Apariții în presă Secu Legal

Privacy Policy

Privacy Policy

General provisions

Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the General Data Protection Regulation, hereinafter “GDPR” or “the Regulation”) was adopted by the European Parliament and the Council of the European Union on 27 April 2016 and has been directly applicable since 25 May 2018. This Regulation expressly repeals Directive 95/46/EC, thereby also replacing the provisions of Law no. 677/2001 (now repealed).

The Regulation is directly applicable in all Member States, protecting the rights of all natural persons on the territory of the European Union. In terms of material scope, the Regulation applies to all controllers that process personal data. It does not apply to the processing of personal data relating to legal persons — in particular undertakings with legal personality — including their name, legal form, and contact details.

Personal data is defined as any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

Processing of personal data means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means — such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Identity of the controller

Pursuant to Article 4(7) of the Regulation, which defines “controller” as the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, the controller processing personal data through this website is Andreea-Cristina Secu – Law Office, with its registered office in Romania, Bucharest, Sector 1, 17 Paris Street, 1st Floor, Apt. 1, registered at the Trade Register on 07.01.2020, tax registration number RO41192140, legally represented by Andreea-Cristina Secu, contact: secuandreea@gmail.com.

Collection of personal data

What personal data is collected

The controller of this website collects, stores, and processes the following personal data relating to you:

  • Full name
  • Contact details (such as email, phone, fax)

Obtaining consent

General provisions

For the processing of personal data to be lawful, the GDPR requires that it be carried out on the basis of a legitimate ground, such as the performance or conclusion of a contract, compliance with a legal obligation, or on the basis of the data subject’s prior valid consent. In the latter case, the controller is required to be able to demonstrate that the individual has consented to the processing. Consent given under Directive 95/46/EC remains valid if it meets the conditions set out in the GDPR.

Consent must be given by a statement or a clear affirmative action constituting a freely given, specific, informed, and unambiguous indication of the data subject’s agreement to the processing of their personal data. Where consent is given in the context of a written or electronic declaration that also concerns other matters, the request for consent must be presented in a manner clearly distinguishable from those other matters — this may be done by ticking a checkbox, for example.

Contact form

If you send us enquiries via the contact form, we will collect the data entered in the form, including the contact details you provide, in order to respond to your enquiry and any subsequent questions. We do not share this information without your permission. Accordingly, all data you enter in the contact form will be processed solely on the basis of your consent [in accordance with Article 6(1)(a) GDPR]. You may revoke your consent at any time; an informal email to that effect is sufficient. Data processed prior to receipt of your request may be processed lawfully. We will retain the data you provide via the contact form until:

  • you request its deletion;
  • you withdraw your consent to its storage; or
  • the purpose for its storage no longer applies.

Mandatory statutory provisions, particularly those concerning mandatory data retention periods, are not affected by the above.

Contact by email, telephone, or fax

If you contact us by email, telephone, or fax, your request — including all personal data you provide — will be stored and processed by us for the purpose of handling your enquiry, on the basis of your expressed consent.

We will process all data you provide under the following legal bases under the GDPR:

  • solely on the basis of your consent – in accordance with Article 6(1)(a) GDPR;
  • for the performance of a contract or in the pre-contractual stage – in accordance with Article 6(1)(b) GDPR;
  • for the purpose of our legitimate interest, namely the efficient handling of requests you send us – in accordance with Article 6(1)(f) GDPR.

We will retain the data you provide in this way until:

  • you request its deletion;
  • you withdraw your consent to its storage; or
  • the purpose for its storage no longer applies — in all cases except where mandatory data retention periods apply.

Comments section

By accessing the Comments section, certain personal data (including but not limited to your email address, username, and IP address) will be processed and stored, some of which is necessary for the purposes of preventing unlawful actions or defamatory content.

There is also the option to subscribe on this site in order to receive comments via your email address, in which case:

  • Your email address may be verified via a confirmation email;
  • You may unsubscribe at any time by clicking the link in the emails, and the data you have provided will be deleted immediately, except for data provided in connection with other sections (e.g. newsletter sign-up), which will remain stored;
  • We comply with applicable legal provisions — specifically, we store your comments and personal data on the basis of your consent (Article 6(1)(a) GDPR), which may be withdrawn at any time (an informal email to that effect is sufficient).

Purpose of processing the data collected

Some of the data collected on this site is used for:

Periodic communication with users – We want to keep you informed about our services. To this end, we may send you messages containing general and thematic information, details about our services or updates, as well as other communications such as market research and opinion surveys. For such communications, the legal basis is your prior consent. You may change your mind and withdraw your consent at any time.

Processing of personal data is carried out in accordance with the GDPR, on the basis of the data subject’s consent as well as for the purposes of proper contract performance or the legitimate interests of the controller (except where those interests are overridden by the interests, rights, and fundamental freedoms of the data subject that require the protection of personal data — particularly where the data subject is a child).

User rights

Your rights with regard to personal data and the means of exercising them are: the Right to information, the Right of access, the Right to rectification, the Right to erasure, the Right to restriction of processing, the Right to data portability, the Right to object, the Right not to be subject to a decision based solely on automated processing, the Right to lodge a complaint and to seek judicial remedy, and the Right to withdraw consent.

  • Right to information – you may request information about the processing of your personal data, the identity of the controller and its representative, or the recipients of your data.
  • Right of access – you may obtain from the controller confirmation as to whether personal data concerning you is being processed and, if so, access to that data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the data has been or will be disclosed, in particular recipients in third countries or international organisations; where possible, the envisaged period for which the data will be stored or, if not possible, the criteria used to determine that period; the right to request rectification or erasure, or restriction of processing, or the right to object to processing, etc.
  • Right to rectification – you may have inaccurate personal data corrected or incomplete data completed.
  • Right to erasure – you may obtain the erasure of data where its processing was unlawful or in other cases provided for by law.
  • Right to restriction of processing – you may request restriction of processing where you contest the accuracy of the data, as well as in other cases provided for by law.
  • Right to data portability – under certain conditions, you may receive the personal data you have provided to us in a machine-readable format, or request that the data be transmitted to another controller.
  • Right to object – you may object in particular to processing based on the controller’s legitimate interests.
  • Right not to be subject to automated decision-making – you may request and obtain human intervention in respect of such processing, or express your own point of view in relation to it.
  • Right to lodge a complaint and seek judicial remedy – you may lodge a complaint regarding the processing of your personal data with the National Supervisory Authority for Personal Data Processing (ANSPDCP) and/or seek judicial remedy for the protection of your rights.
  • Right to withdraw consent – where processing is based on your consent, you may withdraw it at any time. Withdrawal of consent will have effect only for the future; processing carried out prior to withdrawal remains lawful.

Controller obligations

Hosting

Personal data recorded on this website is stored on servers located in Romania. The processing of data provided and stored complies with the following legal provisions:

  • Article 6(1)(a) GDPR – processing is based on your consent, obtained following proper and complete disclosure;
  • Article 6(1)(f) GDPR – processing is carried out in pursuit of our legitimate interests.

Data encryption

This site uses SSL encryption for security purposes and to protect the transmission of confidential information. You can recognise this encryption by the lock icon that appears in your browser’s address bar and by the change from http:// to https:// in the browser address. Once this type of encryption is active, data you transmit or transfer cannot be viewed by third parties.

In accordance with the GDPR, if a personal data breach is likely to result in a high risk to your rights and freedoms, the controller of this website will notify you without undue delay, unless the supplementary provisions of the same Regulation apply (Article 34(3)).

Data Protection Officer

As the provisions of the GDPR requiring the appointment of a Data Protection Officer (Article 37(1) – pursuant to which the controller and the processor shall designate a DPO in all cases where:

  • the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;
  • the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, scope and/or purposes, require regular and systematic monitoring of data subjects on a large scale; or
  • the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 or personal data relating to criminal convictions and offences referred to in Article 10)

are not applicable in our case, for any information or queries regarding the operation of this website, please contact us at:

Name: Andreea-Cristina Secu Email: contact@seculegal.ro Postal address: 17 Paris Street, postal code 011813, 1st Floor, Sector 1, Bucharest, Romania

Records of processing activities

Under the GDPR, the controller or processor should maintain, for a reasonable period, records of processing activities under their responsibility. Such records shall contain the following information:

  • the name and contact details of the controller;
  • the purposes of the processing;
  • a description of the categories of data subjects and personal data;
  • the categories of recipients to whom personal data has been or will be disclosed;
  • where applicable: transfers of personal data; the envisaged time limits for erasure of different categories of data; a general description of technical and organisational security measures.

The above obligation does not apply to an undertaking or organisation with fewer than 250 employees, unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data or personal data relating to criminal convictions and offences.

Appropriate technical and organisational measures

Taking into account the state of the art, the context and purposes of the processing, and the risks to the rights and freedoms of natural persons, the controller implements appropriate technical and organisational measures to ensure that, by default, only personal data necessary for each specific purpose of the processing is processed.

Notification to the supervisory authority in the event of a personal data breach

Pursuant to Article 33(1) GDPR, in the event of a personal data breach, we will notify the National Supervisory Authority for Personal Data Processing without undue delay and, where feasible, no later than 72 hours after becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.

Notification of the data subject in the event of a personal data breach

In accordance with Article 34 GDPR, where a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, we will notify the data subject without undue delay, except where:

  • appropriate technical and organisational protection measures have been implemented and applied to the personal data affected by the breach — in particular measures ensuring that the data is rendered unintelligible to any person not authorised to access it, such as encryption;
  • subsequent measures have been taken to ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialise;
  • it would require disproportionate effort — in which case a public communication or similar measure is made instead, whereby data subjects are informed in an equally effective manner.

Social Media

Facebook plugins (Like & Share Button)

This service uses social plugins (“plugins”) operated by the social network facebook.com. The plugins may be identified by a Facebook logo (a white “f” on a blue background or a “thumbs up” icon) or are labelled with the phrase “Facebook Social Plugin”. A list and the appearance of the Facebook plugins can be found at: https://developers.facebook.com/docs/plugins/. By using the Like button, you can like our Facebook page without leaving the site. By using the Share button, you can share our site or specific content from it on your personal Facebook page without leaving the site.

Through the plugin, Facebook receives information about the pages you access on our site. If you are simultaneously logged into Facebook, Facebook may link the actions taken on the page to your account — and therefore to you personally. When you interact with the plugins, for example by clicking the Like button or sharing content, the corresponding information is transferred directly from your browser to Facebook and stored there. Even if you are not a Facebook member, it is still possible for the social network to obtain and store your IP address.

By clicking on one of these buttons, you consent to the use of this plugin and, therefore, to the transfer of personal data to Facebook. We have no control over the nature and purpose of the data transmitted or its subsequent processing. For further information on the purpose and scope of data collection, subsequent processing and use of data by Facebook, as well as your privacy permissions and settings, please refer to Facebook’s privacy policy.

If you do not wish Facebook to associate your visit to this site with your Facebook account, please log out of Facebook beforehand.

Newsletter

To receive a newsletter, you must provide a valid email address along with specific information that allows the holder of that address to be identified. Your consent is also required for the newsletter to be sent, and accordingly we inform you that any further personal data will be collected and stored only on the basis of your consent. Data collected in this way is processed solely for the purpose of sending the newsletter and will not be passed on to third parties.

We will therefore process any data you enter in the contact form only with your consent, in accordance with Article 6(1)(a) GDPR.

Plugins and tools

Google Web Fonts

This site uses Web Fonts provided by Google to ensure consistent font rendering across the site. When you access a page on this website, your browser will load the necessary web fonts from Google’s servers in order to display text and fonts correctly.

The use of Google Web Fonts is based on Article 6(1)(f) GDPR, there being a legitimate interest in the uniform presentation of fonts on this website. Where consent has been expressed (for example, consent to cookie storage), data will be processed exclusively on the basis of Article 6(1)(a) GDPR.

For more information on how Google Web Fonts handles user data, please see the Privacy Policy available at: https://policies.google.com/privacy?hl=en.

Google Maps

This site uses Google Maps, a mapping and location service, via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America.

To protect data privacy on our site, you will find that Google Maps is disabled when you first visit. A direct connection to Google’s servers will not be established before you independently activate Google Maps — that is, with your consent in accordance with Article 6(1)(a) GDPR. This prevents the transfer of data to Google during your first visit to our site. Once the service has been activated, Google Maps will store your IP address, which is generally subsequently transferred to and stored on a Google server in the United States. The provider of this website has no control over this data transfer once Google Maps has been activated.

In light of the judgment of 16 July 2020 (in Case C-311/18 – Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems), the Court of Justice of the European Union held that the protection afforded by the EU–US Privacy Shield was not adequate.

Accordingly, the transfer of personal data to the United States and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCCs) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers established outside the EU or EEA, as well as a set of contractual clauses for transfers from EU controllers to processors established outside the EU or EEA. For more information on these Clauses, we recommend visiting: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

Google Maps uses Standard Contractual Clauses as an adequate safeguard for data protection, in line with the level of protection guaranteed by the GDPR. For further information, please consult Google’s Data Privacy Statement at: https://policies.google.com/privacy.

Conclusion

This personal data processing policy has been drawn up in accordance with the provisions of Regulation no. 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as other applicable national legal provisions.

We reserve the right to make any additions or amendments to this policy. We recommend consulting this Policy on a regular basis to remain correctly and fully informed regarding the processing of personal data.

For further details regarding this GDPR Policy, or to exercise any of the rights referred to above, a written notification may be sent to the contact details indicated above.

Last updated: 06-08-2022

Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None