Category: News

bpv GRIGORESCU ȘTEFĂNICĂ advised Autonom International on its investment in Eazy Insurance

bpv GRIGORESCU ȘTEFĂNICĂ advised Autonom International, part of Autonom Group, on its investment in the Romanian insurance company Easy Insurance. The transaction was signed on March 5, 2025, and is pending approval by the Financial Supervisory Authority (ASF) and other relevant regulatory authorities.

Known for its expertise in the automotive industry, the Autonom Group is joining Eazy Insurance as a portfolio investor. Without having any executive involvement in the company’s management, the investors will also support the company’s development through their know-how in the insurance services field. The Autonom Group also includes Autonom Services, one of the most prominent companies in the operational leasing and car rental market.

Our involvement in this transaction included advising the company and its founders on various legal and tax issues, including due diligence, negotiation, documentation drafting and regulatory approvals.

“Autonom Group’s investment in Eazy Insurance demonstrate our client’s dedication to supporting innovation in complementary mobility and financial services. We are happy and honoured to be involved in this transaction and grateful for our client’s trust”, said Cătălin Grigorescu, managing partner, bpv GRIGORESCU ȘTEFĂNICĂ.

Our team included Cătălin Grigorescu, managing partner and leader of the technology transactions practice, Anamaria Rotariu, associate, and Angelina Dănăilă, associate, in the corporate transactions practice, among other members of the team.

Our Corporate Transactions team has recently been involved in some of the most high-profile transactions in the field, including:

▸ Footprints AI in connection with an investment round led by Catalyst Romania Fund II;

▸ SARMIS Capital on the acquisition of Total Technologies to strengthen Smart ID’s position as a regional leader in the industrial technology and automation market;the private equity firm Omnia Capital on its investment in the digital shipping house Cargo Buddy;

▸ Creatopy and its co-founders in a $10 million Series A funding round;

▸ Softelligence and its shareholders in connection with its acquisition by the US company Encora Holdings Limited, part of the Encora Group;

▸ Ziegler Group in its acquisition of HS Timber Productions in Sebeș, Romania;

▸ the private equity firm OMNIA CAPITAL in its acquisition of the road transportation company Dumagas from the private equity fund Bancroft;

▸ the company VERIDION (formerly Soleadify), its founders, as well as the venture capital fund LAUNCHUB Ventures and other participants in a USD 6 million financing round;

▸ software and infrastructure company INCRYS in connection with acquiring information technology services company USOURCE;

▸ Innoship and its shareholders on the acquisition of a majority stake in Innoship by the private equity fund Abris Capital.

Lex RES III passed with individual self-assessment of adequacy

On 29 January 2025, we informed you about further developments in the legislative process of adopting the amendment to the Energy Act, which is commonly known as “Lex RES III“. One of the main objectives of the amendment in question is to respond to current European trends in the energy sector, which include, for example, the introduction of legislation related to energy storage, flexibility aggregation, energy sharing and further increase in support for renewable energy production.

Lex RES III was a target of several amendments, one of which introduced an individual internal rate of return threshold and a reporting obligation for PV plants built in 2009-2010 with a capacity of more than 30 kWp.

However, this proposal did not pass the Senate and was deleted from the “Lex RES III”. In this form, the Lex RES III was returned to the Chamber of Deputies for a second vote, which occurred on 4 March 2025. However, during the vote, the Senate’s proposal to delete the obligation of individual self-assessment of adequacy for PV plants with the above-mentioned parameters was outvoted.

Currently, the obligation of (individual) yield reporting will become part of the Energy Act after the draft amendment to the Energy Act Lex RES III is signed by the President of the Czech Republic. However, the Minister of Industry and Trade, Lukáš Vlček, announced during a debate in the Chamber of Deputies that he wants to increase the threshold for individual self-evaluation of adequacy from the current 30 kWp to 145 kWp in the next amendment to the Energy Act known as “Lex Gas”.

We will keep you informed about whether this change in „Lex Gas” will take place, as well as about the further progress of the adoption of “Lex Gas”.

This material is for general information on current topics only, it is not advice. It does not take into account any special circumstances, financial situations or special requirements of the addressees. Recipients should therefore always seek appropriate professional services for the information provided. Notwithstanding the careful compilation of this material, bpv Braun Partners s.r.o. advokáti, its partners, associates or co-operating solicitors and tax advisers cannot guarantee the accuracy or completeness of the information contained herein and accepts no responsibility for acting or refraining from acting on the basis of the information contained in this material.

bpv GRIGORESCU ȘTEFĂNICĂ advised Romanian retail media company FOOTPRINTS AI on investment by Catalyst Romania Fund II

bpv GRIGORESCU ȘTEFĂNICĂ advised the Romanian retail media company FOOTPRINTS AI (www.footprints-ai.com) on its latest investment round led by Catalyst Romania Fund II, with participation from Seedblink retail investors.

This round of investment aims to support the international expansion plans of Footprints’ AI-powered retail media platform, which helps offline retailers identify new potential customers and anticipate their consumer behaviour by analysing data from online and offline sources in a unified manner.

Our involvement in this investment round included advising the company and its founders on various legal and tax aspects related to the transaction’s negotiation, documentation and implementation.

“We have accompanied Footprints AI and its founders on their journey with business and legal advice since the early days of the company. We are glad to see that reputable investors believe in their vision, product and team. We are pleased to have been involved in this latest milestone and leverage both our transaction experience and our technology expertise to help the deal advance and complete,” said Cătălin Grigorescu, managing partner, bpv GRIGORESCU ȘTEFĂNICĂ.

“bpv GRIGORESCU ȘTEFĂNICĂ has been with Footprints AI since the beginning of 2017, providing us with the strategic expertise needed in a complex, new field where advanced technologies, data and AI define the future. Our partnership is natural, based on trust and shared vision, and choosing them for this new phase of our company came naturally”, said Dan Mărculescu, CEO; Footprints AI.

Our team included Catalin Grigorescu, managing partner and head of the technology transaction practice and Matei Tomi, associate in the corporate transactions practice.

Our Technology Transactions practice has been involved in some of the most prominent sector transactions recently, including:

▸ SARMIS Capital on the acquisition of Total Technologies to strengthen Smart ID’s position as a regional leader in the industrial technology and automation market;

▸ the private equity firm Omnia Capital on its investment in the digital shipping house Cargo Buddy;

▸ Creatopy and its co-founders in a $10 million Series A funding round;

▸ Softelligence and its shareholders in connection with its acquisition by the US company Encora Holdings Limited, part of the Encora Group;

the company VERIDION (formerly Soleadify), its founders, as well as the venture capital fund LAUNCHUB Ventures and other participants in a USD 6 million financing round;

▸ software and infrastructure company INCRYS in connection with acquiring information technology services company USOURCE;

▸ Innoship and its shareholders on the acquisition of a majority stake in Innoship by the private equity fund Abris Capital.

bpv Huegel advises EAVISTA on the acquisition of the majority stake in card complete Service Bank AG

EAVISTA is acquiring 75.1% of the shares in card complete Service Bank AG from UniCredit Bank Austria and Raiffeisen Bank International.

Vienna, 19 February 2025. bpv Huegel advises EAVISTA Beteiligungsverwaltungs GmbH on the acquisition of 75.1% of the shares in card complete Service Bank AG. card complete Service Bank AG is a leading provider of credit card and payment solutions for private and corporate customers.

The share purchase agreement was concluded on Monday this week, with UniCredit Bank Austria AG (50.1%) and Raiffeisen-Invest-Gesellschaft m.b.H. (25.1%) (group company of Raiffeisen Bank International AG) selling their shares to EAVISTA. AVZ GmbH (AVZ Privatstiftung) remains as shareholder. Closing of the share purchase agreement is expected to take place after approval by the regulatory authorities.

For the credit card portfolios of customers of UniCredit Bank Austria and banks of the Austrian Raiffeisen sector the two selling shareholders (UniCredit Bank Austria and Raiffeisen Bank International) entered into an agreement with card complete to offer credit cards directly to those customers.

EAVISTA Beteiligungsverwaltungs GmbH is owned by Arif Babayev, a British entrepreneur, and is managed together with Nurlan Zhagiparov, co-founder of the UK-based payment services provider DNA Payments Limited. The two experts in financial technology and innovation have more than 20 years of experience in the banking and financial services industry.

The team of bpv Huegel guided us to the signing of this transaction with their outstanding market and in-depth transactional expertise in the banking and payment services sector,” comments Arif Babayev.

We are very pleased to have supported EAVISTA with the experienced team around Arif Babayev and Nurlan Zhagiparov in this landmark transaction in the Austrian payment services industry”, emphasises Christoph Nauer, partner at bpv Huegel leading on the transaction.

card complete

For more than 40 years, card complete has played a leading role in shaping cashless payment transactions in Austria. As the only fully integrated services provider in Austria and one of the top providers in the market, card complete combines with the strategy “complete” all elements of the cashless payment value chain – from the processing of card-based payment transactions and a versatile product range of credit cards to acquiring solutions for stationary point-of-sale and e-commerce. The highest level of security and service in all matters is top priority. card complete offers credit cards from Visa, Mastercard and, exclusively, Diners Club. With its nationwide network of acceptance partners, it accepts Visa, Visa Debit, V PAY, Mastercard, Mastercard Debit, Maestro, JCB, Diners Club, Discover, American Express, UnionPay, Bluecode and Alipay. Diners Club has been a fully integrated member of card complete Service Bank AG since October 2022. DC elektronische Zahlungssysteme GmbH also belongs to the card complete group. www.cardcomplete.com

Transaction team of bpv Huegel

The transaction team of bpv Huegel, led by Christoph Nauer (Corporate/M&A, Finance&Regulatory) and Thomas Lettau (Corporate/M&A), included Barbara Valente (Corporate/M&A, Finance&Regulatory), Roland Juill (Corporate/M&A), Nicolas Wolski (Tax), Kornelia Wittmann (Tax, Finance&Regulatory), Gerhard Fussenegger, Philipp Stengg (both Merger Control/FDI), Ingo Braun (Finance & Regulatory), Johannes Mitterecker (Corporate/M&A), Paul Pfeifenberger (Labour Law), Walter Niedermueller (Labour Law), Sonja Duerager (Data Protection, IP/IT), Tim Pasternak (Corporate/M&A), Lucas Hora (Corporate/M&A, Tax Law), Daniel Maurer (Corporate/M&A).

A team from DORDA, led by Christoph Brogyányi and Christian Ritschka, advised UniCredit Bank Austria AG. Binder Grösswang (Thomas Schirmer and Mona Holzgruber) represented Raiffeisen Bank International AG on the transaction.

Press release

bpv Huegel advises founder and shareholders on the sale of all shares in EVK DI Kerschhaggl GmbH to Headwall Photonics, Inc.

17 January 2025. The bpv Huegel team led by Elke Napokoj advised the founder and the shareholders of EVK DI Kerschhaggl GmbH (“EVK”). The bpv Huegel team provided comprehensive advice including deal structuring, contract drafting, contract negotiations and all steps up to the closing.

EVK is an Austria-based technology company specializing in industrial sensor-based sorting and inspection systems. Among other applications, EVK’s innovative technology is used in food processing, plastics recycling and material sorting.

Headwall Photonics, Inc. (“Headwall”), part of the Headwall Group and a portfolio company of Arsenal Capital Partners, an American private equity fund, is a global leader in high-performance spectral imaging solutions and optical components.

EVK’s innovative hyperspectral and inductive sensor technologies as well as data analysis expertise complement Headwall Group’s existing products and commitment to advancing hyperspectral imaging applications and AI-driven interpretation software in machine vision and remote sensing markets.

The transaction was closed on 31 December 2024.

Advisors to EVK: bpv Huegel – Elke Napokoj (Lead, Corporate/M&A), Victoria Huf (Corporate/M&A), Sonja Dürager (IP/IT), Astrid Ablasser-Neuhuber (Competition Law), Gerhard Fussenegger (Competition Law), Sebastian Reiter (Competition Law), Walter Niedermüller (Labour Law), Raphael Lehner (Corporate/M&A).

EVK M&A Team: Rabel & Partner GmbH Wirtschaftsprüfungs- und Steuerberatungsgesellschaft – Markus Pellet.

Advisors to the Buyer: Schönherr Rechtsanwälte.

Press release

 

bpv BRAUN PARTNERS advised CREDITAS Group on its expansion into the energy market in Poland

We advised CREDITAS Group on successful acquisition of a 100% stake in the Polish energy group DUON, one of the largest private gas distributors in Poland.

DUON Group is being acquired by CREDITAS from Infracapital, an infrastructure equity investment fund belonging to M&G Plc, one of the largest and longest established investment houses in the UK with over 90 years of experience.  DUON Group currently has more than 800 kilometres of gas pipelines in Poland. Its assets include 12 networks connected to the national gas grid and it operates a fleet of 24 LNG-based cryogenic trailers and 20 gas regasification stations. DUON supplies gas to more than 11,000 customers.

bpv BRAUN PARTNERS played a leading role in this international transaction and provided comprehensive legal advice and assistance in all negotiations and preparation of complete transaction documentation, including extensive due diligence and representation in acquisition financing by a syndicate of banks led by Komerční banka, a.s. The total value of the transaction has not been disclosed.

Legal advice throughout the transaction was provided by the team of bpv BRAUN PARTNERS consisting of David VosolPavel VintrDavid Plevka and Ivana Horáková. David Vosol, partner at bpv BRAUN PARTNERS, comments the successful transaction: “A big thank you to our entire team and to the team of the cooperating Polish law firm Domański Zakrzewski Palinka and the British law firm Watson Farley & Williams, with whom we continued our successful series of advisory services within the CREDITAS Group projects.

More information about transaction here.

bpv Huegel advises RWA eGen on the purchase of the shares in RWA AG held by BayWa AG

BayWa AG is selling its international shareholding in RWA AG to co-shareholder RWA eGen as part of its transformation concept.

08 January 2025. A transaction team of bpv Huegel advised RWA Raiffeisen Ware Austria Handel und Vermögensverwaltung eGen (RWA eGen) on the acquisition of shares in RWA Raiffeisen Ware Austria Aktiengesellschaft (RWA AG) from BayWa Aktiengesellschaft (BayWa AG). The sale of key international holdings such as RWA AG is part of the transformation concept of stock-listed BayWa AG.

RWA eGen is acquiring the approximately 47.53% stake in RWA AG at a purchase price of EUR 176 million, thereby increasing its current stake of around 49.99% in RWA AG. On 27 December 2024, the share purchase agreement was concluded between BayWa AG, its wholly owned subsidiaries BayWa Austria Holding GmbH and BayWa Pensionsverwaltung GmbH on the one hand, and a holding company of RWA eGen on the other. RWA eGen also holds the majority stake in Raiffeisen Agrar Invest AG, which is the second-largest shareholder in BayWa AG with a stake of around 28.3%. The closing of the share purchase agreement is subject to, inter alia, merger control approvals.

RWA AG operates as a producer, service provider and retailer in the business areas of agriculture, technology, energy, building materials and home & garden. As the umbrella organisation of the Austrian Lagerhaus cooperatives, RWA AG provides them with a comprehensive range of services in the aforementioned areas. In addition, RWA AG holds a wide range of participations and subsidiaries in Austria and selected Eastern European countries.

The transaction team at bpv Huegel, led by partners Christoph Nauer (Corporate/M&A, Capital Markets), Thomas Lettau (Corporate/M&A) and Astrid Ablasser-Neuhuber (Merger Control), included Nico Wolski (Tax), Johannes Mitterecker (Corporate/M&A), Ingo Braun (Finance & Regulatory), Roland Juill (Corporate/M&A, Capital Markets), Barbara Valente, Anna Zirkler, Daniel Maurer, Patrick Nutz-Fallheier (all Corporate/M&A), Stefan Holzweber and Philipp Stengg (both Merger Control).

RWA eGen was advised on German law by FPS Rechtsanwälte, Frankfurt (Daniel Herper). BayWa AG was advised by a team from Jones Day, Munich (Maximilian P. Krause, Alexander Ballmann, Jürgen Beninca).

Press release

 

AI systems & GDPR rules – How do they fit together? – Part II

In this constantly evolving tech landscape, artificial intelligence („AI”) is also transforming the employment scene, redefining roles and interactions within the workplace. As algorithms and human expertise join forces, AI boosts its efficiency and the level of precision, while human intuition still thrives in uncertain situations. The result? A dynamic, hybrid workforce where cutting-edge technology and human insight work hand in hand, driving productivity and also shaping the future of work.  

This is the second part, realized by bpv GRIGORESCU STEFANICA lawyers, Diana Ciubotaru (Associate) and Silvana Curteanu (Associate), on the AI & GDPR interplay, where we delve deep into the most significant topics concerning the AI & GDPR combo within the employment relationships and pointing out the requirements incumbent on the employer as a data controller and deployer[1] when using AI tools.

Don’t forget to also check the first part of this article, where we assessed the data protection background and its algorithmic readiness by overviewing the main relevant GDPR provisions related to the development and deployment of AI systems and how the AI Act impacts the GDPR’s rules.

GDPR, AI and WoW (the World of Work)

(i) The first steps and the compliance concerns

AI systems in recruitment and human resources (”HR”) processes offer significant benefits, such as accelerating the process of recruitment and hiring and improving candidate communication. Despite these advantages, the human-oriented field of employment brings a certain degree of reluctance to fully rely on using AI systems for recruitment processes from start to finish. Recent developments in AI include tools like virtual assistants, which can source resumes, contact candidates, and conduct interviews using machine learning (ML) and platforms such as VaaS (Voice as a System). A survey[2] shows that 62% of HR professionals anticipate certain recruitment stages to be fully automated by AI (e.g., candidate application and selection for the relevant position).

While AI tools can streamline tasks and provide data-driven insights, they may also raise compliance concerns, particularly under the European Regulation on Artificial Intelligence („AI Act”). Under this recent and highly debated regulation, AI systems used in employment decisions (e.g., AI platforms making employment decisions on task allocation, promotion and termination of employment relationships, AI tools used for monitoring or evaluating the employees and their performance) are classified as high-risk AI systems. In this context, the compliance concern remains: how can an employer benefit from all the AI-based tools and facilities while still being GDPR compliant?

So, let’s shed some light on certain practical steps to be followed by employers when using AI tools or when acting as AI deployers.

(ii) Practical steps for employers

Regardless of the purposes for which the AI tools are used, there are no exceptions from the GDPR requirements for technology enthusiast employers. Here’s a breakdown of the key actions that may contribute to data privacy compliance:

1. Identify and document a lawful basis for processing

Firstly, the employer must identify the appropriate legal basis (as provided by Art. 6 of the GDPR). Generally, for processing employees’ data, the most common lawful bases may include:

▸ Execution of a contract: may be applicable when AI tools are used to manage certain aspects related to employment relationships (g., AI-driven payroll systems that automate salary calculations, deductions, and benefits management, AI tools that assess employee performance metrics to ensure they meet the requirements and obligations outlined in their employment contracts, such as achieving certain productivity targets, etc.).
▸ Compliance with a legal obligation of the employer: for example, complying with occupational health and safety regulations to ensure a safe working environment. AI-based tools can help evaluate compliance and alert employers and management when a safety breach occurs (g., identifying employees not wearing protective gear when it is mandatory, etc.).
▸ Legitimate interest: it is often used, but it must always involve the performance of the “balancing test” to analyze if the employer’s interests override the rights and freedoms of the employees.
▸ Consent: due to the power imbalances between employers and employees, relying on this legal basis is tricky in employment contexts, but it may apply in case of the voluntary participation of the employees in optional programs within the company (g., wellness or mental health programs that use AI tools to provide personalized support or recommendations, such as fitness apps or stress management tools, AI-based tools that analyze employee behavior for providing personalized feedback, coaching, or career development plans, etc.).

In such cases, the employer must ensure that the employees have the possibility to withdraw their consent for such processing without facing negative consequences.

Related to the manner of the documentation of the lawful basis chosen for carrying out the processing activities, employers should clearly record (in a record of the processing activities) the lawful basis for each processing activity to hold evidence in this regard.

2. Conduct a Data Protection Impact Assessment (DPIA)

▸ Targeting a purpose: after establishing the concrete purpose of the processing, by conducting a DPIA, the employer can assess the potential risks associated with processing personal data using AI-based tools in day-to-day activities.
▸ When to conduct it: the DPIA must be conducted before implementing or using the AI-based solutions, especially in scenarios in which the processing involves systematic monitoring, large-scale data, or sensitive data (g., biometrics or health data).
▸ The key elements to be included in the DPIA are:

 the description of the processing activities object to analysis.
 the assessment of the necessity and proportionality of carrying out the activities.
 the evaluation of risks to the individuals’ rights and freedoms.
 the measures to mitigate risks implemented by the employer.

The mirror image of DPIA regarding AI rules is represented by the Fundamental Rights Impact Assessment (FRIA) regulated by Art. 27 of the AI Act. FRIA needs to be conducted before deploying a high-risk AI system by the deployers that are bodies governed by public law or are private entities providing public services (e.g., private hospitals or clinics providing public health services on the basis of public-private partnerships, bus, tram or metro operators operating on the basis of a concession contract with public authorities, etc.).Similarly to DPIA-related requirements, art. 27 of the AI Act provides the mandatory elements that a FRIA must include.

3. Ensuring transparency by providing clear and complex information to employees

In practice, the transparency principle is effectively implemented by data controllers by providing data subjects privacy notices that include the information stipulated by Art. 13 and 14 of the GDPR. When it comes to using AI solutions, any employer should ensure that these privacy notices also refer to the mere interaction with an AI system while allowing the data subjects (i.e., the employees) to understand, as the case may be, how the AI systems make decisions about them, how their data are used to test and/or train a certain system and the eventual outcome of such AI-powered processing. Broadly, in the privacy notices, it is essential to address, among others, the following:

– what data is collected;
– the fact that the employees shall interact with an AI system (mandatory in case of high-risk AI systems);
– how data is processed using AI-based tools;
– what is the purpose of the processing activities;
– the rights of employees regarding AI-based processing.

The employer must ensure that the elements above are explained in a simple and comprehensive manner, especially considering any automated decision-making and profiling that may impact the employment relationship.

4. Ensure data minimization and purpose limitation principle

Regardless of deploying or simply using AI-based tools, employers must effectively respect the principles of data minimization and purpose limitations provided by the GDPR. In this regard, employers must:

▸ Limit data collection: only collect the data that is necessary for the specific purposes for which the AI-based tool is used or deployed within the company.
▸ Explicitly communicate the specific purposes: clearly define and communicate to data subjects (e., any person within the company) the purposes for which data will be used and ensure AI systems are not repurposing data beyond the initial intentions.

5. Implement robust security measures

Similar to the GDPR’s requirements, given that the use of AI-based tools within employment relationships involves the processing of employees’ personal data, employers must also implement efficient security measures. This may include:

▸ Technical safeguards: frequently used technical and organizational measures are data encryption, use of access controls, and employing secure storage solutions.
▸ Conducting regular security assessments: for example, regularly auditing AI systems (deployed or used) to ensure they are secure and identify any potential vulnerabilities.
▸ Implement a security incident response plan: employers should draft an internal policy or a protocol for responding to data breaches, including how to notify affected employees and relevant authorities in such scenarios.

6. Paying increased attention to automated individual decision-making and profiling

In this case, every employer using AI-based tools within its relationships with employees must address these specific issues which constantly raise problems for data subjects (i.e., the employees). Thus, it is important to:

▸ Ensure human oversight: implement the appropriate measures so that decisions impacting employees are not solely adopted automatically following the results generated by the AI tool and that human review is provided.
▸ Properly inform the employees: if using AI tools for automated individual decision-making (g., hiring decisions, which automatically evaluate the employees, automatically allocating tasks based on individual behavior, personal traits or characteristics), employees have the right to be informed of how the decisions are made.
▸ Make sure the employees know their rights: employees must be informed about their right to object to automated individual decision-making[3] or profiling[4] and how to challenge such decisions (Art. 21 and Art. 22 of the GDPR are relevant in this case). You can find out more about automated individual decision-making and profiling in relation to this matter in Part III of our article.

7. Check the AI contractors carefully and conduct due diligence

These preventive measures may include the following:

▸ Assess third-party providers/contractors: employers should ensure that AI vendors comply with data protection regulations and have implemented appropriate security measures in their AI solutions.
▸ Concluding data processing agreements (DPAs): employers should sign contracts with vendors that include data protection clauses specifying the roles and responsibilities of each party under the specific conditions laid down by Art. 28 of the GDPR.
▸ Conducting regular audits: employers should monitor third-party compliance, especially with regard to cloud-based AI solutions.

8. Ensure data accuracy and fairness principles

The GDPR principle of data accuracy must be observed when it comes to personal data used as an input for AI systems, especially considering the potentially harmful outcomes of training AI with inaccurate data by singling out people “in a discriminatory or otherwise incorrect or unjust manner[5]. Therefore, even if employers act as AI-systems deployers or simply as users of AI-based solutions, employers should:

▸ Conduct regular data quality checks: respectively, if the data used or introduced in the AI models is accurate, up-to-date, and relevant for the purposes pursued.
▸ Conduct audits to identify potential biases: employers should evaluate AI systems for potential biases that may occur in decision-making processes (g., in the context of hiring – there may be AI-based recruitment tools, which may generate biases against women).
▸ Propose corrective measures, if necessary: implementing mechanisms to correct any biases or inaccuracies identified during the audits.

9. Organize trainings for instructing employees and managers

To keep up with technological developments while acting in full compliance with applicable legal provisions, the investment in human resources and know-how within a company is paramount. Thus, among others, employers should train their employees on:

▸ AI Systems: they should ensure that staff, especially those involved in managing AI tools, understand their responsibilities regarding data privacy.
▸ Data protection awareness: employers should train staff on the effective implementation and application of the GDPR principles (or local data protection laws), such as the fulfillment of data minimization principle, purpose limitation, and lawful processing.

10. Constantly review and update data protection policies

Some of the most common practices that may help employers comply with data protection principles and rules when using (or even deploying) AI-based solutions or tools can include:

▸ Regular policies review: periodically update the internal data protection policies to account for changes in AI technology or regulatory requirements.
▸ Proper documentation: this can consist of keeping records of policy changes and ensuring they are accessible to employees.
▸ Conducting internal audits: conduct regular internal audits to ensure compliance with data protection policies and practices can be a business-saving solution.

11. Prioritizing and always respecting employees’ rights

When it comes to data subjects’ rights (i.e., the employees), employers, as data controllers, must:

▸ Enable access, rectification, and erasure of data: employers must ensure that employees can access their data, request corrections, or ask for data to be deleted.
▸ Data portability: if relevant and upon request, employers must provide employees with their data in a structured, commonly used and machine-readable format.
▸ Respond to all justified requests: employers must establish and implement a process for responding promptly to data access or deletion requests from employees or any type of request submitted by employees under the GDPR’s provisions.

(iii) The conclusion?

As can be observed, using AI-based platforms or tools is undoubtedly a powerful asset, but only if used responsibly. By implementing transparent policies, prioritizing data minimizations, and embracing a privacy-by-design approach, employers can turn the use of AI into a robust ally in their compliance journey, boosting at the same time the efficiency of various tasks and interactions conducted by employees.

Stay tuned for the third and last part of our article!  

Remember to subscribe to our newsletter to stay updated on the latest legal developments.

[1] „Deployer” – means a natural or legal person, public authority, agency or other body using an AI system under its authority except where the AI system is used in the course of a personal non-professional activity.

[2] https://www.tidio.com/blog/ai-recruitment/

[3] Decisions made about individuals solely by automated means, without any human involvement. This typically involves the use of algorithms or artificial intelligence (AI) to process personal data and make decisions based on that data.

[4] The automated processing of personal data to assess or predict various characteristics of an individual. The goal is often to categorize people based on specific traits or behaviors, allowing organizations to make decisions or target individuals in specific ways (e.g., regarding the work performance, economic situation, health, behavior, interests, location).

[5]  Recital (59) of the AI Act

 

bpv GRIGORESCU STEFANICA advised SARMIS Capital on the Strategic Acquisition of Total Technologies to Consolidate Smart ID’s Position as Market Leader in Technology and Industrial Automation

SARMIS Capital has announced the acquisition of Total Technologies, one of the most prominent Honeywell technology integrators for industrial automation in Central and Eastern Europe. The acquisition is carried out through Smart ID Technology, a SARMIS Capital portfolio company, and strengthens its ability to deliver complex technological solutions in retail, manufacturing, delivery, logistics, and distribution. This is the second transaction made by Smart ID following the purchase in 2022 of the Romanian leader in ERP software, Sceptrum. The completion of the current transaction is subject to approval by the Competition Council.

The transaction marks a significant step in SARMIS Capital’s strategy to support the growth of its portfolio companies. The synergies between Smart ID and Total Technologies will drive the formation of an integrated structure, bringing together over 180 highly skilled specialists capable of delivering innovative and customized solutions. The combined turnover will exceed €35 million.

“Joining SARMIS Capital and Smart ID Technology’s strategic vision represents a natural and well-founded step”, said Giani Iancu, CEO and shareholder of Total Technologies. “This transaction creates opportunities to expand our capabilities and deliver innovative solutions to our clients.”

“With the support of SARMIS Capital and through the integration of Total Technologies, we are strengthening our position as a regional independent leader and diversifying the range of solutions we offer to our clients,” added Daniel Boangiu, CEO and founder of Smart ID. “This is an important milestone in our development strategy, and we are pleased to be able to rely on the Total Technologies team, that will remain alongside us. Giani Iancu will continue to play a supervisory role and actively contribute operationally and strategically, strengthening long-term relationships based on trust and mutual respect with Total Technologies’ clients and suppliers.”

“The acquisition of Total Technologies represents an important step in our strategy to build a leader in the automation and data capture solutions market,” said Cezar Scarlat, Managing Partner at SARMIS Capital. “This transaction marks an essential development in an extensive series of acquisitions to support inorganic growth in the CEE region, for which we have allocated a budget of €20 – 30 million. We are confident that the partnership between Smart ID and Total Technologies will create significant value for the clients and employees of the companies in our portfolio, while counting on the support of blue-chip partner-vendors. We are also pleased that Giani Iancu will remain with us, with his role expanding to the Board of Directors level in the new consolidated structure. Moreover, through the jointly designed partnership structure, we feel strongly aligned in our vision for a shared future.“

Consultants involved in this transaction:

For Smart ID Technology: bpv Grigorescu Ștefănică (legal), Path2Capital (strategic advisor), TS Partners (financial), Dobrinescu Dobrev Tax Advisory (tax)

For Total Technologies: Daniel Vutcanu (legal), Mihai & Co. Business Lawyers (legal)

Smart ID Technology was assisted by a multi-disciplinary team of lawyers from bpv GRIGORESCU STEFANICA, who provided comprehensive advice at all transaction stages, including due diligence, drafting and negotiation of the transaction documents. The team was coordinated by Iulia Dragomir, Partner (Corporate, M&A, Tax) and included Cristina de Jonge, Partner (Commercial, Competition), Denisa Kopandi, Senior Associate (Commercial, Competition), Andreea Lupșa, Senior Associate (Employment), Matei Tomi (Corporate, M&A), Mădălina Dimache (Real Estate), as well as other team members for the relevant areas of due diligence and transaction advisory. Previously, bpv Grigorescu Ștefănică advised the founders of Smart ID Technology in connection with SARMIS Capital’s investment in Smart ID Technology and assisted with Smart ID Technology’s acquisition of the integrated software solutions provider Sceptrum.

***

About Smart ID Technology is one of the leading local technology providers, with over 14 years of experience in delivering integrated solutions that combine software, hardware, and automation, tailored to companies aiming to optimize costs and increase productivity. With a performance-oriented approach, the company serves industries operating in complex and dynamic environments, such as retail, logistics, and manufacturing, offering critical business solutions to streamline processes and improve operational workflows. Whether it involves implementing high-performance equipment, developing software tailored to specific requirements, or automating critical processes, the company’s mission is to deliver solutions that create real and sustainable value for its partners. https://www.smartid.ro/

About Total Technologies is one of the leading business consultants and integrators of customized digital solutions, with over 30 years of experience in the Romanian technology market. The company focuses on integrating specialized solutions and the complete process of automatic data collection and processing for industries such as retail, manufacturing, courier services, logistics, and distribution, aiming to streamline operational workflows and reduce costs. Total Technologies is an official Honeywell Platinum Elite Partner, Honeywell Voice Partner, and the only authorized Honeywell Center of Excellence in Romania. Additionally, the company has established strategic partnerships in the fields of autonomous and industrial robots, specialized software, and other related solutions essential to the industries it serves. In 2021 and 2022, the company was awarded the title of “Solution Partner of the Year” at the “Partner Kickoff Event” organized by Honeywell. https://www.totaltech.ro/

About SARMIS Capital is an independent private equity fund established in 2019, focused on investments in Central and Eastern Europe. It is the largest fund of this type raised in Romania by a local team. SARMIS brings not only financial capital to its portfolio companies, but also significant strategic, operational, and consolidation expertise. In addition to Smart ID Technology, SARMIS Capital’s portfolio includes MG-Tec Industry, BMF Grup, and Corporate Office Solutions. https://www.sarmiscapital.com