Legal document

Privacy Policy

Privacy Policy

Published version: 2 May 2026

This Privacy Policy describes how CABINETE GRUPATE DE AVOCAT BOT, VÎLCEANU, IERAN & RUS (hereinafter „BVIR") processes your personal data when you visit the website bvir.ro (hereinafter the „Site") or contact us through the channels we provide.

Processing is carried out in accordance with Regulation (EU) 2016/679 (GDPR), Romanian Law no. 190/2018 on the application of the GDPR in Romania, and applicable Romanian legislation.

1. Data controller

The personal data controller is:

  • CABINETE GRUPATE DE AVOCAT BOT, VÎLCEANU, IERAN & RUS
  • Registered office: Aleea Emanuil Gojdu nr. 7, ap. 7, Oradea, Bihor County, Romania
  • Phone: +40 259 410 448
  • Email: office@bvir.ro
  • Registration: Bihor Bar Association — UNBR (National Union of Romanian Bars)

2. Data protection contact point

For any questions, requests, or to exercise your rights regarding the processing of personal data, you can contact us at:

  • Email: office@bvir.ro
  • Phone: +40 259 410 448
  • Mail: Aleea Emanuil Gojdu nr. 7, ap. 7, Oradea, Bihor County, Romania

We will respond to your requests within a maximum of 30 days from receipt, with the possibility of extension by an additional 60 days for complex requests (with prior notice).

3. Categories of data processed

Depending on how you interact with the Site or with BVIR, we may process the following categories of data:

  • Identification data: first name, last name
  • Contact data: email address, phone number, postal address
  • Data about the legal matter: content of messages you send us (contact form, email), description of the situation for which you request consultation
  • Technical data: IP address, browser and device type, pages visited, traffic source — collected exclusively through cookies (see Cookies Policy)
  • Client data: for clients with whom we conclude legal services agreements, we process the data necessary to fulfil the mandate — described in detail in the legal services agreement and in the professional legislation applicable to lawyers

4. Purposes and legal bases of processing

We process your data for the following purposes and on the following legal bases (Article 6 GDPR):

a) Responding to your requests (contact form, email)

Legal basis: pre-contractual steps at your request (Article 6 (1) (b) GDPR) or BVIR's legitimate interest in responding to inquiries received (Article 6 (1) (f) GDPR).

b) Provision of legal services

Legal basis: performance of the legal services contract (Article 6 (1) (b) GDPR), compliance with the lawyer's legal obligations (Article 6 (1) (c) GDPR), and for sensitive data — necessity for the establishment, exercise or defence of legal claims (Article 9 (2) (f) GDPR).

c) Compliance with legal obligations

Legal basis: legal obligation (Article 6 (1) (c) GDPR) — including tax obligations, reporting to authorities, and retention of documents in accordance with professional and financial-accounting legislation.

d) Defence of legitimate interests

Legal basis: legitimate interest (Article 6 (1) (f) GDPR) — for fraud prevention, IT security of the Site, establishment or defence of BVIR's rights.

e) Site usage statistics

Legal basis: consent (Article 6 (1) (a) GDPR) — collected through the cookie banner. You can withdraw consent at any time from the cookie settings on the Site.

5. Recipients of the data

Your data may be disclosed to:

  • BVIR's lawyers, administrative staff and collaborators involved in resolving your case
  • Public authorities and courts, when necessary for the defence of your interests as a client or as a legal obligation
  • Service providers who assist BVIR in current activities (web hosting, professional email, accounting, IT) — always under a contract that requires GDPR compliance
  • Other parties, only if there is a legal obligation or your express consent

BVIR does not sell or commercialise your personal data.

6. Storage duration

We retain your data only for as long as is necessary for the purposes for which it was collected, complying with:

  • Legal obligations to retain documents (financial-accounting, fiscal, professional)
  • Limitation periods for any legal actions
  • Specific regulations for the legal profession regarding the retention of client files and documents

After the storage period expires, data is deleted or anonymised permanently. For specific details about a particular dataset, you can contact us at office@bvir.ro.

7. Your rights

Under the GDPR, you have the following rights:

  • Right of access — to obtain confirmation of processing and a copy of the data
  • Right to rectification — to correct inaccurate or incomplete data
  • Right to erasure („right to be forgotten") — under the conditions provided by Article 17 GDPR
  • Right to restriction of processing — in the situations provided by Article 18 GDPR
  • Right to data portability — to receive the data in a structured format or to request transfer to another controller
  • Right to object — to processing based on legitimate interest or for direct marketing
  • Right to withdraw consent — for processing based on consent (e.g. cookie statistics), at any time, without affecting the lawfulness of previous processing
  • Right to lodge a complaint — with the National Supervisory Authority (see point 8)

To exercise these rights, you can contact us at office@bvir.ro. For complex or repetitive requests, we may ask for identity verification before providing the data.

8. Complaint to the supervisory authority

If you consider that the processing of your personal data violates applicable legislation, you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP):

9. Data security

We implement appropriate technical and organisational measures to protect data against loss, unauthorised access, alteration or disclosure: secure hosting (HTTPS/TLS), strict access control, periodic backups, staff training. However, no transmission of data over the internet can be guaranteed to be 100% secure.

In the event of a security breach likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, within a maximum of 72 hours from the moment BVIR becomes aware of the incident.

10. Children's data

The Site is not intended for use by persons under 16 years of age. We do not intentionally collect data about minors. If you suspect that a minor has transmitted personal data through the Site, please contact us at office@bvir.ro to delete it.

11. Professional tools and artificial intelligence

In its professional activity, BVIR uses modern B2B tools for legal analysis, case management, and assisting lawyers in research work (such as the Stagiaris.ro platform). These tools are intended exclusively for legal professionals and operate in compliance with GDPR principles and Regulation (EU) 2024/1689 on artificial intelligence (AI Act).

We do not use automated chatbots or automated decision-making systems in our relationship with Site visitors or with clients. All legal consultations, professional decisions and communications are carried out directly by lawyers with the right to practise.

12. Cookies

The Site uses cookies for its operation and, optionally, for anonymous statistics. Full details in the Cookies Policy. You can manage your preferences at any time from the „Cookie settings" banner available on the Site.

13. Changes to the Policy

BVIR may periodically update this Policy to reflect legislative changes or changes in our practices. The updated version will be published on this page, with the date of the last modification mentioned at the beginning. We recommend that you review the document periodically.

14. Contact

For any questions about this Policy or data processing: