Gernandt & Danielsson Advokatbyrå KB s Privacy Policy

Transcription

1 Gernandt & Danielsson Advokatbyrå KB s Privacy Policy 1 Information regarding the processing of your personal data 1.1 Gernandt & Danielsson Advokatbyrå KB, registration number , ( Gernandt & Danielsson ) is the controller for the processing of your personal data, which means that we are responsible for how your personal data is collected and used. 1.2 Gernandt & Danielsson is concerned with protecting your personal data, which is why we exclusively process your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 and other applicable privacy legislation. Personal data refers to all information that can be directly or indirectly used to identify a living natural person. 1.3 This privacy policy describes the processing of personal data which Gernandt & Danielsson performs in connection with the performance of client assignments, legally imposed obligations, subscriptions to newsletters, membership in our alumni network, use of cookies on our website, invitations to events/seminars, as well as when you communicate with us by or other channels. 1.4 Gernandt & Danielsson protects your privacy. This policy describes what personal data is collected, the purposes for which the personal data is processed, how we protect your personal data and how you may exercise your rights. 2 Personal data which is processed 2.1 Gernandt & Danielsson processes personal data received in connection with our performance of professional legal services/assignments or otherwise processed when the assignment is prepared or administered. Such personal data is, e.g., name, personal identification number, title, contact information, invoicing information and other business-related information furnished us by a client, a client s representative or opposing parties. The provided data may be supplemented with data we obtain from other sources, such as your company s public website, public databases or commercial databases, e.g. the Swedish Companies Registration Office s search service or InfoTorg, to ensure that the personal data is accurate. 2.2 Gernandt & Danielsson processes personal data that you voluntarily provide us, e.g. when you communicate with us by or other channels, ask us to send you newsletters or the like, or sign up for an event/seminar. In relation to this, the data processed by us is your name,

2 2 postal address, address, telephone number, title and employer or our business relationship with you. If you are a member of our alumni network, we also process certain information regarding your previous employment with us and, in certain cases, your private telephone number, home address and address. In certain cases, the data you provide us may also be supplemented with data we obtain from other sources, e.g. your company s public website and public databases, in order to confirm your current title/position. 2.3 You are not obligated to provide personal data to us, but unless you do, we cannot undertake an assignment since we cannot complete necessary conflict and anti-money laundering checks, nor will we be able to invite you to events, send you newsletters etc. 3 Purposes of and legal basis for the processing of your personal data 3.1 Gernandt & Danielsson only processes personal data if there is a legal basis for the processing. 3.2 Gernandt & Danielsson processes personal data in order to carry out and administer assignments, to complete mandatory conflict and anti-money laundering checks, to safeguard your interests and for accounting and invoicing purposes. The legal basis for this processing is our obligation to perform the agreement with our client, as well as Gernandt & Danielsson s legitimate interest in being able to provide professional legal services. 3.3 Personal data is also processed in order to perform legal obligations imposed on Gernandt & Danielsson by law, e.g. pursuant to the Act on Measures against Money Laundering and Terrorist Financing (2017:630) or the Accounting Act (1999:1078). 3.4 Personal data is also processed in order to perform Gernandt & Danielsson s obligations under the rules and regulations of the Swedish Bar Association. 3.5 The basis for processing personal data belonging to contact persons of our legal services clients is our legitimate interest in performing the agreement entered into with us by the contact person s employer and the contact person cannot expect that such processing of their data will not take place. 3.6 Data may also be used for business and methodology development, market analysis, statistical purposes and risk management. The legal basis

3 3 for processing data for the purpose of developing and analysing our business is our legitimate interest in developing our business and communicating with our contacts. 3.7 The legal basis for processing data for the purpose of communicating with you, which includes sending newsletters, alerts regarding changes to legislation and legal precedents and invitations to events and seminars, and of keeping our contact register updated, is our legitimate interest in maintaining a business relationship and communication with you, as a business contact, regarding our business and our events. 4 Transfer of personal data 4.1 Only those employees of Gernandt & Danielsson who need to have access to the personal data to satisfy the purposes listed above have access to the data. 4.2 Your personal data will not be provided to third parties except in cases where: (i) (ii) (iii) (iv) (v) it has been specifically agreed between Gernandt & Danielsson and you; within the scope of a specific assignment, it is necessary in order to safeguard your rights; it is necessary to enable us to perform a statutory obligation or comply with a public authority order or judicial decision; we have retained third-party service providers which perform tasks on our behalf, primarily to update and support Gernandt & Danielsson s IT systems; or the data is provided to courts, public authorities, opposing parties and/or opposing party counsels where it is necessary in order to safeguard your rights. 4.3 Where personal data may be transferred to a country outside of the EU/EEA, this is done in accordance with applicable data protection legislation and requires that the country in question offers an adequate level of protection or there is another sufficient protective measure that entails the lawfulness of the transfer, e.g. the use of so-called standard contractual clauses. The standard clauses are found at the following link:

4 4 5 Retention period for your personal data 5.1 Personal data is kept in accordance with Gernandt & Danielsson s obligations under law or the Code of Professional Conduct for Members of the Swedish Bar Association. The Code of Professional Conduct prescribes that data must be kept for a period of ten (10) years from the date of conclusion of the assignment or termination of the business relationship, or for a longer period as required by the nature of the assignment. 5.2 Data processed for the purpose of developing, analysing and marketing the law firm s business is kept for a period of two (2) years after the most recent contact. Personal data is removed or anonymised when it is no longer relevant for the purposes for which it was collected. 5.3 Personal data that we process, which you have voluntarily provided us, e.g. when you communicate with us by or other channels, ask us to send you newsletters or the like, or sign up for an event or are a member of our alumni network, is kept in accordance with the aforementioned purposes for as long as you have a business relationship with us. If you no longer wish to receive newsletters, information or invitations from us, you can notify us of this by to GDPR@gda.se, upon which your data will be erased immediately. 6 Cookies 6.1 Gernandt & Danielsson obtains further data using cookies on our website in order to facilitate your use of our site. We may, e.g., collect data regarding your computer, IP address and type of browser for statistical and analytical purposes. The information collected is generic, which means it cannot be used to connect a specific website visitor with a natural person. 6.2 If you do not want to allow cookies to be saved on your computer, you can change the settings of your browser on your computer, as well as delete cookies that are saved on your storage medium. Most browsers accept cookies automatically, but you may also choose to decline cookies or have a warning displayed before they are saved. However, if you decline cookies, Gernandt & Danielsson s websites may not function correctly. 7 Security measures to protect your personal data 7.1 Gernandt & Danielsson takes all suitable technical and organisational security measures necessary to protect the personal data from undue

5 5 access, disclosure, alteration or destruction. We regularly review our security policies and routines to ensure that our organisation and our systems are secure and protected. 7.2 If Gernandt & Danielsson retains a third-party supplier for support of our operations, Gernandt & Danielsson ascertains that the supplier applies corresponding technical and organisational security measures and only processes personal data in a manner approved by Gernandt & Danielsson. 8 Your rights 8.1 You have the right to request information from Gernandt & Danielsson regarding the use of personal data concerning you. 8.2 At your request, or on our own initiative, we will correct or erase data which is inaccurate, or limit the processing of such data. 8.3 You also have the right, in certain cases, to receive your personal data in a machine-readable format or to have the data transferred to a third party designated by you, if this is technically feasible. 8.4 In addition, you have the right, in certain cases, to object to Gernandt & Danielsson s processing of your personal data. You also have the right to object to Gernandt & Danielsson s processing of your personal data for direct marketing purposes; in the event of such objection, Gernandt & Danielsson will immediately terminate the processing. 9 Amendments to the privacy policy This policy may be amended. The most recent version will always be published on our website. Accordingly, please visit our website to review any updates or amendments to the policy. 10 Contact Contact us at GDPR@gda.se or at the address below if you have any questions or feedback regarding our personal data processing. Gernandt & Danielsson Advokatbyrå KB Att. Controller of Personal Data Box Stockholm

6 6 If you are dissatisfied with our processing of your personal data, you may submit a complaint to the supervisory authority, which in Sweden is the Swedish Data Protection Authority ( You may also contact the supervisory authority in the country where you live or work. * * * This policy was adopted by the Board of Directors of Gernandt & Danielsson on 22 May 2018.