PRIVACY POLICY

HWF Advokater AB strive to protect your personal integrity and the personal data we process is processed in accordance with applicable data protection legislation. This policy describes how we process personal data about our clients, partners and employees and it is applicable within our whole organization.

 

We ask that you read this privacy policy thoroughly and revisit it from time to time since it may be updated. The latest version of the privacy policy can always be found on our website. This policy was updated on September 16, 2021.

1. Definitions

1.1 Personal Data means any information that directly or indirectly can be used to identify a natural person. Such identifiers can be, for example, name, address, telephone number or an identification number. Some Personal Data is classified as sensitive (Personal Data which constitutes “special categories” of personal data according to EU Regulation 2016/679) and must be Processed with extra care. Sensitive Personal Data can, for example, be information regarding health, political opinions, and religious beliefs.

 

1.2 Processing means any operation or set of operations which is performed, whether or not by automated means, on Personal Data, such as collection, transmission and storage of Personal Data.

 

1.3 Controller means the natural or legal person that determines the purposes and means of the Processing of Personal Data. The Controller is responsible for the Personal Data it is Processing and shall ensure that the Processing is secure and correct.

 

1.4 The Swedish Bar Association’s Code of Conduct means the Code of Professional Conduct for members of the Swedish Bar Association (sw. Advokatsamfundets vägledande regler om god advokatsed).

2. When is personal data collected

2.1 Personal Data can be collected when individuals, such as clients, business partners, consultants, adversaries, suppliers, salespersons, and their respective representatives contact us by telephone, our website or email. Personal Data can also be collected on visits to our office.

 

2.2 Personal Data can also be collected in connection with assignments or when we receive applications for employment, trainee spots or internships. Normally Personal Data is collected from the individual concerned. However, in some cases we may also collect Personal Data from private or public records or third parties. When deemed necessary we may also supplement or verify Personal Data that has been collected through private and public records or sources.

3. What personal data do we process?

3.1 If you contact us by telephone, email or if you visit our office, we may collect your contact details such as your name, title, workplace, telephone number and email address, with the purpose to communicate with you or/and the company you represent.

 

3.2 While administrating an assignment or in relation to an ongoing business relationship we will Process the Personal Data that is necessary in order for us to fulfil and complete a given assignment. We will also Process any Personal Data that is shared with us during the preparation and administration of such an assignment. In this context we may Process Personal Data such as contact details, identification numbers, economic information and invoice details.

 

3.3 Normally there is no obligation to provide us with Personal Data. However, if we do not receive certain Personal Data we might be unable to accept or fulfil an assignment since we will be unable to comply with obligations which are bestowed upon us, such as performing mandatory conflict of interests and money laundering checks.

 

3.4 When we receive an application for employment, trainee spots or internships we will Process Personal Data shared with us during the recruitment process. Such Personal Data may be contact details, date of birth, proficiency in languages, previous working experience, personal interests, academic achievements as well as contact details to references.

 

3.5 In certain circumstances, such as during an employment, and when you provide us with such data, we may Process Personal Data which constitutes “special categories” of Personal Data according to EU Regulation 2016/679 (“GDPR”), including e.g. data revealing religious, political or philosophical beliefs, trade union membership and data concerning health.

4. Why do we processes personal data and what is the legal basis for the processing?

4.1 Personal Data regarding a client is Processed in order for us to fulfil our contractual obligations, administrate given assignments and ensure the interests of our clients. Any Personal Data that is Processed about other individuals, such as representatives, consultants or adversaries, during the administration of an assignment, is Processed based on our legitimate interest. We make sure that the Processing for this purpose is necessary for fulfilling our legitimate interest and that our interest outweighs your fundamental rights and freedoms and your interest in not having your Personal Data processed for this purpose. We may have additional grounds for the Processing in connection with the various assignments we have accepted.

 

4.2 Personal Data is also Processed in order for us to comply with our obligations in accordance with applicable laws and The Swedish Bar Association’s Code of Conduct. Such obligations include, but are not limited to, performing mandatory conflict of interest and money laundering checks, archiving completed assignments and fulfilling our obligations issued in the Bookkeeping Act.

 

4.3 Personal Data that is Processed in relation to our supplier- and client relationships is being Processed in order for us to fulfil contractual obligations and with regard to our legitimate interest. We also Process Personal Data in order to manage and maintain our business relations with our business partners, suppliers and other third parties.

 

4.4 Personal Data may also be Processed with regard to our legitimate interest to improve our business, for marketing analysis purposes, send out newsletters, secure Personal Data from fraud and other illegal activities, develop our security- and business systems and keep statistics for analyzes.

 

4.5 As an employer we may Process Personal Data for the purpose of e.g. management, payroll administration, fulfilment of obligations in employment agreements and legal obligations in applicable law, training, career development and securing our premises and IT-network. The Processing is based on our legitimate interest and to fulfill our contractual and legal obligations.

5. Who has access to the personal data that we process?

5.1 We do not disclose your Personal Data in any other ways than what is described in this privacy policy.

 

5.2 If it is necessary within the scope of a given engagement so we can safeguard our clients’ rights and interests (e.g. in relation to courts of law, public authorities, counterparties and counsel of counterparties).

 

5.3 Access to Personal Data may be given to our suppliers or business partners if they are performing a service for us (e.g. IT services) or are performing services on our behalf. These actors are not allowed to Process any of the Personal Data for their own purposes. They are only allowed to Process the Personal Data in accordance with our given instructions and in order to fulfil their contractual obligations.

 

5.4 In some cases, we may be obligated to give access to Personal Data to comply with a legal obligation in applicable law, a decision by public authorities or obligations under The Swedish Bar Association’s Code of Conduct.

 

5.5 Personal Data may also be disclosed if such disclosure is based on a given consent or is otherwise permitted by applicable law.

6. Where do we process your personal data?

We do not transfer your Personal Data outside the EU or the European Economic Area (EEA) unless you have given your explicit consent to the transfer, or there is sufficient protection in accordance with applicable law to make such a transfer. When transferring data outside the EU/EEA, it is the responsibility of the Controller to ensure that an adequate level of protection is maintained, and that suitable safeguards are adopted in line with applicable data protection legislation requirements. These safeguards consist of e.g. ensuring that the third country is subject to an adequacy decision by the European Commission or implementing the European Commission’s standard contractual clauses (“SCC”).

7. Your legal rights

You have certain legal rights regarding the Personal Data we Process about you. These legal rights are listed below:

  • right to be informed – you have the right to be informed about how we Process your Personal Data. We fulfill this obligation through this privacy policy and by answering your questions.
  • right to access – you may request a copy of your Personal Data if you would like to know what Personal Data we Process about you.
  • right to rectification – if any of the Personal Data that we Process about you is inaccurate or incomplete, you can contact us and ask for it to be rectified or completed.
  • right to withdraw consent – you have a right to withdraw a consent that you have given to us that allows us to Process your Personal Data for a specific purpose. If you withdraw your consent, we will stop Processing your Personal Data for that purpose.
  • right to object – if you believe that we are Processing your Personal Data wrongfully, you have a right to object to such Processing. You may object to a Processing that is based on our legitimate interest. If you object, we will make an assessment on whether we have the right to continue to Process your Personal Data or not. You can always object to us using your Personal Data for direct marketing.
  • right to restriction – you have the right to request that we shall restrict the Processing of your Personal Data if you find that your data, or our Processing of it, is wrongful in relation to applicable law. If we receive such a request, we will restrict our Processing to merely storing your Personal Data until we have made an assessment of our right to Process your Personal Data. If we wish to Process your Personal Data in any other way than storing it, before the assessment is completed, we will need your consent for such Processing.
  • right to erasure – you have a right to request that we shall cease all Processing of your Personal Data and erase it from our systems. Unless we have a legal ground to continue to Process your Personal Data, e.g., in order to fulfil a legal obligation or a legitimate interest, we will fulfil your request. Any Personal Data that we are allowed to continue to process in accordance with applicable law, we will erase when the legal obligation or legitimate interest has been fulfilled.
  • right to data portability – you have a right to demand that we transfer your Personal Data to another Controller. We can help you with the transfer if your Personal Data is stored digitally and the transfer is technically possible. If we cannot make the transfer directly to the other Controller, you will nevertheless receive a copy of your Personal Data which you can transfer to the Controller.
  • right to lodge a complaint – you have the right to lodge a complaint with the Swedish Data Protection Authority (sw. “Integritetsskyddsmyndigheten”).

8. How long do we process your personal data?

8.1 We ensure that your Personal Data is not stored for a longer period of time than necessary in order to fulfil the purpose for which it was collected, unless otherwise required or permitted by applicable law. This means that even though we stop Processing your Personal Data for one purpose, we may still need to keep your Personal Data, if the data is needed for another purpose. For instance, we process Personal Data for the purpose of complying with the Discrimination Act (up to 2 years), the Bookkeeping Act (up to 7 years) and, where necessary, for the purposes of protecting and enforcing our legal rights (up to 10 years). The Personal Data will be deleted or duly anonymized when storing is no longer required.

 

8.2 Personal Data that is Processed before and during the performance of an assignment will be stored during the administration of such an assignment and ten years after its completion in accordance with the requirements in The Swedish Bar Association’s Code of Conduct. If it is necessary due to the circumstances in a particular assignment, Personal Data may be stored for a longer period of time.

9. Cookies

We use cookies on our website. For more information about how we use cookies you can read our cookie policy here.

10. Contact details

HWF Advokater AB, Reg. no. 559136–9904, Södra Storgatan 7, 252 23, Helsingborg is the Controller for the Processing of Personal Data described above. If you wish more information about our Processing of Personal Data, if you wish to exercise your legal rights or if you have any complaints, kindly contact us by email at [email protected].