PRIVACY POLICY
We are committed to respecting your privacy, by complying with all applicable data protection laws and regulations, including the General Data Protection Regulation (EU) 2016/679 (the “GDPR”).
This policy (together with the Terms and Conditions of this website, the Cookies Policy, and any other documents this policy refers to) is meant to inform you of the personal data that we collect from you or that you provide to us as part of our relationship, including through this website, and how they will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat them.
I. WHO WE ARE
The data controller is Szilaghi Consulting Romania SRL, with its headquarters in Calea Dorobantilor 17, ap. 9, Cluj Napoca, Romania, registered with the Romania Trade Registry under number J12/2011/2018, having fiscal identification code 37795917 (“Szilaghi Consulting” or the “Consulting Firm”), having telephone number +40 773 939 033, e-mail address [email protected]. For more information regarding the Consulting Firm, please visit www.szilaghi.com.
During the activity carried out by Szilaghi Consulting, your personal data may be processed in a distinct manner depending on the capacity you have when interacting with the Consulting Firm. Below, you can find relevant details regarding the manner in which your personal data are processed by the Consulting Firm, taking into consideration the nature of your relationship with the Consulting Firm, such as the user of the website, client or potential client, representative of a contractual partner or collaborator, candidate for the positions available within the Consulting Firm, employee, associate or collaborating lawyer, in which Szilaghi Consulting participates as the data controller. Please see below the section/information notice regarding the processing of personal data that is applicable to you.
II. THE PROCESSING OF YOUR PERSONAL DATA
In the sections below, you can find specific information for each category of data subjects, regarding the purpose of the processing of personal data, the legal ground of the processing for each applicable purpose, the categories of processed data, the duration of the processing, the recipients and the transfer of personal data (where applicable).
1. Information on the users of the website
In the process of administering and operating this website, the Consulting Firm will collect certain information (“personal data”) relating to identified natural persons or which can identify natural persons, which are provided by the users of this website directly (e.g. name, surname, e-mail address, any other data provided in the context of the interaction with us) or indirectly (e.g. IP address).
1.1 Szilaghi Consulting processes your personal data for the following purposes, based on the legal basis indicated for each of them:
1.1.1 Browsing the website. Use of cookies
When you are visiting our website, we are using cookies to automatically collect technical information that could identify the user, such as the IP address, the type of internet browser used for navigating our website, your operating system, data regarding the visits on the website (including the number of visits, the time spent on the website, the manner in which the website is accessed, the behavior on the website), the organic traffic (representing the traffic generated on our website through search engines, excluding possible paid advertisements).
The main purpose of using cookies is, on the one hand, to ensure the proper functioning and operation of the website (in the case of strictly necessary cookies), or on the other hand, to help you have a better navigation experience, perform certain functions and allow the website to “remember” the actions or preferences of the user over a period of time (in the case of statistics cookies). With respect to the latter, we will only use statistics cookies to the extent you have agreed to their use.
For more information on the use of cookies on this website and the purposes for which they are used, as well as regarding your possibilities to control and/or disable the cookies, please see our Cookies Policy.
1.1.2 Answering your questions or requests
Purpose and categories of data | Legal basis | Duration of the processing | |
1. |
Purpose: Answer your queries or requests by electronic correspondence (e-mail), fax, or telephone. Categories of data: last name, first name, e-mail address, telephone number, the company in which the data subject carries out his/her activity, the question/request addressed, and any other information provided in the request. |
The processing is based on a legitimate interest, allowing us to provide answers to your queries or requests. | 3 years from the settlement of your request |
1.2 Recipients of your personal data
For reaching the purposes described above, the Consulting Firm uses the services of partners, as follows: (i) for the purpose of browsing the website and the purposes related to the use of cookies, we may send personal data to analysis services and search engines providers, for them to perform website maintenance services for our website, or statistical information on the visitors of the website, as detailed in our Cookies Policy, mentioned above; (ii) to answer your questions or requests, we may grant access to your personal data to our e-mail service providers. The personal data we are disclosing is limited to the minimum personal data information which is necessary to perform the respective services and we are requesting these partners not to use the personal data for any other purposes. We make every effort to ensure that all the entities we are working with are storing your personal data is safe and secure conditions.
The personal data indicated above may also be made available or submitted to third parties in the following situations (in these cases, these are third parties who do not intend to process the data but may have access to them upon fulfilling their tasks or interacting with the Consulting Firm):
- to public authorities, financial or legal auditors or institutions are competent to carry out inspections and checks on the Consulting Firm’s business or assets, which request the Consulting Firm to provide information, by virtue of the latter’s legal obligations. Such public authorities or institutions may be the National Supervisory Authority for Personal Data Processing, the National Fiscal Administration Agency (“ANAF”);
- to comply with a legal requirement or to protect the rights and assets of our Consulting Firm or of other entities or people, such as courts of law, bailiffs;
- to third parties acquisitors, insofar the business of the Consulting Firm would be (totally or partially) transferred and the data subjects’ data would be part of the assets representing the object of the transaction.
2. Information regarding clients and contractual partners
This section refers to your capacity as a representative, contact person, collaborator, or employee of our existing or potential clients or contractual partners (e.g., service providers), including the representatives and lawyers of the international Consulting Firms we work with when authorized by you to do so under the legal assistance agreement. In general, in order to achieve the purposes below, Szilaghi Consulting collects personal data from you directly or you are indicated as the contact person by your employer, client, or contractual partner of our Consulting Firm.
2.1 Szilaghi Consulting processes your personal data for the following purposes, based on the legal basis indicated for each of them:
Purpose and categories of data | Legal basis | Duration of the processing | |
1. |
Purpose: Conclusion and performance of the agreement, application by the Consulting Firm of the legal requirements for the prevention of and fight against money laundering, know your customer and identification of the beneficial owner of clients, application of measures to prevent conflicts of interest Categories of data: last name, first name, signature, e-mail address, telephone number and/or any other data provided to the Consulting Firm during the performance of the agreement for the fulfillment of its object, data regarding the legal representatives of the client, the shareholders and beneficial owners (according to the legal requirements regarding their identification). |
The legitimate interest represented by the common interest of the Consulting Firm and its client/contractual partner to have a commercial relationship.
Performance of the Consulting Firm’s legal obligations for the prevention of and fight against money laundering, know your customer and identification of the beneficial owner, application of measures to prevent conflicts of interest (conflict checks)
|
For the term of the agreement concluded and for the required period after termination of the agreement for the protection of the Consulting Firm’s rights, taking into consideration the law applicable to the agreement, including the statute of the limitation period and the terms provided by the fiscal and accounting legislation. |
2. |
Purpose: Organizing the recovery of debts and settlement of any legal situations related to the performance of the agreement. Categories of data: last name, first name, signature, e-mail address, telephone number, and/or any other data provided to the Consulting Firm during the performance of the agreement, to the extent the processing of these data is required based on the legitimate interest of the Consulting Firm or, as the case may be, is mandatory according to the law. |
The Consulting Firm’s legitimate interest to protect its financial situation and assets.
The legal obligation to provide data for the purpose of conducting legal, judicial, and extrajudicial proceedings in relation to the performance of the agreement.
|
For the term of the agreement concluded and for the period required to protect the Consulting Firm’s rights taking into consideration the law applicable to the agreement, including the statute of the limitation period and the terms provided by the fiscal and accounting legislation. |
3. |
Purpose: Organization of events or webinars to which the representatives of clients are invited. Categories of data: last name, first name, e-mail address, telephone number, the position held, the company in which they carry out their activity |
The Consulting Firm’s legitimate interest to invite the representatives of clients to the events or webinars organized for them
|
Throughout the relationship with the client
|
4. |
Purpose: Information to clients regarding legislative changes, communications, and materials regarding legal updates, as well as communications of interest for the client’s business area/communications in special situations. Categories of data: last name, first name, the position held, e-mail address, the company in which they carry out their activity. |
The consent for the commercial communications sent by the Consulting Firm or the legitimate interest for sending communications to the clients who have previously purchased services of the Consulting Firm, under art. 12 (2) of Law 506/2004.
The common legitimate interest of the Consulting Firm and clients to send non-commercial communications concerning legislative changes or updates from the client’s area of interest. The unsubscribe option is offered in all communications sent, irrespective of their nature. |
Throughout the relationship with the client or until the withdrawal of consent.
|
5. |
Ensuring the security and safety of the goods and individuals inside the Consulting Firm’s headquarters, by implementing rules regarding the access to the premises by keeping the visitor access record.
Categories of data: first name, last name, series, and the number of the identity card, destination, time of arrival, and departure. |
The legal obligation provided by Law no. 333/2003, as subsequently amended, on the security of objectives, goods, valuables, and protection of individuals.
|
2 years |
6. |
Ensuring the security and safety of goods and individuals by implementing certain rules for access in the parking area of Equilibrium building. Categories of data: first name, last name, license plate number of the car, time of entry/exit, number of the parking place assigned to the respective car/individual |
The legal obligation provided by Law no. 333/2003, as subsequently amended, on the security of objectives, goods, valuables, and protection of individuals.
The Consulting Firm’s legitimate interest to take efficient measures to ensure the safety and security of goods and individuals.
|
At least 2 years and for the term of the lease agreement concluded with the Consulting Firm, at the most
|
2.2 Recipients of your personal data
For reaching the purposes described above, Szilaghi Consulting uses the services of several contractual partners. Some of them are data processors, such as companies providing services for hosting and maintenance of our apps, software, and databases or through which activities for the management of contractual documents and financial and accounting documents are carried out, providers of archiving services, the marketing agency or the event organization agency, which carry out their activity in Romania. The personal data we are disclosing to our data processors are limited to the minimum personal data information which is necessary to perform the respective services and we are requesting them not to use the personal data for any other purposes. We make every effort to ensure that all the entities we are working with are storing your personal data is safe and secure conditions.
Other companies we use are, in their turn, data controllers, namely companies providing transport and courier services and conducting their business in Romania.
The personal data indicated above may also be made available or submitted to third parties in the following situations (in these cases, these are third parties who do not intend to process the data but may have access to them upon fulfilling their tasks or interacting with the Consulting Firm):
- to public authorities, financial or legal auditors, or institutions are competent to carry out inspections and checks on Szilaghi Consulting’s business or assets, which request Szilaghi Consulting to provide information, by virtue of the latter’s legal obligations. Such public authorities or institutions may be the National Supervisory Authority for Personal Data Processing, the Romanian Trade Registry (ORC), ONJN, ANAF, or other authorities competent to check our databases;
- to comply with a legal requirement or to protect the rights and assets of our Consulting Firm or of other entities or people, technical maintenance companies;
- third parties acquisitors, insofar the business of the Consulting Firm would be (totally or partially) transferred and the data subjects’ data would be part of the assets representing the object of the transaction.
2.3 Transfer of personal data abroad
To the extent that, in the context of the operations described above, your personal data may be transferred abroad to states in the European Union (“EU”) or European Economic Area (the “EEA”) (for example, in the context of granting legal assistance requested by the client in transactions involving several jurisdictions), any transfer performed by Szilaghi Consulting in an EU or EEA member state will observe the legal requirements laid down by the GDPR.
3. Information regarding the candidates for the positions available within the Consulting Firm
This section refers to your capacity as a candidate in the recruitment process carried out by the Consulting Firm, irrespective of the manner in which you apply for an available position.
3.1 During the recruitment process, Szilaghi Consulting processes your personal data, as a potential employer/collaborator, for the following purposes, based on the legal basis indicated for each of them:
Purpose | Legal basis | Duration of the processing | |
1. |
Carrying out the selection/recruitment process and managing the candidates’ data, including requesting information from the former employer regarding the duration of employment and the activities carried out, with the prior notification of the candidate, under the conditions provided by the Labour Code. Categories of data: last name, first name, postal address, e-mail address, telephone number, age, gender, marital status, nationality, date, and place of birth, image (photo); professional experience, data on education and qualifications, membership in various professional organizations, licenses, permits, and authorizations or certifications held; language skills and other skills, hobbies and lifestyle; any other personal data voluntarily provided by you during the recruitment process; the data obtained during the recruitment process, resulting from the application of skills, competencies and knowledge tests. Others: data of the identity card, required for the conclusion of the agreement, when a job offer is made upon completion of the recruitment process. |
During the recruitment process, the data are processed based on the Consulting Firm’s legitimate interest to hire personnel in order to carry out the activity
If a job/collaboration offer is made upon completion of the recruitment process, from that moment your data will be processed in order to carry out the formalities for the conclusion of the agreement.
|
Throughout the recruitment process
|
2. |
Promoting future career opportunities Categories of data: last name, first name, contact details specified by the candidate (e-mail address, telephone), data of the CVs, application, references. |
Candidates’ CVs are kept by the Consulting Firm for the purpose of contacting them for future employment opportunities, only based on the consent expressed in advance for this purpose by the respective data subject.
|
For a period of 1 year from collecting the data (receiving the application/CV), or until the withdrawal of consent, whichever occurs first. |
3. |
Ensuring the security and safety of the goods and individuals inside the Consulting Firm’s headquarters, by implementing rules regarding the access to the premises by keeping the visitor access record.
Categories of data: last name, first name, series, and the number of the identity card, destination, time of arrival, and departure. |
The legal obligation provided by Law no. 333/2003, as subsequently amended, on the security of objectives, goods, valuables, and protection of individuals.
|
2 years |
3.2 Collection of personal data
In order to carry out the selection/recruitment process, the Consulting Firm collects the personal data of candidates from the following sources:
- specialist recruitment websites, such as linkedin.com;
- directly from you, when you apply for the positions available within the Consulting Firm through the website szilaghi.com or by sending an application to the dedicated e-mail addresses: [email protected], through the “Join Us” section of our website, as well as through the employees/collaborators of the Consulting Firm, when they recommend you.
3.3 Recipients of your personal data
For reaching the purposes described above, Szilaghi Consulting uses the services of various contractual partners, which are, in their turn, data controllers, namely recruitment agencies or platforms with which the Consulting Firm collaborates and which are responsible for the processing of data in accordance with the applicable law. Furthermore, the owner of the building where the Consulting Firm has its registered office is a data controller in relation to the purpose of keeping the visitor access record.
The personal data indicated above may also be made available or submitted to third parties in the following situations (in these cases, these are third parties who do not intend to process the data but may have access to them upon fulfilling their tasks or interacting with the Consulting Firm):
- to public authorities, financial or legal auditors or institutions competent to carry out inspections and checks on the Consulting Firm’s business or assets, which request the Consulting Firm to provide information, by virtue of the latter’s legal obligations;
- to comply with a legal requirement or to protect the rights and assets of our Consulting Firm, such as courts of law,
- technical maintenance companies.
3.4 Refusal of the processing and consequences thereof
If the recruitment process leads to an employment offer, the transmission of personal data may be an obligation necessary for the conclusion of an agreement with the Consulting Firm, and the data subject must provide the personal data in order to be able to accept the employment/collaboration offer received and enter into the individual employment agreement or the collaboration agreement. If the data subject fails to provide the data for the purpose mentioned above, the individual employment agreement or the collaboration agreement may not be concluded.
4. Information on the associate and collaborating lawyers of the Consulting Firm
This section refers to your capacity as an associate and collaborating lawyers of the Consulting Firm as well as representatives of the individual Consulting Firms with which the Consulting Firm collaborates now or at any time in the past.
4.1 Szilaghi Consulting processes your personal data for the following purposes, based on the legal basis indicated for each of them:
Purpose | Legal basis | Duration of the processing | |
1. | Managing the collaboration with its lawyers, including the payment of fees, bonuses, or other benefits.
Categories of data: · Last name, first name, address, telephone number, e-mail address, date of birth, age, gender, identity data (personal numerical code, ID series, and number, etc.), bank account number, capacity/position and signature; copies of the marital status documents; · Copies of the documents/certificates/diplomas/ decisions that demonstrate your education or certifications; · Copy of the drivers’ license for the associate or collaborating lawyers that are driving the Consulting Firm’s cars, medical certificates, and medical data in the employee physical examination report. |
Complying with certain legal obligations and for the performance of an agreement to which you are a party.
|
The invoices and other justifying documents are kept for a 10- year time period as of their issuance; The other documents are maintained throughout the duration of the collaboration and another 4 years after its termination. |
2. |
The revision and analysis of the hours worked by the lawyers and the issuance of the invoices towards the clients containing a description of the hours worked by the lawyers (by means of a software/application). Categories of data: Last name, first name, capacity/ position, number of hours worked, the activity carried out. |
The processing is necessary for the performance of an agreement to which you are a party and serves as well the Consulting Firm’s legitimate interest of developing its relationship with its clients, of observing the Consulting Firm’s legal and contractual obligations, and of protecting the Consulting Firm’s rights. | 10 years |
3. |
The elaboration of statistical reports, reports, and assessments by means of a software/application with respect to the lawyers’ and the Consulting Firm’s performance (number of hours worked, invoiced/received amounts, name of clients, etc.). Categories of data: Last name, first name, capacity/ position, number of hours worked, the activity carried out. |
The performance of an agreement to which you are a party and our legitimate interest to analyze the performance of the lawyers with which the Consulting Firm collaborates (from a financial perspective and client database development perspective). | 10 years |
4. |
The use of magnetic cards to access the building as well as to allow access in the building’s parking area. Categories of data: Last name, first name, time of entry/exit, e-mail address, access card number, license plate number. |
The legal obligation and our legitimate interest to ensure the security of the goods and individuals in the office premises and parking area. | Throughout the collaboration and 4 years after its termination. |
5. |
The sending of Consulting Firm presentations and offers towards its clients/potential clients, the taking of photos, the making of videos, testimonials, and articles, interviews and any other media articles with a purpose to promote the Consulting Firm’s legal activity and services, the organization of webinars to which the Consulting Firm’s lawyers participate. Categories of data: Last name, first name, capacity/ position, telephone number, e-mail address, activity conducted, photography, image, and voice (in case of online webinars) |
The processing is necessary for the performance of an agreement to which you are a party and also serves the Consulting Firm’s legitimate interest in developing its relationship with its clients/potential clients. Participating in the taking of photos, making-of videos, testimonials and articles, interviews, and any other media articles with a purpose to promote the Consulting Firm’s legal activity and services, and in the organization of webinars is done on a voluntary basis. | 10 years |
5. |
The negotiation, conclusion, and performance of the relationship with clients (including after the termination of the collaboration with the lawyers involved at a certain time in the project), potential clients, collaborators, contractual partners, as well as ensuring compliance with the obligations incumbent upon the Consulting Firm as per the specific legislation, and ensuring protection against unfair competition and of the Consulting Firm’s rights. Categories of data: Last name, first name, capacity/ position, telephone number, e-mail address, activity conducted based on the concluded agreement, including the correspondence. |
The processing is necessary for the performance of an agreement to which you are a party and serves the legitimate interest of the Consulting Firm to develop its relations with the clients, to continue the activities /projects in which the data subject was involved throughout the duration of his/her collaboration with the Consulting Firm, to observe the Consulting Firm’s legal and contractual obligations and to protect the Consulting Firm’s rights. |
10 years (because they include the agreements with the clients) Professional correspondence is kept for a reasonable period of time after the termination of the collaboration with the Consulting Firm, depending on seniority. |
7. |
The sending of Consulting Firm presentations towards companies that put up rankings of and/or grant awards/honors to Consulting Firms. Categories of data: Last name, first name, capacity/ position, telephone number, e-mail address. |
Our legitimate interest to participate in such rankings in view of having our activity acknowledged. | 10 years as of the sending of the presentation |
8. |
The granting of certificates and references for the former lawyers who collaborated with the Consulting Firm. Categories of data: Last name, first name, position, the activity carried out, the period over which you were our collaborator. |
Consent. | 1 year as of granting of the consent |
9. |
Managing the Consulting Firm’s accounting records by recording the invoices issued by the lawyers. Categories of data: Last name, first name, identity card series, and number, personal numerical code, fiscal identification code, bank account number, headquarters, e-mail address, telephone number. |
Legal obligation. | 10 years as of the end of the financial year during which they were prepared |
10. |
Organizing and carrying out financial and legal reporting, analyses, and investigations and of the Consulting Firm’s internal audit. Categories of data: Last name, first name, e-mail address, capacity/ position, fiscal identification code, the activity carried out pursuant to the agreement concluded, including the correspondence exchanged by means of the Consulting Firm’s infrastructure. |
Legal obligation and our legitimate interest to ensure good financial and legal management of the Consulting Firm. | 10 years as of the end of the financial year during which they were prepared |
11. |
Ensuring the IT infrastructure (maintenance and updating of IT systems). Categories of data: Username/e-mail address, user’s password, and first name and last name, provided equipment and devices, the code and series of the provided devices. |
Our legitimate interest to ensure the maintenance and operation of the Consulting Firm’s IT infrastructure in view of properly conducting its activity. | Throughout the collaboration and 4 years after its termination. |
12. |
The sending of newsletters with internal and external updates. Categories of data: Last name, first name, image, and corporate e-mail address |
Our legitimate interest that the collaborating lawyers are up to date with the Consulting Firm’s relevant events. |
Throughout the duration of the collaboration.
|
13. |
Publishing on the Consulting Firm’s website (www.szilaghi.com) the image and CV of the lawyers in view of presenting the team and the practice areas, associating the lawyers’ image (photo) to the office email account, each lawyer uploading his/her own photo. Categories of data: Image, name, surname, e-mail address, telephone number, position, practice areas |
The Consulting Firm’s legitimate interest to present its activity and the lawyers’ areas of expertise and to develop the relationship with the clients. | Throughout the duration of the collaboration. |
14. |
Publishing on the Consulting Firm’s website (www.szilaghi.com) the image and CV of the lawyers in view of presenting the team and the practice areas, associating the lawyers’ image (photo) to the office email account, each lawyer uploading his/her own photo. Categories of data: Image, name, surname, e-mail address, telephone number, position, practice areas |
The Consulting Firm’s legitimate interest to present its activity and the lawyers’ areas of expertise for developing the relationship with existing and potential clients. | Throughout the time the Consulting Firms use such platforms. |
15. |
Organizing certain events, trips, and workshops with a view to develop personal and professional skills. Categories of data: Last name, first name, e-mail address, personal numerical code-ul, identity card series, and number to perform the check-in formalities with the accommodation unit and/or for transport tickets. |
Consent. |
5 years as of the date of the event, the travel or the workshops, or as of the end of the financial year during which the documents are prepared, for documents such as traveling orders, travel expense report. In what invoices and substantiating documents are concerned, 10 years as of the end of the financial year during which they were issued. |
16. |
Conducting annual medical check-ups for determining the work capacity Categories of data: Last name, first name, personal numerical code, capacity/ position, telephone number |
Consent. | Throughout the duration of the collaboration and no more than 4 years after its termination. |
17. |
Conducting satisfaction surveys among the collaborating lawyers that concern the collaboration relation. Categories of data: Last name, first name, e-mail address, capacity/ position |
Our legitimate interest to assess, develop, and improve the collaboration relationship. | 5 years as of the date of the satisfaction survey |
18. |
Ensuring the security and safety of goods and individuals by implementing certain rules for access in the parking area of Equilibrium building, including by implementing an automated license plate recognition system. Categories of data: Name, surname, license plate number of the car, time of entry/exit, number of the parking place assigned to the respective car/individual.
|
The legal obligation provided by Law no. 333/2003, as subsequently amended, on the security of objectives, goods, values, and protection of individuals
The Consulting Firm’s legitimate interest to take efficient measures to ensure the safety and security of goods and individuals. |
At least 2 years and without exceeding the duration of the lease agreement concluded with the Consulting Firm. |
In addition to the above, the Consulting Firm may also process other personal data received from you or generated in connection with your collaboration with the Consulting Firm.
We may also ask you to provide us with certain personal data of others, such as family members or other affiliates, in which case you will be provided with a separate and specific consent form to be submitted to that person in order to give their consent to the processing of their personal data by the Consulting Firm, according to your instructions or, as the case may be, an information note will also be made available to those data subjects.
4.2 Collection of personal data
The Consulting Firm collects personal data from the following sources:
- directly from you;
- from other employees or collaborating lawyers of the Consulting Firm with whom you have collaborated, for example, information regarding your performance within the Consulting Firm;
- from various clients, potential clients, collaborators, or contractual partners, information that arise from your interaction with these individuals.
4.3 Recipients of your personal data
For the purposes mentioned above, the Consulting Firm uses the services of several contractual partners. Some of them have the capacity as the processor, such as, the provider of the timesheet and billing software, the provider of the software used for performance evaluation, the providers of training/induction services for collaborating lawyers, the document archiving service provider, the provider of IT maintenance and repair services – computer and communication equipment – maintenance of software and hardware applications (operating in Romania), companies that provide maintenance and hosting services for the Consulting Firm’s website and other software/applications (operating in Romania), the providers of photo/video material production services (active in the photo and video production industry and carrying out their commercial activity in Romania), the providers of medical services, and they may be provided with your personal data to be used within the limits of the obligations they assume towards the Consulting Firm. The personal data we are disclosing to our data processors are limited to the minimum personal data information which is necessary to perform the respective services and we are requesting them not to use the personal data for any other purposes. We make every effort to ensure that all the entities we are working with are storing your personal data is safe and secure conditions.
Other recipients are, in turn, data controllers, such as banks (operating in Romania), the e-learning providers, as the case may be (operating in Romania), our distributors (carrying out product marketing activities and operating in Romania and abroad) as well as any other contractual partners with which the Consulting Firm has business relations, some of which are located within the country, within the European Union or outside it.
The personal data indicated above may also be made available or submitted to third parties in the following situations (in these cases, these are third parties who do not intend to process the data but may have access to them upon fulfilling their tasks or interacting with the Consulting Firm):
- to public authorities, financial or legal auditors or institutions are competent to carry out inspections and checks on the activity and assets of the Consulting Firm, which request the Consulting Firm to provide information, by virtue of the latter’s legal obligations. These public authorities or institutions can be ANAF, the Local Police in case of certain incidents, the Environmental Authorities, etc.;
- for compliance with a legal requirement or for the protection of the rights and assets of our Consulting Firm or of other entities or persons, such as courts, bailiffs, bodies of the legal profession, legal advisers;
- technical maintenance companies. Also, some of your data may be disclosed to the Consulting Firm’s clients or potential clients, in view of conducting our contractual relationship with them.
4.4 Transfer of personal data abroad
To the extent that, in the context of the operations described above, your personal data may be transferred abroad to states in the European Union (“EU”) or European Economic Area (the “EEA”) (for example, in the context of granting legal assistance requested by the client in transactions involving several jurisdictions), any transfer performed by Szilaghi Consulting in an EU or EEA member state will observe the legal requirements laid down by the GDPR.
In the context of providing references, some of the potential future beneficiaries requesting references regarding the period in which you were our associate may be located in non-EU and EEA countries that do not provide adequate protection for the processing of personal data. In this case, we will communicate to them some of the personal data mentioned in this information note, only on the basis of your express consent obtained prior to the communication, in order to ensure the guarantees required under the GDPR. Furthermore, some of your data may be transferred to clients or potential clients of the Consulting Firm, in view of conducting our contractual relationship with them.
4.5 Refusal of the processing and consequences thereof
The personal data indicated above, which are processed under a legal obligation or for the performance of the contract to which you are a party represent a necessary obligation for the conclusion of a contract with the Consulting Firm, and you must provide personal data for the conclusion or performance of the collaboration agreement and to enable us to comply with our legal obligations towards you and towards the public authorities or bodies of the legal profession. If you do not provide us with the data for the purposes mentioned above, we will not be able to conclude the collaboration agreement, we will not be able to develop the contractual relationship based on the collaboration agreement, and you will not be able to benefit from certain personal benefits granted by the Consulting Firm or by its partners.
5. Information regarding the Consulting Firm’s employees
This section refers to your capacity as a Consulting Firm employee held now or at any time in the past.
5.1 Szilaghi Consulting processes your personal data for the following purposes, based on the legal basis indicated for each of them:
Purpose | Legal basis | Duration of the processing | |
1. |
The management of the employment relationship with employees: fulfillment of work obligations, salary payment, Revisal, compensation, granting of benefits, the fulfillment of unemployment formalities. Categories of data: · Last name, first name, address, telephone number, e-mail address, date of birth, age, gender, ID data (personal numerical code, ID series, and number, etc.), bank account number, marital status, death-related data (if the case may be); copies of the marital status certificates. · Last name, first name, date of birth of the employee’s children or of other persons in the employee’s care; · Data regarding his/her education and qualifications, seniority, number of medical leave taken during the last 12 months worked and calculation basis for the last 6 months worked – employment termination form; · Data regarding the drivers’ license for the employees who drive the firm’s cars, medical certificates and medical data in the employee physical examination report; · Position and capacity, signature. |
Complying with certain legal obligations and as well as the performance of an agreement to which you are a party, for employment-related purposes.
|
· 50 years for the salary payroll · 75 years for the personnel files · The other documents processed – throughout the employment relationship and 4 years after its termination. |
2. |
The granting and managing of personal benefits for the employees (not included in the agreement or in the employment offer). Associating the employee’s image (photo) to the office email account, by uploading by the employee of his/her own photo (as an option, the employees may upload/modify/delete the photo, as they wish) Categories of data: Last name, first name, personal numerical code, ID series, number and date of release, domicile address, signature, department where you conduct your activity, e-mail address, bank account number, telephone number, position, image (photo) – as an option. |
The Consulting Firm’s legitimate interest in maintaining a good relationship with the employees. |
Throughout the employment relationship plus another 4 years as of the termination thereof. For the duration of the employment relation, as regards the association of the photo to the office email account
|
3. |
The granting and managing of personal benefits for the employees (not included in the agreement or in the employment offer). Associating the employee’s image (photo) to the office email account, by uploading by the employee of his/her own photo (as an option, the employees may upload/modify/delete the photo, as they wish) Categories of data: Last name, first name, personal numerical code, ID series, number and date of release, domicile address, signature, department where you conduct your activity, e-mail address, bank account number, telephone number, position, image (photo) – as an option. |
Our legitimate interest in ensuring an adequate work environment and a good relationship with the employees, in complying with the Consulting Firm’s legal and contractual obligations, and in protecting the Consulting Firm’s rights. |
Throughout the employment relationship plus another 4 years as of the termination thereof. For the duration of the employment relation, as regards the association of the photo to the office email account |
4. |
Ensuring labor health and safety: conducting labor protection training and occupational health check-ups. Categories of data: · Last name, first name, ID data (including personal numerical code), domicile address, date and place of birth, position, education, qualification, signature, blood type; · Data related to labor conditions/interdictions depending on your personal situations (skill), occupational health recommendations; · Details related to the route taken to/from work from/to home. |
Legal obligation to process labor health and safety-related data (for all processing required under the relevant legislation).
|
Throughout the employment relationship plus another 4 years as of the termination thereof.
|
5. |
Performance evaluation at Consulting Firm-level through applications. Categories of data: Last name, first name, e-mail address, position, performance indicators, activity conducted. |
Our legitimate interest to centralize and assess the performance of employees at the Consulting Firm-level (from a financial and client database development perspective). | Throughout the employment relationship plus another 4 years as of the termination thereof. |
6. |
Carrying out employee satisfaction surveys and salary surveys. Categories of data: Last name, first name, position, e-mail address |
Our legitimate interest to identify the employees’ level of satisfaction. | 2 years |
7. |
Marketing and advertising, delivery of newsletters with the latest internal news. Categories of data: Last name, first name, image, and corporate e-mail address. |
Our legitimate interest that you be up to date with the services offered by Szilaghi Consulting and our corporate events. | Throughout the employment relationship |
8. |
Organizing business trips. Categories of data: Last name, first name, e-mail address, personal numerical code, ID series, and number to perform the check-in formalities with the accommodation unit and/or for transport tickets |
Contractual obligation to perform the duties provided in your job description. | Throughout the employment relationship |
9. |
Organizing certain events and workshops with a view to developing technical and professional skills. Categories of data: Last name, first name, ID series, and number, date, and signature |
Our legitimate interest to develop the skills of the Consulting Firm’s employees. | 5 years |
In addition to the above, the Consulting Firm may also process other personal data received from you or generated in connection with your activity carried out within the Consulting Firm.
We may also ask you to provide us with certain personal data of others, such as family members or other affiliates, in which case you will be provided with a separate and specific consent form to be submitted to that person in order to give their consent to the processing of their personal data by the Consulting Firm, according to your instructions or, as the case may be, an information note will also be made available to those data subjects.
5.2 Collection of personal data
The Consulting Firm collects personal data from the following sources:
- directly from you;
- from other employees of the Consulting Firm with whom you have collaborated, for example, information regarding your workplace performance;
- from various clients, potential clients, collaborators, or contractual partners, information that arise from your interaction with these individuals.
5.3 Recipients of your personal data
For the purposes mentioned above, the Consulting Firm uses the services of several contractual partners. Some of them have the capacity as a processor, such as, the provider of payroll and employee satisfaction survey services, the timesheet and performance assessment software providers, the providers of training/induction services for employees, the occupational health services provider that acts as a processor with respect to the data related to the employees’ skills to work upon employment and during the annual occupational health check-ups, the document archiving service provider, the provider of IT maintenance and repair services – computer and communication equipment – maintenance of software and hardware applications, the providers of photo/video material production services, and they may be provided with your personal data to be used within the limits of the obligations they assume towards the Consulting Firm. The personal data we are disclosing to our data processors are limited to the minimum personal data which is necessary to perform the respective services and we are requesting them not to use the personal data for any other purposes. We make every effort to ensure that all the entities we are working with are storing your personal data is safe and secure conditions.
Other recipients are, in turn, data controllers, such as banks, medical service providers acting as controllers themselves in connection with private healthcare subscriptions, some of the providers of various personal benefits for the employees, such as the lunch vouchers, the sports subscription, the online library subscription, the e-learning providers, as the case may be, our distributors, and any other contractual partners with which the Consulting Firm has business relations, some of which may be located in the country, within the European Union, or outside it. Also, the companies that manage Google, Facebook, and LinkedIn platforms are data controllers, therefore in order to determine how they process personal data, please consult their privacy policy.
The personal data indicated above may also be made available or submitted to third parties in the following situations: (i) to public authorities, financial or legal auditors or institutions competent to carry out inspections and checks on the activity and assets of the Consulting Firm, which request the Consulting Firm to provide information, by virtue of the latter’s legal obligations. These public authorities or institutions can be ANAF, the Territorial Labour Inspectorate, the labor force agencies, the Local Police in case of certain incidents, the Environmental Authorities, etc.; (ii) for compliance with a legal requirement or for the protection of the rights and assets of our Consulting Firm or of other entities or persons, such as courts, bailiffs, bodies of the legal profession, legal advisers; (iii) technical maintenance companies.
Furthermore, some of your data may be disclosed to the Consulting Firm’s clients or potential clients, in view of conducting our contractual relationship with them.
5.4 Transfer of personal data abroad
To the extent that, in the context of the operations described above, your personal data may be transferred abroad to states in the European Union (“EU”) or European Economic Area (the “EEA”), any transfer performed by Szilaghi Consulting in an EU or EEA member state will observe the legal requirements laid down by the GDPR.
In the context of providing references, some of the potential future employers requesting references regarding the period in which you were our employee may be located in non-EU and EEA countries that do not provide adequate protection for the processing of personal data. In this case, we will communicate to them some of the personal data mentioned in this information note, only on the basis of your express consent obtained prior to the communication, in order to ensure the guarantees required under the GDPR. Furthermore, some of your data may be transferred to clients or potential clients of the Consulting Firm, in view of conducting our contractual relationship with them.
5.5 Refusal of the processing and consequences thereof
The personal data indicated above and processed under a legal/contractual obligation are necessary for the conclusion of a contract with the Consulting Firm, and you must provide personal data for the conclusion or execution of the employment agreement and to enable us to comply with our legal obligations towards you and towards the public authorities. If you do not provide us with the data for the purposes mentioned above, we will not be able to conclude the individual employment agreement, we will not be able to develop the contractual relationship based on the individual employment agreement, and you will not be able to benefit from certain personal benefits granted by the Consulting Firm or by its partners.
III. WHAT HAPPENS TO YOUR PERSONAL DATA AFTER THE CESSATION OF THE DATA PROCESSING
The Consulting Firm processes your personal data only for the necessary period to achieve the data processing purposes explained in the above sections, for each category of data subjects, while complying with the legal requirements in force. If the Consulting Firm establishes that it has a legitimate interest or a legal obligation to further process your personal data for other purposes, you will be informed accordingly in this respect.
Once the processing period indicated above expires and the Consulting Firm no longer has legal or legitimate reasons to process your personal data, the data will be deleted in accordance with its procedures, which may involve archiving, anonymizing, or destroying them.
IV. AUTOMATED DECISION MAKING AND AUTOMATED PROFILING
The personal data referred to in this Privacy Policy are not subject to automated decision making, including profiling.
V. SECURITY OF THE DATA PROCESSING
The Consulting Firm constantly evaluates and upgrades the security measures implemented to ensure secure and safe personal data processing.
VI. CONTACT
Within the context of the processing of your personal data, you have the following rights:
- The right of access to the processed personal data: you have the right to obtain a confirmation whether or not your personal data are being processed, and, if affirmative, to have access to the type of personal data and to the conditions of processing, by addressing a request in this respect to the data controller indicated in Section VII below;
- The right to request the rectification or erasure of personal data: you have the possibility to request, by sending a request in this respect to the data controller indicated in Section VII below, the rectification of inaccurate personal data, the supplementation of incomplete data, or the erasure of your personal data in case (i) the data are no longer needed for their original purpose (and no new lawful purpose exists), (ii) the lawful basis for the processing is the data subject’s consent, the data subject withdraws that consent, and no other lawful ground exists, (iii) the data subject exercises the right to object and the controller has no overriding grounds for continuing the processing, (iv) the data have been processed unlawfully, (v) erasure is necessary for compliance with EU law or Romanian law, or (vi) the data were collected in connection with the informational society services offered to children (if the case), where specific requirements regarding consent are applicable;
- The right to request the restriction of processing: you have the right to obtain the restriction of processing in cases where: (i) you consider that the processed personal data are inaccurate, for a period enabling the controller to verify the accuracy of the personal data; (ii) the processing is unlawful, however, you don’t want us to erase your personal data, but to restrict the use of data; (iii) in case the data controller no longer needs your personal data for the above-mentioned purposes, but you are requiring the data for establishing, exercising or defending a legal claim or (iv) you have objected to processing pending the verification whether the legitimate grounds of the data controller override those of the data subject;
- The right to withdraw your consent for processing, when the processing is based on consent, without affecting the lawfulness of processing undertaken until that moment;
- The right to object to the data processing on grounds relating to your particular situation, when the processing is based on legitimate interest and to object at any moment to the data processing for direct marketing purposes, including profiling;
- The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly affects the data subject in a significant manner;
- The right to data portability, meaning the right to receive your personal data, which you provided to the data controller in a structured, commonly used and machine-readable format, and the right to transfer those data to another controller, if the processing is based on your consent or the performance of a contract and is undertaken by using automatic means;
- The right to file a complaint with the Data Protection Authority (ANSPDCP) and the right to address to the competent courts of law.
The above rights may be exercised at any time. For the purpose of exercising these rights, we encourage you to use the forms available on the Consulting Firm’s website or send a notice in writing, dated and signed, or in electronic format, to the address indicated below. Also, if you wish to withdraw your consent, you may send an e-mail to the address indicated in Section VII, or submit a written request in physical format or by mail to the Consulting Firm’s headquarters.
VII. CONTACT DETAILS
You may address any question using the following contact details:
Szilaghi Consulting Romania, postal address: 17 Calea Dorobantilor. ap. 9, Cluj Napoca, Cluj, Romania, telephone: +40 773 939 033, e-mail address: [email protected] .
VIII. CHANGES TO THIS PRIVACY POLICY
This Privacy Policy may be changed and updated from time to time by the Consulting Firm, as necessary. The Consulting Firm will notify you of any material or substantial changes to this Privacy Policy and will ensure that such notification is made in such a way as to enable you to become aware of such changes, for example by publishing on the Consulting Firm’s website or by any other appropriate means ensuring effective communication.
Do you need help to form your Offshore Company?
Our experts can help you achieve the register of a Company in various offshore jurisdictions around the world.