This privacy notice (“Notice”) explains the general principles on how the law firms COBALT (contact information can be found in Section 2.1) (“Firm”, “we”, “our” or “us”), collect and use information when you visit our websites at www.cobalt.legal (“Website”), use any of our services (“Services”) that we provide to you, or if you interact with us in any other way, e.g. contact us via social media pages, participate in our events, apply for a job, etc. For more detailed information on specific data categories, legal basis, processing purposes and data retention periods, please refer to a specific privacy notice listed in Section 4 of this Notice.
By communicating with us through the Website or our Services, you (“Client” or “you”) may be explicitly asked to confirm acceptance of this Notice.
Reference in this Notice to "your Personal Data" means any information that can be used to directly or indirectly uniquely identify, contact or locate you as a private individual (“Personal Data”).
We process Personal Data under this Notice and in accordance with applicable legislation, including the General Data Protection Regulation (2016/679) ("GDPR") and the applicable national data protection laws, as applicable towards the data controllers stated in Section 2 of this Notice (“Data Protection Law”).
In case you disclose any Personal Data regarding any third person (e.g. your employee, management board member, co-worker, contracting party, etc.) to us, you are obliged to refer them to this Notice.
We process your Personal Data on the basis of:
Please see the detailed information about the legal basis and Personal Data being processed for each processing purpose referred to in Section 4 of this Notice.
We limit the processing of your Personal Data to the scope of purpose for which the data was collected. In cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time. However, it may limit the legal services offered to you, if the collection and processing is required by the law.
Access to your Personal Data will be restricted to personnel who are required to process the Personal Data to fulfil their professional responsibilities and their duties to you as the Client. Your Personal Data is not stored or processed longer than is necessary with respect to the data processing purposes that we have referred to as referred above.
We have taken the appropriate technical and organizational measures to ensure the secure processing of your Personal Data. Your data will be processed in such a manner to ensure confidentiality and data integrity.
When providing legal services to our clients, we may be obliged to transfer Personal Data to third parties. This may include data transfer in the context of legal procedure and litigation, as well as generally any legal services that we offer to our Clients. We may transfer your data among COBALT entities, partners, and authorities when we are obliged by the laws and regulations or for the purposes of providing specific legal services.
However, outside of the provision of legal services, we do use the services of certain third parties to ensure the functionality of our services and the Website. We are required to transfer your Personal Data to these third-party service providers (including operational service providers, such as auditors), so that these third parties would be able to provide us with their services. For example, we may transfer your Personal Data to IT services, accounting, security or translation services providers. These third-party services providers are to be considered data processors. The Personal Data that will be transferred to these third-service providers will be limited to the minimum that is required to ensure the provision of third-party services.
We have ensured that all third-party service providers to whom we transfer your Personal Data will follow our instructions with respect to how they process your Personal Data. The transfer of your Personal Data is regulated by the data processing agreements or data processing terms that exist between us and third-party service providers. Any third-party service providers, as data processors, must ensure that they process your Personal Data with the same level of care and diligence as we do and are legally liable to you and to us if the data processors act contrary to those warranties. Furthermore, these third-party service providers are required to implement technical and organizational measures to ensure an equal level of data protection to the one that we bring to our data processing efforts.
If the captures of the event are made public on social media pages administered by Firm, your Event Data may also be processed by third parties. Firm has no substantial control over such processing, thus please get acquainted with the privacy notice of the respective party.
If we use social media to access to statistical data, filtering and targeted marketing tools related to the social media page’s visits, the social media service providers shall be joint-controllers with Firm for processing your Personal Data (as in case with Facebook, Twitter and LinkedIn).
Additionally, we may be required to transfer your Personal Data to other recipients such as local or state authorities, courts, other controllers (such as other law offices) depending on the scope of the Services or the applicable statutory requirements. We may transfer the Personal Data outside of the EU (please see Section 9 of this Notice).
Finally, certain Personal Data can be exchanged between COBALT law firms in Estonia, Latvia and Lithuania to ensure provision of requested legal services.
Most of your Personal Data described in the Notice is submitted to us by you. However, we may also collect and receive your Personal Data from other COBALT offices in Estonia, Latvia and Lithuania to ensure central administrative systems, provision of requested legal services and/or management of personal data processing.
We can also collect your Personal Data from data media created at our request, CCTV and other technical measures and receive it from other sources such as other Clients, social media, publicly available sources if it is necessary for the provision of legal services, for marketing purposes or in case of a dispute with a Client. We might employ a third party to provide remote identification and screening services for the purposes of AML.
We will store the Personal Data that we have acquired in compliance with the applicable legislation of the relevant jurisdiction, and in conformity with the rules of the Estonian, Latvian and Lithuanian Bar Associations. We will retain your Personal Data for no longer than is necessary for the purposes for which they are collected and processed for.
For other purposes the period for which the Personal Data will be stored depends on number of criteria, including:
We retain your personal data referred above within the following terms:
After the retention period mentioned in this section of this Notice, we will delete respective Personal Data, unless we are obliged to retain the Personal Data for longer period in order to comply with obligations deriving from applicable laws or these data are necessary to resolve legal disputes.
Please note that after the retention period mentioned in this section of this Notice or if the legal basis for processing has ceased, we have the right to retain the documents and materials containing the Personal Data in its backup systems, from which the Personal Data will be deleted in the end of the backup retention cycle. We ensure that during the backup period and after the retention period or ceasing of the legal basis, applicable safeguards are in place, the Personal Data is put beyond use in the backup systems and the Personal Data are subsequently deleted as soon as possible, i.e. on our next deletion/destruction cycle.
We primarily store and process Personal Data within the European Union. Nevertheless, it may at times be necessary that your Personal Data is transferred to and stored at a destination outside the European Union, if the Client’s assignment requires legal advice of non-EU lawyers. It may also be processed by data processors operating outside the EU.
We will take all necessary precautions to ensure that your Personal Data is treated securely and in accordance with the applicable Data Protection Laws. For example, we may transfer your Personal Data based on:
Furthermore, in case of data transfers to any other third country which is not covered by the EU adequacy decision, we take utmost care about the security and only transfer the absolutely necessary personal data required for the legal services. In addition, we transfer this data in an encrypted manner, so that it would be useless, if intercepted during the transfer.
Feel free to contact us with regards to any questions, inquiries, requests or complaints with respect to the processing of your Personal Data at: privacy@cobalt.legal.
Last updated: 2022-03-31