How we protect your data in accordance with the General Data Protection Regulation
At Liruwei Accounting, we are committed to protecting your personal data and ensuring compliance with the General Data Protection Regulation (GDPR), which came into effect on May 25, 2018. This page outlines our approach to GDPR compliance and explains how we implement the principles of data protection in our operations.
As a professional accounting firm operating in Romania, we process personal data of our clients, employees, and business partners in the course of our business activities. We recognize our responsibility to handle this data with the utmost care and in accordance with all applicable data protection laws.
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy that applies to all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.
The GDPR aims to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. It enhances individuals' rights with respect to their personal data and imposes strict requirements on organizations that process personal data.
We adhere to the following core principles of GDPR in our data processing activities:
We process personal data lawfully, fairly, and in a transparent manner. We provide clear information about how we collect and use personal data.
We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
We ensure that personal data we collect is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
We take reasonable steps to ensure personal data is accurate and kept up to date. Inaccurate data is erased or rectified without delay.
We keep personal data only for as long as necessary for the purposes for which it is processed. We have established retention periods for different categories of data.
We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
Under GDPR, individuals have enhanced rights regarding their personal data. We respect and uphold these rights, which include:
You have the right to request a copy of the personal data we hold about you and to check that we are lawfully processing it.
You have the right to request that we correct any incomplete or inaccurate data we hold about you.
In certain circumstances, you have the right to request that we delete your personal data. Note that there may be legal or other official reasons why we need to retain your data.
You have the right to request that we suspend the processing of your personal data in certain circumstances.
You have the right to request that we transfer your personal data to you or to a third party. We will provide your data in a structured, commonly used, machine-readable format.
You have the right to object to our processing of your personal data in certain circumstances, particularly for direct marketing purposes.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.
To exercise any of these rights, please contact our Data Protection Officer using the contact details provided below. We will respond to your request within one month of receipt.
Contact Our Data Protection OfficerWe have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
For processing operations that are likely to result in a high risk to the rights and freedoms of individuals, we conduct Data Protection Impact Assessments (DPIAs) to identify and minimize data protection risks. DPIAs are carried out by our Data Protection Officer in consultation with relevant stakeholders.
As an accounting firm operating in Romania, we primarily process data within the European Economic Area (EEA). However, in some cases, we may need to transfer personal data to countries outside the EEA. When we do so, we ensure that appropriate safeguards are in place to protect your data, such as:
We have procedures in place to detect, report, and investigate personal data breaches. In case of a breach that is likely to result in a risk to the rights and freedoms of individuals, we will:
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and implementation to ensure compliance with GDPR requirements. Our DPO serves as a contact point for data subjects and the supervisory authority on matters relating to the processing of personal data.
You can contact our Data Protection Officer at:
Email: dpo@liruwei.com
Phone: +40 21 905 6831
We ensure that all our employees who handle personal data receive appropriate training on data protection principles and practices. Our training program covers:
We regularly update our training materials to reflect changes in legislation and best practices.
When we rely on consent as a legal basis for processing personal data, we ensure that:
For children's data, we obtain parental consent for children under 16, in line with GDPR requirements.
For more detailed information on how we process your personal data, please refer to our Privacy Policy.
If you have any questions or concerns about our GDPR compliance or data protection practices, please contact our Data Protection Officer using the contact details provided above.
If you believe that we have not complied with your data protection rights, you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP):
Address: B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 Bucharest, Romania
Phone: +40 21 905 6831
Email: anspdcp@dataprotection.ro
Website: www.dataprotection.ro
This GDPR Compliance Statement was last updated on February 26, 2025. It is effective as of March 1, 2025.