1. What information we collect
VC law collects data in order to provide its clients with a wide range of selected legal services. You provide some of this data to us directly, such as when you contact us for information when you request the provision of legal services, etc.
You have choices about the data we collect. When you are asked to provide personal data, you may decline. But if you choose not to provide your personal data, wе may not be able to provide you with the services requested.
2. What do we use your information for?
We use the data we collect to operate our law firm and to make the website available to you. This includes using the data to improve our website and to provide you with the services requested. We may also use the data to communicate with you. We may also use the data to improve the relevance and security of our website and respond to client enquiries.
3. How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal information. We use a secure server, Secure Socket Layer (SSL) technology and encrypt the data into our gateway providers’ database only to be accessible by those authorised with special access rights to such systems and are required to keep the information confidential. We have enforced internal data privacy policies regarding all the personal data you submit to us in order to process it in a compliant and transparent way.
4. How do we ensure that our processing systems remain confidential, resilient, and available?
We implement a variety of measures to ensure that our processing systems remain confidential, resilient and available. Specifically, we have implemented processes to help ensure high availability, business continuity and prompt disaster recovery. We commit to maintaining strong physical and logical access controls.
The website utilises properly provisioned servers (e.g., multiple load balancers, web servers, replica databases) in case of failure. We take servers out of operation as part of regular maintenance without impacting availability. We keep encrypted backups of data. In the case of data loss (i.e., primary database loss), we will restore organisational data from these backups. Only designated, authorised operations team members have access to configure the infrastructure on an as-needed basis.
6. Links to Other Sites
7. Your rights as a data subject
You have certain guaranteed rights under applicable legislation, and in particular under Regulation EU 2016/679 (General Data Protection Regulation or ‘GDPR’). You can learn more about the GDPR and your rights by accessing the European Commission’s website.
- Right Information and access
- Right to rectification
- Right to erasure (Right to be ‘forgotten’)
You have the general right to request the erasure of your personal information in the following circumstances:
- the personal information is no longer necessary for the purpose for which it was collected;
- you withdraw your consent to consent-based processing, and no other legal justification for processing applies;
- you object to processing for direct marketing purposes;
- we unlawfully processed your personal information;
- erasure is required to comply with a legal obligation that applies to us.
We will proceed to comply with an erasure request without delay unless continued retention is necessary for:
- Exercising the right of freedom of expression and information;
- Complying with a legal obligation under EU or other applicable law;
- The performance of a task carried out in the public interest;
- Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, under certain circumstances;
- The establishment, exercise, or defence of legal claims.
- Right to restrict processing and right to object to processing
You have a right to restrict the processing of your personal information, such as where:
- you contest the accuracy of the personal information;
- where processing is unlawful, you may request, instead of requesting erasure, that we restrict the use of the unlawfully processed personal information;
- we no longer need to process your personal information but need to retain your information for the establishment, exercise, or defence of legal claims.
You also have the right to object to the processing of your personal information under certain circumstances, such as where the processing is based on your consent, and you withdraw that consent. This may impact the services we can provide, and we will explain this to you if you decide to exercise this right.
- Right to data portability
Where the legal basis for our processing is your consent, or the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract, you have a right to receive the personal information you provided to us in a structured, commonly used and machine-readable format, or ask us to send it to another administrator.
- Right to freedom from automated decision-making
We do not use automated decision-making, but where any automated decision-making takes place, you have the right in this case to express your point of view and to contest the decision, as well as request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.
- Right to object to direct marketing (‘opting out’)
You have a choice about whether or not you wish to receive information from us. We will not contact you for marketing purposes unless you have a business relationship with us or you have freely given your prior consent (such as when you sign-up for our newsletter).
- Right to request access
You also have a right to access the information we process about you. We will provide you with details of your personal information that we hold or process. To protect your personal information, we follow set storage and disclosure procedures, which means we will require proof of identity from you prior to disclosing such information. You can exercise this right at any time by contacting us.
- Right to withdraw consent
Where the legal basis for processing your personal information is your consent, you have the right to withdraw that consent at any time by contacting us.
- Right to object about how we process your personal data
If you wish to object to how we process your personal data, you can submit a written objection, and we will then investigate the matter.
You also have the right to submit a complaint with the supervisory authority in the country of your habitual residence, place of work, or the place where you allege an infringement of one or more of our rights has taken place if that is based in the EU or EEA.
- Right to submit a complaint
In case of an alleged violation of the laws applicable to personal data protection, you can submit a complaint to the Lead Supervisory Authority for personal data protection, which is the Bulgarian Commission for Personal Data Protection (CPDP) – https://www.cpdp.bg/en/index.php?p=home&aid=0.
Bulgarian Commission for Personal Data Protection information:
Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Republic of Bulgaria
Telephone number for complaints, signals and questions: +35929153519.
8. Data Retention
We may retain your personal data for as long as is necessary to fulfil the purposes outlined in this Policy. We may retain personal information for an additional period as is permitted or required under applicable laws, for legal, tax, or regulatory reasons, or legitimate and lawful business purposes.
- Contact Us
If you have a privacy concern, inquiry, request or objection, please do not hesitate to contact us.
Updated: 13 June 2022