Art. 1 – General Provisions (1) This policy regulates how the Platform processes users’ personal data, in accordance with Regulation (EU) 2016/679 and Law no. 190/2018. (2) The Platform acts as a personal data controller and is responsible for compliance with the principles of lawfulness, fairness, transparency, minimization, integrity, and confidentiality.
Art. 2 – Categories of Processed Data (1) The Platform may collect and process the following data: a) Identification data: name, surname, personal identification number, ID series and number, insofar as strictly necessary; b) Contact data: email address, phone number, postal address; c) Legal, contractual, and commercial data: contracts, tax and accounting documents, information necessary for the provision of services; d) Special categories of data, within the limits of the law, if necessary for resolving legal matters (e.g. health data, biometric data), only with the explicit consent of the data subjects or based on a legal obligation.
Art. 3 – Purposes of Processing (1) Data are processed for the following purposes: a) provision of legal and operational services through the Platform; b) preparation, transmission, and archiving of documents; c) fulfillment of legal obligations, including tax and accounting duties; d) communication with users; e) protection of users’ rights and legitimate interests before courts or authorities.
Art. 4 – Processing of the National Identification Number (1) Processing of the personal identification number (CNP) or other national identification numbers is carried out only under the conditions provided by Art. 4 of Law no. 190/2018, with appropriate safeguards such as: a) limiting access to authorized persons only; b) setting clear retention and deletion periods; c) implementing technical measures to ensure data security; d) training personnel involved in processing.
Art. 5 – Confidentiality and Obligations (1) The Platform observes absolute confidentiality regarding all information and documents obtained. (2) The obligation to maintain professional secrecy applies throughout the duration of collaboration and after its termination, regardless of the reason. (3) Data may not be disclosed to third parties without the consent of the data subjects, except in cases expressly provided by law. (4) Copying, transmitting, or using documents or information obtained through the Platform for personal purposes or for the benefit of third parties is prohibited.
Art. 6 – Data Retention Period (1) Data are stored for the period necessary to fulfill the purpose for which they were collected and subsequently, in accordance with the applicable legislation on archiving and professional/fiscal obligations. (2) Data review and deletion are carried out periodically, in accordance with Art. 4 para. (2) letter c) of Law no. 190/2018.
Art. 7 – Rights of Data Subjects (1) Users benefit from the following rights provided by the GDPR and Law no. 190/2018: a) right of access; b) right to rectification and updating; c) right to erasure (“right to be forgotten”); d) right to restrict processing; e) right to data portability; f) right to object to processing; g) right to withdraw consent, where applicable. (2) The exercise of these rights may be carried out by written request sent to the Platform.
Art. 8 – Data Recipients (1) Data may be communicated to: a) courts and public authorities, in accordance with the law; b) contractual partners (e.g. accountants, IT providers), limited to what is strictly necessary; c) Platform collaborators, based on confidentiality obligations.
Art. 9 – Data Protection Officer (1) The Platform shall appoint a Data Protection Officer in situations where such an obligation arises, in accordance with Art. 10 of Law no. 190/2018 and Art. 37 of the GDPR. (2) In the absence of a legal obligation to appoint one, the Platform ensures a single contact point for the exercise of users’ rights.
Art. 10 – Security of Processing (1) The Platform adopts appropriate technical and organizational measures to protect against unauthorized access, loss, or destruction. (2) Measures include: access control, encryption, periodic backups, and training of authorized personnel.
Art. 11 – Sanctions and Liability (1) Violation of this policy and of data protection obligations may entail civil, disciplinary, administrative, or criminal liability, as applicable. (2) Sanctions are applied in accordance with the provisions of Regulation (EU) 2016/679 and Law no. 190/2018.
Art. 12 – Contact (1) To exercise their rights or for additional information, users may send a written request to the email address indicated by the Platform or to its registered office.