Privacy Policy

Last updated: September 2019

Buzko Legal, a law firm operating in the Russian Federation and the United States (“Buzko Legal,” “we,” or “us”), is committed to safeguarding the privacy of visitors to our website (“Website”), contacts for our clients and prospective clients, contacts for suppliers of goods and services to us, candidates for employment or engagement, and any other individuals about whom we obtain Personal Data (each, “you”). This privacy policy (“Privacy Policy”) describes why and how we collect and use your information and provides information about your rights. In this Privacy Policy, “Personal Data” means information that (either in isolation or in combination with other information held by us) enables us to identify or recognize you.

Buzko Legal is the data controller of the Personal Data it processes, and is therefore responsible for ensuring that the systems and processes it uses are compliant with data protection laws, to the extent applicable to us, including the European Union General Data Protection Regulation (“GDPR”).

1. Information Collection

Although you are not obligated to provide any Personal Data on the public areas of the Website, you may choose to do so by voluntarily providing your Personal Data to us, and we may keep a record of it. We collect Personal Data from a number of sources, either directly from the data subjects or from clients, colleagues, agents, and other publicly available sources. We may collect the following categories of Personal Data about you:

  • Basic Data: name, gender, organization, title, job responsibilities, phone number, mailing and email address, social media accounts;
  • Financial Data: bank account information, invoicing details;
  • Client service data: Personal Data received from clients in respect of employees, customers, or other individuals known to clients;
  • Compliance data: government identifiers, passports or other identification documents, beneficial ownership data, due diligence data;
  • Job applicant data: identification data, contact information, resume, and other data provided by you or third parties, including recruiters, online recruitment portals, or offline in connection with job openings;
  • Device data: Internet Protocol (IP) address, device identifier, cookies, and other data linked to a device and data about usage of our Website.

2. Personal Data Usage

We may use your Personal Data for the following purposes and, for each purpose, based on the following legal grounds:

  • Provision of legal services and responding to inquiries – we use Personal Data that you voluntarily submit to us during our engagement, regardless of the media used, such as basic data and other service data that we may process in connection with the provision of services. Our work for you may also involve providing such information to third parties, such as experts and other professional advisers in order to represent your interests most effectively. We need to process your Personal Data in this way in order to perform our obligations under our contracts with you.
  • Management of business and administration of client relationships – we use basic data, financial data, and other service data, including for the processing of invoices, updating of client records, and management of our vendor relationships. This processing is necessary to perform our obligations under our contracts with our clients (e.g. issuing and processing invoices) and suppliers (e.g. managing the supply of goods and services to Buzko Legal).
  • Providing relevant marketing – we use basic data and device data to communicate with you by providing you with information about our events, seminars, or services, including legal services, legal updates, client conferences or networking events, that may be interesting to you. This processing is necessary for our legitimate interest to send you tailored marketing messages, client newsletters, and invitations.
  • Keeping our website and IT systems and processes safe – we use identification data, contact details, financial data, cookie and device data, and other service data. It is necessary for our legitimate interests to monitor how our Website is used to detect and prevent fraud, other crimes, and the misuse of our Website. This helps us to ensure that you can safely use our Website.
  • Complying with legal or regulatory inquiries and requests – we use identification data, contact details, financial data, cookie and device data, and legal and regulatory compliance data (including for anti-money laundering or fraud detection purposes, statutory returns and fulfillment of Buzko Legal’s ethical obligations). This processing is necessary for the purpose of complying with legal requirements that apply to us.
  • Recruitment – we collect and process Personal Data about job applicants for purposes of screening, identifying, and evaluating candidates for positions; record-keeping related to hiring processes; analyzing the hiring process and outcomes; and conducting background checks, where and to the extent permitted by applicable law, which may also be subject to a relevant local recruitment privacy policy. If you are hired by Buzko Legal, this data will be transferred to our employee record files for the purpose of your employment. This processing is necessary in order to take steps at the request of the job applicant in the context of recruitment prior to entering into a contract. In addition, job applicant data and legal and regulatory compliance data may be used as necessary to comply with legal, regulatory, and corporate governance requirements.

3. Information Sharing

We may share your Personal Data with the following categories of recipients:

  • Affiliates – we may share Personal Data with our affiliates in order to provide you with legal services and in order to administer our relationship with you (e.g. invoicing, marketing).
  • Suppliers and service providers – we may share Personal Data with vendors that may process your Personal Data on our behalf and under our written instructions to carry out their services during the course of our business, such as IT service providers, financial institutions, customer relationship management databases and other cloud-based solutions, third-party companies providing us with business analytics and statistics to assist with our marketing campaigns, and third-party venues in which we may host events and seminars. We contract with such vendors to ensure that they only process your Personal Data under our instructions and ensure the security and confidentiality of your Personal Data by implementing the appropriate technical and organizational measures for such processing.
  • Corporate purchasers – we may share Personal Data with third parties in connection with business transfers, such as a reorganization, restructuring, merger, acquisition, or transfer of assets of Buzko Legal, provided that the receiving party agrees to treat your Personal Data in a manner consistent with this Privacy Policy.
  • Mandatory disclosures and legal claims – we may share Personal Data with law enforcement and regulatory or government agencies requesting such Personal Data in connection with any inquiry, subpoena, court order, or other legal or regulatory procedures with which we are legally obligated to comply. We may also share Personal Data to establish or protect our legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims.

Please note that the Privacy Policy covers this Website only. We are not responsible for the data policies, procedures, or content of any linked websites. We recommend that you check the privacy and security policies of each website you visit.

4. Marketing Choices

You have control regarding our use of Personal Data for direct marketing. In certain markets, you will need to expressly consent before receiving marketing. In all markets, you can choose to not receive such communications at any time. If you no longer wish to receive any marketing communications or to remain on a mailing list to which you previously subscribed, please follow the unsubscribe link in the relevant communication or contact us at info@buzko.legal.

5. Your Rights

If you are in the European Economic Area (“EEA”), you have the following rights:

  • Access. You have the right to request a copy of the Personal Data that we process about you, which we will provide to you in electronic form. If you require additional copies, we may need to charge a reasonable administration fee;
  • Rectification. You have the right to require the correction of any mistake in the Personal Data, whether incomplete or inaccurate, that we hold about you;
  • Deletion. You have the right to require that we delete your Personal Data unless we are required to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims;
  • Restriction. You have the right to request that we restrict our processing of your Personal Data where (i) you believe such data to be inaccurate, (ii) our processing is unlawful; or (iii) we no longer need to process such data;
  • Portability. You have the right to receive your Personal Data that you have provided to us in a structured, commonly used, and machine-readable format and have the right to transmit that data to a third party in certain situations;
  • Objection. You have the right to (i) object at any time to the processing of your Personal Data for direct marketing purposes and (ii) object to our processing of your Personal Data where the legal ground for such processing is necessary for legitimate interests pursued by us or by a third party. We will then abide by your request unless we can demonstrate compelling legal grounds for continued processing of the data;
  • Withdrawing Consent. If you have consented to our processing of your Personal Data, you have the right to withdraw your consent at any time, free of charge. "Explicit consent" would be required if Buzko Legal relies on consent as the condition to lawfully process "special categories of personal data," as defined in the GDPR.

If you are in the EEA, you also have the right to lodge a complaint withthe local data protection authority, such as the Information Commissioner'sOffice ("ICO") in the UK or la Commission Nationale de l'Informatiqueet des Libertés ("CNIL") in France, if you believe that we have notcomplied with applicable data protection laws, including the GDPR. Please click here for a list of local data protection authoritiesin the EEA countries.

Please note that some of these rights may be limited where wehave an overriding interest or legal obligation to continue to process yourPersonal Data, or where data may be exempt from disclosure due to reasons oflegal professional privilege or professional secrecy obligations.

If you are in the EEA and would like to exercise any of those rights, please:

  • Email us at info@buzko.legal;
  • Provide enoughinformation to identify yourself (e.g., name, email address, etc.);
  • Provide proof of your identity and address (a copy of your driver’s license or passport and a recent utility or credit card bill); and
  • Provide the information to which your request relates.

6. Data Security

We have implemented technical and organizational security measures in an effort to safeguard the Personal Data in our custody and control. Such measures include, for example, restricted access to Personal Data only to staff and authorized service providers on a need-to-know basis, as well as other administrative, technical, and physical safeguards.

While we endeavor to always protect our systems, sites, operations, and information against unauthorized access, use, modification, and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others. Please note that email is not a secure medium and should not be used to send confidential or sensitive information. By providing information online, you accept the inherent security risks of providing information over the Internet and will not hold us responsible for any breach of security, unless it is due to our negligence or willful default. If you have any reason to believe that your username or password has been compromised, please contact us as detailed below.

7. Data Transfer

Buzko Legal is an international law firm comprising multiple offices andaffiliated entities in different jurisdictions. Your Personal Data may betransferred to or shared across our integrated computer networks with one ormore of Buzko Legal offices and our affiliated offices in the United States andother countries that may not be subject to data protection laws similar tothose prevailing in the jurisdiction in which such information is provided toor received by us. However, all of our offices adhere to the same procedureswith respect to your Personal Data, including this Privacy Policy.

If Buzko Legal receives Personal Data from within the EEA, it will be necessary to transfer that data to a country outside the EEA in order to provide our attorneys with access to clients' Personal Data to enable them to provide legal services, wherever they are located, and for related purposes as set out in this Privacy Policy, including updates and enhancements to our records, analysis to help us manage our practice, statutory returns, legal and regulatory compliance, the administration and management of Buzko Legal's global IT systems, and our other legitimate business interests.

When we transfer Personal Data from within the EEA to countries located outside the EEA that have not received an adequacy decision from the European Commission, we have implemented adequate safeguards to appropriately protect such transfer of Personal Data, including on the terms of a valid data transfer agreement incorporating the European Commission's standard contractual clauses or as permitted under applicable data protection laws. These safeguards are designed to protect your privacy rights and provide you with remedies in the unlikely event that your Personal Data is misused.

8. Information Retention

We will only retain your Personal Data for as long as necessary for the purposes for which that information was collected as set out in this Privacy Policy or for longer as required under any applicable legal, regulatory, accounting, or reporting requirements.

9. Notification of Changes

We may occasionally update this Privacy Policy as our services and privacy practices change, or as required by applicable legal or regulatory requirements. Where it is practicable, we will notify you by email of any significant changes. However, the last update date is posted below, and we encourage you to review this Privacy Policy periodically to be informed of how we use your Personal Data.

10. Contacts

If you have any questions, concerns, or suggestions regarding this Privacy Policy, please contact us by post to Privacy Officer, Bolshaya Raznochinnaya 16, Suite 510, St. Petersburg 197110, Russian Federation, or by email at info@buzko.legal.