Buzko Legal is the data controller of the Personal Data it processes, and is therefore responsible for ensuring that the systems and processes it uses are compliant with data protection laws, to the extent applicable to us, including the European Union General Data Protection Regulation (“GDPR”).
1. Information Collection
Although you are not obligated to provide any Personal Data on the public areas of the Website, you may choose to do so by voluntarily providing your Personal Data to us, and we may keep a record of it. We collect Personal Data from a number of sources, either directly from the data subjects or from clients, colleagues, agents, and other publicly available sources. We may collect the following categories of Personal Data about you:
- Basic Data: name, gender, organization, title, job responsibilities, phone number, mailing and email address, social media accounts;
- Financial Data: bank account information, invoicing details;
- Client service data: Personal Data received from clients in respect of employees, customers, or other individuals known to clients;
- Compliance data: government identifiers, passports or other identification documents, beneficial ownership data, due diligence data;
- Job applicant data: identification data, contact information, resume, and other data provided by you or third parties, including recruiters, online recruitment portals, or offline in connection with job openings;
- Device data: Internet Protocol (IP) address, device identifier, cookies, and other data linked to a device and data about usage of our Website.
2. Personal Data Usage
We may use your Personal Data for the following purposes and, for each purpose, based on the following legal grounds:
- Provision of legal services and responding to inquiries – we use Personal Data that you voluntarily submit to us during our engagement, regardless of the media used, such as basic data and other service data that we may process in connection with the provision of services. Our work for you may also involve providing such information to third parties, such as experts and other professional advisers in order to represent your interests most effectively. We need to process your Personal Data in this way in order to perform our obligations under our contracts with you.
- Management of business and administration of client relationships – we use basic data, financial data, and other service data, including for the processing of invoices, updating of client records, and management of our vendor relationships. This processing is necessary to perform our obligations under our contracts with our clients (e.g. issuing and processing invoices) and suppliers (e.g. managing the supply of goods and services to Buzko Legal).
- Providing relevant marketing – we use basic data and device data to communicate with you by providing you with information about our events, seminars, or services, including legal services, legal updates, client conferences or networking events, that may be interesting to you. This processing is necessary for our legitimate interest to send you tailored marketing messages, client newsletters, and invitations.
- Keeping our website and IT systems and processes safe – we use identification data, contact details, financial data, cookie and device data, and other service data. It is necessary for our legitimate interests to monitor how our Website is used to detect and prevent fraud, other crimes, and the misuse of our Website. This helps us to ensure that you can safely use our Website.
- Complying with legal or regulatory inquiries and requests – we use identification data, contact details, financial data, cookie and device data, and legal and regulatory compliance data (including for anti-money laundering or fraud detection purposes, statutory returns and fulfillment of Buzko Legal’s ethical obligations). This processing is necessary for the purpose of complying with legal requirements that apply to us.
3. Information Sharing
We may share your Personal Data with the following categories of recipients:
- Affiliates – we may share Personal Data with our affiliates in order to provide you with legal services and in order to administer our relationship with you (e.g. invoicing, marketing).
- Suppliers and service providers – we may share Personal Data with vendors that may process your Personal Data on our behalf and under our written instructions to carry out their services during the course of our business, such as IT service providers, financial institutions, customer relationship management databases and other cloud-based solutions, third-party companies providing us with business analytics and statistics to assist with our marketing campaigns, and third-party venues in which we may host events and seminars. We contract with such vendors to ensure that they only process your Personal Data under our instructions and ensure the security and confidentiality of your Personal Data by implementing the appropriate technical and organizational measures for such processing.
- Mandatory disclosures and legal claims – we may share Personal Data with law enforcement and regulatory or government agencies requesting such Personal Data in connection with any inquiry, subpoena, court order, or other legal or regulatory procedures with which we are legally obligated to comply. We may also share Personal Data to establish or protect our legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims.
4. Marketing Choices
You have control regarding our use of Personal Data for direct marketing. In certain markets, you will need to expressly consent before receiving marketing. In all markets, you can choose to not receive such communications at any time. If you no longer wish to receive any marketing communications or to remain on a mailing list to which you previously subscribed, please follow the unsubscribe link in the relevant communication or contact us at firstname.lastname@example.org.
5. Your Rights
If you are in the European Economic Area (“EEA”), you have the following rights:
- Access. You have the right to request a copy of the Personal Data that we process about you, which we will provide to you in electronic form. If you require additional copies, we may need to charge a reasonable administration fee;
- Rectification. You have the right to require the correction of any mistake in the Personal Data, whether incomplete or inaccurate, that we hold about you;
- Deletion. You have the right to require that we delete your Personal Data unless we are required to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims;
- Restriction. You have the right to request that we restrict our processing of your Personal Data where (i) you believe such data to be inaccurate, (ii) our processing is unlawful; or (iii) we no longer need to process such data;
- Portability. You have the right to receive your Personal Data that you have provided to us in a structured, commonly used, and machine-readable format and have the right to transmit that data to a third party in certain situations;
- Objection. You have the right to (i) object at any time to the processing of your Personal Data for direct marketing purposes and (ii) object to our processing of your Personal Data where the legal ground for such processing is necessary for legitimate interests pursued by us or by a third party. We will then abide by your request unless we can demonstrate compelling legal grounds for continued processing of the data;
- Withdrawing Consent. If you have consented to our processing of your Personal Data, you have the right to withdraw your consent at any time, free of charge. "Explicit consent" would be required if Buzko Legal relies on consent as the condition to lawfully process "special categories of personal data," as defined in the GDPR.
If you are in the EEA, you also have the right to lodge a complaint withthe local data protection authority, such as the Information Commissioner'sOffice ("ICO") in the UK or la Commission Nationale de l'Informatiqueet des Libertés ("CNIL") in France, if you believe that we have notcomplied with applicable data protection laws, including the GDPR. Please click here for a list of local data protection authoritiesin the EEA countries.
Please note that some of these rights may be limited where wehave an overriding interest or legal obligation to continue to process yourPersonal Data, or where data may be exempt from disclosure due to reasons oflegal professional privilege or professional secrecy obligations.
If you are in the EEA and would like to exercise any of those rights, please:
- Email us at email@example.com;
- Provide enoughinformation to identify yourself (e.g., name, email address, etc.);
- Provide proof of your identity and address (a copy of your driver’s license or passport and a recent utility or credit card bill); and
- Provide the information to which your request relates.
6. Data Security
We have implemented technical and organizational security measures in an effort to safeguard the Personal Data in our custody and control. Such measures include, for example, restricted access to Personal Data only to staff and authorized service providers on a need-to-know basis, as well as other administrative, technical, and physical safeguards.
While we endeavor to always protect our systems, sites, operations, and information against unauthorized access, use, modification, and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others. Please note that email is not a secure medium and should not be used to send confidential or sensitive information. By providing information online, you accept the inherent security risks of providing information over the Internet and will not hold us responsible for any breach of security, unless it is due to our negligence or willful default. If you have any reason to believe that your username or password has been compromised, please contact us as detailed below.
7. Data Transfer
When we transfer Personal Data from within the EEA to countries located outside the EEA that have not received an adequacy decision from the European Commission, we have implemented adequate safeguards to appropriately protect such transfer of Personal Data, including on the terms of a valid data transfer agreement incorporating the European Commission's standard contractual clauses or as permitted under applicable data protection laws. These safeguards are designed to protect your privacy rights and provide you with remedies in the unlikely event that your Personal Data is misused.
8. Information Retention
9. Notification of Changes