PRIVACY POLICY

Application

This privacy policy (the “Policy”) describes the processing of personal data that North Law carries out in connection with client engagements, provision of services, statutory obligations, use of cookies on north-law.se (the “Website”), and when you communicate with us by email or other means of communication.

At North Law (North Law”, ”we”, ”us” or ”our”) we take seriously the security of your personal privacy and we act actively and are committed to protecting your personal data in our capacity as a controller of personal data. All personal data is processed within North Law and processed by parties cooperating with us and is conducted in accordance with applicable data protection legislation.

“Personal data” means all information, that can be used, directly or indirectly, to identify a living physical person.

The Policy describes how North Law processes personal data and how we apply the data protection principles.  Below follows a detailed notification on which personal data is collected by us, the purposes for which personal data is collected, the legal basis for the processing, the manner in which we protect your personal data, the period of retention, the manner in which security measures are taken in case of transfer of data to a third country as well as a description of rights of you as a data subject. 

Personal data that is processed

North Law regularly receives and processes various types of personal data in connection with the provision of services and scope of the engagement as well as generally within our business operations. Primarily the personal data of clients is obtained from you directly, for example when you voluntarily communicate with us by email or through other channels. We may also collect personal data from publicly available sources, such as Bolagsverket, KRS, SPAR, CRIF. Furthermore, North Law collects information with the help of cookies through our use of different tools to review and keep statistics over visits and use of our website.

North Law also receives and processes personal data relating to our employees, suppliers, or employees of suppliers and clients that you provide to us in the context of a business relationship. 

The personal data processed by North Law consist mainly of:  

  • name and contact information (email, address, phone number(s)), your employer, your title or position);

  • identification and background information (e.g. identification number, passport details, and date of birth) provided by you or collected by us as part of the acceptance of the engagement as well as due to requirements under anti-money laundering regulations;

  • personal data provided to us by or on behalf of our clients, partners, and employees or generated by us in the course of providing services; and

  • any other information relating to you that you may provide to us.

You are not obligated to disclose personal data to us. However, in those cases in which the processing is based on the performance of a contract/engagement, we require your information to be able to fulfill our obligations. If you do not provide your personal data, there is a risk that we will not be able to provide you with services. 

Description of data processing activities 

Provision of services 

Purpose: To be able to carry out and provide our services within the scope of engagement 

Processing carried out: (i) Communication with you by e-mail or telephone (ii) Storage of such communication

Categories of personal data: (i) Name (ii) Contact information (iii) Professional title (iv) Other information you provide to us 

Legal basis: performance of a contract/engagement.

Period of retention: The data is processed for a period of 10 years commencing on the date of completion of the services, or as required based on the nature of the services, whichever is longer

Controls of clients and conflicts of interest 

Purpose: To carry out conflicts of interest checks and verification of the client

Processing carried out: Comparison of the data with our internal client lists as well as external databases

Categories of personal data: (i) Name (ii) Personal ID number

Legal basis: The processing is necessary in order to fulfill the legal obligation incumbent upon us under the rules of the Swedish Code of Judicial Procedure governing attorneys. The processing is necessary for our legitimate interest in being able to verify the client and correctly perform our services

Period of retention: The data is processed for a period of 10 years commencing on the date of completion of the services, or as required based on the nature of the services, whichever is longer

Money laundering controls 

Purpose: To carry out mandatory money laundering controls

Processing carried out: Review of ID documentation and shareholdings as well as storage of ID documentation

Categories of personal data: (i) Name (ii) Contact information (iii) Personal ID number (iv) ID documentation 

Legal basis: The processing is necessary to fulfill the legal obligations under the Money Laundering Act

Period of retention: The data is processed for a period of 10 years commencing on the date of completion of the services, or as required based on the nature of the services, whichever is longer

Accounting and invoicing purposes

Purpose: To invoice our clients, settle supplier invoices, and report our financial information 

Processing carried out: receipt, issuing, bookkeeping, and storage of invoices

Categories of personal data: (i) Name  (ii) Contact information

Legal basis: The processing is necessary to fulfill the legal obligations under the Bookkeeping Act

Period of retention: The data is processed for a period of 7 years commencing on the date the data was booked according to the Bookkeeping Act

Administering mailouts of information about North Law 

Purpose: To administer mailouts of newsletters or other commercial communication 

Processing carried out: Information sent by e-mail 

Categories of personal data: (i) Name (ii) Contact information (iii) Professional title (iv) Company 

Legal basis: The processing is necessary for our legitimate interest in being able to market our services and provide news and your legitimate interest in obtaining information regarding relevant services. 

Period of retention: The data is processed during the time you have a business relationship with us. If you no longer wish to receive newsletters or other commercial information from us, you can so notify us by email to privacy@north-law.se, whereupon your data will be erased.

Performance of business relationships

Purpose: To be able to carry out obligations in relation to employees and business partners/suppliers 

Processing carried out: (i) Communication and storage of such communication (ii) issuing of payments bookkeeping, and storage of financial information

Categories of personal data: (i) Name (ii) Contact information (iii) Professional title (iv) Other information you provide to us 

Legal basis: performance of a contract/engagement.

Period of retention: The data is processed as long as any of the above-stated processing is being carried out

Usage of Cookies

Purpose: To facilitate the effective use of our website by the visitors and for statistics in order to be able to evaluate the website’s content, structure, navigation

Processing carried out: Collection of information with the help of cookies that are placed when you visit our website

Categories of personal data: (i) Anonymized IP address (ii) The length of the visit (iii) The choices that were made (iv). 

Legal basis: The processing is necessary for our legitimate interest of being able to develop the website’s functions and to optimize the experience for the visitor.

Period of retention: The length of time during which we process data depends on which cookie has been placed in your browser. Permanent cookies remain on your computer until you remove them or an expiry date has passed. Session cookies are temporary cookies that only last until you leave our website. More information about our use of cookies and storage times for them is available in our Cookie Policy.

Access and transfer of personal data 

North Law commits and will not disclose personal data to third parties other than in cases where (i) this has been specifically agreed or otherwise after obtaining your approval; (ii) it is necessary within the scope of the provision of services; (iii) it is necessary in order to perform legal obligations or comply with the decisions of public authorities or courts of law. 

As a main rule, personal data will not be transferred to countries outside the EU/EEA (third countries). However, within the course of the provision of services North Law may disclose personal data to parties located outside of the European Economic Area (EEA) which means that personal data may be transferred to third countries. Such transfers will take place only in accordance with the governing legislation in the data protection area and requirements, such as after obtaining your consent, that the country in question has an adequate protection level, that other adequate protective measures are in place, or it is necessary in order to be able to establish, enforce, or defend against a legal claim. 

Safeguards 

North Law strives to uphold the highest security measures and has implemented the appropriate technical and organizational safeguards to protect personal data against loss, abuse, unauthorized access, disclosure, modification, and destruction. North Law’s employees, service providers, and their subcontractors are bound by confidentiality undertakings and obligated to comply with North Law’s rules governing Privacy Policy and internal rules on information and IT security which govern the processing of personal data. 

Your rights as a data subject 

You are entitled to: 

The right to access – request information regarding which personal data we are processing about you and you may request a copy of these (extract from registers, etc.);

The right to rectification – have incorrect personal data corrected and, in certain cases, you can ask us to erase your personal data;

The right to erasure – request that we erase your personal data;

The right to restrict processing – request that we restrict processing of your personal data, under certain conditions;

The right to object – object to the processing of certain personal data about you and request that the processing of your personal data be restricted;

The right to data portability – request that the personal data that you have provided to North Law be transferred to another data controller, under certain conditions.

Furthermore, you have the right to withdraw your consent to the continued processing of the personal data that North Law is processing based on such legal grounds. 

If you wish to exercise any of your rights, you should submit a request to North Law in accordance with the contact details below.

A request by you will be answered as soon as possible, and not later than one month after the request has reached North Law. Where necessary, the time may be extended, in which case you will be notified thereof. If your request is clearly unfounded, North Law is entitled to refuse to meet the request or to charge a reasonable fee, which covers the administrative costs connected to such request.

Complaints 

If you are dissatisfied with how we are processing your personal data, you may submit a complaint to a supervisory authority, which in Sweden is the Integritetsskyddsmyndigheten (https://www.imy.se). You may also turn to the supervisory authority in the country in which you are living or working.

Personal data responsibility and contact information 

North Law (Iternovum Nordic AB, Corporate ID: 559436-1734) is the personal data controller for the processing of your personal data. If you have any questions about this Policy, have any other questions regarding our processing of personal data, or wish to exercise your rights under the applicable data protection legislation, you are welcome to contact us at: privacy@north-law.se.