The concept of personal data

According to the applicable legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (also referred to as the “General Data Protection Regulation” or the “Regulation”), “personal data” means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Beneficiary of personal data protection

If you are a potential customer, a customer in our portfolio, a representative or employee of customers or potential customers, a supplier, a service provider, a student or any other person who visits our website or contacts us, you enjoy the protection of your personal data.

In order to inform you about the principles applicable to the matter, your rights, the data processing and management mechanism, we have drafted this Privacy Policy.

Please consult it whenever you want to find out about our vision, objectives and how we are working to protect your personal data rights.

Our role in relation to your personal data

According to the Regulation, ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

The main entities with attributions and responsibilities regarding the processing of personal data are the controllers and the persons empowered by them.

According to the General Data Protection Regulation, ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

We inform you that in relation to you we have the quality of controller of personal data. We may entrust a third party with the duties and responsibility related to the processing of your personal data. In this context, the designated third party has, in relation to the provisions of the Regulation, the status of “processor”, i.e. a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Personal data processed. Sources, purposes, grounds for processing and duration of data storage.

Your personal data that we may process include identification data, contact data, data relating to studies, data relating to professional activity, business relationships, affiliations, data necessary to make payments or conclude contracts (data relating to bank accounts), etc.

The main source of the personal data to which we have access is their voluntary transmission, as a result of contacting us and expressing the intention to establish a lawyer-client relationship, employment, provision of services, etc. Therefore, by expressing your consent in this regard, it is possible to process your data in order to initiate and carry out a certain contractual relationship. Please note that not all of our interactions in which you provide us with data about yourself will result in a contract. However, as a rule, it is necessary to have access to your data, found for example in the documents we analyse in order to be able to propose ways to resolve litigation situations submitted to our attention. Also, in the context in which you want us to analyse or negotiate certain contracts for you, it may be necessary to carry out preliminary analyses in order to outline the services and to send a professional and financial offer.

Personal data may be collected by us by e-mail, during telephone conversations, videoconference meetings, by providing documents during direct meetings at our premises, yours or outside them or by communicating various documents by mail or courier services.

Please note that the data will be stored for the period necessary to carry out the preliminary analyses in the context in which you request service offers from us or, as the case may be, until the completion of the mandate entrusted by you or as long as the law allows or requires us to keep certain data, for the purpose of justifying our services, to keep accounting or tax records, as well as to comply with any legal regulations.

Please note that we only keep personal data for strictly necessary periods, in compliance with legal rigors.

Personal data may also be transmitted to us by administrative or judicial authorities, as well as by other natural or legal persons. At the same time, in order to settle judicial cases for entrustment or to provide legal advice services, we may obtain personal data available in publicity registers, in the archives of public institutions or by accessing any publicly available sources of information.

In addition to the purposes indicated above, such as the analysis of personal data for drafting legal services offers or the actual provision of services, we may process data in the context of scientific activities such as conferences, presentations or teaching or training activities, not directly related to the provision of legal assistance and representation.

We emphasize that there is a possibility that we collect personal data by using technologies necessary for the operation of our website. Thus, without the need for your consent, certain files (cookies) may be installed on the devices from which you access the site, and personal data may be collected through them. Please note that, in order not to process your data in this context, it is necessary not to access the website. We specify that, by blocking the cookie files necessary for the proper functioning of the website, there is a risk of not being able to browse under normal conditions or not having access to certain functions or features of the site.

We also recommend that you pay attention to the cookie and privacy policies related to the websites that can be accessed through a link created with our website. Thus, it is possible to find content on our website that belongs to other websites. Whether it is professional networks, legal publications, social media or information platforms, please note that they are not controlled or managed by us.

By accessing such sites, you assume specific obligations and risks, including related to their privacy policies or the processing of personal data. In order to support the protection of your rights, we recommend that you carefully study the information available on the respective websites, including under names such as Terms and Conditions, Cookie Policy or Privacy Policy.

Regarding the consent for the processing of personal data, please note that we are determined to comply with the rights and legal provisions, including those of the Regulation, namely:

Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent.

Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.

In order to protect your rights, please ensure that you take into account the provisions presented above, when granting consent, in any context.

Please note that if we do not have your consent to process your personal data, there is still a legal basis for processing it.

The Privacy Policy is not an exhaustive material that contains information regarding the protection of your personal data. Permanent changes, such as those of a legal, technical, professional nature or generated by our activity and the services offered, may require rapid changes in terms of personal data protection. As a rule, we will provide the necessary information on a regular basis without delay, either individually (to the data subject) or by means of publicly addressed information, for example in the form of publications on this website. If you would like to obtain more information or if the aspects of interest to you are not found here, please contact us using the available contact details.

Your rights in relation to your personal data

Each person who benefits from protection in terms of his or her personal data should be sure that the responsible entities comply with the relevant principles, but also the rights related to the obligations that those entities have.

The principles related to the processing of personal data are regulated in general terms in the Regulation (art. 5), as follows:

1. Personal data shall be:

(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);

(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’); (c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);

(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

2. The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).

According to Article 89(1) of the Regulation, “1. Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, shall be subject to appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject. Those safeguards shall ensure that technical and organisational measures are in place in particular in order to ensure respect for the principle of data minimisation. Those measures may include pseudonymisation provided that those purposes can be fulfilled in that manner. Where those purposes can be fulfilled by further processing which does not permit or no longer permits the identification of data subjects, those purposes shall be fulfilled in that manner”.

As you are a data subject, we present your rights and the obligations related to them, as provided for in the Regulation.

For details and updated information, you can consult the entire regulation by accessing this link:

https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679

Right of access – Article 15

1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

(a) the purposes of the processing;

(b) the categories of personal data concerned;

(c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

(f) the right to lodge a complaint with a supervisory authority;

(g) where the personal data are not collected from the data subject, any available information as to their source;

(h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.

3. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

Right to rectification – Article 16

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure of data (“right to be forgotten”) – Article 17

1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing; (c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);

(d) the personal data have been unlawfully processed;

(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

(f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

2. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

3.Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:

(a) for exercising the right of freedom of expression and information;

(b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);

(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(e) for the establishment, exercise or defence of legal claims.

Right to restriction of processing – Article 18

1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies: (a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; (d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

2.Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

3. A data subject who has obtained the restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.

Notification obligation regarding rectification or erasure of personal data or restriction of processing – Article 19

The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.

Right to data portability – Article 20

1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

(a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and

(b) the processing is carried out by automated means.

2. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

Right to object – Article 21

1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

4. At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.

5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

6. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Automated individual decision-making, including profiling – Article 22

1. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

2. Paragraph 1 shall not apply if the decision: (a) is necessary for entering into, or performance of, a contract between the data subject and a data controller; (b) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or (c) is based on the data subject’s explicit consent.

3. In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

4. Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Article 9(1), unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.

Providing your data to third parties. Transfer of personal data. Security of data processing.

The framework of the provision of legal services involves contact with a multitude of entities (public institutions, courts, diplomatic or consular missions, ministries, various legal entities of private law or natural persons, etc.). In the natural course of our activity, but also in contexts where the law provides or authorized entities require us, we may disclose or transfer your personal data. We assure you that we will always follow strict compliance with the legal provisions in this regard. In addition, if the law or context requires it, we will inform you as soon as possible about the fact that we have had to provide third parties with your data.

In the event that it will be necessary to transfer personal data outside the European Union or outside the European Economic Area, we will inform you in accordance with the legal provisions and we will comply with all mandatory provisions in this regard.

In order to ensure that the process of processing personal data is carried out safely, we work together with our collaborators in the technical areas involved. We assure you that we implement the available technologies to ensure that your rights are protected at all times. Also, from a legal point of view, we constantly ensure that even the people with whom we collaborate respect your rights, in accordance with the applicable legal provisions.

In addition, we inform you that we are considering the provisions of the General Data Protection Regulation which provides, among others, the following relevant aspects regarding the security of processing (art. 32 para. 1 and 2):

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

(a) the pseudonymisation and encryption of personal data;

(b) the ability to ensure the continued confidentiality, integrity, availability and resilience of the processing systems and services;

(c) the ability to restore the availability of and access to personal data in a timely manner in the event of an incident of a physical or technical nature;

(d) a process for the periodic testing, evaluation and assessment of the effectiveness of technical and organisational measures to ensure the security of processing.

In assessing the appropriate level of security, account shall be taken in particular of the risks posed by the processing, arising in particular, accidentally or unlawfully, from the destruction, loss, alteration, unauthorised disclosure or access to personal data transmitted, stored or otherwise processed.

In order to prevent risks related to harmful incidents regarding the processing of your personal data, we recommend that you also make sure from a technical point of view that you are protected from various attacks, viruses or other types of damage to the information and data concerning you, which we, for objective reasons, cannot control.

Updated information on the Privacy Policy

We assure you that you are concerned about providing you with a Privacy Policy that reflects our firm commitment to providing accurate and complete information regarding your rights related to the protection of personal data.

For legal reasons (to amend the applicable legislation), in order to be permanently in accordance with the various requirements of the administrative authorities that may impose new procedures or, as the case may be, for any other reasons (including related to our organization and operation), we may have to change the Privacy Policy.

We are committed to indicating in its content the date it was updated and kindly ask you to follow us and review our Privacy Policy to ensure that the information you have and what you need is in line with our current policy on the matter.

Website Policies

Who we are

Our website address is https://bmalegal.ro/. The website is operated by BOGOIU, MATEI & ASSOCIATES, located at 75-77 Buzești Street, 9th Floor, Sector 1, 011013 Bucharest, Romania. For privacy-specific concerns, please contact us at office@bmalegal.ro.

What personal data we collect and why we collect it

We collect different types of personal data depending on your interactions with our website. This includes:

  • Personal Information: Such as your name, email address, and contact details. We collect this information when you sign up, comment, or fill out a contact form to respond to your inquiries or process transactions.
  • Account Data: If you create an account, we may collect your username, password, and preferences to personalize your experience on our website.
  • Technical Data: Includes your IP address, browser type, and device information, collected automatically for security and analytics purposes.
  • Transaction Data: If you make purchases through our site, we collect payment information and purchase history to process payments and fulfill orders.
  • Cookies and Tracking Data: We collect data through cookies and similar technologies to improve website functionality and for analytical purposes.

We process this data based on legitimate interests (e.g., to improve our website), the performance of a contract (e.g., when you make purchases), or your consent.

Contact forms

When you submit a contact form, we collect your name, email address, and message content to respond to your inquiry. We retain contact form submissions for 3 years for customer service purposes, but we do not use the information for marketing.

Cookies

Our website uses the following cookies:

  • Essential Cookies: These cookies are necessary for the website to function and cannot be switched off.
  • Analytics Cookies: We use Google Analytics to collect anonymous data on site usage to help us improve the user experience.

Analytics

We use Google Analytics to track and analyze site activity. Google Analytics Privacy Policy can be found here.

Who we share your data with

We do not share personal data with third parties except for the following cases:

  • Service Providers: Such as hosting providers, payment processors, and analytics providers.
  • Advertising Partners: We may share anonymized data with advertising partners for personalized ads.

How long we retain your data

We retain personal data for as long as necessary to provide services and meet legal obligations. For example:

  • Contact Form Entries: 3 years.
  • Analytics Data: 3 years.
  • Customer Purchase Records: 5 years for tax and accounting purposes.

What rights you have over your data

You have the right to:

  • Access and Data Portability: Request a copy of your personal data.
  • Correction: Update or correct your personal data.
  • Erasure: Request deletion of your personal data.
  • Object to Processing: Restrict the processing of your personal data.

To exercise these rights, contact us at office@bmalegal.ro.

Where your data is sent

We may transfer data outside the European Union. We ensure these transfers comply with EU data protection standards.

Contact information

For privacy concerns, you can reach us at office@bmalegal.ro.

Additional information

  • How we protect your data: We use encryption, secure servers, and regular security reviews to safeguard your data.
  • Data breach procedures: In the event of a breach, we will notify users and authorities within 72 hours, follow internal reporting procedures, and take immediate action to mitigate the breach.
  • Third-party data: We may receive data from third parties such as analytics providers, which may influence your user experience on our site.
  • Automated decision-making: We do not use automated decision-making that could significantly affect your rights.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Really Simple Security

Really Simple Security and Really Simple Security add-ons do not process any personal identifiable information, so the GDPR does not apply to these plugins or usage of these plugins on your website. You can find their privacy policy here.

LiteSpeed Cache

This site utilizes caching in order to facilitate a faster response time and better user experience. Caching potentially stores a duplicate copy of every web page that is on display on this site. All cache files are temporary, and are never accessed by any third party, except as necessary to obtain technical support from the cache plugin vendor. Cache files expire on a schedule set by the site administrator, but may easily be purged by the admin before their natural expiration, if necessary. We may use QUIC.cloud services to process & cache your data temporarily.Please see https://quic.cloud/privacy-policy/ for more details.

Exercising rights in the event that you have doubts or dissatisfaction

We believe that through dialogue we can solve any problem. We also know that behind some apparent dissatisfactions there can be simple misunderstandings. In addition, we consider that for any dispute the attempt at amicable settlement should not be avoided.

Therefore, if for any reason you consider that you have been deprived of full protection in terms of your personal data, if you have doubts about your actual rights or if you consider that your rights have not been fully respected, we are available to communicate any aspect of interest to you.

Please contact us, in a way convenient for you, using our contact details, namely:

✉ 75-77 Buzești Street, 9th Floor, Sector 1, 011013 Bucharest, Romania

🕿 +4 021 589 7832

📧 office@bmalegal.ro

In the event that our response or the way of solving the situation does not correspond to the specific expectations, you have the possibility to contact the competent authority in the matter, namely the National Supervisory Authority for Personal Data Processing.

The website of this entity is available at the following link: https://www.dataprotection.ro/.

According to the information available by accessing the website of the National Supervisory Authority for Personal Data Processing, its contact details are as follows:

28-30 Gheorghe Magheru Boulevard
Sector 1, 010336 Bucharest, Romania


anspdcp@dataprotection.ro
dpo@dataprotection.ro

Fax: +4 031 805 9602
Tel.: +4 031 805 9211; +4 031 805 9212

We inform you that the procedure for filing a complaint is available on the website of the National Supervisory Authority for Personal Data Processing. We recommend that you access the authority’s website to ensure that your information regarding contacting and notifying it is up to date.

Sources of information on the protection of personal data

We recommend you make sure that the sources of information regarding the protection of personal data are official and that the data received is up to date.

In our opinion, you can check and update your information by following the publications of the National Supervisory Authority for Personal Data Processing (link to the website: https://www.dataprotection.ro/), but also the website of the European Data Protection Supervisor (https://www.edps.europa.eu/_en).

Involvement in updating our Privacy Policy

In consideration of the importance of your rights, which we want to fully protect in all possible forms, we express our availability to receive from you any suggestion, recommendation, observation or complaint including regarding the Privacy Policy.

Therefore, please send us your opinion on this subject using the way convenient for you, namely the contact address by e-mail, office@bmalegal.ro or, as the case may be, the postal address, 75-77 Buzești Street, 9th Floor, Sector 1, 011013 Bucharest, Romania.

We assure you that your involvement will be fully appreciated.

Thank you for reading our Privacy Policy!

Yours sincerely,

BMA LEGAL – BOGOIU, MATEI & ASSOCIATES