Privacy Policy – GDPR and Data Protection
Last Update: december 2025
Balog & Stoica – Attorneys at Law (“the Firm”, “we”, “us”) respects the privacy and personal data of all visitors to our website. This Privacy Policy explains how our Firm collects, uses, stores, and protects your personal data in accordance with the European Union General Data Protection Regulation (GDPR).
By accessing our website, you agree to the practices described in this Privacy Policy.
1. Data Controller
The data controller responsible for processing your personal data is:
Balog & Stoica – Attorneys at Law
Address: 19 Stockholm Street, 011786 Bucharest, Romania
E-mail: office@balog-stoica.com
Telephone: +40 747 486 549 / +40 754 503 681
Website: www.balog-stoica.com
The Firm acts as data controller for all processing activities carried out through the website, ensuring compliance with the GDPR and the protection of visitors’ personal data.
2. Personal Data Collected
Through our website, the Firm may collect the following categories of personal data:
- Identification and contact details: name, surname, e-mail address, telephone number, and any information submitted via the contact form;
- Technical and browsing data: IP address, browser type, operating system;
- Other information: additional details voluntarily provided in the message field.
The Firm does not request or collect special categories of data (e.g., health data, political opinions, religious or ethnic background, or data relating to criminal convictions) through the website.
3. Purposes and Legal Grounds of Processing
| Purpose | Type of Data | Legal Basis (Art. 6 GDPR) |
|---|---|---|
| Responding to inquiries submitted through the contact form | Contact details and message content | Legitimate interest (Art. 6(1)(f)) – handling requests and correspondence |
| Technical logs of the hosting server | IP address, browser type, operating system (server logs)td> | Legitimate interest (Art. 6(1)(f)) – technical administration and infrastructure security by the hosting provider |
Important Note: The Website does NOT use analytics, tracking, or marketing cookies. The only technical data collected are:
- The session cookie (PHPSESSID) for CSRF protection;
- Standard hosting server logs (administered by the hosting provider, not by the Firm).
These measures ensure the protection of personal data and compliance with the GDPR.
4. Data Retention
Data collected through the contact form is retained for the period necessary to address the inquiry and, where applicable, for the duration of any contractual relationship.
Technical data collected via cookies is retained for each cookie’s lifespan, as detailed in the Cookie Policy.
Data will be deleted or anonymized when no longer necessary for the purposes for which it was collected.
5. Data Recipients
Personal data will not be disclosed to third parties except in the following circumstances:
- IT and web hosting service providers acting as data processors under Art. 28 GDPR;
- Public authorities, where there is a legal obligation to disclose the data;
- Where necessary for the establishment, exercise, or defense of legal claims.
The Firm does not transfer personal data to third countries or international organizations outside the European Economic Area.
6. Rights of the Data Subject
Under the GDPR, you have the following rights:
- Right of access to your personal data;
- Right to rectification of inaccurate or incomplete data;
- Right to erasure (“right to be forgotten”), where permitted by law;
- Right to restriction of processing;
- Right to data portability, where applicable;
- Right to object to processing based on legitimate interest;
- Right to complain to the Romanian Supervisory Authority – National Supervisory Authority for Personal Data Processing (ANSPDCP) – www.dataprotection.ro.
To exercise these rights, you may contact us at: office@balog-stoica.com
7. Data Security
The Firm implements appropriate technical and organizational measures to protect personal data, including:
- Encryption of communications (HTTPS);
- Secured access to servers and files;
- Access restrictions to authorized personnel only;
- Internal policies regarding data confidentiality.
8. Use of Cookies
The Website uses strictly necessary session cookies exclusively for the functioning of the contact form and for the Website’s security.
Important: The Website does NOT use:
- Analytics or tracking cookies (e.g., Google Analytics, Facebook Pixel);
- Marketing or advertising cookies;
- Third-party cookies;
- Any other tools designed to track user behaviour.
Cookies Used:
| Name | Purpose | Duration | Legal Basis |
|---|---|---|---|
| PHPSESSID | CSRF protection and spam limitation for the contact form | Session (deleted upon browser closure) | Legitimate interest (Art. 6(1)(f) GDPR) |
Characteristics of the session cookie:
- Does not collect personal data – contains only a random identifier;
- Secure – transmitted exclusively via HTTPS, inaccessible to JavaScript;
- Temporary – automatically expires when the browser is closed;
- Essential for security – prevents CSRF attacks and limits spam.
Legal Basis: Processing is based on the Firm’s legitimate interest (Art. 6(1)(f) GDPR) in ensuring the security of the Website and protecting users’ data against cyber-attacks.
For complete details regarding the use of cookies, please consult the Cookie Policy.
9. Google Maps
9.1. Use of Google Maps
Our website uses Google Maps services to help you locate our office. Google Maps is provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Irlanda).
9.2. Consent-Based Loading
Google Maps does NOT load automatically when you access the page. The map loads only after you provide explicit consent by accepting cookies in the consent banner or by clicking the map-loading button.
9.3. Data Processed by Google
When you load Google Maps, the following data may be transmitted to Google:
- IP address: Identifies your device on the internet
- Browser data: Type and version of your browser
- Operating system: Windows, macOS, iOS, Android, etc.
- Date and time of access
- Referrer URL: The page from which you accessed our website
- Map interactions: Zooming, panning, switching views
9.4. Purpose of Processing by Google
Google processes this data for the following purposes:
- Providing the Google Maps service
- Improving Google products and services
- Personalizing content and advertisements
- Measuring ad performance
- Analyzing the use of Google services
9.5. Cookies Set by Google Maps
Google Maps sets approximately 20 cookies for functionality, authentication, and advertising. The main categories include:
Authentication cookies: SID, HSID, SSID, APISID, SAPISID, __Secure-1PSID, __Secure-3PSID, __Secure-1PAPISID, __Secure-3PAPISID, SIDCC, __Secure-1PSIDCC, __Secure-3PSIDCC (duration: 1–2 years)
Tracking and advertising cookies: NID, __Secure-ENID, AEC, OTZ (duration: 1–6 months)
Technical cookies: SOCS, SEARCH_SAMESITE, __Secure-1PSIDTS, __Secure-3PSIDTS (duration: session – 1 year)
For the complete cookie list, please refer to the Cookie Policy.
Important: The number of cookies may vary depending on:
- Whether you are logged into a Google account
- Your Google account settings (e.g., personalized advertising)
- Your geographic region
- The version of the Google Maps service
9.6. Data Transfers to Third Countries
By using Google Maps, your personal data may be transferred to and processed in the United States of America.
Google relies on the Standard Contractual Clauses (SCCs) approved by the European Commission to ensure lawful data transfers. However, you should be aware that U.S. authorities may access your data under certain circumstances.
9.7. Legal Basis
The processing of data through Google Maps is based on your explicit consent (Art. 6(1)(a) GDPR), which you provide by accepting cookies via the consent banner.
9.8. Withdrawal of Consent
You may withdraw your consent at any time by:
- Opening the cookie banner and adjusting your preferences
- Deleting cookies in your browser
- Clearing data stored in localStorage (browser settings)
- Reloading the page in private/incognito mode
Withdrawing consent does not affect the lawfulness of processing prior to its withdrawal.
9.9. Alternatives
If you prefer not to use Google Maps, you may:
- View our written address on this page
- Use alternative map services (OpenStreetMap, Apple Maps, etc.)
- Contact us directly for directions
9.10. Further Information
For more information on how Google processes your data, please refer to:
- Google Privacy Policy: https://policies.google.com/privacy
- Google Maps Terms of Service: https://www.google.com/intl/ro_ro/help/terms_maps/
10. Changes to the Privacy Policy
The Company reserves the right to update this Privacy Policy to reflect legislative or operational changes. The updated version will be published on this page, with the date of the latest revision indicated.
11. Contact
For any questions regarding this Privacy Policy or GDPR compliance, you may contact:
Balog & Stoica – Attorneys at Law
E-mail: office@balog-stoica.com
Address: 19 Stockholm Street, 011786 Bucharest, Romania