Privacy policy

Privacy policy

This privacy policy applies to the website http://www.patlageanu.ro/ and the personal data collected through it to carry out the activities that our office carries out.

1. The data operator

In accordance with the definitions and provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR), our office has the capacity of data operator with a personal character and, in certain situations, the capacity of proxy of other personal data operators.

2. The persons concerned

We provide consulting services in the development and implementation of investment projects both on European funds and on state aid schemes for clients, legal entities.

In the case of these services, the persons concerned are the representatives, natural persons, of our clients, legal persons.

3. Processing of personal data

3.1. Personal data collected and processed automatically when you browse our website

a) Data recorded and stored in the Web server log

Method and time of collection

• We use a server to host our website. When you access the website, data corresponding to navigation within the web platform is recorded and stored in a log file on the server.
• Personal data collected
• Thus, the IP address you use to access the website is automatically recorded, as well as other information corresponding to browsing the platform, such as the pages accessed, the date and time of website access, the information requested, the date and time of the request, the source of access to our website (for example the URL that directed you to our website), the duration of your visit and the order in which you visit the website content (clickstream information), your browser version and system operating system used, the name of the mobile network you are using (information about the device used).

Purpose and basis of processing

• We collect and store this data in web server logs to ensure IT network security. Thus, we analyze log files to help identify and prevent unauthorized access to our network, the distribution of malicious code, the prediction of DDOS attacks and other cyber attacks by detecting unusual or suspicious activity. Unless we are investigating suspected or potential criminal activity, we make no attempt to identify you based on information collected through server logs. The basis on which we process data for this purpose is our legitimate interest in protecting our activity and ensuring the security of the data we hold.
• We also use this data to analyze how website users interact with it in order to improve its structure and content. The basis on which we process personal data for this purpose is our legitimate interest.
• Location of personal data
• The data thus collected are stored on the server of the company that provides the web hosting, which is located in Romania.
• Duration of personal data processing and storage
• The data are recorded and stored in the server logs for a period of 1 year after which, according to the procedure we have implemented, they are automatically deleted.

b) Use of cookies

Method and time of collection

• Our website uses cookies. Cookies are small text files sent by a website server to a web browser (web browser: Chrome, IE, Firefox, Opera), RAM memory or hard disk drive, when the website is first accessed and then stored there.

Personal data collected

• A “cookie” records information related to your browsing on the website (pages visited, date and time of visit). This information allows the website to “remember information about your preferences and thus improve the experience of browsing the website. If you do not want to accept the use of cookies, you can change the configuration of your browser to not accept cookies.

For more information on the cookies we use, setting preferences in the use of cookies and how to block them, please read our Cookie Policy.

Purpose and basis of processing

• We use cookies to improve the website and to customize the experience of browsing the website according to the needs of our users. Thus, through them we can automatically distinguish you from other users and provide you with certain functionalities that facilitate navigation and interaction on the website. The basis on which we process this personal data is our legitimate interest in ensuring the proper functioning of our website (for the use of essential cookies) and consent (for the use of non-essential cookies). For more information on the cookies we use, setting preferences in the use of cookies and how to block them, please read our Cookie Policy.

Location of personal data

• The data thus collected are stored on the server of the company that provides the web hosting, which is located in Romania.

Duration of personal data processing and storage

• Cookies are used as long as you access our website, depending on the preferences initially set on the website and depending on the cookie settings you have set in the web browser you are using.

3.2. Personal data collected when you contact us

a) Contact form integrated into the website

Method and time of collection

• Data is collected when you complete and submit a contact form on our website.

Personal data collected

• We collect your first name, last name, email address and any other information you voluntarily provide in that message.

Purpose and basis of processing

• We process this personal data to respond to inquiries and messages we receive based on our legitimate interest in providing quality service and information to people who contact us.

Location of personal data

• The data thus collected are stored on the server of the company that provides the web hosting, which is located in Romania.

 Duration of personal data processing and storage

• The data is retained for a limited period – no more than 1 year – and is periodically deleted.

b) Email

Method and time of collection

• Data is collected when you send a message to the email address displayed on our website.

Personal data collected

• We collect your email address and any other information you provide in that email (such as your name, phone number and information contained in any signature block in the email).

Purpose and basis of processing

• We process this personal data to respond to inquiries and messages we receive and to keep records of correspondence based on our legitimate interest in providing quality service and information to people who contact us.

Location of personal data

• The data thus collected are stored on the server of the company that provides the web hosting, which is located in Romania.

Duration of personal data processing and storage

• The data is retained for a limited period – no more than 1 year – and is periodically deleted.

c) Telephone

Method and time of collection

• Data is collected when you call the contact phone number displayed on our website.

Personal data collected

• When you contact us by phone, we collect your phone number and any information you provide during your conversation with us. We do not record phone calls.

Purpose and basis of processing

• We process this personal data to respond to inquiries and requests for information that we receive based on our legitimate interest in providing quality service and information to people who contact us.

Location of personal data

• Information about your call, such as your phone number and the date and time of your call, is processed by our telephone service provider located in Romania.

Duration of personal data processing and storage

• We do not retain personal data unless it is necessary to respond to your requests later.

4. Transfer of personal data to third parties

4.1. Data transfer to service providers

We transfer the personal data we process to a number of third parties to provide us with services that are necessary to run our business or to help us run our business and who process your information for us on our behalf. These third parties are generally the following:

• Telephone service providers.
• Email and web hosting service providers.
• Analytics/consultancy/advertising service providers.

We occasionally obtain advice from consultants such as accountants, financial advisors, lawyers and public relations professionals. We will only share your information with these third parties where it is necessary to allow these third parties to provide us with the relevant advice, subject to confidentiality clauses.

The data we collect through the website (contact form) or through the e-mails received, are stored on the web server of our web and e-mail hosting service provider. The server is located in Romania. The processing carried out by it is strictly limited to the storage of this data on the server.

We transfer personal data in our legitimate interest (ensuring the efficient running of our business).

We ensure (by signing special personal data protection agreements) that the third parties to whom we transfer personal data also guarantee the protection and security of this data and use this data only for the agreed purpose.

We do not display the identity of our service providers publicly for security and competitive reasons. If you still want additional information about the identity of service providers, please contact us directly by email and we will provide such information to you if you have a legitimate reason to request it).

4.2. Transfer to public authorities or organizations with attributions in the crediting/debt recovery/fraud prevention process

a) In connection with a legal or potentially legal dispute or proceeding

We may need to use your information if we are involved in a dispute with you or a third party, for example, either to resolve the dispute or as part of mediation, arbitration or a court order or similar process.

The basis on which we carry out this transfer is our legitimate interest, namely the resolution of disputes and possible disputes.

b) To comply with laws, regulations and other legal requirements

We will use and process your information to comply with legal obligations to which we are subject. For example, we may be required to disclose your information pursuant to a court order or subpoena, if we receive one.

The basis on which we carry out this transfer is our legitimate interest.

5. Personal data retention period

Criteria for establishing retention periods

We will only keep your information for as long as necessary, taking into account the following:

• the purpose(s) and use of your information both now and in the future (for example, if it is necessary for us to continue to store that information to continue to fulfill our obligations under a contract with you or to contact you in the future );
• if we have a legal obligation to continue processing your information (such as any record-keeping obligations imposed by law or relevant regulations);
• if we have any legal basis to continue processing the information (such as your consent);
• how valuable your information is (both now and in the future);
• any agreed industry practices regarding the retention period of information;
• the levels of risk, cost and liability involved in continuing to hold the information;
• how difficult it is to ensure that the information can be current and accurate;
• any relevant surrounding circumstances (such as the nature and status of our relationship with you).

6. Technical and organizational measures to secure your data.

We take appropriate technical and organizational measures to secure your information and protect it against unauthorized or unlawful use and accidental loss or destruction, including:

• sharing and providing access to your data to the minimum extent necessary, subject to confidentiality restrictions where appropriate and anonymously whenever possible;
• using secure servers to store information;
• verifying the identity of any person requesting access to information before granting them access to information;
• we only transfer your data via a closed system or via encrypted data transfers.

Sending information to us by email

Transmission of information over the Internet is not entirely secure, and if you send us information over the Internet (by email, through our website or by any other means), you do so entirely at your own risk.

We cannot be liable for any expense, loss, damage to reputation, damage, liability or any other form of loss or damage suffered by you as a result of your decision to submit information to us by such means.

7. Your rights to personal data

7.1. Your rights

Subject to certain restrictions on certain rights, you have the following rights in relation to your data which you can exercise by sending an email to office@patlageanu.ro:

• request access to your information and information about the use and processing of your information;

You have the right to obtain confirmation from the company if your data is being processed.

Individuals have the right to submit an access request to have access to their personal data and to verify the legality of the processing. If such a request was made electronically, the information will be provided by the company – also – in a commonly used electronic format.

• request rectification of your data;

Individuals have the right to rectify themselves or to ask the company to rectify inaccurate or incomplete personal data. If the personal data in question have been transferred to third parties, the firm will also inform them in connection with the request for rectification, if possible. If applicable, the office will inform the data subject about the third parties to which the data has been transferred.

Rectification requests will be resolved within one month; this will be extended by two months if the rectification request is complex.

If no action is taken in response to a rectification request, the firm will explain the reason to the person concerned and inform them of their right to complain to the supervisory authority and of the remedies available.

• request deletion of your data (taking into account legal restrictions that do not allow data deletion);

Natural persons have the right to request the deletion or elimination of personal data, if there are no reasons for their continued processing. Individuals have the right to request data deletion in the following situations:

• If the personal data are no longer necessary in relation to the purpose for which they were initially collected / processed;
• When the person withdraws their consent;
• When they object to the processing and there is no legitimate interest in the further processing of personal data;
• Personal data have been processed illegally;
• Personal data must be deleted to comply with a legal obligation.
• Our office has the right to refuse a request to delete personal data, if the data is processed for the following reasons:
• To comply with a legal obligation;
• To exercise or defend legal claims.

If the personal data has been transferred to third parties, they will be informed of the request to delete the personal data, unless this is impossible or involves a disproportionate effort in this regard.

• request the restriction of the use of your data;

Individuals have the right to block or suppress the processing of personal data by the company. If processing is restricted, the practice will store the personal data but will not process it further, ensuring that only enough information about the individual has been retained to ensure that said restriction is respected in the future.

The Cabinet will restrict the processing of personal data in the following situations:

• When a natural person contests the accuracy of personal data, processing will be restricted until the firm verifies the accuracy of the data;
• If a person has objected to the processing, and the office analyzes whether the legitimate reasons for this processing are based on those of the person;
• If the processing is unlawful and the person objects to the erasure and requests restrictions instead;
• In case the office no longer needs the personal data, but the person requests the retention of the data for the establishment, exercise or application of a legal claim.

If the personal data in question have been transferred to third parties, the office will inform them of the request regarding the restriction of the processing of personal data, unless it is impossible or involves disproportionate efforts in this regard.

The Cabinet will inform data subjects when a processing restriction has been lifted.

• receive the information you have provided to us in a structured, commonly used and device-readable format (for example, a CSV file) and the right to transfer that information to another data controller ( including a third party data controller);
• to object to the processing of your data for certain purposes;

The Cabinet will inform, at the first communication, the natural persons who submitted a request regarding their personal data regarding their right to object.

Individuals have the right to object to processing based on legitimate interests or processing for direct marketing.

• direct marketing;
• processing for the purposes of scientific or historical research and statistics.

In case of such an objection, the firm will stop processing the personal data of the natural person, unless the processing is necessary for the establishment, exercise or defense of legal rights and claims, or if the firm can demonstrate that it has legitimate reasons compelling for processing that override the interests, rights and freedoms of the individual.

• withdraw your consent to the use of your data at any time where we rely on your consent to use or process that information. Please note that if you withdraw your consent, this will not affect the lawfulness of the use and processing of your data based on your consent before the time you withdraw your consent.
• the right not to be subject to a decision based solely on automated processing, including profiling that produces legal effects on you or significantly affects you in a similar way.

In accordance with Article 77 of the General Data Protection Regulation, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of residence, place of work or an alleged breach of the General Data Protection Regulation. For this purpose, in Romania, the supervisory authority is: www.dataprotection.ro.

7.2. Securing your rights

If an individual makes a request regarding any of the rights listed above, our firm will consider each such request in accordance with applicable data protection laws and regulations.

Data subjects have the right to obtain, on the basis of a written request addressed to the company, which is directed to the data protection officer, and after successful verification of their identity, the following information about their personal data:

• The purposes of collecting, processing, using and storing their personal data;
• The source(s) of the personal data, if they were not obtained directly from the data subject;
• The categories of personal data stored about the data subject;
• Recipients or categories of recipients to whom the personal data have been or may be transmitted, together with the location of those recipients;
• The storage period provided for the personal data or the method of establishing the storage period;
• Using any automated decision-making, including profiling, if applicable;
• The right of data subjects.

A copy of the information will be provided to the person requesting it free of charge (no administration fee will be charged for reviewing and/or complying with such request.). However, the firm may impose a “reasonable fee” to comply with requests to copy and replicate the same information, in the case of successive requests from the same person within a certain time frame. If a request is manifestly unfounded, excessive or repeated, a reasonable fee will also be charged. All charges will be based on the administrative cost of providing the information.

All requests received for accessing or rectifying personal data will be directed to the Data Protection Officer, who will record each request upon receipt. The response to each request will be provided within 30 days of receiving the written request from the data subject. In the case of complex requests, the response period will be extended by another month. The individual will be informed of this extension and will receive an explanation of why the extension is necessary within one month of receiving the request.

If the data protection officer cannot fully respond to the request within 30 days, he will – nevertheless – provide the following data to the data subject or the authorized legal representative within the specified period:

• a confirmation of receipt of the request;
• all information found up to the time of the request about the data subject;
• details of any requested information or changes that will not be provided to the data subject, the reason(s) for the refusal and any available procedures for challenging the decision;
• an estimated date on which the remaining responses will be provided;
• an estimate of the possible costs to be paid by the data subject (for example, if the request is excessive);
• the name and contact details of the representative of the organization that the data subject should contact to receive further information.

If a request is manifestly unfounded or excessive, the office has the right to refuse to respond to the request. The individual will be informed of this decision and the reasoning behind it, as well as the right to address the supervisory authority and use available remedies within one month of the refusal.

It should be noted that situations may arise where the provision of requested information by a data subject would reveal personal data about another individual. In such cases, the information must be redacted or withheld as necessary or appropriate to protect the rights of that individual.

7.3. Verifying your identity if you request access to your information.

If you request access to your information, we are required by law to use all reasonable steps to verify your identity before doing so.

These measures are designed to protect your information and reduce the risk of identity fraud, identity theft, or general unauthorized access to your information.

If we have adequate information about you, we will attempt to verify your identity using that information. If it is not possible for us to identify you based on this information, or if we do not have enough information about you, we may ask for copies or certificates of documents in order to verify your identity before we can give you access to your data.

We will be able to confirm the exact information we need to verify your identity in your particular circumstances if and when you make such a request.

8. Sensitive personal data

“Sensitive personal data” is information about an individual that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, health information or information regarding the sex life or sexual orientation of a natural person.

We do not knowingly or intentionally collect sensitive personal information from individuals and you must not send sensitive personal information to us.

If, however, you accidentally or intentionally provide us with sensitive personal information, you will be deemed to have given us explicit consent to process the sensitive personal information in accordance with Article 9(2)(a) of the General Regulation on data protection. We will use and process your sensitive personal information for the purpose of erasure.

9. Privacy of minors

Because we care about the safety and privacy of children online, we do not knowingly contact or collect information from anyone under the age of 18. The website is not intended to solicit information of any kind from persons under the age of 18.

We may receive information about persons under the age of 18 through the fraud or deception of a third party. If we are notified of this, as soon as we verify the information, when required by law, we will immediately obtain appropriate parental consent to use that information or, if we cannot obtain parental consent, we will delete the information from our servers. If you wish to notify us of receiving information about persons under the age of 18, please do so by sending an email to office@patlageanu.ro.

10. Third Party Website References

Our website may contain links to third-party websites or applications. If you click on one of these references, please note that each of them will have its own privacy policy. We do not control these websites/apps and are not responsible for these policies. When you leave our platform, we encourage you to read the privacy notice of each website you visit.

11. Complaints

Individuals can submit, in writing, complaints regarding the processing of their personal data.

An investigation of the complaint will be carried out only to the extent that it is appropriate according to the specific case complained of. The data protection officer will inform the data subject of the progress and outcome of the complaint within a reasonable time.

If the problem cannot be resolved through consultation between the data subject and the company, then the data subject may, at his choice, request remedies through mediation, binding arbitration, litigation or by complaint to the ANSPDCP:

Address: B-dul Magheru 28-30, District 1, BUCHAREST

Contact details: Tel. +40 21 252 5599 Fax +40 21 252 5757

e-mail: anspdcp@dataprotection.ro Website: http://www.dataprotection.ro/