Privacy policy
Introduction
CasePro Law Firm ("we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and disclose personal information about visitors to our website (the "Site"), individuals who use our contact form, job applicants, and clients of our law firm. We adhere to the General Data Protection Regulation (GDPR) and other relevant data protection laws.
1. Data Controller
The data controller responsible for your personal data is:
CasePro OOD
17 A, Tsar Osvoboditel Blvd., floor 2
Sofia, Sredets Region, 1504
office@casepro.bg
+ 359 887 323 047
Safeguarding your personal data throughout the entire data processing lifecycle, along with ensuring the security of all business information, is a top priority for us. We handle the personal data we collect with strict confidentiality and in compliance with national and European legal standards. Data protection and information security are fundamental elements of our corporate policy.
2. What is Personal Data?
Personal data refers to any information that relates to an identified or identifiable individual. This includes information that can directly or indirectly identify a person, such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual. Examples of personal data include, but are not limited to, your name, email address, phone number, IP address, and any other information that could identify you, either on its own or when combined with other data.
3. Personal Data We Collect
We may collect and process the following personal data:
a. Website Visitors
- Contact Form Data: When you use our contact form, or otherwise contact us, we may collect your name, email address, phone number, and any other information you provide.
- Usage Data: We may collect data about your interaction with our Site, including IP address, browser type, referring/exit pages, and date/time stamps.
b. Job Applicants
- Application Data: We collect information submitted in your job application, such as your name, contact details, curriculum vitae (CV), cover letter, educational and professional qualifications, and any other relevant information you choose to disclose.
c. Clients
- Client Data: In order to provide legal services effectively, we collect necessary information such as your name, contact details, financial particulars, identification documents, specifics of your case or matter, and any other pertinent details essential to addressing your legal needs.
4. Purpose of Data Processing
We process personal data for the following purposes:
a. Website Visitors
- To respond to inquiries made through our contact form or when otherwise contacted.
- To improve our Site and services by analyzing user behavior and feedback.
- To monitor and analyze usage patterns to enhance user experience and website functionality.
b. Job Applicants
- To process and evaluate job applications by assessing qualifications, experience, and suitability for the position.
- To communicate with applicants about the recruitment process, including scheduling interviews, providing updates on application status, and delivering decisions.
- To maintain records of past applicants for future job opportunities, with the applicant's consent.
- To comply with legal requirements related to employment and recruitment, such as equal opportunity and anti-discrimination laws.
c. Clients
- To provide legal advice and services tailored to the client's specific needs and legal matters.
- To manage our client relationships, including billing, account management, and communications regarding ongoing and potential legal matters.
- To ensure compliance with legal and regulatory obligations, including anti-money laundering regulations, legal record-keeping requirements, and professional conduct standards.
- To conduct conflict of interest checks and maintain client confidentiality and security.
5. Legal Basis for Processing
Our legal basis for processing your personal data includes:
- Consent: We process your personal data when you have given clear and explicit consent for us to do so for a specific purpose. You have the right to withdraw your consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal.
- Contractual Necessity: We process your personal data when it is necessary for the performance of a contract with you or to take steps at your request before entering into such a contract. This includes activities such as providing legal services, managing client relationships, and fulfilling contractual obligations.
- Legal Obligation: We process your personal data when it is necessary for compliance with a legal obligation to which we are subject. This includes adhering to laws and regulations related to anti-money laundering, tax reporting, and other legal requirements.
- Legitimate Interests: We process your personal data when it is necessary for our legitimate interests or those of a third party, provided these interests are not overridden by your rights and interests. Our legitimate interests include improving our services, ensuring the security of our website, conducting business operations, and maintaining client relationships. We carefully consider and balance any potential impact on your rights before processing your personal data based on legitimate interests.
6. Data Sharing and Disclosure
We may share your personal data with:
- Service Providers: We engage third-party vendors to perform various services on our behalf, including IT support, email hosting, legal research tools, accounting services, data storage, marketing services, and other professional services. These service providers are contractually obligated to protect your personal data and process it only in accordance with our instructions and applicable data protection laws.
- Legal Authorities: We may disclose your personal data to government authorities, regulatory bodies, or law enforcement officials when required by law, legal process, or court order. This includes cooperating with authorities for the protection of our legal interests, the safety of our clients and employees, and in cases of fraud prevention, investigation, or other illegal activities.
- Business Transfers: In the event of a merger, acquisition, reorganization, sale of assets, or insolvency, your personal data may be transferred as part of the transaction. We will ensure that any party involved in such a transfer is bound to respect your personal data in a manner consistent with this Privacy Policy and applicable data protection laws. You will be notified of any change in ownership or control of your personal data, as well as any choices you may have regarding your personal data.
7. Data Retention
CasePro Law Firm will retain your personal information for no longer than is necessary to fulfill the purposes described in this Privacy Policy. Depending on the basis on which we process your personal data, the retention period varies:
- Website Visitors: Contact form data is retained for up to one year after the inquiry has been resolved unless further correspondence necessitates a longer period.
- Job Applicants: Application data is retained for up to six months after the position has been filled unless the applicant consents to a longer retention period for future job opportunities.
- Clients: Client data is retained for the duration of the client relationship and for five years from the termination of our contractual basis. After this period, and if there is no legal basis for continued retention, the information will be destroyed and your personal data permanently deleted from our system.
- Accounting Records: Personal data contained in accounting records, financial statements, and documents for tax control, audit, and subsequent financial inspections is stored for ten years from January 1 of the year following the year to which they relate, in accordance with the Accounting Act and the Tax and Social Security Procedural Code.
- Other Accounting Information: All other media of accounting information shall be kept for three years from January 1 of the year following the year to which they relate, in accordance with the Accounting Act.
- Cookies: Personal data collected through the provision of your explicit consent to the use of optional cookies via the Cookies Management Panel is stored for a maximum period of two years from the date of your consent, depending on the type of cookies concerned. For more information on the retention periods of personal data collected through cookies, please refer to our Cookie Policy.
8. Data Security
We are committed to ensuring the security of your personal data. We implement a variety of technical and organizational measures to safeguard your data, including:
- Encryption: We use advanced encryption technologies to protect data transmitted to and from our Site.
- Access Controls: We restrict access to personal data to authorized personnel only, based on job function and necessity.
- Firewalls and Intrusion Detection Systems: We deploy firewalls and monitor our systems for potential vulnerabilities and attacks.
- Regular Security Audits: We conduct regular security assessments and audits to identify and mitigate potential threats.
- Training and Awareness: We provide regular training to our staff on data protection principles and practices to ensure ongoing compliance and awareness.
Despite these measures, please note that no data transmission over the internet can be guaranteed to be completely secure. As such, we cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk.
9. Your Rights
Under the GDPR, you have several rights concerning your personal data, which include:
- Right to Access: You have the right to request access to your personal data and obtain a copy of the information we hold about you.
- Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
- Right to Erasure ("Right to be Forgotten"): You have the right to request the deletion of your personal data under certain conditions, such as when the data is no longer necessary for the purposes it was collected.
- Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing.
- Right to Data Portability: You have the right to request the transfer of your personal data to another data controller in a structured, commonly used, and machine-readable format.
- Right to Object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
-
Right to Withdraw Consent: If we process your personal data based on your consent, you have the right to withdraw that consent at any time.
To exercise any of these rights, please contact us at office@casepro.bg. We will respond to your request within one month, but this period may be extended by two further months where necessary, considering the complexity and number of requests. If we extend the response period, we will inform you within one month of your request. - Right to Lodge a Complaint: If you believe that we have not complied with data protection laws, you have the right to lodge a complaint with a supervisory authority, in particular, in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred. The supervisory authority in Bulgaria is the Commission for Personal Data Protection, with address in the city of Sofia, 1592, 2, blvd. Tsvetan Lazarov, e-mail: kzld@cpdp.bg, website: www.cpdp.bg, telephone numbers: 02/91-53-519, 02/91-53-555.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other factors. When we make changes, we will revise the "last updated" date at the top of this policy. Significant changes to this Privacy Policy will be communicated to you through a prominent notice on our website or via direct communication, such as email, prior to the change becoming effective. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data. Your continued use of our services after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.
11. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at:
CasePro OOD
17 A, Tsar Osvoboditel Blvd., floor 2
Sofia, Sredets Region, 1504
office@casepro.bg
+ 359 887 323 047
This Privacy Policy has been adopted by CasePro Law Firm and is effective as of 22.05.2018, with last update: 26.06.2024.