Preamble

This document describes the Policy on the Protection of Personal Data ("Data Protection Policy" or "the Policy”), also representing the Privacy Statement to which Mitu & Asociații (”The society”, ”we" or "us" or " Mitu & Asociațiiadheres to.

In view of our capacity as solicitors and the professional obligation of confidentiality, we undertake to maintain full discretion on the information entrusted to us, including the Personal Data of clients and other persons with whom we come into contact.

The Firm recognises and upholds the right to confidentiality and privacy of all persons and respects these rights when collecting and processing Personal Data, complying with all regulations regarding the protection of personal data, including but not limited to the provisions of EU Regulation no. 679/2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC ("the GDPR Regulation”).

Structure of the Data Protection Policy

This Policy regulates the following aspects:

➢ the principles of the Firm regarding the Protection of Personal Data;

➢ what kind of Personal Data of yours or in connection with you we process;

➢ the purpose and basis for which we process your Personal Data;

➢ to whom we transmit the Personal Data;

➢ for how long we keep Personal Data;

➢ what your rights are and how you can exercise them.

Definitions

Personal data"means any information concerning an identified or identifiable individual person; an identifiable person is that person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;

Target person"means the natural person whose personal data is processed;

Processing"means any operation or set of operations performed on personal data or on personal data sets, with or without the use of automated means, such as collecting, recording, organising, structuring, storing, adapting or modifying, extracting, consultation, use, disclosure by transmission, dissemination or making available in any other way, alignment or combination, restriction, deletion or destruction; "Operator"means the individual or legal entity, the public authority, the agency or another body which, alone or together with others, establishes the purposes and the means of processing personal data; when the purposes and means of processing are established by Union law or national law, the operator or the specific criteria for its designation may be provided for in Union law or national law; "Operator authorised person" or "Commissioner"means the individual or legal entity, public authority, agency or other body that processes personal data on behalf of the operator;

Consent"of the data subject means any manifestation of free, specific, informed and unambiguous will of the data subject by which he accepts, by a declaration or an unequivocal action, that the personal data concerning him are processed.

1. The principles of the Firm regarding the Protection of Personal Data

For us, the processing of Personal Data in complete safety is of utmost importance. This fact proves our commitment to providing services in an ethical manner, as well as our respect for clients and business partners, their representatives, employees and collaborators, their own employees or collaborators, the candidates for new positions within the Firm, including those opened through the website www.mitulawyers.eu, for those who contact us to - exercise the rights provided by the data protection regulations or for any reason, as well as for the persons who participate in events organised by Mitu & Asociatii.

Within the Firm, respect for the persons mentioned above is part of the fundamental values.

Our principles regarding the Processing of Personal Data are the following:

➢ We process Personal Data in a legal, fair and transparent manner towards the data subject ("legality, fairness and transparency”)

➢ We collect Personal Data for specific, explicit and legitimate purposes ("purpose limitations”);

➢ We only process Personal Data that are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ("minimizing data”);

➢ We only process Personal Data that are accurate and, if necessary, update this data ("accuracy”);

➢ We store Personal Data for a period that does not exceed the period necessary to fulfill the purposes for which the Data are processed ("storage limitations”);

➢ We process Personal Data in a manner that ensures their adequate security, including protection against unauthorised or illegal processing and against accidental loss, destruction or damage, by taking appropriate technical or organisational measures ("integrity and confidentiality”);

➢ We provide accurate information, written in clear language, which explains why and how we handle Personal Data;

➢ We respect the choices made regarding data collection, use and transmission;

➢ We respect the right of the Data Subject to have information about the Data we process;

➢ We offer the possibility of the Data subject to address with various requests and / or complaints regarding the way we process the Data;

➢ We analyse and respond in due time to the requests made by the Data Subjects regarding the processing of their Personal Data that we carry out;

➢ We inform the regulatory authority and possibly the Data subject in the event of a security incident and we analyse and implement measures to limit the potential damages;

➢ We collaborate in a transparent and legal manner with the regulatory authorities in the field, in case of requesting information or control.

2. What kind of Personal Data of yours or in connection with you we process

The Firm processes Personal Data belonging to (i) its clients and business partners, its representatives, employees and collaborators, (ii) its own employees or collaborators, (iii) the persons applying for new positions within the Firm, including those opened through the website. www.mitulawyers.eu, (iv) the persons who contact us to exercise their rights provided by the data protection regulations or for any reason and (v) the persons who participate in events organised by Mitu & Asociatii.

For part of the processed data, the Firm is Operator of data, which means "individual or legal entity, the public authority, the agency or another body which, alone or together with others, establishes the purposes and the means for the processing of personal data". For example, the operator determines what data is collected, how the data is collected, how it is stored, used, transferred or deleted. And more practically, the Firm is an operator for the data it processes about its clients, natural persons, but also for the data it processes about the employees of its clients, legal persons.

Also, for certain categories of data related to specific processing, the Firm may also be a person empowered by another operator or more briefly. Commissionerthat is "an individual or legal entity, public authority, agency or other body that processes personal data on behalf of the operator". For example, it may be empowered when it provides certain legal assistance services to its clients, at their specific request, when the Firm holds the Personal Data of the clients' employees and represents the interests of those clients.

Fitting in the notion of Operator or Commissioner it is done on a case-by-case basis, depending on the specificity of each processing operation.

Specifically, we process the following categories of Personal Data:

➢ name, surname, telephone number, email address, professional address, position or position in the company, other details about personal or material situations, date of birth, age, sex, video recordings, photos, image, voice recordings of individuals;

➢ Personal data may also be included special categories of data, such as: medical data, racial or ethnic origin, political opinions, religious confession or philosophical beliefs or membership of unions, genetic data, biometric data for the unique identification of a natural person, such as fingerprints or data relating to criminal proceedings, data regarding criminal convictions and offences, financial information (eg account statements, credit data, etc.), national identification numbers (including the documents that contain it) (eg personal numeric code).

3. Purpose and basis for which we process your Personal Data

3.1. Purpose of this Policy

This Policy applies to all Personal Data collected, stored or used in any manner by any of the Firm's employees or employees. This Policy is a global one, applying to all locations where the Firm operates.

This Policy applies equally to the agents, suppliers, contractual partners who manage and process Personal Data on behalf of the Firm.

The policy applies to Personal Data in any format and on any medium. For example, the Policy applies to both electronic data and records and data maintained on paper.

The policy mainly applies to the Personal Data that we collect and use for the purpose of carrying out the Firm's activity. In certain situations, the Company may process Personal Data belonging to other companies / entities, for example the data of business partners. In the latter case, the Firm will protect the Personal Data and process it in accordance with the instructions received from the operator of these data and in accordance with the applicable laws. Certain provisions of this Policy are not applicable to the Personal Data that we process as authorszed companies of other companies / entities.

3.2. The Personal Data we collect and process. Aims and Bases

We may collect and process the following categories of Personal Data for the following purposes and based on the following legal grounds:

3.2.1. In relation to clients, individuals and representatives, employees and collaborators of clients, legal entities

In your capacity as a client or a client of the Firm or a representative (including a legal representative, employee or collaborator) of a client of ours, we inform you that, by virtue of the legal relationship between us and you / our client, based on the contract concluded between the client and as a lawyer, the Firm collects and uses Personal Data for the preparation and provision of legal services, as well as for communication with you.

Thus, the Firm processes your Personal Data under the contract for the provision of legal services or for making requests for the conclusion of such a contract, on the basis of our legitimate interest in ensuring the proper performance of the contracts to which we are a party or that we wish to conclude. , when you are our customer's representative.

Our legitimate interest is also the basis for which we collect and use your Contact Data to execute, conduct and optimise the management of our legal assistance contact concluded with you. Also based on our legitimate interest we can process your Data for internal purposes of the Firm, which include billing for our services.

In accordance with our principles regarding the processing of Personal Data, we collect only the necessary and useful data, in accordance with the applicable legal and contractual provisions, for relevant, appropriate and necessary purposes for our activity. Thus, we will collect and process only the Personal Data that are necessary for us to provide and execute the legal assistance services or the Data that you have voluntarily transmitted to us.

Please note that, in the event that you do not transmit or transmit to us incompletely the Personal Data that we need to exercise and implement our legal services, we may have to abstain from accepting a certain commitment .

If you provide us with Personal Data and / or business or commercial secrets belonging to third parties, we will generally assume that you are authorised to disclose such data to us. We will use such data only to the extent necessary to execute the contractual relationship with you or the company you represent or our mandate. to the ways in which the Firm processes their data, in accordance with this Policy.

Also based on our legitimate interest we will be able to use your Personal Data for the purpose of fulfilling any other obligations that are incumbent upon us under applicable law or professional statutes or if we deem it necessary to ascertain, exercise or defend our interests and rights. We may also use your Personal Data to establish, exercise or defend our rights in court, including for the adoption of security measures.

Personal data can be stored, archived and processed either locally, at the Firm's premises, or in a storage location of a service provider, either in a data centre or in the cloud.

Sometimes it is possible to use the data made available for statistical purposes, but only after they have been previously anonymized.

We also inform you that in accordance with the regulations in force regarding the prevention of money laundering, we have the legal obligation to comply, in certain situations, with the obligations of checking, monitoring, reporting and keeping records on the clientele. It is possible to be obliged to request from you and your real beneficiary and, as the case may be, from your governing bodies / persons or from natural or legal persons for which you act as custodian, a satisfactory proof of identity and the power of representation.

3.2.2. In relation to our business partners, our service providers or our collaborators, respectively their representatives

The Firm collects Personal Data of individuals who may be business partners, service providers or collaborators or their employees. We collect and process Personal Data exclusively for the management of current and future business relationships, based on contractual relations, for the conclusion and execution of the respective contracts, in order to be able to ascertain, exercise or defend our right in court, including for the adoption of measures of for security or for storage and archiving purposes.

Personal data can be stored, archived and processed either locally, at the Firm's premises, or in a storage location of a service provider, either in a data centre or in the cloud.

Your Personal data, such as: first and last name, CNP, the identity card data, e-mail, telephone, function, address of the place where you operate, will be collected either directly from you or from the company you you represent it, at the time of signature or for the fulfilment of the contracts concluded with you, respectively with the company you represent and will be used for communication with you. At the same time, we may obtain your Personal Data from public sources (eg your employer's website, the Trade Register, etc.), or from the co-correspondence / notifications you transmit to you or your company.

It is possible to use your Personal Data for the purpose of our legitimate interest to comply with and fulfil the legal or statutory obligations that are applicable to us or if we consider it necessary to ascertain, exercise or defend our interests and rights.

3.2.3. In relation to other persons (third parties)

Depending on the subject matter of the legal aid contract, as well as the scope and scope of our mandate, we may process Personal Data of third parties, such as: adverse parties, opposing parties' lawyers, employees / collaborators of the opposing party, representatives of the authorities, etc. Such data can be obtained directly from you or the company you represent, from our clients or from our clients 'representatives, as well as from public sources (public registers, authorities' websites (companies).

The Personal Data of third parties will only be processed for the execution of the contracts of legal assistance, based on our legitimate interest in fulfilling the mandate entrusted by our clients.

Also, based on our legitimate interest, we will be able to use the Personal Data of third parties to comply with and fulfil legal or statutory obligations that are applicable to us or if we deem it necessary to ascertain, exercise or defend our interests and rights.

3.2.4. To defend our legitimate rights and interests

For the purpose of finding, preserving, exercising and defending our legitimate rights and interests, including in order to comply with legal obligations in the matter of archiving, in the recovery of claims or for the defence of our rights and interests before the court, we may use certain documents and information. for this purpose, including your Personal Data. Personal Data will always be processed in compliance with our statutory confidentiality obligations. The processing of these Data will be done in compliance with the principle of minimising them, in the sense that we will limit the Data we use to those strictly necessary for this purpose.

3.2.5. For marketing purposes

We may process and use for marketing purposes the contact details, such as: name, first name, company name, position within the company, telephone number, e-mail address, correspondence address, city, country, of the following categories of: persons: existing clients and third parties interested persons such as: employees / collaborators of our clients, potential or former clients / representatives of potential or former clients, other lawyers, various collaborators / potential collaborators of ours, representatives of authorities, participants to various events, which we organise or attend.

For this purpose, we may periodically communicate communications about the services we provide or the events we organise. Of course, we offer to the data subjects the possibility to withdraw from the marketing communications, in compliance with all the provisions regarding the communications for marketing purposes.

The processing of the contact data for marketing purposes, in relation to the aforementioned persons, concerns the following:

➢ newsletter delivery

We will be able to send you newsletters to let you know the latest changes of the legislation, based on your consent, which you can revoke at any time, expressing your decision not to receive our communications in the future. Withdrawing your consent will not affect the work done by us until then.

You can benefit from our information on legislative changes even if you are not our client. In this regard, you can subscribe to our legislative newsletters using our website www.mitulawyers.eu. You can also unsubscribe at any time, according to the instructions mentioned in the newsletters.

➢ Company / social media website

Mitu & Asociaţii owns and manages the website www.mitulawyers.eu and uses the social pages Facebook, LinkedIn, Twitter, Pintrest, Google. Both the website and the social pages are managed by GBR Digital, to which we transmit content for publication.

Through the website and the socialization pages, the Firm can promote its activity and the events it organises or participates in. In this regard, your image, name, surname, position, company name, profession can be made public during the events organised by us or we take part and attended or attended or were a speaker.

The processing of this Personal Data will be carried out only on the basis of your express consent, which you can withdraw at any time, but without this affecting the processing carried out until that moment.

➢ organizing events

We can organise various events, either alone or with collaborators, such as: conferences and seminars on various legal topics ("Events"), to provide clients, potential clients, legal practitioners and not only information on the latest developments in the field, as well as the opportunity to socialise with relevant people and our solicitors or other solicitors.

For this purpose, we will use your contact details to send you invitations to our Events. We will process a limited number of Personal Data, such as name, surname, company name you represent and your position.

This processing is usually done, only on the basis of your consent, which you can withdraw at any time, but without this affecting the processing carried out by us until the withdrawal of your agreement.

If you are or have been a client of Mitu & Asociaţii, we consider that we can send you invitations to our Events based on our legitimate interest to promote our activity, respectively to transmit information of a legal nature, without this affecting in any way. your fundamental rights and freedoms. If you do not wish to receive such invitations, you have the right to object at any time by submitting a request in this regard using our contact details in Chapter 6 below.

Regarding the Events, we inform you that we can retrieve and process images with you, photo and / or video, as a participant / speaker at the Event, in order to promote the Event on the socialisation pages of the Firm or on our website or in other environments. Such processing of Personal Data will be carried out only with your express and prior consent. Also, we can receive your image from our partners in organising the respective event (in which case we expect our partners to have obtained your express agreement). You may withdraw your consent at any time, but this will not affect the work done up to that point.

➢ certifications

Also for marketing purposes, we can process your contact details such as: name, first name, company name, position within the company, phone number, email address, correspondence address, city, country, to obtain recognition ourselves and our lawyers from nationally and internationally certified bodies ("Legal 500") and to use this recognition as a means of differentiating us from other law firms, in the promotion activity.

These bodies base their research on the feedback provided, based on a telephone or e-mail interview, by the contact persons indicated by us. This can be clients / former clients, lawyers of the opposing party, consultants or experts or people who are knowledgeable about the activity of Mitu & Asociatii. These bodies will ensure that no statement made by a contact person, either in a telephone interview or in writing, will be attributable to a specific person, and any published citation will be anonymous.

The processing of Personal Data for the aforementioned research will be done only with your express consent, which we will request in this regard. The legal basis for this processing is your consent. You may withdraw your consent at any time, but this will not affect the work done up to that point.

3.2.6. Other

Connecting to the Firm's Wi-Fi network

If you are in our office and want to connect to our Wi-Fi network, we inform you that you will be automatically assigned a randomly generated dynamic IP address that does not allow you or your device to be identified. you are logged in and will not be stored for as long as you are connected to the system.

3.3. Information on Data Protection

Where possible, we inform the Data Subjects about our principles regarding the processing of Personal Data, at the time of data collection or if we collect them from third parties, at the time of the first communication to the Data Person. Also, this information is available anytime, upon request.

Our information contains:

➢ the types of information we collect;

➢ the purposes for which we collect Personal Data;

➢ the categories of recipients;

➢ the guarantees we use to ensure the security of the processing;

➢ the rights of the Data Subjects;

➢ how to access and rectify Personal Data;

➢ the options available to the data subject regarding the collection, use or transfer of information.

We also provide complete information on transfers of personal data outside the European Economic Area.

3.4. Options and possibilities for modification

The Firm offers to the Data Subjects the reasonable possibility to object, within the limits of the law, to the collection, use and transfer of Personal Data. Also, the Company makes every effort to modify / adapt the processing, when a data subject has certain fears regarding the processing of his data.

In addition, where the consent of the Data Subject for the collection, use and transfer of Personal Data is required in accordance with the applicable law, we request the consent and respect the choices made by the Data Person. We also ensure the possibility of easy withdrawal of consent, the quickest implementation of such a request, as well as the appropriate information of the data subject.

3.5. Sensitive / special data

Certain categories of personal data, such as those mentioned in Chapter 2 of this Policy, are considered to be sensitive, and for these the Firm takes additional measures to protect and maintain confidentiality. The company collects and processes sensitive data, for the execution of the legal assistance contract and for fulfilling the mandate entrusted by the client.

3.6. Data accuracy

The Firm uses reasonable means to keep the Personal Data updated, complete and correct, as they are required according to the purpose for which the collection was intended.

3.7. Data Transfer

When we make any transfer of Personal Data, we will always ensure that the transfer of your Personal Data is carried out in accordance with the applicable data protection regulations and that we protect your data appropriately.

We may transfer your Personal Data both to recipients in the European Union (EU) and abroad or outside the EU. The level of data protection in non-EU countries may not be similar to the level of protection in Romania / EU. For this reason, we will only transfer your Personal Data to the countries for which the European Commission has decided that they have an adequate level of data protection or we will take measures to ensure that all recipients maintain an adequate level of data protection. For this purpose, we will conclude standard contractual clauses with entities from such countries. We may also request your consent for data transfer, under the conditions allowed by the GDPR.

➢ Internal access

In general, Personal Data may be transferred internally, between lawyers, employees and / or employees of the Firm, where this information is necessary to achieve the purpose of collection. However, the Firm limits the access to information exclusively to those lawyers, collaborators, employees who justify the access for the fulfilment of their duties.

➢ External transfer

The data transfer to the contractual partners, suppliers of the Firm can be done only on the basis of a contract / agreement and will include the data necessary to fulfil the object of the contract / agreement, in accordance with the legal provisions.

Personal Data may be transferred in connection with the fulfilment of legal obligations (eg compliance, etc.), at the request of public authorities or as part of the process of evaluation, negotiation and completion of a transaction or operation concerning the Firm.

3.8. Protection of Personal Data

In order to ensure the protection and confidentiality of Personal Data, the Firm has implemented adequate guarantees in accordance with the sensitivity of the processed information. These guarantees include administrative measures (eg access to data is made only to the extent that the person justifies the need for access), technical (eg access to computers is based on user and password), physical (eg documents containing data) are stored in locked files) so as to limit the risk of unauthorised access to the Data to the maximum.

In order to maintain the security of the processing of Personal Data (especially against computer viruses) the Firm takes measures consisting of:

■ prohibiting the use by solicitors / employees of software programs that come from external or dubious sources;

■ informing solicitors / employees about the danger regarding computer viruses;

■ implementation of automated systems for virus detection and security of information systems;

■ the removal of personal data to the printer will be done by solicitors / employees, only for the purpose for which they were collected;

■ to avoid using the "Print Screen" key by employees during a work session;

■ the solicitors / employees are obliged to close their work session and computer when leaving the workplace.

We expect the same commitment from our agents, distributors, suppliers who can receive Personal Data from us or on our behalf, in the ordinary course of the activities carried out with them.

Although we have taken measures to ensure the adequate protection and confidentiality of Personal Data, we cannot exclude the possibility that the information you have transmitted through the Internet may be accessed or used by other persons.

For this reason, we cannot be held responsible for disclosing information due to errors in data transfer and / or unauthorised access by third parties, which are not imputable to us (eg hacking an email or telephone account, intercepting fax messages).

We try to make sure that data security incidents are detected at an early stage and that they are immediately reported to you or the competent authorities, in accordance with applicable legal provisions.

4. To whom we transmit Your Data / Data Recipients

In view of the specificity of our activity, we may transmit your Personal Data to the following categories of recipients:

The personal data of customers / customer representatives can be transmitted to:

■ persons / entities that are related / can be related to the object of the contract concluded between us and the client: arbitration courts and commissions, other public authorities, the opposing party, solicitors / consultants / representatives of the opposing party, service providers, etc., in order to the fulfilment of our mandate;

■ public institutions and authorities, if this is required by law or if the Data are necessary to ascertain, exercise or defend our rights;

■ service providers / collaborators involved in the execution of the mandate you have entrusted to us (including our authorized persons).

The personal data of the service providers / collaborators / their representatives can be transmitted to:

■ we do not, in principle, transmit such data to third parties, unless this is required by the public authorities, according to the law or if the data are necessary to ascertain, exercise or defend our rights.

Personal data of third parties may be transmitted to:

■ our client with whom we concluded the legal assistance contract and who entrusted us with our mandate;

■ persons / entities that are related / can be related to the object of the contract concluded between us and the client: arbitration courts and commissions, other public authorities, the opposing party, solicitors / consultants / representatives of the opposing party, service providers, etc., in order to the fulfilment of our mandate;

■ public institutions and authorities, if this is required by law or if the Data are necessary to ascertain, exercise or defend our rights;

■ service providers / collaborators involved in the execution of the mandate you have entrusted to us (including our authorized persons).

Personal data used for marketing purposes may be transmitted to:

■ marketing service providers / collaborators involved in our marketing activities;

■ public institutions and authorities, if this is required by law or if the Data is necessary to ascertain, exercise or defend our rights.

5. Archiving and storage of Personal Data

Personal Data can be stored and processed either locally, at the Firm's premises, or in a storage location of a service provider, either in a data centre or in the cloud.

The Firm will keep the Personal Data and / or documents containing them for the duration necessary for the processing, in accordance with the legal provisions, including, as the case may be, during the concluded contracts, or as the case may be, to prevent fraud, to conserve, exercise or defend rights in court, etc.

As for the legal aid contract, we will keep your Data for the entire duration of the contract concluded with you / your company, plus an additional period of 5 years, starting with the end of the calendar year in which we have completed providing legal assistance services to you. ./ the company you represent, necessary to ensure that we can defend ourselves and exercise our rights in court, if applicable.

In view of the legislation in force regarding the prevention of money laundering, it requires us to keep (i) the data collected in order to prevent money laundering for a period of 5 years and (ii) your data from the financial-accounting documents (such as invoices, tax receipts, receipts, records of the time spent by us for the provision of our services) for a period of 5, respectively 10 years, depending on the document in question.

Regarding the marketing activities, we will keep your data, as follows:

➢ subscriber data for the newsletter will be kept during the subscription period, until your consent for the receipt of our newsletter is revoked;

➢ the data related to your participation in our Events will be kept for a period of 2 years in order to be contacted for any future Events;

➢ if you unsubscribe from the newsletter, or you no longer wish to receive invitations to our Events, we will keep your data in the dedicated lists for this purpose for a period of 3 years, to ensure that we do not send any such information later without your express agreement;

➢ if you participate in the studies of the certification bodies, we will keep your data for a period of 2 years, in order to contact you for this purpose for the future;

➢ regarding your data posted on our social pages or on the website www.mitulawyers.eu will be stored for the entire duration of our account on the respective social page, respectively for the duration of the website, or until you ask us to delete your data from the social pages or website.

6. The rights of the data subjects

The data subjects have the following main rights regarding the personal data, rights that can be exercised, under the conditions established by the law:

the right of access to data: The data subject has the right to obtain information regarding the processing or not of his personal data, the right to obtain access to data or a copy of this data we hold, as well as the right to obtain information on the type , processing and disclosure by us of such data, or regarding the source of his personal data, if these data were not collected directly from the Data Subject.

The data subject also has the right to request information regarding the existence of any automatic processing of his personal data, including the creation of profiles, as well as information on the logic used and the importance and expected consequences of such processing on the data subject. ; In this case, if the processing is carried out by automatic means, the data subject has the right not to be subject to an individual decision.

Note: we specify that at present the Firm does not create profiles and does not perform other automatic processing of personal data.

the right to rectify data: The data subject has the right to obtain the rectification of his data that we process or control, which are inaccurate; Depending on the purposes for which the data are processed, the Data Subject has the right to obtain the completion of the data which is incomplete, including by providing additional statements, if applicable;

the right to delete data ("the right to be forgotten"): The data subject has the right to obtain from us the deletion of his data that we process or control, in the cases provided by law (for example, when the data are no longer necessary for the purposes for which they were collected, when he withdraws his consent and does not there is another legal basis for processing, in case of illegal processing, based on a legal obligation, etc.) within the limits allowed by law (for example, we will not delete the data, even if the Data subject requests this when further processing is required for finding, exercising or defending a right in court or for archiving purposes, etc.);

the right to restrict data processing: The data subject has the right to obtain from us the restriction of the processing of his data that we process or control, to certain limited data and purposes, according to the law (for example, when the processing is illegal, the data subject opposes the deletion of the data and asks to restrict the use their);

the right to oppose processing: The data subject has the right to object to the processing of his data by us or on our behalf, in the cases and within the limits provided by law; in certain situations permitted by law, we will be able to continue the data processing even after exercising this right;

the right to data portability: The data subject has the right that, in the situations provided by the law (for example, processing based on consent, contract or by automatic means) to obtain the transfer to another operator of the data we process or control;

the right to withdraw consent at any time: in the situations in which we process the data on the basis of the data subject's consent, he / she has the right to withdraw his / her consent; The data subject can do this at any time; withdrawal of the consent will not affect the legality of the processing of the data we have made before the withdrawal.

the right to file a complaint with the supervisory authority: The data subject has the right to lodge a complaint with the supervisory authority for the processing of personal data regarding the processing of his data by us or on our behalf. The Romanian supervisory authority is the National Supervisory Authority for Personal Data Processing:

■ Headquarters: Bd. Gheorghe Magheru no. 28-30, Bucharest, Sector 1, postal code 010336, Romania

■ E-mail: anspdcp@dataprotection.ro

■ Fax: +40.318.059.602

■ Website: www.dataprotection.ro

To exercise one or more of these rights (including the right to withdraw consent when processing data based on it) or to ask any questions or concerns regarding any of these rights, how we process personal data or any provision of this Policy, please contact us, using the following contact details:

■ Str. G-ral Constantin Budișteanu nr. 10, Sector 1, Bucureşti, România | Telefon+4-021 212 28 91 | Fax: +4-021 212 28 90

■ E-mail: office@mitulawyers.eu

■ www.mitulawyers.eu

■ The person designated with Data Protection: Av. Cristina Mitu