Privacy

Data protection policy

Last update: 12.04.2024

This policy details TGZ Legal’s practice regarding the processing of personal data of visitors to https://www.tgz.legal/ (hereinafter referred to generically as the Site), with the aim of informing users on this subject. By using the Site further, you acknowledge that you have read and agree to this Data Protection Policy, the Cookie Policy, and the Terms and Conditions, all of which are posted on the Site. CONTENTS:

  1. Identification of the data controller

  2. Processing of personal data

  3. The Data Subject

  4. Personal data processed

  5. Processing of personal data

  6. Purpose

  7. Recipients of processing

  8. Legal basis of processing

  9. Type of processing

  10. Data processing and storage period

  11. Rights of the data subject with regards to the processing of personal data

  12. TGZ Legal Obligations. Security measures for processed data

  13. TGZ Legal Liability

  14. Transfer to third countries/international organizations

  15. Final provisions

  16. Identifying the data controller

Law Office Tegzes Ioan-Alin (hereinafter referred to as TGZ Legal)

Headquarters: Romania, Timis County, Timișoara City, ZIP Code 300402

Email:office@tgz.legal Tel: 0723 119 626 2. Processing of personal data

TGZ Legal collects information from visitors to the Site in the following ways: directly from the visitor, from traffic reports recorded by the servers hosting the Site, and through cookies.

Information provided directly by the visitor:

(i) When the visitor to the Site sends messages using the “Contact” section or has a telephone conversation with a representative of TGZ Legal, he/she indicates: his/her first and last name or only one of them or neither (depending on the user’s choice), respectively his/her email if messages are sent or his/her telephone number if the dialogue is by telephone.

Other personal data may be processed by TGZ Legal if they are included in the information/request submitted by the user (e.g. telephone number or other additional contact details etc.). Thus, TGZ Legal has not requested such data, but to the extent that they are absolutely necessary to be able to respond to what has been transmitted, the processing of personal data will be carried out at the request of the user of the Site.

Using the “Contact” box or contacting TGZ Legal by telephone is not, however, a mandatory step neither for visiting the Site nor for purchasing services offered by TGZ Legal. Moreover, all this information can also be transmitted in another way (for example by sending a question to TGZ Legal).

(ii) When a person consents to the use of his/her e-mail address for marketing purposes by TGZ Legal (newsletters), to receive information about legislative news, information that may be of interest for the activity of the persons registered in the list, organized events and the like (personal data that will be processed after the user ticks the box related to his/her consent and fills in the e-mail address).

The choice to subscribe to the list of recipients of newsletters sent by TGZ Legal can be made by ticking the appropriate box on the first page of the Website by clicking the “Subscribe” button.

The user who has chosen to receive newsletters from TGZ Legal will be able to unsubscribe at any time by simply clicking on the active “Unsubscribe” link at the end of each communication received from TGZ Legal.

Information from the server traffic report:

When a website is visited or an application is used, visitors reveal certain information about themselves, such as IP address, time of visit, location from which the Site was accessed. TGZ Legal records this information.

Information obtained through the use of cookies:

Full details of how data is processed in this context are set out in the Cookie Policy on the Site.

The contact details that the visitor/user can use to submit any requests, notifications or complaints regarding this Data Protection Policy, the Terms and Conditions and the Cookie Policy, as well as any other information published on the Site, policies or operations carried out by TGZ Legal, are indicated in point 1 above.

The deadline for TGZ Legal to send a response is no later than 30 days after receipt of the request.

TGZ Legal confirms that none of the personal data indicated above will be used for purposes other than those expressly indicated without complying with the legal provisions.

  1. The Data Subject

Since TGZ Legal processes personal data of visitors to the Site, they are Data Subjects and declare that they are over 18 years of age. If the information/requests submitted by visitors also contain personal data relating to other persons (and they thus acquire the status of data subject), TGZ Legal will process their data strictly in order to be able to respond to that information/request and does not assume any liability in addition to that provided for herein, in the Terms and Conditions or in applicable law.

  1. Personal data processed

Any information relating to an identified or identifiable natural person, i.e. the Data Subject, may be personal data.

With regard to the purposes of data processing indicated herein, TGZ Legal tries to minimize the personal data processed.

Thus, according to the Cookie Policy, the Data Subject will be able to tick the applicable types of cookies where their use is not automatic, in order to ensure him/her a more complete and better experience when browsing the Site.

In order to send answers to requests/submissions communicated by users using the “Contact” section or telephone discussions with TGZ Legal representatives by users and to send information for marketing purposes, TGZ Legal processes the following personal data:

  • Of the visitor/user:

  • Through the Contact section and telephone conversations with TGZ Legal representatives by users: user’s first and last name, email address and possibly telephone number. Only the email address is mandatory

  • By the user’s express confirmation by ticking the box corresponding to the consent to data processing for marketing purposes, on the first page of the Site by clicking on the “Subscribe” button: e-mail address

  • Visitor/user IP

Depending on the cookie settings, other data may also be processed (in particular data related to the visitor’s preferences and behavior on the Site).

Depending on the content of the messages sent by visitors/users via the “Contact” section and/or telephone discussions with representatives, other data may be processed to the extent indicated, although not requested.

TGZ Legal undertakes to comply with the legislation on the protection of personal data also in relation to these third parties, without, however, being obliged to obtain any separate consent in this regard. It is the user who has transmitted such information who assumes full responsibility in this regard and declares that they have agreed to the processing carried out by TGZ Legal and have been fully informed in this regard.

  1. Processing of personal data

Processing is the carrying out of any operation or set of operations on personal data or on sets of personal data, whether or not by automatic means.

TGZ Legal accesses, collects, uses and performs any other steps permitted by applicable law on personal data provided by visitors/users as indicated in point 4 above.

  1. Purpose

  • In the case of data provided directly by the visitor/user:

  • providing answers, clarifications and remedying problematic situations, in relation to requests and complaints submitted by the user through the “Contact” section or during the telephone conversation with the TGZ Legal representative;

  • sending information for marketing purposes;

  • ensuring compliance with this Privacy Policy, the Terms and Conditions and the Cookie Policy, and applicable legal provisions to protect the rights, property or safety of the Site.

  • In the case of traffic report data

  • identification of the relevant sections of the Site;

  • more secure management of the IT system

  • In the case of data obtained through cookies:

  • Site operation

  • depending on the settings set by the visitor, the data may be used for the proper functioning of the Site, obtaining statistical information to improve the services offered, saving preferences, etc. All the details related to this type of data processing can be found in the Cookie Policy. If TGZ Legal intends to further process personal data for a purpose other than those indicated above, it will provide the Data Subject prior to such further processing with additional information relevant to the secondary purpose, subject to completion of the formalities required by law.

  1. Recipients of processing

Personal data of the Data Subject are processed by:

  • the incumbent lawyer and TGZ Legal employees/collaborators who are in charge of the administration of the Site and who are involved in the activities in relation to which the visitor registers an account or has questions/questions sent via the “Contact” section or by telephone - will process the name, surname and e-mail address of the visitor/user as well as any other personal data submitted by him/her via message;

  • the incumbent lawyer and employees/collaborators TGZ Legal who are involved in the marketing process - will process the email address for newsletters;

  • support service providers contracted by TGZ Legal to fulfil its contractual or legal obligations, such as:

  • IT firm - can access all data recorded in TGZ Legal’s online records, including user data;

  • TGZ Legal lawyers - can access all data recorded in TGZ Legal’s records in the event of legal issues that require their involvement;

  • advertising, PR and communication companies for marketing activity. These companies may collect anonymous data via cookies or event registration or feedback forms, and to the extent that this is the case, TGZ Legal will provide this information to data subjects in advance;

The above list of suppliers is not exhaustive, but indicates the main such collaborating companies. They will have the status of independent controller, associated controller or processor in relation to TGZ Legal. Regardless of their capacity, they are obliged to maintain the confidentiality and security of the data subject’s personal data by taking appropriate technical and organizational measures. Although they are not recipients according to legal interpretations, public authorities (including ANPC and ANAF) and courts may process any/all of the visitor data obtained through the Site.

  1. Legal basis of the processing

  • Art. 6 lit. a GDPR - processing is carried out on the basis of the consent of the visitor/user -> applicable situation when data processing is done in the context of cookies accepted by the visitor and which are not necessary for the functioning of the Site, as well as when visitor/user data is processed for marketing purposes;

  • Art. 6 lit. b GDPR - processing is necessary for the performance of a contract to which the user is a party or in order to take steps at the request of the user prior to the conclusion of a contract -> situation applicable when data processing is done in the context of filling in data in the “Contact” box or telephone discussions;

  • Art. 6 lit. f GDPR - processing is necessary for the purposes of the legitimate interests pursued by TGZ Legal or a third party, provided that the fundamental rights and freedoms of the

Data Subject are not violated -> situation applicable in the context of data processing for the purposes of the ordinary operation and administration of the Site.

  1. Type of processing

The data processing activities carried out by TGZ Legal mainly concern:

  • collection of data indicated by the visitor/user in the “Contact” form or by telephone;
  • use of data providing answers and feedback;
  • the use of data for the purpose of each cookie category agreed by the visitor;
  • collecting other unsolicited data provided by the Data Subject in a communication, request or complaint to TGZ Legal in order to respond to and resolve the request or remedy the incident;
  • storing the above-mentioned data in accordance with the law and within the limits necessary to achieve the purpose in the electronic and secure database owned by TGZ Legal;
  • allowing access to data to certain lawyers, employees and external collaborators providing support services whose activity involves processing of data under the condition of an obligation of confidentiality and standard contractual clauses agreed by the European Commission (in the case of collaborators from EU third countries);
  • allowing access to data to the competent authorities to the extent required by law.
  1. Data processing and storage period

The storage period of personal data collected is:

  • until the withdrawal of consent or exercise of the right of erasure or removal by the visitor/user - for data processing based on the consent of the Data Subject;
  • for 3 (three) years from the receipt of the message in the “Contact” box or from the person from whom the telephone conversation for which the registration consent was obtained takes place - for the processing of the data thus collected. The data is kept for 3 (three) years in order to be able to prove the measures taken by TGZ Legal in consideration of it, in relation to the general limitation period of the right of action before the courts provided by the Romanian Civil Code;
  • a longer period of time than those mentioned above, where the law so provides or where there is a well-founded reason for doing so (e.g. for the exercise of a right before a court in a dispute which started before the expiry of the storage period indicated herein). Upon expiry of the above-mentioned periods, all data will be deleted from TGZ Legal’s records.
  1. Rights of the data subject with regard to the processing of personal data

a) Right to information TGZ Legal’s internal rules and policies are available to the Data Subject at all times and are posted on the Site. See in this regard this Policy, the Cookie Policy and the Terms and Conditions. TGZ Legal reserves the right to modify/update the content of the Site, including the policies referred to, at its sole discretion, at any time and for any reason (including but not limited to the occurrence of legislative or case law changes that may affect the consequences of what is published on the Site). Revisions to this policy in the future will be indicated by a change to the “Last Updated” date at the top. After the date on which the updated policy is published, access to the Site will constitute the visitor/user’s acceptance of the updated terms.

However, if there will be significant changes that could affect the rights and freedoms of visitors/users or it is mandatory to obtain their consent, informing them about those changes will be done by easily visible indications posted on the Site (pop-ups) or by sending e-mails to the addresses provided if necessary. Such significant changes will take effect for visitors/users within 15 days from the time of the display of the pop-up in question or the transmission of the e-mail by TGZ Legal (the manner in which the information will be provided will be decided by TGZ Legal on a case-by-case basis).

Regardless of the extent of the change, however, the responsibility for checking the content of the Site to keep up to date with the latest versions will rest entirely with the user. Thus, STUDYING THE PRIVACY AND DATA PROTECTION POLICY, TERMS AND CONDITIONS, AND COOKIE POLICY IS A MUST FOR VISITORS EVERY TIME THE SITE IS ACCESSED AND BEFORE ANY RECORDS OR DATA SUBMISSIONS ARE MADE WHEN CHANGES MAY OCCUR.

Upon request, the Data Subject will be informed of the substance of the contracts concluded with the above recipients where possible and of the source of the data. b) Right of access to data If the Data Subject would like information about the processing, he or she may send a request to TGZ Legal, and TGZ Legal will reply within 30 days of receipt. c) Right to rectification of data If the Data Subject wishes to rectify/complete the data, he or she may submit a request to TGZ Legal which will be answered within 30 days of receipt. d) Right to erasure of data

If the data subject wishes to have his/her personal data deleted, this is possible:

  • at the end of the processing period;
  • if the data are no longer necessary for the purpose of processing;
  • if consent is withdrawn and there is no other basis for the processing;
  • if he/she objects to the processing and there are no overriding legitimate grounds;
  • if the processing is illegal;
  • if deletion is required by law. The cases of exception provided for in Article 17(1)(a) and (b) shall be excluded. 3 of European Regulation No 679/2016 are applicable.

Some data are part of TGZ Legal’s records, which it keeps in relation to its legal obligations or legitimate interest. Therefore, not all data can be deleted according to the law. However, any refusal to delete will be motivated by TGZ Legal and will be based on a clear legal ground. e) Right to restrict processing or object to processing The restriction of processing may apply if the Data Subject finds that:

  • the data are not accurate;
  • the processing is unlawful and the Data Subject objects to the erasure;
  • TGZ Legal no longer needs the data but the Data Subject requests it for a court action and it has not yet been deleted;
  • The data subject objects to the processing. TGZ Legal may further process the restricted data if necessary for the establishment, exercise or defense of legal claims or the protection/defense of a person but only with the consent of the Data Subject. TGZ Legal will notify recipients of the rectification, erasure or restriction of data unless this is impossible or involves disproportionate effort. f) The right to data portability The data subject or the person indicated by the data subject may receive, upon request, the data processed by TGZ Legal. TGZ Legal does not assume responsibility for the processing of data by that recipient.

The obligation to ensure the right to portability is incumbent on TGZ Legal only if the processing of those data is based on the consent of the Data Subject or on the conclusion and performance of the contract. The steps will be taken within a maximum of 30 days after receipt of the request. g) Right to object If possible, TGZ Legal will stop the processing of the data of the Data Subject who objects to the processing based on the legitimate interest of TGZ Legal or circumstances arise that give rise to the exercise of this right (including profiling). However, the legitimate reason of fulfilling TGZ Legal’s legal obligations or processing for the purpose of establishing, exercising or defending a legal claim shall prevail. h) Right to file a complaint The data subject may file:

  • complaint/request to the TGZ Legal address indicated in point 1 above;
  • action in the competent court;
  • complaint to the National Authority for Personal Data Protection (www.dataprotection.ro). However, TGZ Legal wants any conflict/difference that may arise to be resolved amicably and is willing to do so. i) Right to withdraw consent The data subject may withdraw his or her consent at any time, without however affecting the lawfulness of the processing prior to the withdrawal or on any other basis. j) The right not to be subject to a decision based solely on automatic processing TGZ Legal does not practice decision making based on automated data processing.
  1. TGZ Legal obligations. Security measures for processed data

TGZ Legal complies with the provisions of data protection legislation and has implemented appropriate technical and organizational measures in order to ensure the security of personal data processed and respect for the rights of the Data Subjects. Thus, TGZ Legal has implemented measures such as:

  • the conclusion of contracts with collaborators in which they have assumed the obligation of confidentiality of the information concerning the personal data processed, as well as the obligation to comply with the applicable legislation in the field of personal data protection;
  • training lawyers, employees and collaborators on the importance of personal data protection and limiting their access to data according to their duties;
  • establishing internal procedures to protect personal data;
  • a contact address for matters relating to personal data (i.e. the one indicated in point 1 of this policy);
  • the Unsubscribe button on all marketing communications (newsletters);
  • implementing information security measures;
  • not installing structures that allow access to the Site only if a user account is created;
  • not setting cookies in addition to those necessary for the operation of the Site, without providing the visitor with a choice that is permanently available.

TGZ Legal will also inform the competent data protection authority in the event of a data security incident without undue delay and, if possible, within 72 hours of becoming aware of it, unless it is unlikely to result in a risk to the rights and freedoms of individuals. If the notification to the authority is not made within 72 hours, it shall be accompanied by a reasoned explanation for the delay.

In the event of an incident concerning the security of personal data, TGZ Legal will also inform the Data Subject without undue delay if the breach of security of personal data is likely to result in a high risk to his/her rights and freedoms. However, the aforementioned information to the Data Subject is not required if any of the following conditions are met:

  • TGZ Legal has implemented appropriate technical and organizational safeguards and these safeguards have been applied to personal data affected by the personal data breach;
  • TGZ Legal has taken subsequent measures to ensure that the high risk to the rights and freedoms of the Data Subjects is no longer likely to materialize;
  • would require a disproportionate effort. In this situation, public information or a similar measure is carried out instead, whereby the data subjects are informed in an equally effective way.

Any Site user traffic statistics that we provide to third party advertising networks or partner sites are provided only as aggregate data and do not include any identifiable information about any individual user.

Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. Consequently, despite TGZ Legal’s efforts to protect visitors’ personal data, it cannot ensure or warrant the security of any information transmitted by visitors via the Site. Visitors are therefore advised that any information submitted online is done so at their own risk.

In order to reduce this risk, TGZ Legal offers all interested parties the possibility of sending requests/applications/addresses/messages in physical form to TGZ Legal’s offices and not necessarily by sending information by electronic means.

  1. TGZ Legal Liability

The liability of TGZ Legal in relation to the Data Subject will be established in relation to the capacity held in the respective data processing operation, the reason and place of the incident, the security measures taken, the steps taken to avoid incidents and the compliance with other legal obligations.

  1. Transfer to third countries/international organizations

TGZ Legal does not transfer outside the EU personal data of the Data Subject collected through the Site.

  1. Final provisions

STUDYING THE TERMS AND CONDITIONS AND THIS PRIVACY AND DATA PROTECTION POLICY, AS WELL AS THE COOKIE POLICY, IS SOMETHING VISITORS SHOULD DO EVERY TIME THE SITE IS ACCESSED AND BEFORE ANY REGISTRATION OR DATA PROVISION IS MADE, AS CHANGES MAY OCCUR.

TGZ Legal reserves the right to change/update the content of the Site, including the policies referenced, at its sole discretion, at any time and for any reason (including but not limited to the occurrence of legislative or case law changes that may affect the consequences of what is posted on the Site). Future revisions to this policy will be indicated by a change to the “Last Updated” date at the top. After the date on which the updated policy is published, access to the Site will constitute the visitor/user’s acceptance of the updated terms.

However, if there are significant changes that could affect the rights and freedoms of users, information will be made by publication on the Site (pop-ups) or by sending e-mails to the addresses provided if applicable. Such significant changes will take effect for visitors/users within

30 days from the time of the display of the pop-up in question or the transmission of the e-mail by TGZ Legal (the manner in which the information will be given will be decided by TGZ Legal on a case-by-case basis).

Regardless of the extent of the change, however, the responsibility for checking the content of the Site (including the Terms and Conditions and posted policies) to keep up to date with the latest versions remains entirely with the user.

This document is part of TGZ Legal’s set of security policies. Other policies may apply to the topics addressed in this document and will be revised as specific needs arise.