The law firm STOYNEV & PARTNERS (hereinafter the “Firm” and/or “we”/”us”/”our”) is committed to protecting your privacy. This Privacy Notice (“Notice”) describes the types of personal information we collect, how we collect and process that information, who we share it with in relation to the services we provide and certain rights and options that you have in this respect.
This Privacy Notice was last updated on September 9, 2019.
WHO WE ARE
STOYNEV & PARTNERS is a law firm which provides the full range of legal services for its clients
The law firm STOYNEV & PARTNERS owns and operates this site www.stoynev-law.com
The Firm is data controller.
Its postal address is: 21 “Tsar Samuil”, fl. 3, office 8, 1000 Sofia, Bulgaria
Its contact email address is: firstname.lastname@example.org
Our Data Protection Officer is Emanuil Kolev.
WHAT PERSONAL DATA ARE COLLECTED?
The Firm takes into account the principles of Personal Data reduction, privacy by design and privacy by default. The Firm only collects data that are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. The Firm gathers information solely in order to operate effectively.
We collect and process the following personal data from you:
- Identity and Contact Data, including your name, address, telephone number or fax number, date of birth, marital status, passport number, employment history, educational or professional background, tax status, employee number, job title and function, and other personal data concerning your preferences relevant to our services;
- Financial and Payment Data, including your bank account and other data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
- Business Information, including information provided in the course of the contractual or client relationship between you or your organisation and STOYNEV & PARTNERS, or otherwise voluntarily provided by you or your organisation;
- Information relevant to our legal advice, including personal data relevant to any dispute, complaint, investigation, arbitration, or other legal advice we have been asked to provide to our client;
- Technical Data, including information collected during your visits to our website, the Internet Protocol (IP) address, login data, browser type and version (e.g. Internet Explorer, Firefox, Chrome, Safari etc.), device type, time zone setting, browser plug-in types and versions, operating system and platform (e.g. Windows XP, MacOS, Vista etc.), unique identifiers and mobile network information;
- Social media: posts, Likes, tweets and other interactions with our social media presence;
- Physical Access Data, relating to details of your visits to our office;
- Sensitive personal data: In the course of our client services, we may represent you and/or your organisation in legal matters that require us to collect and use sensitive personal information relating to you (that is, information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life and sexual orientation, or genetic or biometric data);
- Criminal record data: where permitted by national law and appropriate to do so, such as existence of prior criminal offences (or confirmation of clean criminal record)
The above data will be provided to us by you, your employer, the company or organisation who is our client or screening providers who assist us with our legal obligations to conduct under anti-money laundering, sanctions screening and regulatory checks.
PERSONAL DATA ABOUT OTHER PEOPLE
WHEN ARE PERSONAL DATA COLLECTED?
The Firm may need to gather Personal Data from information directly supplied by You. These Personal Data are thus collected and processed when You:
- access the Site;
- sign up for newsletters;
- request information and forms;
- write to the Firm;
- respond to surveys, promotions and other communications;
- sign contracts with the Firm;
- submit applications.
HOW DO WE COLLECT PERSONAL DATA?
The circumstances in which we can collect personal data about you include:
- when you or your organisation seek legal advice from us or use any of our online client services;
- when you or your organisation offer to provide, or provides, services to us;
- when it is provided to us by a third party because you are the subject of, or your data is otherwise included in, legal advice we are asked to provide to that third party client (for example, where we are asked to provide advice in an employment dispute, or where you are the subject of an investigation we are asked to conduct)
- when you correspond with us by phone, email or other electronic means, or in writing, or when you provide other information directly to us, including in conversation with our lawyers, consultants and staff;
- when you or your organisation browse, complete a form or make an enquiry or otherwise interact on our website or other online platforms;
- when you attend our seminars or other events or sign up to receive personal data from us, including training;
- by making enquiries from your organisation, other organisations with whom you have dealings such as former employers and educational institutions, or from third party sources such as government agencies, a credit reporting agency, information service providers or from publicly available records;
- when you apply for a new job in the Firm.
ON WHAT BASIS ARE PERSONAL DATA COLLECTED?
Personal Data are processed by the Firm as permitted by the applicable regulations and under the following conditions in particular:
- when You gave Your free, specific, informed and unambiguous consent to the processing of Your Personal Data;
- when this is necessary for the performance of a contract or in order to take steps prior to entering into a contract when processing is begun for the purposes of: (i) producing, managing and tracking the files of its clients; (ii) recovery;
- when this is necessary to deal with legal claims;
- in order to comply with its legal or regulatory obligations when the Firm begins processing for the purposes of: (i) preventing money laundering and terrorist financing and combating corruption; (ii) billing; (iii) accounting;
- when the legitimate interests of the Firm may justify processing by the Firm (e.g. computer security measures).
HOW WE WILL USE YOUR PERSONAL DATA?
Personal Data are collected for specified, explicit and legitimate purposes. Depending on the case, the Personal Data may be used for:
- To fulfil a contract, or take steps linked to a contract, with you or your organisation. This includes: to register you as a client of STOYNEV &PARTNERS; to provide and administer legal services or other services or solutions, as instructed by you or your organisation; to process payments, billing and collection; and to process applications for employment.
- providing legal advice and services;
- managing and administering our relationship with you, your company or organisation including keeping records about business contacts, services and payments so we can customize our offering for you, develop our relationship and target our marketing and promotional campaigns (information on the Firm, news themes, training, documentation, etc.);
- sending emails, newsletters and other messages to keep you informed of legal developments, market insights and of our services;
- running legal briefings, roundtables and other events;
- to exercise or defend our legal rights or to comply with court orders;
- client surveys and events feedback as well as answering issues and concerns which may arise;
- client due diligence (under anti-money laundering, sanctions screening and other crime prevention and detection laws and regulatory requirements) which may involve automated screening checks to ensure that clients and contacts are genuine and to prevent fraud or crime;
- checking the website and our other technology services whether are being used appropriately and to optimise their functionality;
- providing security to our office (normally collecting your name and contact details on entry to our building);
- protecting our information assets and technology platforms from unauthorised access or usage and to monitor for malware and other security threats;
- compliance with our legal and regulatory obligations as a law firm including auditing and reporting requirements;
- managing suppliers who deliver services to us
- The Firm is also likely to use Personal Data for any other purpose required by the legislation in force and for administrative purposes.
Please note that we will only provide you with marketing related information when we have a previous contractual relationship or a business relationship with you and provided you do not opt-out to receive those communications. You have the opportunity to opt-out at any time as explained in the “Right to withdraw consent” section of this Notice.
DISCLOSURE OF YOUR PERSONAL DATA
The Personal Data are never sold.
Personal Data gathered by the Firm are only disclosed strictly in the following cases:
- to subcontractors or third-party service providers (such as attorneys-at-law, lawyers, consultants, mediators, or experts and other legal specialists such as law firms for obtaining specialist or foreign legal advice, translators, education evaluation services, couriers, or other necessary entities) acting on behalf of the Firm for specific processing in line with the purposes for which they were initially gathered, for activities such as the provision of services, direct marketing and sales events, managing client and prospect relations, organisation, registration and sending of newsletters and invitations to Firm events;
- with courts, law enforcement authorities, regulators, government officials or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process;
- To the bodies in charge of supervision or inspection in accordance with the applicable regulations.
HOW IS THE SECURITY OF YOUR PERSONAL DATA ENSURED?
The Firm shall ensure the protection and security of the Personal Data in order to guarantee their security and prevent them from being distorted, damaged, destroyed or disclosed to unauthorised third parties.
Everyone with access to the Personal Data is bound by an obligation of confidentiality.
The Firm’s service providers and subcontractors in particular are bound by security and confidentiality commitments prohibiting them from using the Personal Data for any purposes other than those for which the Firm shares the information with them; more specifically, they are not authorised to use the personal details of subscribers and/or representatives for commercial purposes or disclose them to other third parties.
Any transfer of Personal Data outside of the European Union is done in accordance with the applicable legal and regulatory provisions on the protection of personal data.
When the disclosure of Personal Data to third parties is necessary and/or authorised, the Firm ensures that these third parties guarantee the same level of protection of the Personal Data as that afforded by the Firm and demands contractual guarantees so that the Personal Data is processed exclusively for the purposes that You have previously agreed to, with the required confidentiality and security.
We will hold your information securely in line with physical, technical and administrative security measures. However, the transmission of information via the internet is not completely secure. Although we will take reasonable measures to protect your personal information, we cannot guarantee the security of your information transmitted and any transmission is at your own risk. The Firm has technical and organisational measures in place to ensure that the Personal Data are kept secure for the length of time necessary to fulfil the purposes of the processing in accordance with applicable law.
In accordance with the applicable Bulgarian and European regulations, in the event of a proven data breach likely to pose a risk to the rights and freedoms of the data subjects, the Firm undertakes to notify the competent supervisory authority and, when required by such regulations, the data subjects (either individually or collectively, as appropriate).
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for STOYNEV & PARTNERS to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled. Typical retention periods will range from 1 to 5 years. Please take into account that according to Art. 47. (1) (suppl. – SG 97/12) Attorney Act “Attorneys or European Union lawyers shall be obliged to keep the papers of the cases, in which they have acted as mandataries or defence counsels, for 5 years after their finishing”.).
The Firm applies, in particular, the following storage periods for these broad categories of Personal Data:
- In areas relating to accounting, they are kept for 5 /five/ years after the close of the financial year;
- In areas relating to the prevention of money laundering or terrorist financing, the Personal Data are kept for 5 /five/ years after the end of the relationship with the Firm;
- Clients’ Personal Data are kept for the duration of the contractual relationship plus 3 years for the purposes of sales events and direct marketing, without prejudice to storage obligations or limitation periods;
- Prospects’ Personal Data are kept for a period of 1 /one/ year if they did not participate or register for any Firm events;
- Applicants’ Personal Data are kept for the amount of time necessary to process the application and, in the event of a negative outcome, 1 /one/ year after the last contact (unless the applicant consents to a longer period);
- The Personal Data in access databases are kept for 1 /one/ year after the last connection.
If you want to learn more about our specific retention periods for your personal data established in our retention policy you may contact us at email@example.com
WHAT ARE THE PERSONAL DATA RIGHTS AND HOW ARE THEY EXERCISED?
You have various rights with respect to our use of your personal data:
- Access: You have the right to request a copy of the personal data that we hold about you. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information. You are entitled to see the personal data held about you. If you wish to do this, please contact us using the contact details provided below.
- Accuracy: We aim to keep your personal data accurate, current, and complete. We encourage you to contact us using our Contact form to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date.
- Objecting: In certain circumstances, you also have the right to object to processing of your personal data and to ask us to block, erase and restrict your personal data. If you would like us to stop using your personal data, please contact us using our Contact form.
- Transfer: you may us to help you request the transfer certain of your personal data to another party.
- Porting: You have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format.
- Erasure: You have the right to [ask/require] us to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data have been unlawfully processed.
- Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority, or to seek a remedy through the courts.
You may, at any time, exercise any of the above rights, by contacting firstname.lastname@example.org or using our Contact form together with a proof of your identity, i.e. a copy of your ID card, or passport, or any other valid identifying document.
If the Firm does not take action on Your request, it will inform You of the reasons for not taking action and You will have the possibility of lodging a complaint with a supervisory authority and/or seeking a judicial remedy. You can lodge Your complaint by email email@example.com of the Bulgarian Commission of Personal Data Protection, or by post at: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria. More information on: www.cpdp.bg
RIGHT TO WITHDRAW CONSENT
If you have provided your consent to the collection, processing and transfer of your personal data, you have the right to fully or partly withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.
To opt-out of receiving our marketing communications please follow the opt-out links on any marketing message sent to you or contact firstname.lastname@example.org or use our contact form. Opting out of receiving marketing communications will not affect the processing of personal data for the provision of our legal services.
For more information about cookies and how we use them, please see our: Cookie Notice.
LINKS TO THIRD PARTY WEBSITES
Our website, newsletters, email updates and other communications may, from time to time, contain links to and from the websites of others. The personal data that You provide through these websites is not subject to this privacy notice and the treatment of Your personal data by such websites is not our responsibility.
If You follow a link to any other websites, please note that these websites have their own privacy notices which will set out how Your information is collected and processed when visiting those sites.
CHANGES TO OUR PRIVACY NOTICE
We reserve the right to update and change this Notice from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements. Any changes we may make to our Notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Notice.
If You would like more information about the way we manage personal data that we hold about You please contact us as set out at the top of this notice.
Questions, comments and requests regarding this Notice are welcomed and should be addressed to Privacy Team, email@example.com, or send a letter to STOYNEV & PARTNERS, Privacy Team, 21 “Tsar Samuil”, fl. 3, office 8, 1000 Sofia, Bulgaria. Our Data Protection Officer is Emanuil Kolev.
- would like to access the personal information we hold about you;
- believe that information we hold about you is incorrect; or
- have any questions in relation to the information concerning privacy and personal information;
then encourage you to contact us and we will take all necessary reasonable steps to resolve those concerns as soon as practicable. In some cases we may not be able to give you access to personal information we hold regarding you if making such a disclosure would breach our legal obligations to our client or if such disclosure is prohibited under the applicable law or regulation.