PERSONAL DATA PROTECTION POLICY
In accordance with the provisions of law n ° 78-17 of January 6, 1978 amended by law n ° 2018-493 of June 20, 2018, we inform you that the processing of personal data collected from the Website is implemented under the conditions of this privacy policy.
The Firm informs you that within the meaning of the aforementioned regulations:
• “personal data” is any information that identifies, directly or indirectly, an individual.
• “processing of personal data” is any operation or set of operations applied to personal data.
Information on personal data processing
The processing of personal data carried out within the framework of the Website is based on the legitimate interest of the Firm to implement such activities.
The Firm collects personal data either directly from users, generally through registration forms, or indirectly during interactions with users and / or customers.
When personal data is collected directly from users and / or customers, the mandatory information is flagged. These are essential for the performance of the contract with the Firm or for compliance with a legal obligation. Failure to communicate may prevent the registration and / or processing of a case.
The processing of personal data carried out by the Firm is carried out for the following purposes and on the following legal basis.
| Categories of persons | Purpose of processing | Legal Basis | Categories of data | Duration of processing |
|---|---|---|---|---|
| Clients | Performance of obligations imposed by contract, code of ethics and law | Legitimate interest | Identity / Professional contact details | Duration of the contractual relationship + statutory limitation period |
| Clients / Prospects | Billing | Contractual performance, legitimate interest | Identity / Professional contact details | 10 years from the date of closure of the last fiscal year during which the invoice was issued |
| Clients | Debt collection | Legitimate interest | Identity / Professional contact details | Until full payment of legal fees |
| Clients | Prevention of money-laundering, terrorist financing, fight against corruption | Compliance with legal and regulatory obligations | Identity / Professional contact details | 5 years after the end of the contractual relationship |
| Website Users | Analysis of website performance & user experience (statistical & anonymized browsing data) | Legitimate interest / Consent | Anonymized browsing data | 13 months from user consent |
| Clients / Prospects | Marketing | Legitimate interest | Identity / Personal & professional life, economic & financial information | 3 years |
| Clients | Management of client relationship | Legitimate interest | Identity / Professional contact details | Duration not specifically stated (generally tied to relationship duration) |
Recipients of personal data
The personal data of users and / or customers is processed by the Firm in confidence and with care.
The Firm shares the date only with:
• service providers engaged to process data on behalf of the Firm, for example for the management of our Website, payments, making appointments and performing agreed services. These service providers are only authorized to use personal data as part of the services they perform on behalf of the Firm and only for the achievement of the purposes set out herein;
• public bodies or authorities requesting access thereto, to comply with a legal obligation or protect rights;
• Firm employees, associates and interns.
It is also recalled that all exchanges between clients and their lawyer are covered by professional secrecy.
Place and duration of storage of personal data
The Firm stores all personal data of users and / or customers on the territory of the European Union. Some of this data may be transferred and stored outside the European Union by service providers hired by the Firm. The Firm undertakes to do everything in its power to ensure that these service providers adopt the relevant organizational and technical measures by taking into account the adequacy decision “Privacy Shield” of the Commission if such providers are located in the United States.
The Firm only keeps personal data for the time necessary to achieve the purpose for which it was collected, in accordance with the above.
User rights
In accordance with the French Data Protection Act (“Loi Informatique et libertés”) of 6 January 1978 as amended and the general data protection regulations, you have the right to access, query, limit, delete, modify and rectify the information concerning you, and the right to obtain its portability.
You also have a right to object to the processing of your personal data, as well as a right to object to this data being used for commercial prospecting purposes. Finally, you have the right to define general and specific directives defining the manner in which you intend to exercise these rights after your death.
You can exercise these rights by sending an email to the following address: contact [_ @ _] Frenchco.lawyer or by post to SELARL LEGASTRAT, for the attention of Me Mariela PETROVA, 182 rue de Rivoli, 75001 PARIS accompanied by a copy of a signed identity document.
Finally, you have the right to lodge a complaint with the National Commission for Information and Freedoms (Commission Nationale de l’Informatique et des Libertés), which is the French supervisory authority in charge of ensuring compliance with the obligations regarding the protection of personal data.
Data processors
Any third party who processes the customer’s personal data on behalf of the data controller becomes a data processor. The services of the subcontractor are essential for the execution of the purchase contract and the processing of the order placed by the customer on the part of the data controller. Sub-contractors of the data controller are:
• Google Analytics, an online audience analysis solution for a website
Data security
The data controller declares to have put in place all the technical and organizational measures necessary to guarantee that the use of personal data respects the privacy of the persons concerned.
The data controller has implemented all the technical measures necessary to guarantee the security of the data it has collected, in particular securing access to its computer with a password, using anti-virus software and carrying out periodic maintenance of the computers.
