Privacy Notice for Clients
PRIVACY NOTICE REGARDING THE PROCESSING OF PERSONAL DATA OF CLIENTS OF GUGUSHEV & PARTNERS LAW OFFICE
As from May 25th, 2018 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR) shall apply, which significantly changes the existing legal regime for data protection. In its capacity of a controller Gugushev & Partners Law Office (hereinafter referred to as "GPLO" or “the Company”) processes your personal data in accordance with GDPR and its implementing acts, as well as with the national legislation in force and the internal rules, procedures, policies and impact assessments on data protection.
This privacy notice has been developed by GPLO and contains information on:
- the controller responsible for the processing of personal data;
- the processed categories of personal data;
- the conditions under which personal data are processed;
- the purposes and legal grounds for the processing;
- retention periods and the applied measures for data protection;
- the rights of the clients as data subjects within the meaning of the GDPR;
- as well as in which cases and in what manner we disclose your data with third parties.
WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?
The responsible party for the processing of your personal data is Gugushev & Partners Law Office, registered under company file № 813/2010 of Sofia City Court, BULSTAT: 176026301, with seat and registered office in Sofia, Georgi Sava Rakovski Str. № 130, floor 2, apartment 4 and address for correspondence in Sofia, 11A Aksakov Street, floor 5, office 3, website http://www.gugushev.com.
In case you would like to receive more information or a copy of the archive of your personal data processed by GPLO or exercise your rights under GDPR, and if you suspect that your data is being used in an unregulated manner, you may contact us at e-mail: office[at]gugushev.com.
WHY GPLO COLLECTS YOUR PERSONAL DATA?
GPLO processes your data:
- to identify you or the represented by your Company as a client of GPLO and to communicate with you or with the represented by you Company regarding the conclusion and performance of the contracts for legal services;
- to meet the obligations arising for GPLO under the law with regards to collecting and processing data for its clients;
- in the process of carrying video surveillance in the GPLO’s offices for the protection of the Company’s employees and its property;
- to protect the interests of the Company in the event of legal disputes with regards to non-fulfillment of the agreements for legal services;
- as well as for the purposes of assessment of GPLO by acclaimed legal directories.
WHAT KIND OF DATA WE COLLECT?
GPLO processes the following categories of personal data: names and other data, that may identify you, including signature, contact details (email, address, telephone), bank account details; data that the GPLO is obliged to collect by law, data related to the protection of the rights and interests of the clients, including special categories of data, as well as image, insofar as the GPLO offices are provided with video surveillance, which shall be marked with the relevant information marks and signs.
WHAT ARE THE LEGAL GROUNDS ON WHICH WE PROCESS YOUR DATA?
In accordance with the GDPR GPLO processes your personal data only on valid legal grounds. Namely, GPLO processes your data on the following legal grounds:
- with regard to your name and other data that identifies you, including a signature, as well as the contact details - for the conclusion of the agreements for legal services;
- with respect to personal data relating to the subject matter of the legal service contract (e.g. PIN, customer behaviour, property, intellectual, physical and mental status, court history, and any information provided by the Client to third parties, in relation to which the GPLO is the recipient) - for the execution of the agreement for legal services;
- as a company providing legal and advisory services, GPLO is obliged to collect and process the personal data of its clients under the Measures against Money Laundering Act (MAMLA) and the Accountancy Act (AA);
- data regarding images collected by video surveillance carried in the GPLO offices - based on the legitimate interest of the Company in ensuring the security of its employees and property;
- In the cases described below, the Client's personal data may be disclosed to GPLO's partners from PONTES the CEE lawyers when necessary for the performance of the legal services contract;
- In the event that the Client expressly agrees GPLO may disclose their personal data to third parties, including reference contact details.
Such consent is not in any way binding to the conclusion of the agreement for legal services and does not entail any adversary consequences for the latter.
WHAT MEASURES FOR THE SECURITY OF THE COLLECTED DATA WE APPLY?
The protection and security of your data is important to us. In order to prevent loss, misuse or unauthorized access to your data, we apply all reasonable measures and remedies, including the obligation for the confidentiality of all employees and contractors of the GPLO, implementation of technical measures to protect computers and systems by which personal data are processed, the video surveillance is carried out in the premises where the personal data documents for the Clients are stored, as well as trainings for data protection amongst our employees. If you have any doubts about an infringement, please contact us immediately through the contact details mentioned above.
WHAT ARE THE PERIODS FOR STORING YOUR PERSONAL DATA?
Personal data processed for the purposes of providing legal services shall be stored for the periods specified in Article 67 of MAMLA, namely for 5 years starting from the calendar year following the year of termination of the relevant agreement for legal services.
Personal data related to accounting documents shall be stored for the following periods according to Art. 12, para 1 of the AA: for accounting registers and financial statements, including documents for tax control, audit and subsequent financial inspections - 10 years; for any other carriers of accounting information - 3 years.
Video recordings of the cameras shall be stored for 30 days after which they shall be automatically deleted.
WHAT RIGHTS YOU HAVE WHEN YOUR PERSONAL DATA IS PROCESSED?
GDPR provides the following opportunities for the protection of individuals regarding the processing of their data:
- the right to be informed about the manners and periods for processing of the personal data;
- the right to object to the processing based on the legitimate interest of the company. If the processing does not comply with the Applicable laws it shall be ceased or limited immediately;
- the right to correct inaccurate data reflected in the documents stored by GPLO;
- the right "to be forgotten" when the retention periods for the data has expired, no valid legal ground for the processing can be specified or the processing is no longer necessary;
- the right to withdraw your consent for the disclosure before third parties of your data in case such consent has been provided using the consent form below;
- the right to lodge a complaint at any given moment and without the need to exhaust in advance the inner procedure for appealing our processing activities with the competent Data Supervisory authority (see more information below).
HOW WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES?
We can disclose to third parties your personal as follows:
- to state and local authorities, as well as courts for the performance of legal service contracts;
- to competent tax and other public authorities for revision or when required by the applicable law;
- to the partners of GPLO, including the consultants from the PONTES the CEE lawyers network: (more information at https://www.ponteslegal.eu/) as well as with accountants, lawyers and other consultants;
- In the case of team changes, mergers or acquisitions, your data may be shared with the new partner (s) and consultant (ies) for which you will be notified.
In any case, your data will not be shared with entities located outside the EEA (EU, Norway, Iceland and Liechtenstein) unless explicitly permitted by local law and adequate measures for data protection are in place.
HOW TO CONTACT THE COMPETENT DATA SUPERVISING AUTHORITY?
Notwithstanding the foregoing, in case of any complaints you have the right to contact the Commission for Personal Data Protection (CPDP):