This document outlines the policy adopted by Cabinetul de Avocat Nuță Alexandru regarding the collection and processing of personal data provided by users of the website https://nutasiasociatii.ro/.

To offer you our products and services, we need to process some personal data when you place an order. The collection and processing of personal data are carried out in strict compliance with applicable laws, with the operator taking all legal measures to ensure their confidentiality. The purpose of collecting and processing personal data, as well as the rights and obligations of each party (the company as the data controller and the website user as the data subject), are detailed below.

By placing an order, it is presumed that all clients/buyers have read and fully understood the clauses within this document and give their consent to the processing of their personal data by the company for the legal purposes indicated and in accordance with the applicable legal provisions.

Name, Identification, and Contact Details of the Personal Data Controller

Cabinetul de Avocat Nuță Alexandru (the Company or the Controller) – a Romanian legal entity headquartered in Bucharest, Sector 6, Int. Sg. Constantin Apostol nr. 9, et. 1, ap. 5, Fiscal Registration Code: 35331589, legally represented by attorney Nuță Alexandru.

What is Personal Data?

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

What does the processing of personal data mean?

“Processing” means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

What Personal Data Does the Controller Process?

When placing an order, Cabinetul de Avocat Nuță Alexandru processes the following personal data:

• First and last name
• Delivery address
• Phone number
• Email address
• Bank card details

Additionally, depending on the legitimate purpose pursued, the controller may request the following personal data from clients: billing address, personal identification number, and identity card series and number.

Compliance with Legal Principles for Personal Data Processing

The Company commits to ensuring that all collections and processing of personal data adhere to the following principles:

• Data are processed lawfully, fairly, and transparently in relation to the data subject;
• Data are collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
• Data are adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
• Data are accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
• Data are kept in a form that permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
• Data are processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

Purpose of Processing Personal Data

The Company processes personal data solely for legitimate purposes necessary for the conduct of legal relations between it and its customers, such as:

• Processing orders, including receiving, validating, dispatching, and delivering them
• Any communication with customers necessary for the delivery of purchased services, such as scheduling appointments for service delivery
• Informing customers of any incidents related to purchased goods and services
• Returning and refunding the value of services in accordance with legal provisions
• Sending feedback forms
• Sending SMS notifications
• Making calls to present the company’s offers, services, and products
• Billing and collecting payment for the services provided

The above purposes are in line with the legal provisions of the GDPR, as stipulated in Article 6(b) – the purpose of entering into and performing contracts, (c) – the purpose of fulfilling legal obligations, and (a) – the purpose of marketing.

Duration of Storage of Personal Data

Personal data are stored only for the period necessary to fulfill the legitimate purposes indicated above, to meet your needs, or to fulfill our legal obligations, but no longer than 6 years or until the right of erasure is exercised.

Your Rights as a Data Subject

The Company is committed to respecting all the rights of data subjects concerning the processing of personal data as provided for in Regulation (EU) 2016/679 on the protection of natural persons concerning the processing of personal data (GDPR). The rights of the data subject include:

• The right to transparency (right to be informed)
• The right of access to personal data
• The right to rectification (updating) of personal data
• The right to erasure of personal data
• The right to restriction of processing
• The right to object
• The right to data portability
• Rights related to automated individual decision-making, including profiling

Transfer of Data to Other Parties

The Company does not transfer personal data to other controllers without prior notification or request from the data subject.

The Company may retain or disclose information provided to comply with legal provisions, legal procedures, or to respond to a request from public authorities. It may also use data to exercise its legal rights, defend itself in legal proceedings, or prevent, detect, or report illegal activities, such as fraud, abuse, violations of terms and conditions, or threats to the security of the Company or the physical safety of any person.

Security of Processing

The Company has adopted technical and organizational data processing measures, updated according to GDPR requirements, to protect your personal data against any unauthorized access, improper use or disclosure, unauthorized modification, accidental destruction, or loss. All employees and collaborators of the Company, as well as any third parties acting on its behalf, are required to maintain the confidentiality of your information and comply with GDPR requirements.

Modification of the Privacy Policy

This privacy policy may be periodically updated. If this Privacy Policy is modified in ways that affect how we use your personal information, we will inform you of the options you may have as a result of these changes.

External Links

This site may contain links or banners to other external websites operated by third parties. If you use any of these external links, you will be directed to a site that is not covered by our privacy policies. We do not assume any responsibility for the content of third-party websites.

Notifications and Competent Authorities

Notifications regarding the processing of personal data can be sent to the Company via email at office@nutasiasociatii.ro.

Data subjects also have the right to notify the National Authority for the Supervision of Personal Data Processing (ANSPDCP) regarding the unlawful processing of personal data by sending a notification to the authority’s headquarters: Bucharest, B-dul G-ral. Gheorghe Magheru, nr. 28-30, Sector 1, postal code 010336, email: anspdcp@dataprotection.ro.