the attendee list for events where you have told us you plan to attend.
We will not transfer your personal data abroad, unless specifically indicated by you.
PERSONAL DATA ABOUT OTHERS
In some cases, you may provide personal data to us about other people (such as your customers, directors, officers, shareholders or beneficial owners). You must ensure that you have given those individuals an appropriate notice that you are providing their information to us and have obtained their consent to that disclosure.
YOUR RIGHTS IN RELATION TO THE PROCESSING OF YOUR PERSONAL DATA
Subject to the provisions of the legislation in force, you have the following rights in relation to the processing of your personal data:
- Access to your personal data and the right to request a copy of your personal data which we hold;
- Correction of any inaccurate or incomplete personal data;
- Object to or restrict our use of your personal data;
- Erasure of your personal data, when you withdrew your consent, the processing is no longer necessary, or such processing is unlawful;
- Data portability which allows you to receive a copy of the processed data which we received from you or to share them with another entity nominated by you;
- Automated decisions you may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered;
- Withdraw your consent for the consent-based processing. Please note that withdrawal of consent shall not affect the lawfulness of processing based on consent before consent withdrawal. If you withdraw your consent, we will no longer process your personal data and we shall take the necessary measures to erase your personal data. We may however process your personal data if there is another legal basis for such processing.
If you wish to exercise the rights detailed above, please contact us using the following email address: firstname.lastname@example.org
You also have a right to lodge a complaint with a data protection supervisory authority, in particular in Romania you can make a complaint to The National Supervisory Authority for Personal Data (ANSPDCP), headquartered in 28-30 Gheorghe Magheru, District 1, postal code 010336, Bucharest, in the form of a written address at the headquarters of the institution or by e-mail at email@example.com. You are also granted the right to address to the courts to defense any rights guaranteed by the applicable law in the field of personal data protection that have been violated.
We may use the information you give us on our Website or other means for direct marketing purposes to provide emails, newsletters and other messages to keep you informed of legal developments, market insights and of our services including events that we think may interest you.
You can opt-out of receiving direct marketing from us at any time. You can do this by clicking on the “unsubscribe” link included at the end of any marketing email we send to you, or by contacting us at firstname.lastname@example.org.
We will hold your information securely in line with physical, technical and administrative security measures. However, the transmission of information via the internet is not completely secure. Although we will take reasonable measures to protect your personal information, we cannot guarantee the security of your information transmitted and any transmission is at your own risk.
We have in place reasonable commercial standards of technology and operational security to protect all information provided by visitors via this Website from unauthorized access, disclosure, alteration, or destruction. However, the transmission of information via the internet is not completely secure. Although we will take reasonable measures to protect your personal information, we cannot guarantee the security of your information transmitted and any transmission is at your own risk.
We will hold your information securely in line with physical, technical and administrative security measures. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
LINKS TO THIRD PARTY WEBSITES
Our Website, newsletters, email updates and other communications may, from time to time, contain links to and from the websites of others. The personal data that you provide through these websites is not subject to this Privacy Notice and the treatment of your personal data by such websites is not our responsibility.
If you follow a link to any other websites, please note that these websites have their own privacy notices which will set out how your information is collected and processed when visiting those sites.
We do not knowingly collect information from children or other persons who are under 16 years old. If you are under 16 years old, you may not submit any personal data to us.