PROCESSING OF PERSONAL DATA BY ADVOKATFIRMAET FRØYSAA & BJØRKGÅRD

Whenever you communicate with us, whether as a private client or as a contact person on behalf of a corporate client, Legal Firm Frøysaa & Bjørkgård AS (hereinafter “FB Law Firm[NT1] ”) will process personal data about you. Below you’ll find information about which types of personal data we collect, why we collect this information, and what your rights concerning the processing of this personal data are.

The data controller for the data we process is FB Law Firm, represented by its managing director. Contact information for FB Law Firm is:

Postal address: P.O. Box 334, 1326 Lysaker, NORWAY

E-mail: post@fbadvokat.no

Telephone: +47 67 11 11 70

Organisation number: 997 721 934

Please contact us should you have any questions about our processing of personal data.

Why we collect personal data and which types of data we collect

We collect and use your personal data for various purposes, depending on who you are and how we came in contact with you. We collect the following types of personal data for the purposes specified below:

Establishing and managing a client relationship. For this purpose, we process contact information, documentation of identity, payment information, etc. This processing takes place in FB Law Firm’s internal communication systems. This processing is based on Article 6 (1) (b) of the GDPR (processing is necessary for the performance of a contract to which the data subject is party) for private clients and Article 6 (1) (f) of the GDPR (processing is necessary for the purposes of legitimate interests) for corporate clients and any other data processed in connection with corporate clients. In addition, FB Law Firm has certain obligations pursuant to Section 4 (2) no. 3, cf. Sections 17 and 18, of the Money Laundering Act in connection with the establishment of client relationships, in which case the processing is subject to Article 6 (1) (c) of the GDPR (processing is necessary for compliance with a legal obligation to which the controller is subject).

Case handling. In this context, we process personal data needed in relation to the case in question. This processing is based on Article 6 (1) (b) of the GDPR (processing is necessary for the performance of a contract to which the data subject is party) for private clients and Article 6 (1) (f) of the GDPR (processing is necessary for the purposes of legitimate interests) for corporate clients and any other data processed in connection with corporate clients.

Information about opposing parties and other third parties. In this context, we process personal data needed in relation to the case in question. This processing is based on Article 6 (1) (f) of the GDPR (processing is necessary for the purposes of legitimate interests). We have concluded that such processing is necessary in order to resolve new cases as efficiently as possible, in line with commercial interests and sound professional conduct. Our processing of special categories of personal data is based on Article 9 (2) (f) of the GDPR (the establishment, exercise or defence of legal claims).

Criminal convictions and offences. In the context of handling criminal cases or cases where criminal offences may be present, we process personal data needed in relation to the case in question. The processing is based on Article 9 (2) (f) of the GDPR (the establishment, exercise or defence of legal claims), as well as a systemic approach to the Criminal Procedure Act and Article 2.3 of the Code of Ethics and Conduct for Advocates[OM2] .

Storage/filing of case documents. In this context, we process personal data needed in relation to the case in question. The processing is based on our legal obligation to file documentation pertaining to active and closed cases.

Invoicing. In this context, we process contact and payment information. This processing is based on Article 6 (1) (b) of the GDPR (processing is necessary for the performance of a contract to which the data subject is party) for private clients and Article 6 (1) (f) of the GDPR (processing is necessary for the purposes of legitimate interests) for corporate clients.

Sending marketing material, newsletters and other relevant information about our business. In this context, we process names and e-mail addresses. This processing is based on consent from the party receiving the marketing material, cf. Section 15 of the Marketing Control Act, normally a private client or a contact person with a corporate client. The processing is also based on FB Law Firm’s legitimate interest in contacting clients and business connections for marketing purposes and to provide information about news and events.

Information about potential clients. In this context, we process contact information. This processing is based on Article 6 (1) (f) of the GDPR (processing is necessary for the purposes of legitimate interests). We have concluded that this processing is necessary to protect the commercial interests of our business.

Knowledge management (e.g. reusing documents in future cases). The personal data processed in this context is personal data necessary in relation to the case in question. This processing is based on Article 6 (1) (f) of the GDPR (processing is necessary for the purposes of legitimate interests). We have concluded that this processing is necessary for in-house learning processes and to work more efficiently.

Recruitment. In this context, we process CVs, applications, certificates of employment, diplomas, statements from references, internal assessments/interview notes, and, if applicable, personality and aptitude tests. The processing is based on an agreement with the person applying for a job with us, i.e. Article 6 (1) (b) of the GDPR. In the event that we retain application data after a recruitment process has been completed, we do so with the consent of the person who applied for the position, cf. Article 6 (1) (a) of the GDPR.

Security. In this context, we process logs from servers, identify, resolve and follow-up on security incidents, etc. This processing is based on Article 6 (1) (f) of the GDPR (processing is necessary for the purposes of legitimate interests). We have concluded that this processing is necessary in the interest of information security and to prevent unauthorized access to personal data.

Use of cookies for statistical and website development purposes. Read more about cookies and which types of cookies we use here. [Include link to cookie policy. Remove if the website does not make use of cookies.]

DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

Lawyers are subject to a duty of confidentiality. Any information entrusted to us or information we gain access to in connection with an assignment, will be kept confidential.

We do disclose personal information to courts, opposing parties and other advisors if doing so is necessary to perform the assignment.

We do not disclose or transfer your personal data to third parties unless there is a legal basis or obligation for such disclosure. Examples of such circumstances typically include legal obligations, under which we are obligated to make this information available to opposing parties, courts or public agencies.

FB Law Firm uses data processors to process personal data on our behalf. In these circumstances, we have established contracts to protect information security in every step of the process.

This processing of personal data primarily takes place within the EU/EEA area, as well as on Microsoft cloud services. Microsoft’s cloud services, which FB Law Firm use, may be located outside the EU/EEA area, but data transfers are guaranteed through Privacy Shield. For more information, go to either http://www.privacyshield.gov or the Norwegian Data Protection Agency’s website: http://www.datatilsynet.no.

STORAGE PERIODS

We store your personal data for as long as it is needed for the purpose for which the personal data was collected.

This means, for example, that any personal data processed by us on the basis of your consent will be deleted if you withdraw your consent. Personal data collected for the purpose of performing a contract with you will be deleted once the contract is completed and all obligations that follow from the contractual relationship have been fulfilled. Personal data processed for the purpose of compliance with a legal obligation will be deleted once the law permits such deletion. This applies to accounting and bookkeeping material, among other things.

The table below presents a summary of how long we process personal data for various purposes:

Purpose                                   Storage period

Client administration             Up to 10 years after the last case was closed

Storage/filing of

case documents                       Up to 10 years after the last case was closed

Billing information                 Up to 5 years after the end of the accounting year when the last invoice was issued

Information about potential clients    Up to 5 months

Knowledge management (e.g. reusing

documents in future cases).    Up to 10 years

Recruitment    Up to 3 months after the application deadline Based on consent from the applicant, we store the applicant’s CV, application, certificates of employment and diplomas for up to 2 years for use in new, relevant job listings.

Security logs               Up to 1 year

Backups                      Up to 3 years

YOUR RIGHTS WHEN WE PROCESS PERSONAL DATA ABOUT YOU

You have the right to demand access, rectification or erasure of any personal data we process about you. Furthermore, you have the right to demand restricted processing and, on certain terms, you have the right to object to the processing of your personal data. Read more about these rights on the website of the Norwegian Data Protection Authority: www.datatilsynet.no.

In order to exercise your rights, please contact us either by e-mail or by phone. We will respond to your request as soon as possible, and no later than 30 days. We will ask you to confirm your identity or provide additional information before we will allow you to exercise your rights with us. We do this to ensure that we let you access the personal data—and not someone pretending to be you.

You may at any time withdraw your consent to our processing of your personal data. The simplest way to do that is by unsubscribing to the newsletter by clicking on the unsubscribe link included on every newsletter. You may also contact us by e-mail or by phone.

COMPLAINTS

If you believe that our processing of personal data does not correspond with what we have described here, or that we in other ways are in violation of relevant privacy legislation, you may file a complaint with the Norwegian Data Protection Authority. Find information about how to contact the authority on their website: www.datatilsynet.no.

CHANGES If we make changes in the services we provide or amendments to relevant privacy legislation are enacted, the information provided here may be subject to change. If we have your contact information, we can make you aware of any changes. In addition, you’ll always find up-to-date information on our website.


 [NT1]Or, FB Legal, or FB Legal Services

 [OM2]Se ovenfor.