Privacy policy

D’ORNANO PARTNERS is an international law firm, acting through its respective offices, incorporated and functioning in accordance with the relevant laws of the jurisdictions in which they operate.

The terms “D’ORNANO PARTNERS” and the “Firm” mean one or more of our local offices.

D’ORNANO PARTNERS is committed to protecting personal data provided to us, or obtained or collected by us during the course of our business.

D’ORNANO PARTNERS, as a law firm, processes personal data in the normal course of its activity, ensuring the appropriate protection of any personal data in accordance with the principles set forth in all relevant local data protection legislation, including (EU) Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR“). “Personal data” represents any information relating to an identified or identifiable individual, and an identifiable person is that person that may be identified directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to its physical, psychological, mental, economic, cultural or social identity.

This privacy policy (the “Privacy Policy“) purports to explain our approach in terms of the personal information that we collect or which we have obtained from a third party and the purposes for which we process such information. It concerns the personal data of our clients, business partners, other persons contacting and visiting us and of the representatives thereof, potential employees, interns or associates and it applies to data collected through our website,, as well as to all other personal data we collect through e-mail or other off-line contacts.

The Privacy Policy describes:

  • Who we are
  • What personal data we collect and process or control
  • How and for what purposes we collect personal data
  • How long do we keep your personal data
  • Your rights regarding the personal data
  • How do we share your personal data with third parties
  • Changes to the Privacy Policy

In addition to this Privacy Policy, we may provide additional privacy notices if we deem such appropriate. Such additional privacy notices are to be read together with and should be considered to amend this Privacy Policy.



D’ORNANO PARTNERS is a European legal practice firm operating through its several offices that provide legal services in the respective jurisdiction they operate in (the “Services“).

D’ORNANO PARTNERS SELAS is the data controller responsible for your personal information processed via the website.

Depending on which D’ORNANO PARTNERS entity you contact and/or contract with to provide Services, the following entities may also be data controllers responsible for processing your personal information in relation to the Services:


Address: 31, rue de Penthièvre – 75008 Paris, France


Telephone: +33 1 84 88 36 38


Address: 1061 Budapest, Andrássy út 20. 2/6.


Telephone: +36 1 411 74 00

If you have any questions about this Privacy Policy or want to exercise your rights set out in this Privacy Policy, please refer to one of the contacts listed above. To facilitate the interaction with regard to aspects related to personal data protection, please state in the letterhead/ topic that the letter/ e-mail in question refers to personal data protection.



Depending on various circumstances, the Firm may process both: (i) personal data obtained from you or your authorized representative, and (ii) personal data that was not obtained from you (but from public or other third sources or their respective authorized representatives).

The type of personal data that may be processed by the Firm may include, depending on the circumstances:

  • Contact information, such as: your name, your postal address, e-mail address and telephone number(s), the company you work for, your position or job title;
  • Personal identity information, such as civil status, full name (including your patronym or form of address), birth date and year, gender, picture, and other data included in identity documents or relating to the practice of profession;
  • Technical information, such as information generated by our IT security policy, IT provider, or by your accessing the Internet from our offices, such as IP address, operating system, browser type and version, time zone settings, etc.;
  • Information extracted from the materials and information sent in electronic format;
  • Financial information, such as information on payments, bank accounts;
  • Information that is relevant for the project acceptance procedures, for collaborations or new partners, including financial soundness and reputational aspects;
  • Professional information and information on an individual’s education, employment history and career path (g., CVs);
  • Relevant information as required by Know Your Client and/or Anti-Money Laundering regulations and as part of our client intake procedures. This may possibly include evidence of beneficial owners, their personal data, source of funds, at the outset of and possibly from time to time throughout our relationship with clients, which we may request and/or obtain from third party sources. The sources for such verification may comprise documentation which we request from you or through the use of online sources or both;
  • Information you provide to us for the purposes of attending meetings and events, including dietary requirements which may reveal information about your health or religious beliefs;
  • For clients and prospects, we also collect information to enable us to market our products and Services which may be of interest to you, such as areas or topics of interest;
  • Other personal information provided to us by or on behalf of our contract partners or obtained by us from public sources;
  • Any other information pertaining to you which you may provide to us, or which can come to our attention indirectly, and which may also include special categories of data;
  • We might also need to process personal information in relation to other third parties instructed either by our Clients or other persons or companies involved in providing the Services to our Clients.

This is a non-exhaustive list which is reflective of the varied nature of the personal information processed by a law firm for providing legal services.



Purposes for the Processing of your Personal Data

We may use your personal data for the following purposes (“Permitted Purposes“):

  • To verify your identity;
  • To providing the Services;
  • To manage the contractual relationship with our Clients;
  • To comply with our legal obligations;
  • For recruitment purposes;
  • To managing the security and access to our premises, the use of the Firm’s IT systems (g., website, data management platforms, communication systems), including the prevention and detection of security threats, fraud or other unauthorized or malicious activities;
  • For the purpose of complying with any applicable law, court order, other judicial process, or the requirements of a regulator that are binding on us;
  • To analyse and improve our Services and communications to you;
  • Based on your consent, we may send you various communications through the channels you have approved, to keep you up to date on the latest legal developments, announcements and other information about the Services, events and projects of the Firm (including briefings and newsletters), if permitted in the jurisdictions in which we operate; and
  • For any purpose related and/or ancillary to any of the above or any other purpose for which your personal data were provided to us, in compliance with the applicable law.
  • We may only send you marketing materials if you grant us your consent to do so (as long as such is permitted in the jurisdiction it. You may unsubscribe at any time by sending an email to:

Processing Grounds

Any data processing activity of your personal data is performed under one of the following legal bases:

  • you provided consent to it for the specific purpose;
  • it is necessary to fulfil the agreement concluded with you in provision of our Services;
  • it is necessary for the legitimate interests of the Firm or of a third party (g., when processing is necessary for the performance of a contract concluded with your organisation);
  • it is necessary for compliance with a legal obligation of ours; and/or
  • it is necessary to protect your or another individual’s vital interests.

For special categories of personal data (including sensitive data), processing may be carried out only if, in addition to a general legal basis for data processing, one the following specific processing conditions are met:

  • We have a legal obligation to process such data categories;
  • Processing is necessary for the establishment, exercise or defence of legal claims.

Most of the personal data processing operations performed by the Firm in relation to individuals outside the Firm are related to purposes based on legitimate interests, such as:

  • The proper performance of contracts with Clients or other contractual partners;
  • The proper performance, development, protection and promotion of its activities as per the Firm’s scope of activity;
  • Promoting the Firm’s brand, expertise and reputation, within the limits of the law and the rules applicable to the profession;
  • Developing and implementing efficient relations with suppliers, collaborators and other contractual partners;
  • Developing and maintaining an adequate IT and communication infrastructure;
  • The proper organization of the Firm’s activity, management and maintenance of know-how databases, correspondence and archives;
  • Maintaining the safety and security of the Firm’s staff, premises, assets and operations;
  • Exercising the Firm’s legal and contractual rights and in defending them before the relevant courts and authorities, including, if the case, through receivable recovery activities or the preservation of potential means of evidence;
  • Promoting and maintaining relations with the professional bodies, public authorities and other relevant stakeholders, including with other law firms from Romania and abroad;
  • Supporting the community by promoting fair values in the society, including by supporting social cases, cultural events or educational, scientific or anniversary events, within the limits permitted by law.



Your personal data may be stored for periods of time in accordance with the following criteria: (i) the terms imposed by specific laws; (ii) as the case, the term of collaboration requires; (iii) terms while legal liability could be triggered at the initiative of or against the Firm; and (iv) the term necessary for anonymization or erasure of such data.

We will cease any processing of your personal data when it is no longer reasonably required for the Permitted Purposes or when you withdraw your consent (if applicable) and (i) there are no compelling legitimate grounds for the Firm to continue processing of your personal data, including the Firm’s legal obligation to continue storing such data; or (ii) if the personal data are no longer necessary to us for the establishment, exercise or defence of legal claims.



You, as data subject, have a series of rights, as follows:

  • Right of information – you have the right to receive information on facts concerning the processing of your personal data, prior to the commencement of the data processing.
  • Right of access – you may ask for details of information we hold about you and request a copy of such data;

This right allows you to obtain confirmation that your personal data is being processed by us and, if affirmative, the relevant details of such processing activities.

  • Right to rectification – you may request us to correct or amend your personal data if inaccurate;
  • Right to erasure (“right to be forgotten”) – you may request us to delete your personal data;

This right allows you to obtain the erasure of your personal data in certain cases (e.g., if the data is no longer necessary in relation to the Permitted Purposes for which it was collected). The right to data erasure has the following limits: (i) the existence of a legal basis other than the consent for personal data processing; (ii) the existence of legitimate reasons of the Firm that would prevail in relation to the personal data processing; (iii) in cases where personal data processing implies the exercise of the right to free expression and information; (iv) in cases where personal data processing implies compliance with a legal obligation or the performance of a task carried out in the public interest or in the exercise of official authority; (v) for public interest reasons in the public health area; (vi) for archiving in public interest, for scientific or historical research or for statistical purposes; (vii) in case of personal data processing that implies the establishment, exercise or defence of legal claims.

  • Right to restriction – you may request us to stop the transferring of your personal data to third parties in certain cases (such as if the processing may be unlawful, the data is unaccurate or the transfer is no longer necessary);

This right allows you to obtain the restriction of processing your personal data in certain cases, such as: (i) for a period enabling the controller to verify the accuracy of the personal data; (ii) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead; (iii) the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims; or (iv) the data subject has objected to processing pursuant to Article 21 para. (1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

  • Right to object – you may object to further processing of your personal data;
  • Right to data portability – you may request your personal data to be provided to you, in a structured, commonly used and machine-readable format or to transmit this data to another data controller;

The right to data portability does not apply where: (i) data processing is not based on a consent or contract; or (ii) data processing is not performed by automated means.

  • Right to withdraw one’s consent – if your personal data was processed based on your consent, you may decide to withdraw your consent by sending an email to In this case, we will no longer process your personal data based on such ground.

Please note that consent withdrawal does not affect the legality of a processing operation performed based on such consent before it was withdrawn or of a processing operation performed on another basis (i.e., legitimate interest).

  • Right to lodge a complaint with the data protection authority.

You may exercise your aforementioned rights and find out more about such rights by filing with us, as data controller, a written request at the addresses provided in Section (1) of the Privacy Policy or by e-mailing us as

We are committed to always treat your requests with the utmost attention and address any queries you may have in the shortest time possible.

However, should the Firm have well-grounded doubts in relation to the identity of the person who submits a request for the exercise of his/her rights, we may request for additional information required to confirm the data subject’s identity.

D’ORNANO PARTNERS is an international law firm and any information that we collect or that you provide to us may be shared and processed by any D’ORNANO PARTNERS entity.



We may also share personal information with a variety of the following categories of third parties as necessary (please note this list is non-exhaustive and there may be other examples where we need to share with other parties to provide Services effectively):

  • Our professional advisers such as lawyers, accountants and other specialists;
  • Government or regulatory authorities;
  • Professional indemnity or other relevant insurers;
  • Third parties to whom we outsource certain services such as, without limitation, IT systems, software and cloud providers, accounting, insurance, document processing and translation services, confidential waste disposal, IT systems or software providers, IT support service providers, document and information storage providers, postal services;
  • Other contractual partners and their contractors, as well as catering companies or companies involved in the organization of events or in the sending of invitations or other communications;
  • Judicial and arbitration courts, as well as regulators/tax authorities/corporate registries judicial and other public authorities and institutions;
  • Other third parties engaged in the course of the Services we provide to Clients, such as counsel, arbitrators, mediators, clerks, witnesses, cost draftsmen, court, opposing party and their lawyers, document review platforms and experts such as tax advisors or valuers;
  • Other persons in the entity you represent/with which you work/you are registered;
  • Third party service providers to assist us with client insight analytics, such as Google Analytics.



Our website uses cookies. Cookies are small, often encrypted text files, located in browser directories that collect and store information (such as browsing history) about you when visiting our website. The information the cookies collect are anonymous.For further information on cookies do not hesitate to visit



Our Privacy Policy may be amended from time to time, including as required to comply with changes in applicable law or regulatory requirements. Such changes will be reflected herein. We encourage you to review this Privacy Policy periodically to be informed of any updates in personal data processing.

Please note that the local offices’ data handling specificities are set out in the respective engagement letters, as required by local law.


Scroll to Top