Copyright in the publications, materials and other content (the “Content”) on this website is owned by Epure, Lizac si Asociatii SCA (“ELA”) or its licensors.
Any other storage, copying, transmission or distribution of the Content on this website is prohibited without the prior written consent of ELA. Please address requests to ELA’s Managing Partner.
Links to this website are prohibited without the prior written consent of ELA. Please address requests to ELA’s Managing Partner at firstname.lastname@example.org.
This website contains links to other websites, including social networks. However, we do not endorse or accept any responsibility for any content on or software downloaded from any website linked to or from this website.
Publications and other Content available on this website are provided for general information only. They do not constitute legal or other professional advice or seek to be an exhaustive statement of the law and should not be relied on. You should take specific legal advice on any particular matter which concerns you. If you do require advice, or wish to find out more about the Content, please contact an ELA partner.
While we endeavour to ensure that the information on this website is accurate at the time it is included, we accept no obligation to ensure that the Content is complete, accurate or up to date, or that the website or its Content will remain accessible.
To the extent permitted under applicable law or regulation, ELA excludes all liability (howsoever caused) to you or any third parties for any loss or damage relating to the use of, inability to use, or reliance on this website or any of the Content or links contained on it.
If you experience any problems with this site, please email email@example.com.
1. About us
Epure, Lizac si Asociatii SCA (“ELA”) is a Romanian law firm registered with the Bar of Bucharest, Romania under Decision 932/2007. We are committed to safeguarding the privacy of the personal information that is provided to us or collected by us during the course of our business as well as the personal information we receive from visitors to our website (the “Website”). ELA is the data controller of any personal information provided to us when we agree to provide services to you as described below in Section 2.
- when we conduct open source searches on you in connection with our business development or business acceptance processes;
• when we agree to provide legal services to you or the organisation you work for;
• when you or the organisation you work for are a counterparty of one or more of our clients;
• when you request information from us or provide information to us;
• when you apply for a role or work experience opportunity with us;
• when you visit our Website;
• when you complete application forms on various sections of our Website;
• if you are a former employee or partner of the firm;
• when you attend our seminars or other hosted events and/or register to access our (or our partner’s) Apps; and
• when you are entered onto our mailing lists to receive publications and other marketing emails (see Section 3.2 for further information). What information do we collect about you and how?
3. What information do we collect about you and how?
3.1 Business development and business acceptance
We collect personal information about prospective clients and their beneficial owners, controllers and/or directors as part of business development initiatives and our business acceptance process. The type of personal information we may collect includes name, address, nationality, business interests and employment history. We obtain this information from publicly available open sources either directly or through a third party.
3.2 Legal services and keeping you up to date with relevant marketing
The type of personal information that we may collect includes current and historical information including your name and contact details (such as your address, email address and telephone numbers) and identifiers such as your organisation, employment history and positions held. We will also collect personal information you choose to provide to us directly, or, for example, through your use of our (or our partner’s) Apps or other online services, and information about your other dealings with us and our clients, including contact we have with you in person, by telephone, letter, email or online. This information may include access or dietary requirements which may reveal information about your health or religious beliefs. We obtain personal information from your IP address and the operating system and web browser that you use to access our Website. It enables us to identify which organisations have visited our Website and we use this information to compile statistical data on the use of those sites to help us to improve the user experience.
We collect personal information directly from you, from our clients or other parties to a matter and their authorised representatives. We may also collect personal information from third parties such as your employer, other organisations that you have dealings with, regulators, government agencies, credit reporting agencies, publicly available records (including electronic data sources to carry out checks to enable us to comply with applicable law), information or service providers (some of whom may process your personal information on our behalf), recruitment agencies and other law firms or professional advisers. Your personal information may be collected in the firm’s contact database when you register to receive legal updates or we otherwise receive your contact details.
If you apply for a role or work experience opportunity with the firm we will collect personal information directly from you, or from recruitment agencies, recruitment websites and apps or other third parties involved in our recruitment and screening process. These third parties include service providers that we use to store this information or help us to contextualise the information, where relevant, and also screening check providers, providers of occupational personality tests, health service providers, professional associations, government and law enforcement agencies, referees and your current and previous employers.
We will use this information to consider your application for a position with ELA. We will also use the information to process additional information about you through carrying out checks to verify the information provided by you (including reference, background, identity, suitability and criminal record checks).
In order to use your personal information we need a lawful basis to do so. We rely on the fact that using your personal information in this way is necessary for our legitimate interest in hiring appropriately skilled employees and running an effective recruitment process. We may also rely on the condition that we need to perform our obligations in a contract with you, for example if you have signed a trainee contract with us but have yet to join the firm. In some circumstances, such as meeting visa requirements, we have a legal obligation to use your personal information. If we need to process special categories of personal data or use any criminal offence information about you to conduct criminal background checks as part of our pre-employment screening exercise, we and/or our third party provider will ask for your consent, if necessary.
4. How we use your information
We will only use your personal information if and to the extent that applicable law allows. We will therefore only process your personal information if:
- it is necessary for the performance of a contract with you or the organisation you work for;
• it is necessary in connection with a legal obligation;
• you have given your consent (where necessary) to such use or the organisation you work for has obtained your consent (where necessary) to share your information with us; or
• if we (or a third party) have a legitimate interest which is not overridden by your interests or your rights and freedoms. Such legitimate interests include the provision of legal services, running the firm’s business and marketing relevant services directly to you.
We may use your personal information to:
- consider whether we can pursue certain business development initiatives;
• comply with our legal obligations to identify and verify the identity of our clients and their beneficial owners;
• deliver legal services to you and/or the organisation you work for, if you are a client;
• run the firm’s business (e.g. carry out administrative or operational processes, including recruitment);
• maintain and develop our business relationship with you;
• improve our services and products to you, if you or the organisation you work for are a client or prospective client;
• identify services you may be interested in;
• send you marketing and invite you to events;
• monitor and analyze our business; or
• process and respond to requests, enquiries or complaints received from you.
We will only retain your personal information for as long as is necessary for the purpose for which it was collected, including for the purposes of complying with any legal, regulatory, accounting or reporting requirements. Personal information processed in connection with our business acceptance processes and/or providing legal services will be retained in accordance with the firm’s Retention and destruction policy unless we agree otherwise with you, in writing.
5. How and why do we share your personal information?
We may share your personal information with our business partners (as shown on our Website) due to, for example, our shared IT systems and/or cross jurisdictional working on a matter. We use third parties who provide services on our behalf and will share your information with them, for example a technology supplier may have access to your personal information when providing software support, or a company we use for a communications campaign may process the personal information of our contacts for us.
During the course of working with you or the organisation you work for we may use certain third party technology services to assist with our work on the matter. Where these services are integral to our work for you (for example, the use of word processing software provided by Microsoft and due diligence tools provided by the AI software solution that we use), we deploy them as a matter of course. We also use various ancillary services, for example, software that is capable of effecting bulk data transfers or facilitating e-signatures and virtual completions. In all cases, the use of such services may require your personal information to be held in the cloud.
We may also have to share your personal information with regulators, government agencies, courts and other third parties.
As set out above, some of your personal information may be stored in a cloud located within or outside of the European Economic Area (the “EEA”) and managed by a third party service provider. Where we transfer your personal information outside the EEA we will take reasonable steps to ensure that your information is treated securely and the means of transfer provide adequate safeguards.
We may share your personal information with third parties where:
- you have consented to us doing so (where necessary) or the organisation that you work for has obtained your consent for us to do so (where necessary);
• we are under a legal, regulatory or professional obligation to do so (for example, to comply with anti-money laundering or sanctions requirements);
• it is necessary for the purpose of, or in connection with, legal proceedings or in order to exercise or defend legal rights;
• it is in our or a third party’s legitimate interest to share the information, and that legitimate interest is not overridden by your rights or freedoms; or
• it is appropriate to disclose the information to parties with whom we have promotional arrangements (such as jointly hosted events).
We use up to date data storage and security to hold your personal information securely in electronic and physical form to protect your personal information from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss. Our IT usage and security policy is aligned with ISO 27001 and other security standards, processes and procedures. Our premises are access controlled and our electronic databases require logins and password authentication.
All our partners, staff and third party service providers who have access to confidential information (including personal information) are subject to confidentiality obligations.
However, the transmission of information via the internet is not completely secure. Although we take appropriate and proportionate steps to manage the risks posed, we cannot guarantee the security of your information transmitted to our online services.
7. Third party sites
Our Website may contain links to other sites which are controlled by third parties. You should review these other sites’ privacy policies. We do not accept any responsibility for their use of your personal information.
8. Your rights
You have certain rights that you can exercise under certain circumstances in relation to the personal information that we hold. These rights are to:
- request access to your personal information (known as a subject access request) and request certain information in relation to its processing;
• request rectification of your personal information;
• request the erasure of your personal information;
• request that we restrict the processing of your personal information; and
• object to the processing of your personal information.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once the firm has received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you would like to exercise any of these rights, please contact the Managing Partner in writing by emailing firstname.lastname@example.org or by letter to:
Epure, Lizac si Asociatii SCA
41 Frumoasa Street
Sector 1, Bucharest
9. Further information
We hope that the firm’s Managing Partner can resolve any query or concern you raise about our use of your personal information. If you feel we have not handled your query or concern to your satisfaction you can contact the National Authority for the Supervision of Processing of Personal Data (Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal or ANSPDCP), the Romanian supervisory authority for data protection issues at https://dataprotection.ro/?page=Plangeri_pagina_principala.