Privacy and Cookie policy

COBALT offices in the Baltics and Belarus care about your privacy and the protection of your personal data.

This privacy policy (the “Policy”) explains how the law firm COBALT (contact information below) (“Firm”, “we” or “us”) collects and uses information when you use any of the services located on our website at www.cobalt.legal (the “Website”) or if you use any other services (the “Services”) that we provide to you.

By using or interacting with the Website or our Services, you, as a user of our website or as our client, (“User”, “Client” or “you”) agree to the provisions of this Policy and confirm that you have read and understood all of the provisions stated in the Policy.

We process Personal Data under this Privacy Policy and in accordance with applicable legislation, including the General Data Protection Regulation (2016/679) (the "GDPR") and the applicable national data protection laws in Estonia, Latvia, Lithuania, and Belarus (“Data Protection Law”).

We are committed to ensuring the privacy and confidentiality of the information pertaining to our clients, potential clients, their affiliates and affiliated individuals, and to adhering to the policy set out below in congruence with our professional responsibilities and the applicable Data Protection Laws. Reference in this policy to "your Personal Data" means any information that identifies, or could reasonably be used to identify, you as one of the aforementioned persons (“Personal Data”).

We are the controller of the Personal Data that falls under the scope of this Policy.

1. The scope of the Policy

This Policy describes how we process Personal Data in connection with:

  • all matters related to our clients, former clients and potential clients;
  • newsletters and marketing information;
  • recruitment processes;
  • the cookies that are used on our Website;
  • all of our statutory obligations with respect to the GDPR, any relevant Data Protection Law, and any other laws and regulations that may be applicable (including our obligations with respect to anti-money laundering (“AML”) or know-your-customer (“KYC”) procedures).

2. Purposes, means and retention terms of data processing

a)    News, publications and events: We will the use the information that you have provided to send you news about the latest developments at the Firm, the scope of services than we can provide to you, as well as information about any upcoming events that may be of interest to you, including educational seminars. We will use your Personal Data for this purpose until you inform us that you no longer wish to receive such information from us. We may use your name, title, position, your e-mail address, any provided phone numbers, your address and other information that can be used to contact you for the sake of providing you with this information.

b)    Cookies: We use cookies to obtain information about your use of our Website. Cookies allow us to provide you with a more streamlined and accessible experience when using the Website. The information generally does not comprise any data that would allow us to individually identify you as a natural person. We will process your data using cookies for the duration of the period in which you have granted us consent. 

c)    Recruitment: We use the Website and other contact channels that are listed on the Website to collect information about your employment or internship application. We will utilize the Personal Data that has been included in any and all of the documents that you have provided to us in your application. The application will be processed to determine whether your application matches the needs of the Firm. We will retain the data that we have obtained via our recruitment processes for as long as necessary to evaluate the application and in accordance with all relevant laws and regulations. Furthermore, we may ask for your consent to retain your Personal Data for some time after we have evaluated your application.

d)    Legal services: We collect information that has been provided by our client or on behalf of our clients, or information that we acquire independently within the scope of providing professional legal services. This collection of Personal Data is necessary to fulfil the obligations that we have towards our clients, and in our legitimate interest as a law firm to legal counsel to our clients and potential clients. As per our professional responsibilities, we will take the utmost care to ensure the confidentiality and integrity of the Personal Data of our clients, potential clients and former clients.

When providing legal services, we may supplement the Personal Data that you have provided to us directly with personal data that has been obtained from other sources.

When providing legal services, we process Personal Data to fulfil our AML and KYC obligations. Moreover, we will use the data to check for any conflicts of interest, as is our legal responsibility. We will store the data that we have acquired in compliance with the applicable legislation of the relevant jurisdiction, and in conformity with the rules of the Belorussian, Estonian, Latvian and Lithuanian Bar Associations.

3. The legal basis for processing your Personal Data

We process your Personal Data on the basis of:

  • your consent;
  • legal agreement between us that establishes a basis for data processing;
  • legal obligations to which we are subject; and / or
  • our legitimate interest to ensure the quality of our legal services.

We limit the processing of your Personal Data to the scope of purpose for which the data was collected. Access to your Personal Data will be restricted to personnel who are required to process the Personal Data to fulfil their professional responsibilities and their duties to you as the Client. Your Personal Data is not stored or processed longer than is necessary with respect to the data processing purposes that we have listed above.

We have taken the appropriate technical and organizational measures to ensure the secure processing of your Personal Data. Your data will be processed in such a manner to ensure confidentiality and data integrity.

4. The transfer of your Personal Data to third parties

When providing legal services to our clients, we are obliged to transfer Personal Data to third parties. This may include data transfer in the context of legal procedure and litigation, as well as generally any legal services that we offer to our Clients.

However, outside of the provision of legal services, we do use the services of certain third parties to ensure the functionality of our services and the Website. We are required to transfer your Personal to these third-party service providers, so that these third parties would be able to provide us with their services. These third-party services providers are to be considered data processors. The Personal Data that will be transferred to these third-service providers will be limited to the minimum that is required to ensure the provision of third-party services.

We have ensured that all third-party service providers to whom we transfer your Personal Data will follow our instructions with respect to how they process your Personal Data. The transfer of your Personal Data is regulated by the data processing agreements or data processing terms that exist between us and third-party service providers. Any third-party service providers – as the data processors, must ensure that they process your Personal Data with the same level of care and diligence as we do and are legally liable to you and to us if the data processors act contrary to those warranties. Furthermore, these third-party service providers are required to implement technical and organizational measures to ensure an equal level of data protection to the one that we bring to our data processing efforts.

5. Your rights as a data subject

We have a legal obligation to ensure that your Personal Data is kept accurate and up to date. We kindly ask you to assist us to comply with this obligation by ensuring that you inform us of any changes that have to be made to any of your Personal Data that we are processing.

You may, at any time, exercise the following rights with respect to our processing of your Personal Data:

a)    Right to access: You have the right to request access to any data that can be considered your Personal Data. This includes e.g. the right to be informed on whether we process your Personal data, what Personal Data categories are being processed by us, and the purpose of our data processing.

b)    Right to rectification: You have the right to request that we correct any of your Personal Data if you believe that it is inaccurate or incomplete.

c)    Right to object: You are entitled to object to certain processing of Personal Data, including for example, the processing of your Personal Data for marketing purposes or when we otherwise base our processing of you on a legitimate interest.

d)    Right to erasure: You may also request that your Personal Data be erased if the Personal Data is no longer necessary for the purposes for which it was collected, or if you consider that the processing is unlawful, or if you consider that the Personal Data has to be erased to enable us to comply with a legal requirement.

e)    Right to data portability: If your Personal Data have is being automatically processed with your consent or on the basis of a mutual contractual relationship, you may request that we provide you that Personal Data in a structured, commonly used and machine-readable format. Moreover, you may also request that the Personal Data is transmitted to another controller. Bear in mind that the latter can only be done if that is technically feasible.

f)     Right to withdraw your consent: In cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time.

g)    Opt-out from marketing: We will also give you the opportunity to opt out of our communication with you whenever we send you information about the Firm, the events that we organize or any other information that we believe may be of interest to you. Additionally, you can also opt out at any time by contacting us.

When providing legal services to our Clients, there may be circumstances where our statutory obligations, as well as the rules of the respective Bar Association of the jurisdiction, prohibit us from disclosing or erasing the data that we store and process. Moreover, such laws, regulations or rules may prevent you from exercising other data subject rights as well.

If you have complaints on how we process your Personal Data, or you would simply like to know more about our data processing activities, feel free to contact us at any time by using the information noted in the last section of this Policy.

You do have the right to lodge a complaint with a Data Protection Authority (“DPA”) if you think that your Personal Data is being processed incorrectly or your data subject rights have been violated by us. You can lodge a complaint by contacting the DPA that is local to your jurisdiction i.e. the location of the alleged violation of your data subject rights or the inappropriate processing or your data, or the place you live and work.

This is the list of DPAs that are relevant to the scope of this Policy:

6. The location of the processing of your data

We primarily store and process Personal Data within the European Union. Nevertheless, it may at times be necessary that your Personal Data is transferred to and stored at a destination outside the European Union. It may also be processed by data processors operating outside the EU.

By submitting your Personal Data to us or by consenting to the processing of your Personal Data you agree to the processing of your data, including both data storage and data transfer, outside the EU for the purposes set out in this Policy. We will take all reasonably necessary precautions to ensure that your data is treated securely and in accordance with the applicable Data Protection Laws. We will not store any of your Personal Data longer than necessary to fulfil the purposes set out in this Policy. For example, we may transfer your Personal Data based on:

  • an adequacy decision by the European Commission;
  • standard data protection clauses elaborated by the European Commission;
  • standard data protection clauses elaborated by a DPA;
  • using other possible safeguards and derogations where it is allowed by the applicable laws.

As with all of your Personal Data, you may request that we inform you on the details of the processing of your Personal Data on the basis of Article 15 of the GDPR. You may, as with the exercise of any your rights as a data subject, do so by contacting us via the information that has been provided at the end of this Policy.

7. The cookies used to process your Personal Data

A cookie is small file of letters and numbers (less than 1 kB) that our website asks your browser (for example, Internet Explorer, Chrome, Firefox, Safari or Opera) to store on your computer or mobile device. The cookie remembers your actions and preferences and enables us to provide you with the best possible experience while browsing our website. Without cookies, the full functionality of our website would be unavailable.

The cookies will be used to recognize you as having previously visited, to help collect of statistics on website traffic, and to improve the navigation experience for the user. For these purposes, COBALT uses the following cookies:

  • Session cookies: ses [number] cookie is used to maintain the functionality of our website. It allows the website operator to link your actions to a browser session, which starts and ends when you open and close the browser window, respectively. ses [number] cookie consists of temporary information and is erased once you exit your browser.
  • Persistent cookies: Google Analytics (_ga, _gat) cookies are used to improve our website by analysing user behaviour. These cookies provide us with information such as the number of website visitors, the pages they visit and the total length of time spent on our website. All the information collected by _ga and _gat cookies is aggregated with similar information received from other users and is therefore anonymous. We do not identify individual visitors. _ga cookie expires in two years, but _gat cookie – in ten minutes.

Unless you have set your browser to decline all or certain type of cookies, our cookies will be issued to you as soon as you visit our website.

Most browsers allow you to control cookies through their settings preferences. If you prefer not to receive cookies, you may set your browser to refuse all cookies or send an alert when a cookie is issued.

More information about how to manage cookies preferences on the most popular browsers can be found here:

8. Contacts

Feel free to contact us with regards to any questions, inquiries, requests or complaints with respect to the processing of your Personal Data at: privacy@cobalt.legal

9. Changes to the Policy

We may make any changes to this Policy as we see fit. If the Policy has been changed in any way, then the newest edition of this Policy will be published on our website. We encourage you to check whether any changes have been made to the Policy from time to time.

10. Our entity information

COBALT Estonia

Kawe Plaza, Pärnu mnt 15

10141 Tallinn

Tel +372 665 1888

tallinn@cobalt.legal

COBALT Latvia

Marijas iela 13 k-2

LV-1050 Riga

Tel +371 6720 1800

riga@cobalt.legal

COBALT Lithuania

Lvovo 25

LT-09320 Vilnius

Tel +370 5250 0800

vilnius@cobalt.legal

COBALT Belarus

Belarus

Pobediteley Ave 100-207

220020 Minsk

Tel +375 17 336 0093

minsk@cobalt.legal