Băncilă, Diaconu și Asociații SPRL is a member firm of Ernst & Young Global Ltd
Bucharest Tower Center, etaj 22 B-dul Ion Mihalache
nr. 15-17 011171 Bucuresti, sector 1, Romania
+40 21 402 4000
RO || EN

Privacy Policy ra-law.ro

1. Introduction

Băncilă, Diaconu și Asociații SPRL is a law firm organized and functioning in accordance with the Romanian laws, headquartered in Bucharest, 15-17 Ion Mihalache Bld., Sector 1, registered with the fiscal authorities under no. RO18694533.

This Privacy Notice is intended to describe the practices Băncilă, Diaconu și Asociații SPRL, as a member firm of Ernst & Young Global Ltd, follows in relation to its Customer Relationship Management systems (CRM systems) with respect to the privacy of all individuals whose personal data is processed and stored in the CRM systems for direct marketing purposes.

“EY” refers to one or more of the member firms of Ernst & Young Global Limited (“EYG”), each of which is a separate legal entity. The Romanian member firms of EYG, each of which is a separate legal entity, are: Ernst & Young SRL, Ernst & Young Assurance Services SRL, Ernst & Young Service SRL and RBăncilă, Diaconu și Asociații SPRL.


2. Who manages EYs CRM systems?

The entity that is managing the CRM systems for the EY member firms globally is EY Global Services Limited (a private company limited by shares in England and Wales, registered office, 6 More London Place, London SE1 2DA, United Kingdom, registered number 5483856).

The personal data stored in our CRM systems is available to all EY member firms (see “Who can access your information” section below). Each EY member firm is the controller for its own contact data stored in the CRM systems.


3. Why do we need your information?

The CRM systems are EYs client/contact relationship management tools that support the marketing operations of EY member firms. Clients and contacts in the CRM systems may be sent to EY thought leadership, marketing materials, learning opportunities, surveys and invitations to events.

Personal data processed in the CRM systems is used for the purposes of sales and marketing. Processing your contact information allows us to communicate with you via electronic mailings, text messages, in hard copy form or from time to time if necessary also via phone.

EY relies on the following basis to legitimize the processing of personal data in its CRM systems:

  • Member firms have obtained individual’s consent for the processing of personal data in the CRM systems; or
  • Member firms have a legitimate interest to process personal data in the CRM systems, which legitimate interest is the processing of personal data for direct marketing purposes.


4. What type of personal data is processed in the CRM systems?

The CRM systems process personal data of former, current and prospective clients (including individuals within a corporate client) of EY member firms. The CRM systems also contain data of other business contacts (such as consultants, regulators, journalists) as well as alumni.

The following data categories are processed in the CRM systems:

  • Name, job title, address, email address, phone numbers, fax number
  • Marketing preferences
  • Invitation responses and event attendance confirmations


5. Sensitive Personal Data

Sensitive personal data reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation.

EY and, specifically, Băncilă, Diaconu și Asociații SPRL do not intentionally collect any sensitive personal data from you to store in its CRM systems. The CRM systems’ intention is not to process such data unless you explicitly provide sensitive personal data to us (for example dietary requirements if you attend one of our events).


6. Who can access your information?

Access to your personal data is limited by need. All marketing personnel within the EY member firms worldwide have access to your contact information.

We will only disclose your personal data to third parties:

  • If such third party is engaged by EY to facilitate, maintain or support its CRM systems (for example, to provide information technology and other administrative support services to operate the CRM systems);
  • When explicitly requested by you;
  • As required by a court order or any other legal or regulatory requirement.


7. International transfer of data

EYs CRM systems are hosted in EYs global data centres in Germany, the United States and Singapore and are accessible globally by all EY member firms.

EY has a comprehensive global privacy compliance program that includes EU-approved Binding Corporate Rules as well as certification to the EU-US Privacy Shield and the Swiss-US Privacy Shield Frameworks administered by the U.S. Department of Commerce. Please see EY’s Binding Corporate Rules page for more information on our Binding Corporate Rules, and EY’s Privacy Shield Notice for more information on how EY complies with the Privacy Shield program. EY will only disclose your personal data to third parties that provide an adequate level of privacy protection.


8. Data retention

Data of contacts who have been out of active use for 18 months will be deleted from our CRM systems. If you want to have your data deleted from our CRM systems or if you wish to object to the processing of your personal data for direct marketing purposes, please email us via gdpr@ro.ey.com.


9. Security

EY is committed to making sure your personal data is secure. To prevent unauthorized access or disclosure, EY has technical and organizational measures to safeguard and secure your personal data. All EY personnel and third parties EY engages to process your personal data are obliged to respect your data’s confidentiality.


10. Controlling your personal data

EY will not transfer your personal data to third parties (other than any external parties referred to in section 6 above) unless we have your permission or are required by law to do so.

You are legally entitled to request details of EY’s personal data about you.

To confirm whether your personal data is processed in our CRM systems or to access your personal data in the CRM systems, contact your usual EY representative or email your request to gdpr@ro.ey.com.


11. Rectification, erasure, restriction of processing or data portability

In order to confirm that your personal data is accurate and current or to request rectification, erasure, restriction of processing or a readily portable copy of your personal data, you can contact your usual EY representative or by sending an e-mail to gdpr@ro.ey.com.


12. Recruitment

By submitting your CV (and/or cover letter) on the dedicated page of our Site you agree with the fact that your personal data incorporated under this(/these) document (e.g., name, e-mail, phone number, address, education, professional experience) will be used by Băncilă, Diaconu și Asociații SPRL for the purpose of assessing your application for a position within the law firm.

Băncilă, Diaconu și Asociații SPRL intends to keep your personal data, based on its legitimate interest, for as long as necessary in order to serve the purpose of the envisaged data collection (e.g., for the duration of the respective recruitment process, as well as for future recruitment endeavours). To the extent you wish Băncilă, Diaconu și Asociații SPRL to refrain from using these personal data in the future please inform us by sending an email to gdpr@ro.ey.com or by using the contact form on our Site.

The personal data collected during the recruitment process are available to other EY member firms. The human resources personnel within EY Romania member firms have access to these data for the purpose of assessing the application.


13. Complaints

If you are concerned about an alleged breach of privacy law or any other regulation, contact EY’s Global Privacy Officer, Office of the General Counsel, 6 More London Place, London, SE1 2DA, United Kingdom or via email at global.data.protection@ey.com or via your usual EY representative. An EY Privacy Officer will investigate your complaint and provide information about how it will be handled.

If you are not satisfied with how EY resolved your complaint, you have the right to complain to your country’s data protection authority. You can also refer the matter to a court of competent jurisdiction.


14. Contact us

If you have additional questions or concerns, contact your usual EY representative or email gdpr@ro.ey.com.