Privacy policy.
AdvokatFoerster AB cares about individual privacy and protecting the personal data processed by the firm. All processing of personal data takes place in accordance with current data protection legislation.
When various people, e.g. clients or their representatives, business partners and consultants, foreign counsel, witnesses, counterparties, representatives or counsel of counterparties have contact with us in conjunction with our engagements, this means that personal data will be provided to us or obtained by us. We also collect and process personal data on contact persons of suppliers and other external parties.
We describe below how we collect, process and share personal data in these cases. Further down, we also provide information about the rights that data subjects have in relation to us as controller and our contact details.
1. What personal data do we process?
We collect the personal data that are provided to us in conjunction with engagements or otherwise processed when the engagement is prepared or administered. We mainly collect personal data direct from the individuals concerned, but during engagements we sometimes receive information about individuals involved that does not come direct from them. In some cases, we may also supplement the personal data by obtaining information from other sources, e.g. search results using generally available search engines and records.
Much of our communication takes place via telephone or video calls and email, which essentially always entail processing of personal data. As a rule, those who call, take part in video calls or send emails to us provide personal data that can be attributed to individuals.
2. The purpose of personal data we process.
We process personal data in conjunction with engagements so we can meet our commitments and safeguard our clients’ interests, and perform administration in conjunction with the engagements we accept and meet the requirements to which we are subject by law and the regulations of the Swedish Bar Association. Before we accept an engagement, we must also perform compulsory conflict of interest and money laundering checks.
3. What is the legal basis for our processing?
In relation to information about clients who are private individuals, the legal basis for processing personal data is so we can perform our engagement letter with the client. In relation to clients’ representatives, business partners and consultants, foreign counsel, witnesses, counterparties, representatives and counsel of counterparties, etc., our processing of personal data is normally based on our legitimate interest in conducting our business and performing our engagements.
The processing of personal data that we carry out when making conflict of interest and money laundering checks and archiving of documents after an engagement has been completed is based on our duty to perform our legal obligations (e.g. under accounting and anti-money laundering legislation, as well as Swedish Bar Association regulations).
In conjunction with the various engagements we have accepted we may have additional lawful grounds for the processing, or other lawful grounds may apply due to national laws and regulations governing the operations of our non-Swedish offices.
Processing of personal data relating to suppliers or their representatives and other external parties is based on our legitimate interest in administering the relationship and performing our contractual obligations. When we process personal data in order to analyse and develop our business, processing is based on our legitimate interest in improving our business.
In the above instances where processing of personal data is based on a balance of interests, we consider that the processing of the personal data is necessary for the purposes that concern our clients or, where applicable, our legitimate interests, and that these outweigh any opposing interests and/or fundamental rights and freedoms.
4. Who has access to the personal data that we process?
We have taken appropriate technical and organisational security measures to protect the personal data we process from loss and unauthorised access, among other things. Only those who need to process personal data for the purposes for which they are processed have access to the personal data.
We will not divulge personal data to anyone outside the firm, except where (i) it has been agreed between us and the person whose personal data we process; (ii) it is necessary within the scope of a given engagement so we can safeguard our clients’ rights and interests (e.g. in relation to courts of law, public authorities, counterparties and counsel of counterparties); (iii) it is necessary so we can perform a statutory obligation, comply with a decision of a public authority or a court of law or the regulations of the Swedish Bar Association; (iv) we engage an external service provider or business partner who performs services on our behalf, e.g. for the provision of IT services or administrative services, or to arrange events. Such service providers and business partners may only process personal data in accordance with our instructions, and may not use personal data for their own purposes; or (v) it is otherwise permitted under applicable law.
In addition, we may, in the context of events, share personal data on the participants with co-arrangers, and in some cases share the list of participants with other participants at the event.
5. How long do we save personal data?
We do not save personal data longer than is necessary given the purpose of the processing, unless the data may or must be saved for a longer period under applicable law.
The personal data that may be processed before and during performance of an engagement are saved during performance of the engagement and kept afterwards in accordance with Advokat Foerster AB’s archiving obligations under Swedish Bar Association regulations. This means that the personal data are saved for at least ten years from the date on which the engagement is completed, or for a longer period as required by the nature of the engagement.
Personal data that we process in our relationships with suppliers and other external parties are saved for the period that is necessary so we can administer the contractual or business relationship, exercise our rights and perform our obligations in relation to the supplier or other external parties, or for as long as is required or permitted under applicable law.
6. What are the rights of the data subject?
Advokat Foerster AB, Reg. No. 559090-7878, having the address Birger Jarlsgatan 2, SE-114 34, Stockholm, Sweden is controller of the processing of personal data described above. This means we are responsible for ensuring that the personal data are processed correctly and in accordance with current data protection legislation.
Data subjects have the right (i) to know what personal data we process about them; (ii) to request that we rectify inaccurate or incomplete personal data about them; (iii) to request that we erase their personal data (e.g. if the data are no longer needed for the purpose or if consent is withdrawn) or request that processing of the personal data be restricted; (iv) to object to specific processing of personal data; and (v) in some circumstances, to receive the personal data they have provided in machine-readable form, and to transmit them to another controller.
Note that the above rights may be limited by the duty of confidentiality and archiving obligation applying to members of the Swedish Bar Association. In some cases, restriction or erasure of personal data may also prevent us from meeting our commitments, e.g. to provide certain invitations or certain information.
Anyone with objections about, or comments on, the way we process personal data has the right to contact or file a complaint with the Swedish Authority for Privacy Protection, which is the supervisory authority for our processing of personal data, or the competent authority in the jurisdictions outside the EU in which our non-Swedish offices operate.
If you have any questions or complaints about the way we process personal data, or wish to request exercise of rights as described above, you are welcome to contact us by email at dataprotection@advokatfoerster.com or by post to the address above, at Data Protection Contact.