CR Partners, Ibrahim Rrugova Str, Sky Tower, Floor 5, Suite 2, Tirana, Albania, corporate identification number ___, tax identification number ____ (hereinafter as “Controller”) is committed to the protection of your personal data. Please read the following policy to understand how we treat your information.
The controller is a regulated legal practice engaged in the provision of legal services.
The information we collect
The personal information that we process includes:
— basic information, such as the name, the company a person works for, title or position,
— contact information, such as a postal address, email address, and phone number(s),
— information on payments made to and by the Controller,
— technical information, such as information from requests to our website or in relation to the materials and communications we send electronically,
— information a person provides to us for the purposes of attending meetings and events,
— KYC information provided by a client or collected as part of our business acceptance processes,
— personal information provided to us by or on behalf of our clients or generated by us in the course or providing services to them, which may include special categories of data,
— any other information that any person may provide to us.
How we collect the information
We may collect personal information in the course of our business (including the business acceptance process), through the use of our website and other electronic tools (including email communication), when a person contacts or requests information from us, when we are engaged for the provision of legal services or as a result of a person’s relationship with one or more of our staff and clients, or from public sources for the purposes of updating the information we already hold, or when otherwise provided to us.
Where we need to collect personal data by law, or under the terms of a contract or in order to take steps prior to entering into a contract with an individual, and that individual fails to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into (for example, to provide the requested services). In this case, we may have to cancel the provision of services but we will notify the relevant individual if this is the case at the time.
How we use the information
We use personal information:
— to provide and improve legal services to our clients,
— for legitimate business purposes, such as ensuring network and IT security or providing information about our services (including sending legal updates, publications, and details of events),
— to fulfill the legal and regulatory requirements (such as conducting the “Know Your Client” procedure),
— for the purposes of establishing, exercising, or defending legal claims,
— for the purposes of recruitment.
Use of Controller’s website
Personal data submitted on the website (such as on the vacancy application page) will be used for the purposes apparent from the relevant part of the website and for other purposes for which consent is given.
Our website uses Google Analytics, a web-based analytics tool that tracks and reports on the manner in which the website is used to help us to improve it. Google Analytics does this by placing small text files called ‘cookies’ on the user’s device. The information that Google Analytics collects, such as the number of visitors to the site, the pages visited, and the length of time spent on the site, is aggregated and therefore anonymous.
The basis on which we use personal information
We use personal information on the following basis:
— to perform a contract or to take steps prior to entering into a contract,
— to comply with legal and regulatory obligations,
— for legitimate interest (such as for ensuring network and IT security, for the establishment, exercise, or defense of legal claims or proceedings, or for the provision of information about our services),
— on the basis of consent by the individual.
How long we keep personal information
Personal information will be retained in accordance with our data handling internal rules and laws applicable in Slovenia. Those periods are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account the legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, and the Controller’s business purposes.
With whom we share personal information
We are a legal practice cooperating on a case-by-case basis with other law offices in the region and worldwide and any information provided to us may be shared with and processed by such law offices, solely in cases when there is a valid legal basis for such processing and subject to appropriate safeguards being implemented.
We may also share personal information with certain trusted third parties in accordance with contractual arrangements in place with them, including our IT service providers, and suppliers such as translation services, subject to appropriate safeguards being implemented.
Where necessary, or for the reasons set out in this policy, personal information may also be shared with regulatory authorities, courts, tribunals, government agencies, and law enforcement agencies. While it is unlikely, we may be required to disclose personal information to comply with legal or regulatory requirements. We will use reasonable endeavours to notify the data subject before we do this unless we are legally restricted from doing so.
Which countries we transfer personal information to
In cases when the data is being transferred from a location within the EU to a location outside of the EEA, the transfer will be based on the appropriate provisions of the General Data Protection Regulation (EU) 2016/679, including in particular on the standard data protection clauses concluded between the data exporter and the data importer, the data subject’s explicit consent for the transfer or the necessity to establish, exercise or defend legal claims.
Rights of data subjects regarding personal information
We ensure the following minimal rights to data subjects:
The right to request details of the information we hold about the data subject and how we process it. This includes the to have such information rectified or deleted, restricting our processing of that information, stopping unauthorized transfers of personal information to a third party, and, in some circumstances, having personal information transferred to another organization. Data subjects may also have the right to lodge a complaint in relation to the Controller’s processing of personal information with a local supervisory authority (Information Commissioner, Ibrahim Rrugova Str, Sky Tower, Floor 5, Suite 2, Tirana, Albania).
If a person objects to the processing of his/her personal information, or if he/she has provided consent to processing and later chooses to withdraw it, we will respect that choice in accordance with our legal obligations.
The objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above (see “How we use the information”) or that the person objecting may not be able to make use of the services and products offered by us. Please note that even after a person has chosen to withdraw consent we may be able to continue to process that person’s personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.
If you have any questions about our privacy policies, want to exercise your right to see a copy of the information that we hold about you, or think that the information we hold about you may need to be corrected, please contact us at email@example.com with an inquiry topic “Data privacy”.