Cookies under Romanian ePrivacy and data protection legislation

What are cookies are, what is their use and how does using them impact on businesses?

 A cookie is a small text file that can be stored on your computer when you visit websites.

 When you visit the website later again, the cookie returns to the concerned website. In this way, amongst other technical ways, the website recognizes your browser.

 There are 3 types of cookies: cookies for functional purposes, cookies for analytical purposes and cookies for advertising purposes.

 Websites use functional cookies. This means that these cookies are essential to the proper functioning of the website and it is not possible to refuse these cookies if you want to visit the respective website. As most law firms we use cookies and when you enter our web site the question of cookies arises.

 Most websites also use cookies for analytical purposes in order to quantify the visits (traffic) on the website. This allows you the owner of the web site, know how many times a page has been visited. Users can refuse the installation of these cookies on their device.

 Some websites use cookies for advertising purposes in order to be able to offer targeted services to the users. Users can refuse the installation of these cookies on their devices.

 On 1st October 2019 The Court of Justice of the European Union (“CJEU”) delivered its judgment in Case C ‑ 673/17 finding that the consent is not validly given or permitted by way of a pre-checked checkbox which the user must deselect to refuse his or her consent. Instead, the consent must be obtained by a consumer’s “active behaviour.”

 In its judgement, the CJEU made it clear that the conditions regarding consent are not to be interpreted differently according to whether or not the information stored or accessed on a website user’s terminal equipment is personal data within the meaning of Directive 95/46 on the protection of individuals with regard to the processing of personal data or Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46( GDPR).

 The information that the service provider must give to a user includes the duration of the operation of cookies and whether third parties may have access to those cookies.

 Regarding the form of the consent, the CJEU established that consent of a user required under Directive 2002/58 (the ePrivacy Directive) for storing or accessing cookies should have the same meaning as the data subject’s consent as defined and further specified in GDPR. In accordance with the GDPR, consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement, such as by a written statement, including by electronic means, or an oral statement.

 This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance. Silence, pre-ticked boxes or inactivity does not constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for each of them. If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided. Therefore, consent that does not comply with the requirements of the GDPR may not be relied upon for the purposes of the ePrivacy Directive.

 For businesses knowing which cookies they use, what data is collected with them and with whom they are shared is a necessity, both under GDPR and under ePrivacy Directive. Bearing in mind that since the GDPR took effect on May 25, 2018, data protection authorities in the EU including Romania have wasted no time in launching enforcement actions and issuing fines.

 Should you require any further clarification concerning the use of cookies or the application of any GDPR requirements please contact use and we will be pleased to advise you.

Oana Panduru,
Bucharest,
27th March 2020

PRIVACY POLICY

  This policy sets out the basis on which any personal data we collect from you through our Site (as defined below), or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

  Hammond Partnership is committed to protecting and respecting your privacy.

  To notify you of developments in the law and of the articles we have recently written that may be of interest to you.

INFORMATION WE MAY COLLECT FROM YOU

We may collect and process the following information:

  Information that you provide by filling in forms on our site at “www.Hammond-Partnership.com” (“our Site”). This includes information provided at the time of registering to use our Site, using our legal services, posting material (such as your Curriculum Vitae or details of your legal requirements) or requesting further services. We may also ask you for information when you report a problem with our Site.

  All information you provide to us is stored on our secure servers. Where we have given you

  Information that you provide by way of surveys that we send to you for research purposes

  Details of your visits to our Site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.

Where we store your personal data:

We may disclose your personal information to third parties:

  Information that you provide by way of correspondence.

  Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

  The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the provision of services to you, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to the transfer, storing or processing as referred to in this policy. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy.

OTHER SITES

  Our Site may, from time to time, contain links to and from other websites. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

USES MADE OF THE INFORMATION:

We use information held about you in the following ways:

  To ensure that content from our Site is presented in the most effective manner for you and for your computer.

  To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.

  To carry out our obligations arising from any contracts entered between you and us,

  To allow you to participate in any interactive features of our services.

  To notify you about changes to our services.

  To notify you of developments in the law and of the articles we have recently written that may be of interest to you. Get in touch with us by filling up our contact form.

We may also use your data to provide you with information about our additional services that may be of interest to you and we may contact you about these by post or email. If you do not wish us to receive such information from us, please let us know by email to “enquiries@hammond-partnership.com” . We will not pass your data to third parties without your permission.

DISCLOSURE OF YOUR INFORMATION

We use information held about you in the following ways:

  If our assets are acquired by a third party, in which case personal data held by it about its clients may be one of the transferred assets.

  If we are under a duty to disclose or share your personal data to comply with a legal obligation, or to enforce or apply our Terms of Engagement and other agreements; or to protect our rights, property, or safety or those of, our clients or personnel. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

  If we are under a duty to disclose or share your personal data to comply with a legal obligation, or to enforce or apply our Terms of Engagement and other agreements; or to protect our rights, property, or safety or those of, our clients or personnel. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

  If our assets are acquired by a third party, in which case personal data held by it about its clients may be one of the transferred assets.

YOUR RIGHTS

You have the right to ask us not to process your personal data for marketing purposes. You can exercise the right at any time by contacting us at “enquiries@hammond-partnership.com”. You also have the right to access information we hold about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of 10 Euro to meet our costs in providing you with details of the information we hold about you.

CHANGES TO OUR PRIVACY POLICY

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

  Hammond Partnership is committed to protecting and respecting your privacy.

  This policy sets out the basis on which any personal data we collect from you through our Site (as defined below), or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

  To notify you of developments in the law and of the articles we have recently written that may be of interest to you.