FORT offices in the Baltics care about your privacy and protection of your personal data.
By using our Website or Services, you agree to the provisions of this Policy and confirm that you have read and understood the provisions stated in the Policy.
We process Personal Data (as defined below) under this Policy and in accordance with applicable legislation, including the General Data Protection Regulation (2016/679) (hereinafter – the “GDPR“) and the applicable national data protection laws in Estonia, Latvia and Lithuania (hereinafter – the “Data Protection Law”).
We commit to ensure the privacy and confidentiality of the information pertaining to our former, current and potential clients, their affiliates and affiliated persons, and to adhere to the Policy set out below in congruence with our professional responsibilities and the applicable Data Protection Laws and regulations. Reference in this Policy to “your Personal Data” means any information that identifies or could reasonably be used to identify you as the user of this Website, our client or a natural person (hereinafter – the “Personal Data”).
FORT offices in Latvia, Lithuania and Estonia are the controllers of the Personal Data that falls under the scope of this Policy.
THE SCOPE OF THE POLICY
This Policy sets out how we process Personal Data regarding:
- all matters related to our former, current and potential clients;
- cookies used on our Website;
- all of our statutory obligations with respect to the GDPR, any relevant Data Protection Law, and any other applicable laws and regulations (including our obligations with respect to anti-money laundering (hereinafter – the “AML”) procedures).
THE PURPOSES, MEANS AND RETENTION TERMS OF DATA PROCESSING
- News, publications and marketing: We will use the information that you have provided to send you information about the scope and new proposals of Services, e.g., regarding changes in legislation, information about the latest news in relation to the Firm, as well as greetings on holidays and other occasions, based on your consent. We will use Personal Data for this purpose until you inform us that you no longer wish to receive such information. We may use your name, title, position, e-mail address, provided phone number, address and other information that can be used to contact you for the sake of providing you with this information.
- Services: We collect information that has been provided by our client or on behalf of our clients, or information that we have acquired independently within the scope of providing Services. This collection of Personal Data is necessary in order to fulfil the obligations towards our clients, and it is our legitimate interest as a law firm to provide legal services to our clients and potential clients. As per our professional responsibilities, we will take the utmost care to ensure the confidentiality and integrity of the Personal Data of our former, current and potential clients.
When providing Services, we process Personal Data to fulfil our AML obligations. Moreover, we will use the data to check for any conflicts of interest, as it is our obligation. We will store the acquired data in compliance with the applicable legislation of the relevant jurisdiction, and in conformity with the rules of the Estonian, Latvian and Lithuanian Bar Associations.
THE LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
We process Personal Data on the basis of:
- your consent;
- agreement between us that establishes a basis for data processing;
- legal obligations which we are subject to;
- our legitimate interest to ensure the quality of Services.
The processing of Personal Data is limited to the scope of purpose for which the data is collected. Access to Personal Data will be restricted to personnel of FORT who is required to process Personal Data to fulfil its professional responsibilities and duties to you as the client.
THE TRANSFER OF PERSONAL DATA TO THIRD PARTIES
When providing Services to our clients, we are obliged to transfer Personal Data to third parties. This may include data transfer in the context of legal procedure and litigation, as well as generally any legal services that we offer to our clients.
We do use the services of certain third parties to ensure the provision of Services (e.g. IT service providers, security, couriers, post office). We transfer Personal Data to these third-party service providers, so that they would be able to provide with their services to us. The Personal Data that is transferred to these third-party service providers is limited to the amount that is necessary to ensure the provision of third-party services.
YOUR RIGHTS AS A DATA SUBJECT
You may, at any time, exercise the following rights:
- Right to access:You have the right to request access to any data that can be considered Personal Data (e.g. what Personal Data categories are being processed by us, the purpose of our data processing etc.).
- Right to rectification: You have the right to request that we correct any of Personal Data if you believe that it is inaccurate or incomplete.
- Right to object:You are entitled to object to certain processing of Personal Data (e.g. for marketing purposes).
- Right to erasure:You may also request that Personal Data is erased, if it is no longer necessary for the purposes for which it was collected, or if you consider that the processing is unlawful, or it has to be erased to enable us to comply with legal requirements.
- Right to data portability: If Personal Data is being automatically processed with your consent or on the basis of a mutual agreement with us, you may request this Personal Data in a structured, commonly used and machine-readable format and to transmit the Personal Data to another controller if this is technically feasible.
- Right to withdraw your consent: In cases where the processing of Personal Data is based on your consent, you have the right to withdraw your consent to such processing at any time.
- Right to refuse from receipt of marketing information:You also have the right to refuse from our communication with you regarding any information that we believe may be of interest to you. You can do so by contacting us at any time.
When providing Services to our Clients, there may be circumstances where our statutory obligations, as well as the rules of the respective Bar Association of the jurisdiction, prohibit us from disclosing or erasing the data that we store and process. Such laws, regulations or rules may prevent you from exercising other data subject rights as well.
If you have complaints on how we process Personal Data or you would simply like to know more about our data processing activities, feel free to contact us at any time by using the contact details noted in the last section of this Policy.
You have the right to submit a complaint with the Data Protection Authority (“DPA”) if you consider that Personal Data is being processed incorrectly or your data subject rights have been violated. You can submit a complaint by contacting the local DPA.
These are the DPAs that are relevant to the scope of this Policy:
- The Estonian Data Protection Inspectorate in Estonia: http://www.aki.ee/en
- The Data State Inspectorate in Latvia: http://www.dvi.gov.lv/en/
- The State Data Protection Inspectorate in Lithuania: https://www.ada.lt/go.php/lit/Eng
THE LOCATION OF THE PROCESSING OF PERSONAL DATA
We primarily store and process Personal Data within the European Union (hereinafter – the “EU”) and the European Economic Area (hereinafter – the “EEA”). Nevertheless, it may be necessary that Personal Data is transferred to and stored at a destination outside the EU or the EEA. It may also be processed by data processors operating outside the EU or the EEA.
By submitting Personal Data to us, you agree to its processing outside the EU or the EEA for the purposes set out in this Policy. We will take all reasonably necessary precautions to ensure that Personal Data is treated securely and in accordance with the applicable Data Protection Laws and regulations.
You may request that we inform you on the details of the processing of Personal Data on the basis of Article 15 of the GDPR. You may do so by contacting us by using the contact details that have been provided at the end of this Policy.
THE COOKIES USED TO PROCESS PERSONAL DATA
A cookie is a small text file that the Website saves on your computer or mobile device. The cookie remembers your actions and preferences as well as enables us to provide you with the best possible experience while browsing the Website. Without cookies, the full functionality of the Website would be unavailable.
We use persistent cookies – Google Analytics (“_ga”, “_gat”) to improve the Website by analysing user behaviour. These cookies provide us with information such as the number of Website visitors, the pages visited and the total length of time spent on the Website. All the information collected by “_ga” and “_gat” cookies is aggregated with similar information received from other users and is therefore anonymous. We do not identify individual visitors. “_ga” cookie expires in two years, but “_gat” cookie – in ten minutes.
Most browsers allow you to control cookies through their settings. If you prefer not to receive cookies, you may set your browser to refuse all cookies or send an alert when a cookie is issued.
CHANGES TO THE POLICY
We may make changes to the Policy. If the Policy has been changed, its newest edition will be published on Website. We encourage you to check whether any changes have been made to the Policy from time to time.
Feel free to contact us with regards to any questions, inquiries, requests or complaints with respect to the processing of Personal Data.
Our contact information can be found here http://fortlegal.com/contact/.