McGregor is committed to protecting your privacy. This notice describes how we collect and use your personal data. It also describes the rights you have and control you can exercise in relation to it.
I WHO WE ARE
McGregor & Partners is a boutique commercial law firm in south-central / south-eastern Europe, with offices in Bucharest, Romania and Sofia, Bulgaria providing client services regarding Romanian, Bulgarian and English Law.
We are operating through the two separately constituted and regulated legal entities which provide legal and other client services in accordance with the relevant laws of the jurisdictions in which they respectively operate.
If you have any questions about McGregor’ use of your personal data, please use one of the following contacts:
McGregor & Partners – Bucharest
Address: Strada Emanoil Porumbaru 17, Bucharest, Romania
Phone: +40 021 222 04 88
McGregor & Partners – Sofia
Address: 11 Christo Smirnensky Boulevard, Sofia, Bulgaria
Phone: +359 28 65 17 17
It applies to data collected through our website, www.mcgregorlegal.eu, as well as to all other personal data we collect through e-mail or other off-line contacts.
- the purposes for which we collect and use your personal data;
- the processing grounds for such purposes;
- the categories of personal data we collect and process;
- the duration of processing of such data;
- the duration of processing of such data;
- your rights as data subjects and the manner in which you may exercise them;
III DATA PROCESSED
We collect the following personal data:
- Contact information: your name, position, role, company or organisation, telephone (including mobile phone number where provided) as well as email and postal address;
- Business information: data identifying you in relation to matters on which you instruct us or in which you are involved;
- Personal data contained in the CVs such as education, employment data: especially, but not limited to this purpose, namely, if you apply for a job or work placement you may need to provide information so that we assess your application;
- Payment information;
- Information from public sources: e.g. Linked in and similar professional networks, directories or internet publications;
- Information in connection with investigations or proceedings: where this is necessary to conduct the investigation or proceedings, e.g. Know Your Client and/or Anti-Money Laundering;
- Attendance records: to record your attendance at our offices;
- Supplier data: contact details and other information about you or your company or organisation if you provide services to McGrgeor;
- Technical information: when you access this website and our technology services being IP address, browser type and version (e.g. Internet Explorer, Firefox, Safari etc.), time zone setting, browser plug-in types and versions, operating system you are using (e.g. Vista, Windows XP, MacOS, etc), device type, hardware model, MAC address, unique identifiers and mobile network information;
- Online data: when you access this website and our technology services, information about your visit including URL clickstream to, through and from our website (including date and time), information about your network as such as information about devices, nodes, configurations, connection speeds and network application performance; pages viewed or searched for, page response times, download errors, length of visits and interaction information (such as scrolling, clicks, mouse-overs) and whether you click on particular links or open our emails.
- McGregor does not collect personal data about your online activities across third party websites or online services.
- Special categories of personal data: such as racial background, state of health;
- Criminal record data: where permitted by national law and appropriate to do so, such as existence of prior criminal offences (or confirmation of clean criminal record);
- Information that you provide to us as part of us providing our services to you, which depends on the nature of your instructions to McGregor.
The above data will be provided to us by you, your employer, the company or organisation who is our client or screening providers who assist us with our legal obligations to conduct under anti-money laundering, sanctions screening and regulatory checks.
IV THE PURPOSES AND GROUNDS FOR PROCESSING
We use your personal data for the following purposes:
- Service provision: providing legal advice and services;
- Business relationship: managing and administering our relationship with you, your company or organisation including keeping records about business contacts, services and payments so we can customise our offer for you, develop our relationship and target our marketing and promotional campaigns;
- Communication: sending emails, newsletters and other messages to keep you informed of legal developments, market insights and of our services;
- Client legal compliance: client due diligence (under anti-money laundering, sanctions screening and other crime prevention and detection laws and regulatory requirements) which may involve automated screening checks to ensure that clients and contacts are genuine and to prevent fraud or crime and we may not be able take instructions if you do not provide the information we need to do these checks;
- Website monitoring: to check the website and our other technology services are being used appropriately and to optimise their functionality;
- Site security: to provide security to our offices and other premises (normally collecting your name and contact details on entry to our buildings);
- Online security: protecting our information assets and technology platforms from unauthorised access or usage and to monitor for malware and other security threats;
- Regulatory: compliance with our legal and regulatory obligations as a law firm including auditing and reporting requirements;
- Managing suppliers: process data of persons who deliver services to us;
- Legitimate interest: to pursue the legitimate business interests listed below.
We process your personal data for the following grounds:
- it is necessary for the performance of a contract with you – when we conclude a legal assistance agreement, it is necessary to fill in some identification data, including personal data, therefore, in absence of such data, the agreement would not be legally concluded;
- it is necessary in connection with a legal or regulatory obligation;
- you have provided your consent to such use;
- we consider such use of your personal data as not detrimental to you, within your reasonable expectations, having a minimal impact on your privacy, and necessary to fulfil our legitimate interests or f a third party;
Our legitimate interests are the following:
- providing legal services;
- managing our business and relationship with you or your company or organisation;
- understanding and responding to inquiries and client feedback;
- understanding how our clients use our services and websites;
- identifying what our clients want and developing our relationship with you, your company or organisation;
- improving our services and offerings;
- enforcing our terms of engagement and website and other terms and conditions;
- ensuring our systems and premises are secure;
- developing relationships with business partners;
- ensuring debts are paid;
- sharing data in connection with acquisitions and transfers of our business.
V PERIOD OF PROCESSING
We will only retain your personal data for as long as is reasonably necessary in the circumstances, namely for as long as necessary in order to attain the purpose of the envisaged data collection
Personal information provided in connection with the provision of our legal services will be retained for no longer than 5 years unless we agree otherwise with you.
In case of a legal obligation, we will keep your personal data as long as required by law.
VI DISCLOSURE OF YOUR PERSONAL DATA
We may share your personal data with the following categories of third parties as necessary:
- your employers;
- our professional advisers such as accountants;
- government or regulatory authorities;
- professional indemnity or other relevant insurers;
- regulators/tax authorities/corporate registries;
- third parties to whom we outsource certain services such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers, IT support service providers, document and information storage providers;
- third parties engaged in the course of the services we provide to clients such as counsel, arbitrators, mediators, witnesses, court, opposing party and their lawyers, document review platforms and experts such as tax advisors;
- third party postal or courier providers who assist us in delivering our postal marketing campaigns to you, or delivering documents related to a matter.
- Please note that there may be other cases and /or parties where and/or to whom we need to share and/or disclose your personal data in order to provide our services as effectively as we can. Where possible, we will inform you accordingly.
In respect to this, where possible, we conduct an appropriate level of due diligence and put in place contractual documentation in relation to any sub-contractor to ensure that they process personal information appropriately and according to our legal and regulatory obligations.
VII PERSONAL DATA ABOUT OTHERS
In some cases, you may provide personal data to us about other people (such as your customers, directors, officers, shareholders or beneficial owners). You must ensure that you have given those individuals an appropriate notice that you are providing their personal data to us and have obtained their consent to that disclosure, if necesaary.
We are committed to keeping the personal information provided to us secure and we have implemented appropriate information security policies, rules and technical measures to protect the personal information that we have under our control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss.
All of our partners, employees, consultants, workers and data processors (i.e. those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of such personal information.
The transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted to our online services; any transmission is at your own risk.
You have the following rights in relation to the personal data we process about you:
- Access: you are entitled to ask us if we are processing your data and, if affirmative, you can obtain the details of such processing and a copy of the personal data we hold about you;
- Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you to be completed and corrected;
- Erasure: you are entitled to ask us to delete your personal data in certain circumstances;
- Restriction: you are entitled to ask us to suspend the processing of your personal data in certain circumstances;
- Portability: you may ask us to transfer your personal data to another data collector;
- Objection: if we are processing your personal data based on a legitimate interests (or those of a third party) you may challenge this;
- Consent: if we are processing personal data based on your consent, you can withdraw it anytime.
Some of these rights will only apply in certain circumstances. If you would like to exercise, or discuss, any of these rights, please contact us.
You may also have the right to submit a complaint to the relevant supervisory authority in your jurisdiction. In Romania, you can make a complaint to The National Supervisory Authority For Personal Data Processing.
XI STATUS OF THIS POLICY