HOW WE COLLECT DATA
Hansen cares about privacy and protecting the personal data processed by the firm. All personal data is processed in accordance with applicable data protection legislation.
Hansen regularly receives and processes various types of personal data in connection with our business operations, for example when engaging new clients and when performing and managing assignments from current clients. The personal data is generally obtained from you directly, for example when you communicate with us by email or through other channels or when you sign up for an event organised by us. Hansen may also collect personal data from publicly available sources.
The personal data Hansen processes mainly consist of
- basic information, such as your name, your contact information (email, address, phone number(s)), your employer, your title or position;
- information you provide to us for the purposes of attending meetings and events as well as information about your participation to our events;
- identification and background information (e.g. passport details and date of birth) provided by you or collected by us as part of our business acceptance processes in accordance with rules or guidelines issued by the Swedish Bar Association and other regulations (such as anti-money laundering regulations);
- personal data provided to us by or on behalf of our clients, partners, and employees or generated by us in the course of providing services; and
- any other information relating to you which you may provide to us.
THE PURPOSES OF PROCESSING PERSONAL DATA
First and foremost, Hansen processes personal data provided or obtained in connection with assignments in order to fulfil our obligations and safeguard our client´s interests, and also for administration in connection with assignments. Further, Hansen processes personal data in order to fulfil obligations under applicable law, or rules or guidelines issued by the Swedish Bar Association. For example, before accepting assignments, we must perform compulsory conflict of interest and money laundering checks.
We also process personal data for the purpose of administrating our relationships with suppliers and other external parties. We may also use personal data as a basis for our market and client analyses, business and methodology development, as well as for statistical purposes.
THE LEGAL BASIS FOR PROCESSING PERSONAL DATA
The legal basis for processing personal data in relation to information about clients who are private individuals is the performance of our contractual relationship with our client. When processing personal data about other private individuals, for example a client’s representatives, advisors, a client’s counterparties and their representatives or counsels, the legal basis is the balancing of interest, meaning that the client’s – or in some cases our own – interests are considered to outweigh any opposing interests relating to the processing of personal data.
The processing of personal data when performing compulsory conflict of interest and money laundering checks and for archiving purposes is based on our obligation to comply with applicable laws and regulations, including rules and guidelines issued by the Swedish Bar Association. Personal data may also be processed on other grounds when we carry out our assignments.
When administrating our relationships with our suppliers and other external parties, the legal basis for processing personal data is the performance of contractual obligations and our legitimate interest in administrating the relationship. The processing of personal data in relation to job applications is based on our legitimate interest in managing the applications and, in cases where the application leads to a job offering, the performance of the contract that arises between Hansen and the employee.
Where personal data is processed in connection with e.g. visits to our website or events organised by us, the legal basis for such processing is our legitimate interest in managing the visits and our duty to comply with our legal obligations. Furthermore, we may also process personal data in order to analyse, develop and improve our business and such processing is based on our legitimate interest in doing so.
ACCESS TO PERSONAL DATA
Hansen employs appropriate technical and organisational security measures to help protect the personal data we process from loss and to guard against, inter alia, access from unauthorised people.
Transfers of data outside the EU/EEA are made in line with applicable data protection laws and for the purposes specified above.
Hansen will not disclose personal data to anyone outside the firm, except where
- it has been agreed between us and the person whose personal data we process;
- it is necessary within the scope of a given assignment to safeguard our client´s rights and interests;
- it is necessary in order to fulfil a statutory obligation, comply with a decision of a public authority or a court of law, or the Swedish Bar Association Code of Conduct;
- if we engage an external service provider or business partner who performs services on our behalf. Such service providers and business partners may only process personal data in accordance with our instructions, and may not process personal data for their own purposes; or
- it is otherwise permitted by law.
FOR HOW LONG WILL HANSEN KEEP PERSONAL DATA?
Hansen does not keep your personal data longer than necessary given the purpose of the processing, unless otherwise required or permitted by law.
The personal data that may be processed before and during the performance of an assignment are subsequently kept in accordance with Hansen’s obligations under the Swedish Bar Association Code of Conduct after the assignment has been concluded. This means that the personal data are saved for at least ten years from the date on which the assignment was concluded, or for a longer period of time as may be required by the nature of the assignment.
YOUR RIGHTS AS DATA SUBJECT
Hansen Advokatbyrå KB, Reg. No. 969761-1086, Hovslagargatan 5B, SE-111 48 Stockholm, is the controller of the personal data processing as described above. This means that we are responsible for ensuring that the personal data are processed correctly and in accordance with applicable data protection laws.
Unless prevented by the duty of confidentiality set by the Swedish Bar Association Code of Conduct, you have the right to know what personal data we process about you. You also have the right to request that we rectify or erase inaccurate or incomplete personal data about you (e.g. if the personal data are no longer needed for the purpose or if a consent is withdrawn). You are also entitled to object to specific processing of personal data and request that processing of personal data be restricted. Finally, you have the right to receive personal data provided by yourself in machine-readable format and have the data transferred to another party responsible for data processing.
Please note that the above rights may be limited by the duty of confidentiality and archiving obligation applying to members of the Swedish Bar Association. Restriction or erasure of personal data may have the effect that we are unable to meet our commitments.
If you are dissatisfied with how we process your personal data, you are entitled to report this to the Swedish Data Inspection Board (Datainspektionen), which is the supervisory authority for our processing of personal data.
If you have any questions or complaints about how we process your personal data or wish to exercise any of your rights set out above, you are welcome to contact us by email at firstname.lastname@example.org.