Privacy policy
ADVOKATFIRMAN BONDE DE JOUNGE AB
POLICY FOR PROCESSING PERSONAL DATA
1 Background and purpose
1.1 Advokatfirman Bonde de Jounge AB, corporate identity number 556940-2554, (“Advokatfirman”, “us”, “we” or “our”) protects the privacy of its clients, suppliers, partners and employees, and always endeavours to comply with the applicable data protection regulations. Everyone has the right to the protection of personal data concerning them.
1.2 We have adopted this policy for the processing of personal data to ensure that everyone within the organisation complies with the data protection rules. The policy applies to all the law firm’s employees and consultants in all markets and at all times. Advokatfirman processes your personal data in accordance with current legislation and according to this policy.
2 Fundamental principles
2.1 The fundamental principles that are described below must always be observed when processing personal data. Advokatfirman is responsible for and must be able to demonstrate that the principles are adhered to.
2.1.1 Lawfulness, fairness and transparency – Personal data must be processed legally, correctly and transparently in relation to the data subject. This means that each type of processing must be based on a valid legal basis, such as the fulfilment of an agreement, the fulfilment of a legal obligation or by performing a task in the public interest, legitimate interest or by consent (see section 4 below). If a legal basis suitable for the processing cannot be identified, the processing must therefore not take place. The starting point for this principle is clear communication with the data subject concerning a number of issues including for what purposes the personal data will be processed, what type of processing will be performed, whether and how the personal data will be shared with others, how long the personal data will be stored, and how to get in touch with Advokatfirman. The data subject must therefore be given clear and transparent information concerning the processing of their personal data.
2.1.2 Purpose limitation – Personal data may be collected and processed only for specific, explicit, and legitimate purposes and must not subsequently be processed contrary to these purposes.
2.1.3 Data minimisation – Personal data that is processed must be adequate, relevant and not too extensive with regard to the purposes. We ensure that the data that is collected is really necessary and will not ask for information simply because it might be good to have it.
2.1.4 Accuracy – Personal data that is processed must be accurate and, where necessary, kept up to date. We take the appropriate measures to ensure that incorrect or incomplete data is corrected. We do so, for example, through procedures for changing address when moving, and by compiling systems and registers where the address is stored. We refrain from storing copies of data in multiple systems in order to avoid sources of errors and saving outdated information.
2.1.5 Storage limitation – Personal data may not be stored for a period longer than necessary for the purposes of processing. When the data is no longer needed, it must be erased, which means that it must be either deleted or deidentified.
The personal data that is processed by Advokatfirman and the reasons why are described below.
3 Personal data
3.1 Personal data means any information that relates to an identified or identifiable physical person or that directly or indirectly can identify a person. Examples of personal data are names, contact details, location details, or factors that are specific for a person’s physical, financial, cultural or social identity. Data that does not meet the requirements on its own may together with other data constitute personal data.
3.2 All processing of personal data is covered by the General Data Protection Regulation and these rules. Processing refers to an action or combination of actions regarding personal data that is performed fully or partially automatically. Personal data in e-mails and in documents on servers, in a simple list, on websites, and in other unstructured material is also covered.
Processing of personal data that reveals race or ethnic origin, political views, religious or philosophical beliefs, trade union membership, as well as the processing of genetic data, biometric data, health data or data regarding a person’s sex life or sexual orientation (known as special categories of personal data), will as a general rule be prohibited. A valid exemption from the prohibition is required for such processing. The most common exemptions are if you have given consent or have published the data yourself, to exercise rights or fulfil obligations within labour law, or in order to establish, enforce, or defend legal claims or for healthcare purposes.
3.4 The processing of personal identification numbers may only take place if it is clearly justified with regard to the purpose of processing, the importance of a positive identification or for any other noteworthy reason.
3.5 Data about legal violations (convictions in criminal cases and violations or related security measures, but probably not data concerning suspected crimes) may only be processed in certain special cases. As a law firm, we may process this type of personal data if the processing is necessary (i) to rule out fraud, (ii) for individual data that is necessary in order to establish, enforce or defend legal claims in an individual case, or (iii) to check for money laundering.
3.6 In respect of clients, we collect data relating to the case, which may vary. We also collect data about names and addresses in order to invoice for our work. In the case of clients that are legal entities, we collect data associated with the person or persons that constitute the contact person at the company, organisation or authority. This includes names, titles and contact details.
3.7 With regard to counterparties, we primarily collect data on names and addresses for the purpose of avoiding conflicts of interest.
3.8 Names, titles and contact details may also be collected for other persons connected with the legal assignment (e.g. contact persons of clients, counterparty representatives, witnesses).
4 Legal basis for the processing of personal data
4.1 The processing of personal data is legal only if and to the extent that one of the following reasons is applicable.
4.1.1 The data subject has consented to the processing of personal data for one or more specific purposes. There are special requirements that must be fulfilled in order for the consent to be valid. In order for consent to be considered valid, it must be given voluntarily based on an informed decision. Consent must be given for a specific purpose and the person must give their explicit consent in writing, in clear and unambiguous language.
4.1.2 The processing is necessary in order to fulfil a contract to which the data subject is a party, or in order to take action at the request of the data subject before such a contract is concluded.
4.1.3 The processing is necessary to fulfil a legal obligation of Advokatfirman. An example is statements of earnings and tax deductions submitted to the Swedish Tax Agency.
4.1.4 The processing is necessary to protect the interests that are of fundamental importance for the data subject or for another natural person (e.g. when there is a danger to life).
4.1.5 The processing is necessary to perform an assignment in the public interest (e.g. as a public defender) or as part of an exercise of official authority (e.g. as a Notary Public).
4.1.6 The processing is necessary for purposes relating to the interests of Advokatfirman or a third party if not outweighed by the interests or fundamental rights and freedoms of the data subject which require the protection of their personal data (balance of interests). In a balance of interests, there are special requirements for documentation regarding the assessment that has been made.
5 Erasure of data
5.1 Personal data may not be retained for longer than is necessary for the purposes of processing. We regularly erase personal data that is no longer necessary for the purpose by deleting or de-identifying the data.
6 Sharing of personal data
6.1 Your personal data may be shared with our trusted partners and service provides when this is necessary for us to be able to provide our services to you or fulfil agreements. Personal data that is transferred to our service providers may only be processed by them to the extent necessary in order for them to be able to perform their assignments.
6.2 Personal data may also be shared in order to comply with legal or regulatory requirements, court orders, or if it is necessary to fulfil applicable provisions.
7 Transfer to third countries
7.1 Special rules apply to transferring personal data to countries outside the EU and EEA (so-called “third-country transfer”). The General Data Protection Regulation means that all EU member states and EEA countries offer equal protection of personal data and privacy, and personal data can therefore be transferred freely within this area without restrictions. For countries outside this area, however, there are no general rules that provide corresponding guarantees and therefore third-country transfers may only take place under special circumstances. This concerns every form of transfer of information across borders, e.g. IT services online, cloud-based services, services for external access or global databases, etc. which need to be analysed separately.
8 Your rights
8.1 The General Data Protection Regulation gives you several rights in terms of the processing of personal data. Advokatfirman has a duty to comply with these rights and ensure that there are sufficient processes to accommodate those who provide personal data.
8.1.1 You have the right to information when personal data is collected. This information must be provided in an easily accessible written form, in clear and unambiguous language.
8.1.2 You have the right to receive confirmation of whether personal data belonging to you is processed, and if so to receive a copy of the personal data (extract from the register). This right applies regardless of the location where the personal data is processed.
8.1.3 If personal data that is processed is incorrect or incomplete, you can demand rectification. If the data subject shows that the purpose for which the personal data is processed is no longer permitted, necessary or reasonable in the circumstances, the personal data concerned must be erased, unless there are statutory provisions to the contrary.
8.1.4 You have the right to transfer personal data that you have provided to Advokatfirman to another data controller (right to data portability) if the processing is supported by the legal grounds of an agreement or consent.
8.1.5 In some instances you have the right to demand that Advokatfirman limit the processing of your personal data, i.e. limit the processing to certain limited purposes.
8.1.6 You have the right to object to the processing of personal data that is supported by a legitimate interest as a legal basis. In the event of an objection, Advokatfirman shall cease processing if compelling legitimate grounds for the processing cannot be demonstrated that outweigh the data subject’s interests, rights and freedoms, or if the processing of personal data is carried out to establish, enforce or defend legal claims.
8.1.7 In some cases you have the right to request erasure of your personal data (“the right to be forgotten”). An example is when consent is the legal basis for the processing and you withdraw your consent.
8.1.8 When personal data is processed for direct marketing, you have the right to object to the processing of this personal data at any time.
9 Complaints
9.1 The Swedish Authority for Privacy Protection (IMY) is the supervisory authority in Sweden for personal data. If you believe that we have acted in violation of the applicable legislation on the processing of personal data in any way, you have the right to file a complaint with IMY at www.imy.se.
Contact us at info@notpublicus.se or the address below if you have any questions.
The data controller is:
Advokatfirman Bonde de Jounge AB (556940-2554)
PO Box 7001
SE-103 86 Stockholm