This privacy notice is the last updated notice for Reinholdt Advokatfirma AS. We act in the capacity of a controller which is normally the case when we provide legal services. As a controller we are responsible for ensuring that your personal data is used in accordance with applicable data protection legislation. Personal data is data that relate to you as an identifible person.
Below you will find information about how we use and protect personal data as well as your rights in this regard. You will also find our contact information below.
- Who we handle personal data about
This privacy notice concerns personal data about the following:
- Individual clients
- Clients in criminal cases
- Contact persons at our business clients
- Contact persons at our suppliers and partners
- Individuals that are involved in cases that we handle
- Other individuals that are mentioned in case documents that we receive
- Visitors on our website
- Purpose, type of personal data and legal basis
Below there is an overview of type of person data that we process, purpose for processing and legal basis.
Establishing client relationship: When we are contacted by a client requesting our services, we perfom a conflict check before taking on the assignment. This is required to ensure that we comply with rules of professional conduct for lawyers, and the legal basis for performing such a check is provided in GDPR Article 6 no 1. c) (legal obligation) and Article 6 no. 1 f) (balancing of interests: our interest in behaving ethically correct). Such conflict checks involves full name, the type of legal case and if relevant, credit check. Conflict checks for business clients does normally not involve processing of personal data.
Where necessary puruant to the Norwegian Money Laudering Act, we will perform a background check of our clients. For this purpose, we process and make a copy of official identity documents such as passports, driver’s licence etc. We process full name, address, birth data and we may conduct database searches. The basis for conducting such a money laundering check is provided in the GDPR Article 6 no. 1 c) (legal obligation).
If we tak the assignment, we will register the client’s contact details such as name, address, phone number, birth date and e-mail. Processing of these data is neccessary for providing legal services and enter into an agreement with the individual and has its legal basis in GDPR Article 6 no. 1.b). For business clients, we primarily register the name, phone number and e-mail address of contact persons. The basis for such processing is provided in the GDPR Article 6 no. 1.f) (balancing of interests: our interst in communicating with our client).
Case handling: In carrying out legal assignments we normally process personal data about parties or individuals that are involved or related to a case. For example personal data regarding employees and owners of the client’s business or the opponent’s business, witnesses, the opponent’s counsel and other individuals involved in the cae. Such data may appear in documents and correspondence (such as letters, e-mails, pleadings, memos, agreements and minutes) prepared or received by us in connection with the case. The basis for processing of personal data in connection with assignements for business clients is provided in GDPR Article 6 no. 1 f) (balancing of interests: our interst in providing services to our clients), whereas the basis in connection with assignments for private clients is provided in GDPR Article no. 1 b) (contract). In our handling of cases, we occasionally gain access to sensitive personal data, such as health information in employment matters or information concerning violations of law. The legal basis for processing is provided in GDPR Article 9 no. 2 f), cf. the Norwegian Personal Data Act Section 11.
Knowledge database: For the purpose of reuse of documents in similar cases, we will store anonymized versions of the documents in a knowledge database. Publicly available information, such as jucdicial decisions etc. will normally not be anonymized. The legal basis for processing is provided in GDPR Article 6 no. 1 f) (balancing of interests: our interest to use aquired konwledge in the future).
Client administration: Every assignment for the client has its own casefile. Time and costs is registered in our accounting system. For business clients the legal basis is GDPR Article 6 no1. 1 f) (balancing of intrests). For individual clients this processing is necessary to fulfil the agreement. The legal basis is GDP Article 6 no. 1 b).
Storing of case documents: We store case documents for 10 years after the assignment is finished. We consider the it necessary to store the information for this time period due to possible questions or disputes regarding our assignment. This is in the interest both of the client and us. The legal basis is GDPR Article 6 no. 1 f) (balancing of interests) and GDPR Article 9 no. 2 f) (encertain or defend legal claims), cf. the Personal Data Act § 11.
Invoicing: We use the contact details we have received from our clients for invoicing purposes. For individuals we will use the mailing address when we send the invoice. The legal basis is GDPR Article 6 no. 1 f) (balancing o finterests) for business clients and GDPR Article 6 no. 1 b) (contract) for individual clients.
IT and security: We and our supplier will have access to personal data that is stored in our it-system when updates, implementation of security measures, correction of errors or other maintenance. The legal basis is GDPR Article 6 no. 1 f) (balancing of interests) and our legal obligation to have satisfactory it-security, cf. GDPR Articles 32 and 6 no. 1 c).
Marketing: We send out newsletter and event invitations by e-mail to contact persons with our existing clients (clients we have assisted during the course of the last three years), and to others who have expressly requested such communication. The basis for sending such e-mails to contact persons with our existing clients is provided in the GDPR Article 6f (balancing of interests: our legitimate interest in following up our clients by providing legal news and relevant information about our services), cf. the Norwegian Marketing Control Act, Section 15(3). The basis for sending such e-mails to other individuals is provided in the GDPR Article 6a (consent), cf. the Norwegian Marketing Control Act, Section 15(1). Recipients of communication items can easily opt out using the link included in our e-mails.
Administration relating to suppliers and partners: When providing legal services we use the services of suppliers and partners. For such parties we register contact details, primarily name, telephone number and e-mail address of contact persons. The basis for this processing is provided in the GDPR Article 6f (balancing of interests: our interest in administering our relationship with suppliers and partners.)
We may also process personal data for purposes that are incompatible with the original purpose for which the data was collected. This applies for example storage for accounting purposes, use of information for innovation projects (which generally take place without the use of personal data), and use of information which may be required if we as a law firm become involved in legal proceedings, and acquisition or other kinds of processes.
- Parties with whom we share personal data
The suppliers of our IT services and their sub-suppliers may have access to personal data if such access is necessary in order for them to provide their services to us. We have data processing agreements with such parties ensuring that they do not use such data for their own purposes.
In cases where the disclosure of data involves transfer of data out of EEA, we implement measures to protect the personal data, such as entering into agreements on the basis of EU standard contractual clauses with the recipient. You can contact us to receive a copy of these agreements.
Lawyers are subject to pledge of confidentiality. Any information which is shared with us in confidence or which we receive in connection with an assignment is handled confidentially.
We share personal data with courts, opponents and other advisers where necessary to execute the assignment.
We do not disclose personal data in any other way unless requested to by our clients unless it is necessary in order to comply with laws or public authority requirements. We do not sell personal data.
- Data retention
We store your personal data as long at tis is necessary to fulfill the purposes described in this privacy statement.
We store case information for a period of 10 years. We store the names and e-mail addresses of individuals who have consented to receiving newsletter until such consent is withdrawn.
- Your privacy rights
You have several rights under the current privacy regulations. We have provided a list of these rights below. Please do not hesitate to contact us if you would like to exercise your rights. We will respond to your inquiry as soon as possible, generally within one month at the latest.
Restriction: You have a general right to ask us to stop (“freeze”) the processing of your personal data, e.g. where you are of the opinion that we process personal data about you illegally and you do not wish us to erase these data pursuant to our routines for such erasure until the matter has been clarified.
Access: You have a general right of access to the personal data we have registered about you. Because lawyers are subject to statutory duty of confidentiality we cannot grant access to case information, unless you are a private client and the case information relates to assignments we have carried out for you.
Objection: You have a general right to object to our processing of personal data about you if this is justified by special curcumstances on your part. You also have the right to object to us using data about you for marketing purposes, and you can do this for example by using the link included in our e-mails.
Data portability: You have a general right to request transfer of your personal data in common, machine-readable format. Because this only applies to the personal data you have given us and where we process such data on the basis of consent or an agreement we have with you, this right will probably not be relevant in relation to us.
Right to appeal to the Norwegian Data Protection Atuthority (Datatilsynet): If you do not agree with the way in which we process you personal data, you may submit an appeal to the Norwegian Data Protection Authority (Datatilsynet). We ask that you contact us beforehand, so that we may clarify and misunderstandings.
We have implemented technical and organizational security measures in order to ensure that we handle personal data in a secure manner. We perform regular assessments of the security of all our systems used for the handling of personal data, and have entered into agreements instructing suppliers of such systems to ensure an adequate level of data security.
- Amendments to this privacy statement
We may amend this privacy statement from time to time. You will be notified if we make any significant amendments. The most up-to-date version of our privacy statement is available on our website.
- Contact details
Please contact us if you have any questions or comments or if you wish to exercise your rights. Our contact details are as follows:
Reinholdt Advokatfirma AS, Haakon VII’s Gate 6, 0161 Oslo, Norway.