This document is effective since September 3, 2021.
This is the Privacy policy of ROSENTHAL law firm (in Latvian: Zvērinātu advokātu birojs “ROSENTHAL” SIA), joint registration number: 40203342459, hereinafter – “Rosenthal”, applicable to Rosenthal and any natural person Rosenthal cooperates with and gives legal assistance.
This Privacy policy may be made available in several languages; all versions are legally binding, but in the event of inconsistency between Latvian version and a translated version, Latvian version prevails.
This Privacy policy describes how personal data (identifiable information) of natural persons will be collected, used and shared by Rosenthal. This Privacy policy also describes natural person’s options and rights for using, accessing and correcting or deleting his/her personal data.
“EEA” – the European Economic Area.
“GDPR” – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
“ICS Instruction” – Internal Control System instruction for Sworn Advocates of the Collegium of Sworn Advocates of Latvia “Prevention of Money Laundering and Terrorism and Proliferation Financing and Compliance with International and National Sanctions”, which may be amended.
“personal data“ – means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, surname an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Privacy policy“ – this Privacy policy concerning Rosenthal and any natural person Rosenthal cooperates with and gives legal assistance, as may be amended from time to time.
“process” or “processing“ – means collecting, recording, storing, using, adapting, disclosing, transferring or deleting personal data.
“Rosenthal“ – ROSENTHAL law firm (in Latvian: Zvērinātu advokātu birojs “ROSENTHAL” SIA), registered in the Republic of Latvia, joint registration number: 40203342459, registered address: Republikas laukums 2A, Riga, LV-1010, Latvia.
“sensitive personal data” – personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.
“Website” – www.rosenthal.lv
“You“, “Your“ or “Yourself“ – a natural person who is asked or who chooses to submit to Rosenthal his/her personal data.
2.1. Personal data is processed by ROSENTHAL law firm (in Latvian: Zvērinātu advokātu birojs “ROSENTHAL” SIA), registered in the Republic of Latvia, joint registration number 40203342459, registered address: Republikas laukums 2A, Riga, LV-1010, Latvia.
2.2. Rosenthal is the data controller responsible for Your personal data. Rosenthal processes Your personal data in the line with applicable data and privacy laws and regulations. Your personal data will be used only for the purposes and in the manner, as set forth in this Privacy policy.
3.1. This Privacy policy lets You know how Rosenthal will look after and manage Your personal data. In particular, this Privacy policy:
3.2. This Privacy policy does not affect any right that Rosenthal may have under applicable law in connection with collection, use and/or disclosure of Your personal data.
3.3. If You have concluded any contract with Rosenthal, then this Privacy policy forms an integral part of the contract. In the event of any conflict or inconsistency between the provisions of this Privacy policy and the contract You concluded with Rosenthal, the provisions of this Privacy policy shall prevail.
3.4. If You have any question about Rosenthal’s practices concerning personal data protection that are not addressed in this Privacy policy, please contact Rosenthal by sending a respective e-mail to: info@rosenthal.lv or a written application to the address at: ROSENTHAL law firm (in Latvian: Zvērinātu advokātu birojs “ROSENTHAL” SIA), registered address: Republikas laukums 2A, Riga, LV-1010, Latvia.
3.5. By submitting personal data to Rosenthal, You agree to their transfer, storing and processing as stated in this Privacy policy.
4.1. Rosenthal may collect information about You on the following grounds:
When You and Rosenthal conclude any contract.
Direct cooperation.
For the purpose of handling Your queries sent to Rosenthal e-mail or social accounts, Rosenthal collects the following personal data:
Such personal data will be processed on the basis of Your consent (on Your request to provide and answer) and Rosenthal legitimate interests (to manage and administer Your questions) and/or to enter into a contract with You. Data will be stored for at least 5 (five) years following the receipt of Your query in accordance with the ICS Instruction.
Website functions
For the purpose to ensure the functionality of the website and to collect statistical information. Rosenthal with the help of cookies collects the following personal data:
Optional cookies are collected based on Your consent and choice by clicking relevant option on website’s cookies banner.
Legal assistance
For the purpose of provision of Rosenthal services, Rosenthal collects the following personal data:
In specific cases for legal assistance we may also process sensitive personal data, such as information about criminal offences (Article 10 of the GDPR) and/or special categories of personal data, such as health information (Article 9 of the GDPR).
The personal data processed for the purpose of provision of Rosenthal services will be processed on the basis of the performance of the contract, to comply with legal obligations (tax, accounting, bar requirements, etc.) and Rosenthal legitimate interests (to defend our legal rights, billing, administration purposes, etc.).
The personal data processed for the purpose of provision of Rosenthal services will be stored for at least 5 (five) years from the date of our last interaction with that client and in compliance with our obligations under the relevant laws and ICS Instruction.
Anti-money laundering (AML) and Know your customer (KYC) compliance
For the purpose of identity verification and AML and KYC checks (when needed and in the amount needed) Rosenthal law firm collects the following personal data:
The personal data processed for the purpose of identity verification, AML and KYC checks will be processed on the bases of Rosenthal legal obligation and public interests (prevention or detection of illegal activities). Such personal data will be stored for 5 (five) year from the date of our last interaction with that client and in compliance with our obligations under the relevant laws and ICS Instruction.
Conflict of interest
For the purpose of contact information and conflict of interest check Rosenthal collects the following personal data:
For this purpose personal data will be processed in order to enter into contract with an existing client/potential client, for the performance of the contract with other clients, to comply with legal obligations and for the purposes of Rosenthal or a third party’s legitimate interests. The personal data for this purpose will be stored for at least 5 (five) years from the date of our last interaction with specific client and in compliance with our obligations under the relevant laws and ICS Instruction.
Rosenthal will only retain Your personal data for as long as necessary to fulfil the purposes it was collected and processed for. This includes for example the purposes of satisfying any legal, regulatory and accounting requirements, to carry out legal assistance, or for the establishment or defence of legal claims. At the end of the above deadlines, Your personal data will be deleted. In some cases, if determined by applicable legal provisions, Your personal data may be stored for a longer period of time.
4.2. Rosenthal may receive Your personal data from:
5.1. Rosenthal is processing Your personal data with Your consent for the following purposes:
5.2. Rosenthal may use Your personal data in the following ways:
5.3. You should ensure that all personal data submitted by You to Rosenthal is complete, accurate, true and correct. Failure on Your part to do so may result in delay or inability to process Your letter, email, application or request or to conclude an contract with You by Rosenthal or to fulfil any contract Rosenthal has with You.
6.1. Rosenthal may process different kinds of personal data. It gathers personal data in the following groups:
Group and type of personal data that could be included within the group:
Financial data
Contacts
Contractual
Communications
Social relationships
Open data and public records
Documentary data
Special types of data
Consents
6.2. Rosenthal might only use Sensitive personal data, when it is necessary:
7.1. Personal data will be protected and kept confidential, but, for Rosenthal to fulfil its contractual obligations, to use its rights or to fulfil requirements of the applicable laws, Your personal data may be disclosed or transferred to the following persons (as applicable):
7.2. Where a third party process Your personal data on Rosenthal’s behalf, it is subject to strict security and confidentiality rules consistent with this Privacy policy and applicable laws. Rosenthal will take all steps reasonably necessary to ensure that the said third party processes Your personal data securely and in accordance with this Privacy policy and applicable laws.
7.3. Third parties to which Rosenthal discloses Your personal data are governed by a contract and applicable laws and are not permitted to use Your personal data for a secondary purpose (namely, otherwise as provided in this Privacy policy). Processing of personal data by such third parties for their own purposes is subject to their respective privacy policies and applicable laws.
7.4. Rosenthal will not sell or rent any of Your personal data to third parties. It does not share Your personal data with third parties for their marketing purposes without Your consent.
8.1. Rosenthal may only send Your personal data outside of the European Economic Zone (“EEA”), to:
8.2. If Rosenthal does transfer Your personal data outside of the EEA, it will make sure that the personal data is protected in the same way as if it was used in the EEA. Rosenthal will take all steps reasonably necessary to ensure that Your personal data is treated securely and is processed in accordance with this Privacy policy. If Rosenthal transfers Your personal data outside of the EEA, it will make sure that one of the following safeguards is put in place:
9.1. Rosenthal will retain Your personal data for at least 5 (five) years after legal relations Rosenthal has with You are terminated or in case no legal relations were established – 5 (five) years from receipt of Your personal data or for a longer term if it is necessary for Rosenthal to comply with its legal obligations, applicable laws or as specified in the ICS Instruction.
9.2. Rosenthal is entitled to continue keeping Your personal data longer than for 5 (five) years for the following purposes:
9.3. Rosenthal may also keep Your personal data for longer than 5 (five) years for legitimate interests, research or statistical purposes or if so determined by applicable laws. If Rosenthal does so, it will make sure that the privacy of Your personal data is protected and that Your personal data is only used for afore-mentioned purposes.
10.1. You have certain rights that may be exercised regarding processing of Your personal data. To exercise Your rights mentioned below, please contact Rosenthal by sending a respective e-mail to: info@rosenthal.lv or a written application to the registered address at: ROSENTHAL law firm (in Latvian: Zvērinātu advokātu birojs “ROSENTHAL” SIA), registered address: Republikas laukums 2A, Riga, LV-1010, Latvia.
10.2. Accessing Your personal data. You may have the right to access personal data Rosenthal holds about You and to require it to provide certain information regarding its processing of Your personal data. Rosenthal may request to prove Your identity before it discloses any information to You. This is known as the ‘right of access’.
10.3. Letting Rosenthal know if Your personal data is incorrect. You have the right to question any information Rosenthal has about You that You think is wrong or incomplete. If You do, Rosenthal will take reasonable steps to check accuracy of information and correct it, if necessary. This is known as the ‘right to rectification’.
10.4. Requiring not processing Your personal data. You have the right to ask Rosenthal to delete, remove or stop using Your personal data, if there is no need for Rosenthal to keep it. Even if You object to the use of Your personal data, Rosenthal may still process it due to legal or other official reasons, such as legal claims, or to exercise Rosenthal’s legal rights. However, please tell Rosenthal if You think that it should not be using Your any personal data. This is known as the ‘right to erasure’ or the ‘right to be forgotten’.
10.5. Restricting processing of Your personal data. You have the right to restrict processing of Your personal data. In this situation Rosenthal would not use or share Your personal data while it is restricted, except if Rosenthal needs to use it for certain things, such as legal claims or exercising its legal rights. This is known as the ‘right to restriction of processing’.
10.6. You can ask Rosenthal to restrict use of Your personal data if:
10.7. Receiving Your personal data. You have the right to receive Your personal data that Rosenthal processes by automated means on the basis of Your written request. In this situation Rosenthal will provide Your personal data to You in a format that can be easily re-used. You can also ask Rosenthal to pass on Your personal data in this format to other persons, and, if technically feasible, Rosenthal will do so. This is known as the ‘right to data portability’.
10.8. Objecting to processing of Your personal data. You have the right to object to processing of Your personal data by Rosenthal. Even if You object to processing of Your personal data by Rosenthal, it may still process Your personal data due to legal or other grounded reasons, such as legal claims, its legitimate interests or exercising its legal rights. However, please tell Rosenthal if You think that it should process Your personal data. This is known as the ‘right to object’.
11.1. Rosenthal may ask You to issue consent in a form of a separate written or electronic format for processing of Your personal data for purposes for which Rosenthal shall receive Your consent under this Privacy policy or applicable laws. You will decide at Your discretion either to issue such consent or not, by making respective marks in the document prepared by Rosenthal.
11.2. You can withdraw Your consent to process Your personal data for the specific purpose at any time. If You want to do so, please contact Rosenthal by sending a respective e-mail to: info@rosenthal.lv or a written application to the address at: ROSENTHAL law firm (in Latvian: Zvērinātu advokātu birojs “ROSENTHAL” SIA), registered address: Republikas laukums 2A, Riga, LV-1010, Latvia.
12.1. If You choose not to give Rosenthal Your personal data, Rosenthal may be unable to conclude contract with You or to commence any other legal relation with You.
13.1. Rosenthal may from time to time update this Privacy policy to ensure that it is consistent with Rosenthal’s future developments, technology improvements and/or any changes in legal provisions.
13.2. If You and Rosenthal have an effective contract, then any changes to this Privacy policy will be notified to You by using Your contact information or in person. In other cases the updated version of this Privacy Policy will be published on Rosenthal’s Website.
14.1. If You have any questions or complaints relating the processing of Your personal data, or You would like to receive a copy of Your personal data held by Rosenthal, please contact Rosenthal, by sending e-mail: info@rosenthal.lv or a written application to the address at: ROSENTHAL law firm (in Latvian: Zvērinātu advokātu birojs “ROSENTHAL” SIA), registered address: Republikas laukums 2A, Riga, LV-1010, Latvia.
14.2. If there are any changes to Your personal data, please contact Rosenthal immediately, but no later than within 5 (five) days of the change, by sending an e-mail to: info@rosenthal.lv or a written application to the address: ROSENTHAL law firm (in Latvian: Zvērinātu advokātu birojs “ROSENTHAL” SIA), registered address: Republikas laukums 2A, Riga, LV-1010, Latvia.
15.1. In the case of a personal data breach, Rosenthal shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority, unless the personal data breach is unlikely to result in a high risk to Your rights and freedoms.
15.2. When the personal data breach is likely to result in a high risk to Your rights and freedoms, Rosenthal shall communicate the personal data breach to You without undue delay, unless:
15.2.1. Rosenthal has implemented appropriate technical and organisational protection measures, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption, or
15.2.2. Rosenthal has taken subsequent measures which ensure that the high risk to Your rights and freedoms referred to is no longer likely to materialise.
15.3. The third party, which processes Your personal data on Rosenthal’s behalf, shall notify Rosenthal without undue delay after becoming aware of a personal data breach.
15.4. Rosenthal shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken.
16.1. This Privacy policy is based on Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and provides appropriate protection for the processing of Your personal data in accordance with the GDPR and other laws and regulations applicable in the Republic of Latvia.