Gorici Legal Logo

PRIVACY POLICY ON DATA PROCESSING

PERSONAL

LAST UPDATE: 12.01.2026

This Privacy Policy ("Privacy Policy" or "Policy") explains how to

where GORICI Vlad-Stefan - Law Firm ("Gorici Legal" or "We" or "Us") processes

personal data of website visitors https://goricilegal.com (the "Site") and the

people who contact us via the Site or subscribe to our newsletter.

  1. GENERAL PROVISIONS
    1. This Privacy Policy provides clear, transparent and easy-to-understand information on how Gorici Legal collects, uses, stores and protects the personal data of the users of the Website ("Users", "User" or "You"), in accordance with Regulation (EU) 2016/679 ("GDPR") and with applicable national data protection legislation.
    2. This Policy applies to all Your interactions with Us conducted through the Site.
    3. Terms, conditions and definitions used in this Privacy Policy shall have the meanings ascribed to them by the GDPR, including the notions of "'controller', 'data subject', 'personal data', 'processing', 'recipient', and any other terms defined by the GDPR and used in this Privacy Policy.
  3. PERSONAL DATA CONTROLLER
    1. The personal data controller is the person or entity that determines how your personal data is collected, used and managed.
    2. The personal data controller is Cabinet de Avocat GORICI Vlad-Ștefan GORICI Vlad-Ștefan, with registered office in Bucharest, Gheorghe Petrașcu Street, 53, PM53 block, 9th floor. Apt. 81, Sector 3, with fiscal code 41868146, represented by coordinating lawyer Vlad-Ștefan Gorici.
    3. The personal data controller can be contacted:
      1. a. By post, to the registered office address;
      2. b. By e-mail to: [email protected]
  5. WHAT DATA WE PROCESS
    1. Depending on how you interact with the Site, we may process the following categories of data:
  7. Data provided directly by you:
  • Contact form: Full name, e-mail address, telephone number, company details (if filled in), message content and any other information you choose to include.
  • Newsletter: e-mail address, name and preferences.
  • Correspondence: your answers, clarifications and attachments.

 

  1. Data collected automatically (technical data):
  • IP address, browser/device details, operating system, language settings;
  • Pages visited, date/time of access, traffic sources, other interactions with the Site;
  • Cookies and similar technologies (details can be found in the Cookie Policy).
  1. We do not collect special categories of personal data within the meaning of Article 9 of the GDPR, namely information concerning health, racial or ethnic origin, political opinions, membership of political, professional or trade union organisations, religious or philosophical beliefs, sexual orientation, biometric or genetic data or information about criminal convictions or offences.
  2. PURPOSES AND LEGAL GROUNDS FOR PROCESSING
    1. Depending on how you interact with the Site, we process your personal data for the following purposes:

Aim

Data concerned

Legal basis

Response, communication and tendering

Identifying data (Surname, first name, name)

Contact details (e-mail/phone/address)

Art. 6 para. (1) lit. f) GDPR - legitimate interest; 

Art. 6 para. (1) lit. b) GDPR - pre-contractual steps.

Subscribe to and send newsletter / marketing communications

Identifying data (Surname, first name, name)

Contact (e-mail)

Communication preferences

Art. 6 para. (1) lit. a) GDPR - expressed consent by you in this regard.

Managing and ensuring the security of the Site;

Prevent fraud/abuse

Technical data;

Logs

Art. 6 para. (1) lit. f) GDPR - legitimate interest; 

Legal obligations (Archiving, accounting, requests from authorities)

Data required by law

Art. 6 para. (1) lit. c) GDPR - legal obligations;

Statistical analysis and Site improvement

Technical data, cookies

Art. 6 para. (1) lit. a) GDPR - expressed consent by you;

Art. 6 para. (1) lit. f) - legitimate interestwhere permitted by law (e.g. for strictly necessary data)

  1. NEWSLETTER
    1. For sending commercial communications (such as newsletter), the processing of personal data takes place only on the basis of your express consent, in accordance with Art. 6 para. (1) lit. a) GDPR.
    2. Your data will be used to send you communications about news, services, articles, invitations or other marketing material.
    3. Consent can be withdrawn at any time, free of charge, by using the unsubscribe link in the email containing the newsletter or directly by email to [email protected]
    4. The lawfulness of processing carried out prior to the withdrawal of consent will not be affected by the withdrawal of consent.
  3. COOKIES AND SIMILAR TECHNOLOGIES
    1. The Site uses cookie technologies necessary for the operation of the Site, as well as, if you choose to use them, analytics and/or marketing cookies.
    2. Cookies that are strictly necessary for the proper functioning of the Website may be used without Your express consent, to the extent and within the limits permitted by applicable law.
    3. Functional and analysis and/or marketing cookies can only be used with your express consent via the cookie banner that will be visible when you first access the Website.
    4. Your preferences can be changed at any time in your browser settings,
    5. The detailed cookie policy can be studied by following this link: [LINK TO COOKIE POLICY].
  5. DATA RECIPIENTS
    1. As a rule, your personal data will be stored and processed internally by Gorici Legal.
    2. However, we may disclose your data, strictly to the extent necessary, to:
    • Providers of hosting, website maintenance and IT services;
    • Providers of email infrastructure and newsletter transmission tools;
    • Site security and abuse prevention providers;
    • External consultants (lawyers/accountants/auditors), when necessary;
    • Public authorities/bodies, when we are required to do so and we have to fulfil a legal obligation, i.e. when it is necessary for the defence of our legitimate rights.
    1. Insofar as the recipients of your data act as authorised persons, Gorici Legal concludes contracts with them, which require data confidentiality and security measures with regard to these data.
    2. Gorici Legal will not transfer your personal data to third countries outside the European Economic Area. In the event that such a transfer takes place, it will be strictly for the purposes set out in this Privacy Policy and will be carried out with the implementation of appropriate safeguards as required by the GDPR (e.g. standard contractual clauses approved by the European Commission) and, where appropriate, additional security measures.
  7. STORAGE DURATION
    1. Unless European or national law requires a longer storage period, your personal data is stored only for the period necessary for the fulfilment of the purposes for which it was collected and processed.
    2. Data provided at the time of subscription to the newsletter will be kept until unsubscribe/withdrawal of consent, plus a reasonable period for keeping records that may be required in the future (e.g. proof of consent, unsubscribe lists).
    3. Technical and security data will be kept for a limited period proportionate to the purpose for which they have been stored and processed.
  9. THE RIGHTS OF THE DATA SUBJECT
    1. In accordance with the provisions of the GDPR, you, as a data subject of the processing of personal data by Gorici Legal, have the following rights in relation to the processing of personal data:
      1. Right access - The data subject has the right to obtain confirmation of the processing of his or her data and to receive a copy of it.
      2. Right to rectification - The data subject has the right to request the rectification of inaccurate or incomplete data.
      3. Right to erasure ('right to be forgotten') - The data subject has the right to obtain the erasure of personal data, under the conditions provided for by the GDPR. The University has the right to refuse a request for erasure in certain situations, such as where the processing is necessary for compliance with a legal obligation, for the establishment, exercise or defence of legal claims, or for the exercise of freedom of expression and information.
      4. Right to restrict processing - The data subject may request restriction of the processing of his/her personal data.
      5. Right to data portability - The data subject has the right to receive personal data concerning him or her in a structured, commonly used and machine-readable format and has the right to have such data transmitted to another controller.
      6. The right to oppose - The data subject has the right to object to the processing of personal data, under the conditions laid down in the GDPR.
      7. The right not to be subject to a decision based solely on automated processing.
      8. Right to withdraw consent - Where personal data are processed on the basis of consent, the data subject has the right to withdraw consent.
      9. Right to complain - The data subject has the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing ("ANSPDCP").
      10. In order to exercise any of your rights, as well as for any other requests in relation to the processing of your personal data, you may contact us using one of the methods set out in Article II of this Privacy Policy.
      11. We will respond to any request concerning the processing of personal data no later than one month from the date of receipt of the request, in accordance with applicable law. This period may be extended by up to two months if necessary, taking into account the complexity and number of requests. In that case, we will inform you of the extension within one month of receipt of the request and communicate the reasons for the delay.
      12. In certain situations, we may be unable to honour a request for personal data, to the extent that such refusal is permitted by applicable law or the request is manifestly unfounded or excessive. In such cases, we will provide the User with a clear justification of the grounds for refusal, i.e. we will inform the User about the possibility to lodge a complaint with the competent supervisory authority or to go to court.
      13. You have the right to lodge a complaint with the supervisory authority about the processing of your personal data. In Romania, the contact details of the data protection supervisory authority are as follows:
      • National Supervisory Authority for Personal Data Processing ("ANSPDCP")
      • Address. Gheorghe Magheru nr. 28-30, Sector 1, postal code 010336, Bucharest, Romania
      • Phone: +40.318.059.211 or +40.318.059.212
      • E-mail: [email protected] 
      1. Without prejudice to your right to contact the Supervisory Authority at any time, we encourage you to contact us first to try to resolve any problems amicably. We undertake to use all reasonable endeavours to respond promptly and efficiently to your requests.
  11. DATA SECURITY
    1. We apply appropriate technical and organisational measures proportionate to the nature of the data processed and the associated risks in order to protect personal data against unauthorised disclosure or access, accidental or unlawful destruction or accidental loss, accidental or unlawful destruction or alteration.
    2. We can use security measures such as:
      • Limiting access to processed personal data to authorised persons only;
      • Use of IT security systems;
      • Encrypt data where possible;
      • Continuous risk monitoring;
      • Develop internal organisational measures such as training of authorised persons, confidentiality rules, incident management procedures and regular evaluation of security measures.
    4. However, we cannot completely exclude the risk of security incidents caused by external factors or unforeseen vulnerabilities. In the event that we identify a security incident affecting personal data and in respect of which we have legal obligations, we will take all necessary measures to mitigate the effects and will provide the notifications required by applicable data protection legislation (where applicable to the data subjects and/or the competent authority).
  13. LINKS TO THIRD PARTIES
    1. The website may contain links to third party platforms (including social networks). The processing of personal data by these third parties will be in accordance with their privacy policies, for which we are not responsible.
  15. Changes and updates to the Privacy Policy
    1. We reserve the right to modify and update this Privacy Policy from time to time, in particular in the following situations: (i) when applicable legislative or interpretative changes occur (e.g. in the field of data protection and electronic communications), (ii) when we change the functionalities of the Site (e.g. introduction of new forms, analytics/marketing tools, integrations with third party platforms), (iii) when we change our providers or the way we provide our services.
    2. The updated version will be published on the Website and the date "Latest update", at the beginning of the document will be amended accordingly.
    3. Changes to the Privacy Policy will be effective upon posting on the Site and are not subject to prior notice to Site Users. By way of exception, to the extent that the changes are substantial (for example, if we introduce new purposes of processing or new categories of data that we process), we will use reasonable endeavours to inform you.
    4. We encourage you to consult this Privacy Policy regularly to stay informed about how we process your data.