Privacy statement
1. INTRODUCTION
This privacy statement applies to Advokatfirmaet Ræder AS ("Ræder"). Ræder is the controller for the processing of personal data as described in this privacy statement.
Our contact information related to privacy is as follows:
Advokatfirmaet Ræder AS
Postboks 2944 Oslo
0230 Oslo
E-post: privacy@raeder.no
Telefon: 23272700
In the declaration, we provide information about personal data and how we collect and process these. We also provide information about your rights and how you can proceed to use these rights.
2. PERSONAL DATA
Personal data is information and assessments that can be linked to an individual, such as names, e-mail addresses and phone numbers. Specific personal data is personal data of a more sensitive nature, such as e.g. health information. No matter what information you provide to Ræder, these will be processed in accordance with the at all times current regulations.
3. WHOSE PERSONAL DATA DO WE PROCESS
- Private customers
- Contacts at business clients
- Contacts at our suppliers and business partners
- People involved in matters where we assist
- Other persons mentioned in case documents we have access to
- Visitors to our website
4. OBJECTIVE, INFORMATION TYPES AND LEGAL BASIS FOR PROCESSING
In carrying out our activities and by establishing and managing customer relationships, we collect and process the following personal data on the specified legal basis:
- Establishment of client relationship:When we are contacted by a client requesting an assignment, we will conduct an independent internal check (conflict resolution) before we may accept the assignment. The independence check serves a legitimate purpose and has basis in GDPR Article 6 no. 1, letter f (balancing of interests). Conflict check of private clients usually include full name, nature of the case and, if applicable, creditworthiness. In general, conflict checks on behalf of business customers will not involve processing personal data.
In connection with the establishment of a client relationship, we will make a customer check in accordance with the provisions of the Money Laundering Act §§ 6 to 13. This implies, among other things, that we will collect and record relevant personal data, including documentation confirming the identity of the client or contact person. Customer check is required to fulfil our legal obligations under the Money Laundering Act, cf. GDPR Article 6, paragraph 1, letter c.
If we can take the assignment, contact information such as name, address, email and telephone number, as well as any social security number / d-number, is registered. The registration of contact details is necessary for private customers in order to enter into an agreement with the person concerned, cf. Article 6, paragraph 1, letter b of the GDPR. For business customers, the registration of contact information is based on an interest assessment, cf. Article 6, paragraph 1, letter f of the GDPR.
- Case management:Some legal assignments involve accessing personal data about parties or other individuals affected by a matter. Such information may arise from documents the client submits or other correspondence in the matter. The processing of personal data in connection with assignments for business customers is rooted in the GDPR Article 6, paragraph 1, letter f (balancing of interests). In some cases, we also get access to sensitive personal data, for instance health records or criminal convictions and offenses. In such cases, processing of the information has legal authority in GDPR Article 9, paragraph 2, letter f (the processing is necessary to determine, enforce or defend a legal claim), cf. Section 11 of the Personal Data Act (new 2018).
- Knowledge management: We may reuse documents we have created for a client in connection with other assignments or other internal knowledge management. Normally, there will be no personal data in documents that are reused, but if there is, everything will be duly anonymized before being used for other purposes. The basis for processing is our interest in utilizing prepared knowledge in further counselling, cf. GDPR Article 6, paragraph 1, letter f (interest settlement).
- Client Management: Separate case folders are created for assignments performed on behalf of the client. Time and costs incurred are registered in our accounting system. For business customers, what we do is in conjunction with client management pursuant to GDPR Article 6. 1 letter f (balancing of interests), whereas for private customers, it is considered a necessary part of fulfilling the agreement with the person concerned
- Storage and safekeeping of case documents:We normally store case documents for 10 years after the assignment is completed. Storage in the specified time period is considered necessary in the interests both of the client and for our own sake, since questions or disputes may subsequently arise in which the information stored on a matter may again come into question. The legal basis for processing of personal data is GDPR Article 6, paragraph 1, letter f (balancing of interests, cf. the legitimate interest indicated above) and GDPR Article 9, paragraph 2, letter f (determine, enforce or defend legal requirements), cf. the Personal Data Act (new 2018) § 11.d, cf. GDPR Article 6, paragraph 1, letter b.
- Billing and accounting:Contact information received from business customers is used to mark the invoice sent to the business upon the client's requests. For residential customers, the person's private address or entered email address is used for sending invoices. The processing basis is GDPR Article 6, No. 1, letter f (balancing of interests) for business customers and GDPR Article 6, paragraph 1, letter b (required to fulfil the agreement with the registered) for private customers.
- IT operation and security:Personal data stored in our IT systems may be available to us or to our suppliers in connection with system updates, implementation or follow-up of security measures, correction or other maintenance. The basis for processing is GDPR Article 6, No. 1 f (balancing of interests, cf. our legitimate interest in the above activities) and our legal obligation to have satisfactory information security, cf. GDPR Articles 32 and 6, No. 1, letter c.
- Marketing: We send out newsletters to e-mail addresses registered on clients we continuously provide legal services to and others who have requested to receive our newsletter. Recipients of the newsletter can easily stop the service by using the link included in each inquiry. Processing basis is GDPR Article 6. 1 letter f (balancing of interests) where we have received your e-mail address in connection with a legal assignment and where we have an interest in providing information about our services, courses etc. If there is an existing customer relationship, the marketing will take place in accordance with Section 15 (3) of the Marketing Act. In other contexts, marketing is based on the consent of the person concerned, cf. section 15 (1) of the Marketing Act and Article 6 (1) of the GDPR.
5. DISCLOSURE OF PERSONAL DATA AND USE OF DATA PROCESSORS
Our IT service providers may have access to personal data if personal data is stored at the supplier or otherwise available to the supplier under their contract with Ræder. Suppliers act in accordance with the data processing agreement and under our instructions. The provider may only use the personal data for the purposes which we have determined and as described in this Policy.
Attorneys are subject to a sanctioned duty of confidentiality pursuant to section 111 of the Criminal Code. All information entrusted to us in connection with an assignment is handled confidentially. As regards contact details and case information, as described in section 4 above, these may also be disclosed to counterparties, courts and supervisory bodies in connection with litigation and other legal matters.
We will not disclose personal data under other circumstances or in other ways than those described in this privacy policy unless the client explicitly encourages or agrees, or disclosure is required by law.
6. STORING OF PERSONAL DATA
We usually save case documents for 10 years. Accounting legislation and money laundering laws require us to store specific documents for a specified period of time. When a particular purpose indicates storage for a given period of time, we ensure that personal data is used exclusively for the purpose in question during this period.
7. WHAT ARE YOUR RIGHTS
You are privileged to personal data that concerns you. What your rights are depends on the circumstances.
- Withdrawing consent:If you have consented to receive our newsletter, you may withdraw this consent at any time. We have made it possible for you to easily reserve yourself against this type of inquiry by including a link to the unsubscribe form in each inquiry. If you have consented to any other processing of personal data, you may also withdraw your consent at any time by directing a request to us.
- Request access:You have the right to access the personal data we have we have registered about you, as far as non-confidentiality is concerned. To ensure that personal data is disclosed to the right person, we may require a request for access in writing or that identity is verified by other means.
- Request correction or deletion:You may request us to correct incorrect data we have about you or ask us to delete personal data. We will, as far as possible, accommodate requests to delete personal data, but we can not do it if there are compelling reasons not to delete, for instance, we may need to save the data for documentation purposes.
- Data portability:In some cases, you could be entitled to repatriate personal information you have provided to us to get those transferred in a computerized format to you or any third party.
- Appeals to the supervisory authority:If you disagree with the way we treat your personal data, you may submit a complaint to the Data Inspectorate.
8. HOW YOUR PERSONAL DATA ARE SECURED
We have established procedures to handle personal data in a secure manner. The measures are of a technical and organizational nature. We carry out regular assessments of the security of all key systems used for managing personal data and have entered into agreements which oblige suppliers of such systems to provide satisfactory information security.
Access to personal data (and client / case information) is limited to personnel who need access to perform their duties.
We have adopted internal IT guidelines, and we regularly train staff with regard to security and the use of IT systems.
9. CHANGES IN PRIVACY STATEMENT
We may make minor changes to this privacy statement. You will always find the latest version on our website. In case of significant changes, you will be duly notified.
10. CONTACT INFORMATION
If you have any questions or comments about our privacy statement or you would like to exercise your rights, please contact us:
Advokatfirmaet Ræder AS
Postboks 2944 Oslo
0230 Oslo
E-post: privacy@raeder.no
Telefon: 23272700
Want to stay up-to-date?
Yes please!
At Ræder, we are passionate about our fields of expertise and keen to share what we know and learn. Subscribe to our newsletter and stay updated.