FORT offices in the Baltics care about your privacy and protection of your personal data.
By using our Website or the Services, you hereby agree to be bound by the terms and conditions of this Policy and acknowledge that you have read and understood all of the terms and conditions of the Policy.
We shall process Personal Data (as defined below) under this Policy and in accordance with applicable legislation, including the General Data Protection Regulation (2016/679) (hereinafter referred to as the GDPR) and the applicable national data protection laws in Estonia, Latvia and Lithuania (GDPR and national data protection laws together hereinafter referred to as the Data Protection Laws).
We are committed to ensuring the privacy and confidentiality of the information of our customers, potential customers and any other natural persons, to complying with this Policy and to performing our professional duties in accordance with applicable Data Protection Laws. Reference in this Policy to "your Personal Data" shall mean any information that identifies, or could reasonably be used to identify, you as one of the aforementioned persons (hereinafter referred to as the Personal Data).
You shall have the right to disagree with the actions of the Firm described in this Policy, but we hereby inform you that in the event of your disagreement we shall not be able to provide you with certain proper quality Services on some occasions.
FORT offices located in Estonia, Latvia and Lithuania shall be considered to be your Personal Data Controllers. Depending on legal case and on which FORT entity you communicate with, or if you only visit our webpage, your Personal Data Controller shall be one, several or all of the following FORT offices:
Advokaadibüroo FORT, address: A. Lauteri str. 5, 10114, Tallinn, Estonia, e-mail: firstname.lastname@example.org, telephone: +372 6464 045;
SIA Zvērinātu advokātu birojs FORT, address: 33-3 Krisjana Valdemara Street, LV-1010 Riga Latvia, e-mail: email@example.com, telephone: +371 6770 4080;
Advokatų profesinė bendrija FORT, address: Lvivo str. 25, LT-09320, Vilnius, Lithuania, Business Centre 3 Burės, Didžioji Burė, e-mail: firstname.lastname@example.org, telephone: +370 5250 6141.
Depending on the situation, all of the entities referred above may be acting as joint or separate Personal Data Controllers responsible for your Personal Data processing. Should you like to know which FORT office is the Personal Data Controller of your personal data, please apply to any of the FORT offices with the respective inquiry.
PURPOSES, LEGAL BASES, RETENTION PERIODS OF DATA PROCESSING AND CATEGORIES OF PERSONAL DATA
Purposes of the processing of Personal Data
Categories of personal data
We process information that has been provided by our client or on behalf of our clients, or information that we acquire independently within the scope of providing professional legal services.
This collection of Personal Data is necessary to fulfil the contractual obligations that we have towards our clients, and in our legitimate interest as a law firm to provide legal services to our clients and potential clients. Moreover, it’s necessary to comply with our legal obligations to conduct KYC, AML and international and national sanction screening.
When providing legal services, we process Personal Data to fulfil our KYC, AML sanction compliance related obligations. Moreover, we shall use the data to check for any conflicts of interest, as it is our legal obligation.
We collect and process the following categories of Personal Data:
We shall store and process your Personal Data:
Direct marketing (newsletters)
We shall use the information that you have provided to send you information about the scope of services that we can provide to you, e.g. regarding changes in legislation, greetings on holidays and other occasions, information about the latest news at the Firm and in relation to the Firm, based on your consent.
We may process your first and last name, title, position, your e-mail address, any provided phone numbers, your address and other information that can be used to contact you for the sake of providing you with this information.
Your Personal Data shall be processed until full/partial recall of your consent to the processing of such data.
Selection of candidates
We process the personal data of candidates who have sent their CV directly to us by e-mail or through job search websites for the purpose of recruiting employees.
Also, with your permission, we process your personal data in order to offer you a job position in the future.
We may use your name, surname, e-mail address, telephone number, photo of yours, qualification, professional abilities and any other CV information provided by you.
- Your consent;
- Our legitimate interests (when further processing of the selected candidate’s data takes place and we have your consent).
We store and process candidates' Personal Data for the duration of the selection for a specific position and for 2 (two) years thereafter, if we have your consent.
Features of our Website
We only process your Personal Data for the purpose for which they were collected.
In cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time.
Access to your Personal Data shall be restricted to those FORT employees who are required to process your Personal Data in the course of their professional duties and responsibilities to you as data subject.
COLLECTION OF INFORMATION
In order to provide Services, we may collect the information on you in the following ways:
Directly from you as our client/potential client or candidate in the job selection process for any of FORT offices;
From official registers, documents related to the legal assistance as well as from internet search engines (if applicable);
From other FORT offices;
We can also collect your Personal Data from social media, if it is necessary for the provision of legal services or in case of a dispute with a client.
TRANSFER OF YOUR PERSONAL DATA TO THIRD PARTIES
When providing legal services to our clients, we may be required to transfer your Personal Data to third parties. This may include data transfer in the context of legal procedure and litigation, as well as generally any legal services that we offer to our clients. We may transfer your Personal Data to other FORT offices (to ensure provision of requested legal services), partners and institutions in order to provide you with the necessary legal services when such obligation is imposed on us by law or regulation, or for the purpose of providing certain legal services.
However, we also use the services of certain third parties to ensure provision of our Services (e.g. IT service providers, security staff, couriers, translation service providers, post office, accountancy services etc.). These third-party services providers are to be considered data processors or independent data controllers. The Personal Data transferred to such third-party service providers shall be limited to the minimum that is required to ensure the provision of third-party services.
If we use social media to access to statistical data, filtering and targeted marketing tools related to the social media page’s visits, the social media service providers shall be joint-controllers with Firm for processing your Personal Data (as in case with Facebook, Instagram, Twitter, LinkedIn and Website).
YOUR RIGHTS AS A DATA SUBJECT
You may, at any time, exercise the following rights:
i) Right to be informed. You shall have the right to receive clear, transparent, comprehensible and easily accessible information about how we process your Personal Data and what your rights are.
ii) Right of access to Personal Data. You shall have the right to access/request access to any data that may be considered to be your Personal Data.
iii) Right to request the correction of Personal Data. You shall have the right to request that we correct any Personal Data related to you if you believe that it is inaccurate or incomplete.
iv) Right to require the deletion of Personal Data. You may request that your Personal Data be deleted, if the Personal Data is no longer necessary for the purposes for which it was collected, or if you consider that the processing is unlawful, or if you consider that the Personal Data should be deleted to enable us to comply with a legal requirement. This is not an absolute right, as we may need to retain your personal data for legal requirements or legitimate reasons.
v) Right to disagree with the processing of Personal Data. When we process your Personal Data based on our legitimate interest, you may at any time object to the processing of your Personal Data, giving reasons for a particular objection. This is not an absolute right and in some cases our legitimate interest may override your interests, rights and freedoms.
vi) Right to restriction of Personal Data processing. The processing and use of personal data relating to you may be restricted upon a specific reason. In such a case, we would still store the particular data, but we shall not use or process it in any other way.
vii) Right to Personal Data portability. If your Personal Data is processed automatically with your consent or in accordance with a contractual relationship, you may request to receive Personal Data that you have provided to FORT in a structured, commonly used, computer-readable format and/or transfer your Personal Data to another data controller as far as this is technically possible.
viii) Right to withdraw consent for the processing of Personal Data when Personal Data are processed with your consent. You may exercise this right by contacting us at any time using the contact information provided at the end of this Policy.
When providing legal services to our clients, there may be circumstances where our statutory obligations as well as the rules of the respective Bar Association of the jurisdiction, prohibit us from disclosing or erasing the data that we process. Such laws, regulations or rules may prevent you from exercising other data subject rights as well.
If you have a complaint about how we process your Personal Data or would you like to know more about our data processing activities, please do not hesitate to contact us at any time using the contact details provided at the end of this Policy.
You shall have the right to lodge a complaint with a Data Protection Authority (hereinafter referred to as the DPA) if you think that your Personal Data is being processed incorrectly or your data subject rights have been violated by us. You may lodge a complaint by contacting the DPA that is local to your jurisdiction or the place you live and work.
The following DPAs relevant to the scope of this Policy are:
The Estonian Data Protection Inspectorate in Estonia: http://www.aki.ee/en;
The Data State Inspectorate in Latvia: http://www.dvi.gov.lv/en/;
The State Data Protection Inspectorate in Lithuania: https://www.ada.lt/go.php/lit/Eng.
If none of above mentioned DPA’s are local to your jurisdiction, you may find other DPA’s here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
PROCEDURE FOR HANDLING REQUESTS FROM DATA SUBJECTS
You may make requests to us in relation to the exercise of your rights in person, by post or by electronic communication. Upon receipt of your request, we may ask you to provide proof of identity as well as other additional information in connection with your request.
Once we have received your request, we will process it no later than 30 calendar days from the date of receipt of your request and the submission of all the documents necessary to respond, unless the complexity of the request causes a delay of 2 months, in which case we will inform you.
We will respond to your request in the manner chosen in your request, unless we are unable to comply with your request in that manner.
LOCATION OF THE PROCESSING OF YOUR DATA
We shall store and process Personal Data in the European Union (EU) and the European Economic Area (EEA). Nevertheless, it may at times be necessary that your Personal Data is transferred to and stored at a destination outside the European Union or the European Economic Area. It may also be processed by data processors operating outside the EU or the EEA. When transferring data to any other third party, we shall make every effort to ensure security and to transfer only those Personal Data that is necessary for the provision of legal services.
By submitting your Personal Data to us, you consent to the processing of your Personal Data and hereby confirm that you are informed that the processing of your Personal Data is necessary for the performance of the contract or for compliance with a legal obligation to which FORT is subject, including the storage and transfer of data outside the EU or the EEA for the purposes set out in this Policy. We shall take all reasonably necessary precautions to ensure that your data is treated securely and in accordance with the applicable Data Protection Laws.
As with all of your Personal Data, you may request that we inform you on the details of the processing of your Personal Data on the basis of Article 15 of the GDPR. You may do so by contacting us via the contact information that has been provided at the end of this Policy.
COOKIES AND SOCIAL MEDIA PLUG-INS
Cookies are small text files which are stored on your computer's hard drive each time you visit our Website. Cookies make the interaction between you and Website faster and easier, thus they improve your web browsing experience.
LIMITATION OF LIABILITY
Our Website may contain links to other websites owned by third parties. FORT shall assume no liability for the reliability of such third-party websites.
Feel free to contact us with regards to any questions, inquiries, requests or complaints with respect to the processing of your Personal Data. Our contact information can be found here https://fortlegal.com/contact/.
CHANGES TO THE POLICY
We may make changes to this Policy. If the Policy is changed in any way, the most recent version of this Policy shall be posted on our Website. We encourage you to check whether any changes have been made to the Policy from time to time.
Date of last revision: 25/08/2023