This privacy notice has been prepared by Advokatfirmaet CLP DA (“we” or “us”) to ensure that you receive the information we are required to provide you and which is necessary for you to exercise your rights under the General Data Protection Regulation (EU Regulation 2016/679 – the “GDPR“) . We hold the role of data controller with regards to the processing of personal data described in this privacy statement. Please find our contact information below.
1) Data subjects
This privacy statement applies to our processing of the following persons’ personal data:
- Regular clients
- Our business clients’ contact persons
- Clients involved in criminal cases
- Our suppliers’ and collaborators’ contact persons
- Natural persons involved in cases we advise on
- Other persons discussed in case documents we gain access to
- Visitors to our website
2) Purpose, types of personal data and legal basis
Below we have listed the purposes for our processing of personal data, what kind of personal data we process, and the legal basis for such processing.
2.1) Processing of personal data in connection with legal services
In order to fulfil our legal and contractual obligations, as well as providing you with advise and service within our area of business, it is necessary for us to process some of your personal data. In this context we will process the following data:
- Name/name of contact
- Date of birth/ID-number
- Telephone number
The processing of the personal data listed above will happen in connection with collecting, checking and processing data prior to providing you with an offer and taking on your assignment. This processing serves a legitimate purpose and has a basis in GDPR article 6 no. 1 (f).
Furthermore, the purpose of the data processing might include documentation, administration and implementation of tasks necessary for delivering the agreed legal services. This processing is necessary for us to be able to fulfil our agreement with you and has basis in GDPR article 6 no. 1 (b).
In addition, we may process this personal data in connection with fulfilling our obligations according to laws, regulations and/or government decisions. This processing has legal basis in GDPR article 6 no. 1 (c).
2.2) Case management
Certain legal assignments entail us gaining access to personal data regarding parties to a case or other individuals involved. Such information may appear in documents provided to us by the client or other correspondence in the case.
The processing of personal data in connection with assignments for business clients is based on GDPR article 6 no. 1 (f) (balancing of interests). In some cases, we also gain access to sensitive personal data, e.g. health- or criminal records. In such cases, the processing of personal data has a legal basis in GDPR article 9 no. 2 (f) (the data processing is necessary for establishing, arguing or defending a legal claim) cf. The Personal Data Act, section 11.
2.3) Saving and storing of case documents
We store case documents for 10 years after conclusion of the assignment. Storing the documents for the specified time is considered necessary for both the client’s and our own sake, since there is always a possibility of questions or disputes arising that make the stored information relevant again. The legal basis for this data processing is GDPR article 6 no. 1 (f) (balancing of interests) and GDPR article 9 no. 2 (f) (establish, argue or defend a legal claim) cf. The Personal Data Act (new as of 2018), section 11.
We distribute newsletters to e-mail addresses we have received in connection with our legal services as well as others who have requested to receive our newsletter. Recipients of the newsletter can easily unsubscribe from this service via the link included in each e-mail. The basis for this data processing is GDPR article 6 no. 1 (f) (legitimate interest) since the recipient of the newsletter will have an interest in receiving news from us, or has given his consent to receive them.
2.5) Job applicants
In connection with recruitment and processing of job applications, we will process certain personal data, such as name and address, personal ID number, e-mail, telephone number, CV, transcript of grades and references. Our basis for this processing will be either an informed consent from the applicant, cf. GDPR article 6 no. 1 a, fulfilment of agreement with a job applicant, or for implementing measures upon the job applicant’s request prior to entering into agreement, cf. GDPR article 6 (1) (b).
Below, you will find an overview over the different cookies that are transmitted to your device when you visit our website clp.no. A cookie is a file that is stored in your browser, and lets the website recognize the browser from time to time.
These are the cookies used on our sites:
Episerver: Episerver is our publishing system and uses the cookie ASP.NET_SeccionId for remembering the choices you make when you visit our sites.
3) Parties with whom we share personal data
Our IT service providers may have access to personal data if the personal data is stored by the service provider or in any other way accessible to the provider according to their contract with us..
Our invoicing agent may gain access to your personal data in connection with invoicing of services rendered. The data that is processed in this context will be limited to the data that appears on the invoice, including name, address, e-mail, etc. A data processor agreement has been entered into with our invoicing agent, as required by law.
Data room providers: In certain cases, we will establish a data room on license from a data room provider. We will normally process such personal data as a data controller in these circumstances, but if our role is limited to hosting the data rooms we will act as a data processor. We have prepared a privacy notice that specifically covers this processing of personal data, and which will be available in the login section of the data room.
Our service providers act in accordance with a data processor agreement and our instructions. The service provider may only use the personal data for a purpose predefined by us and as described in this Privacy Statement.
Attorneys are subject to a penal sanctioned confidentiality under the Criminal Code section 211. All information that we are entrusted with in connection with an assignment will be handled confidentially.
We do not disclose personal data in other instances or other ways than what is described in this privacy statement, unless explicitly requested or approved by the client, or the disclosure is required by law.
4) STORING OF PERSONAL DATA
We store case files physically or electronically for 10 years after the end of each assignment.
Under The Norwegian Accounting Act we are directed to store certain accounting documents for a specific amount of time. When personal data is stored for a specific amount of time in order to fulfil a predefined purpose, we make sure that the personal data is exclusively used for that purpose during that period.
5 Your rights
You hold the rights to any personal data that pertains to you. Your specific rights depends upon the circumstances in question.
Retraction of consent: If you have consented to receiving our newsletter, you may at any time retract you consent. We have made sure that it is easy for you to opt out from receiving this type of communication by including a link in each newsletter for unsubscribing from the service. If you have consented to any other processing of personal data, you may also at any time contact us and retract your consent to this processing.
Request access to information: You have the right to request information on the personal data pertaining to you we have on file, as long as this does not conflict with the duty of confidentiality. In order to ensure that personal data is handed over to the right individual, we may require a written motion for access to information, or that ID is confirmed in another way.
Request correction or deletion of information: You may request that we correct incorrect information regarding you or that we delete your personal data. We will to the best of our abilities comply with a request of deleting personal data, but we cannot comply if there are strong grounds for not deleting it, for example if we need to store the data for documentation reasons.
Data portability: In some instances, you may receive access to personal data you have provided us with in order to transfer the data to another law firm in a machine readable format. If technology allows, it may in some cases be possible to transfer the data directly from us to the other firm.
Complaint to the regulatory authority: If you disagree with the way we process your personal data, you can submit a complaint to The Norwegian Data Protection Authority.
We have established procedures for handling personal data in a secure manner. The measures are of both technical and organizational nature. We regularly assess the security of all key systems that are used for handling personal data, and agreements are in place that impose providers of such systems to ensure adequate information security.
Access to personal data (and client-/case information) is limited to personnel that needs access in order to execute their assignments.
7) CHANGES TO THE PRIVACY STATEMENT
We may make slight adjustments to this privacy statement. You can always find our latest version on our website. We will notify you in case of any material changes.
8) Contact us
If you have any questions or comments to our privacy statement, or want to exercise your rights, please contact us at:
Advokatfirmaet CLP DA
Postboks 1974 Vika
+47 22 87 71 00