Last updated: 10.12.2018
1. About whom we process personal data
2. Purpose, types of personal data and legal basis
Below we have provided an overview of the purposes for which we process personal data, the types of personal data we process and the legal basis for the processing.
Establishing customer relationships
When establishing a customer relationship, contact information is registered, including, but not limited to, organization number, postal address and e-mail address. The registration of contact information is necessary for private customers in order to be able to enter into an agreement with the person concerned, cf. GDPR article 6 no. 1 letter b. For business customers, the registration of contact information is based on a balancing of interests, cf. GDPR article 6 no. 1 letter f.
In certain cases, it may be appropriate to store concrete work in anonymized form because it may have value as a basis for experience in other cases. The basis for processing is our interest in making use of prepared knowledge in further advice, cf. GDPR article 6 no. 1 letter f (balancing of interests).
Customer information is stored in separate areas and in our accounting system. For business customers, what we do in connection with client administration is authorized in GDPR article 6 no. 1 letter f (balancing of interests), while for private customers it is considered a necessary part of fulfilling the agreement with the person concerned, cf. GDPR article 6 no. 1 letter b.
Storage and retention of information
We store information in accordance with requirements in Norwegian law. The legal basis for processing personal data is GDPR article 6 no. 1 letter f (balancing of interests) and GDPR article 9 no. 2 letter f (determining, asserting or defending legal claims), cf. Personal Data Act (new 2018) § 11.
Contact information received from business customers is used to mark invoices that are sent to the business if the customer requests this. For private customers, the person's private postal address is used for sending invoices, or possibly the given e-mail address if the client prefers it. The basis for processing is GDPR article 6 no. 1 letter f (balancing of interests) for business customers and GDPR article 6 no. 1 letter b (necessary to fulfill the agreement with the data subject) for private customers.
IT operation and security
Personal data stored in our IT systems may be accessible to us or to our suppliers in connection with system updates, implementation or follow-up of security measures, error correction or other maintenance. The processing basis is GDPR article 6 no. 1 f (balancing of interests) and our legal obligation to have satisfactory information security, cf. GDPR articles 32 and 6 no. 1 letter c.
3. Who we share personal data with
4. Storage of personal data
We store your personal data with us for as long as is necessary for the purpose for which the personal data was collected. The Accounting Act otherwise requires us to store specific accounting documents for a specified period of time. When a specific purpose dictates storage for a given period of time, we ensure that the personal data is exclusively used for the purpose in question during this period.
5. Your rights
You have rights in personal data relating to you. What rights you have depends on the circumstances. Withdraw consent If you have given consent to receive newsletters from us, you can withdraw this consent at any time. We have made it possible for you to easily opt out of this type of inquiry by including a link to the deregistration form in each inquiry. If you have consented to other processing of personal data, you can also withdraw your consent for this processing at any time by contacting us about this. Request access You have the right to access the personal data we have registered about you, as long as the duty of confidentiality does not prevent this. In order to ensure that personal data is handed over to the right person, we may require that requests for access be made in writing or that identity is verified in another way. Request correction or deletion You can ask us to correct incorrect information we have about you or ask us to delete personal data. We will as far as possible accommodate a request to delete personal data, but we cannot do this if there are compelling reasons not to delete, for example, that we have to store the information for documentation purposes. Data portability In some cases, you will be able to have access to personal data you have provided to us in order to have it transferred in a machine-readable format to another law firm. If it is technically possible, in some cases it will be possible to have these transferred directly to the other company. Complaint to the supervisory authority If you disagree with the way we process your personal data, you can submit a complaint to the Norwegian Data Protection Authority.
We have established procedures to handle personal data in a secure manner. The measures are both of a technical and organizational nature. We regularly assess the security of all central systems that can be used for handling personal data, and agreements have been entered into that require suppliers of such systems to ensure satisfactory information security. Access to personal data (and client/case information) is limited to personnel who need access to perform their tasks. We have adopted internal IT guidelines, and we regularly train employees with regard to security and the use of IT systems.
8. Contact us