HERE YOU WILL FIND INFORMATION ABOUT HOW WE PROCESS PERSONAL DATA IN ONSAGERS AS
– persons who are clients
– persons who work at clients that are enterprises
– persons who are opposing parties
– persons who work at opposing parties
– persons who are or work in an enterprise that is an opposing party’s counsel
– persons who are in contact with us in connection with applying for a position
– persons who work at our suppliers
– persons who are otherwise in contact with us, such as persons who attend seminars or lectures, persons who receive newsletters, journalists who contact us or visitors.
2. PROCESSING OF PERSONAL DATA
2.1 Personal data
“Personal data” means any information relating to you as a natural person. “Processing” of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. We process personal data for a variety of purposes, and these will be described below.
We do not use personal data to make automated decisions that have legal effect for or in a similar manner affect data subjects.
2.2 Processing of personal data in our practice
We process personal data in connection with our practice. Clients and opposing parties/counsels to opposing parties disclose personal data to us for the purpose of practicing law. Our practice includes conducting ID checks, money laundering checks, conflict of interest checks, case management and billing, as well as internal and external correspondence with personal and legal players.
In the course of our practice, we process all types of personal data, including specific categories of personal data. Typically, we will process the name, contact information and job title of the client or one or more contacts of a client who is an enterprise, in addition to personal data collected in connection with the performance of client assignments.
We process this personal data for the purpose of fulfilling an agreement with and performing an assignment on behalf of clients. The legal basis is agreement, consent or, in some cases, that the processing is necessary for the establishment, exercise or defence of legal claims. For some processing, the legal basis will be our legitimate interests, which exceed the need for protection of the data subjects’ interests. This will typically apply to knowledge management (not specific categories of personal data) and marketing.
Case documents (all documents stored on file in our case management system) are usually stored for 10 years, but can be stored longer if requested by the client or in special cases where longer storage is required. In any case, we will store information as long as is required by law, and if there is a special need, for example, at complaints or legal claims submitted at us or by us.
2.3 Processing of personal data at events
We process personal data when we organise seminars, courses and lectures for clients, students and others. We collect names, contact information, position/student status and employer/educational institution to organise the events, typically by using registration and attendance lists. In some contexts, we may also send registration and attendance lists to other participants. The legal basis for such processing will be, in part, consent, sometimes agreement, or that it is necessary for purposes related to our legitimate interests, which exceed the need for the protection of the data subjects’ interests or fundamental rights and freedoms.
2.4 Processing of personal data at recruitment
We process personal data in our recruitment work. We collect data such as name, contact information, picture, CV, application, diploma, testimonials, statements from references, interview papers and other data that potential candidates provide to us. The legal basis is partly that the applicant has consented to the processing, typically obtaining references, or that the processing is necessary and in our legitimate interest in connection with the processing of the application.
For applicants who are not hired, we automatically delete all information every 6 months. If the information is to be kept longer, we ask for your consent.
2.5 Confidentiality declarations and the use of electronic equipment
In connection with visits to our premises, we sometimes require visitors to sign a confidentiality declaration. The purpose is to ensure that visitors do not share confidential information with third parties. The legal basis is that processing is necessary for fulfilling a legal obligation resting with us.
Confidentiality declarations are kept for as long as our law practice exists.
Using our electronic systems, including Wi-Fi, generates different types of logs. These can, for example, provide information about when you are using a computer system. All internet activity on our systems can be traced back to each user. Logs of such activity are stored to ensure that information security is safeguarded and to identify any security breaches. The legal basis is our legitimate interests.
2.6 Newsletters and other marketing
Newsletters and other marketing is sent via e-mail to persons who have consented to this and to persons with whom we have an existing client relationship. We process names, contact information and information about the employer for this purpose.
You can always withdraw your consent to receive such marketing directly in the e-mail (for example, by clicking “unsubscribe” at the bottom of the e-mail) or by contacting us through the contact information at the bottom of the document. The legal basis for the processing of such personal data is that the processing is necessary for purposes related to our legitimate interests, which exceed the need for protection of the data subjects’ interests or fundamental rights and freedoms.
We process personal data for this purpose until your consent to receive marketing is withdrawn or, alternatively, until the existing client relationship ends.
3. WHO WE SHARE YOUR PERSONAL DATA WITH AND PROCESSING OUTSIDE THE EEA AREA
We use data processors to assist us with various processes and services. The data processors we use are suppliers of IT systems and other technical systems, as well as suppliers of operating services. We have entered into data processing agreements with our data processors to ensure that personal data is processed lawfully and according to our instructions.
In some situations, we need to share your personal data with other players in connection with mergers, demergers and possible acquisitions. We may also share personal data with other third parties if necessary, for example, if required by law (for example, with public authorities).
Our processing of personal data may involve transfer to countries outside the EEA. We are taking appropriate measures, in accordance with GDPR Chapter V, to ensure that such transfers are lawful. Such measures include the use of EU Standard Contractual Clauses. For more information, please contact us.
4. YOUR RIGHTS
Personal data regulations give you a number of rights related to the processing of your personal data.
your personal data. If your personal data is incorrect, you have the right to have it corrected. Personal data that we may not have legal basis for processing shall be deleted, and you may require this to be done if we have not done so on our own initiative. You can request that we limit the use of your personal data. You have the right to data portability, which means requesting that your personal data be transferred to you or to another controller in a structured, commonly used and machine-readable format. You may object to our use of your personal data.
If you believe that we process your personal data without legal basis, you may also appeal to the Data Protection Authority (Datatilsynet), but we ask that you contact us beforehand, so that we may address your objections and resolve any misunderstandings.
Personal data regulations have comprehensive provisions on the above and there may be exemptions to some rights. For example, we are under a statutory duty of confidentiality regarding a lot of the personal data we process in our practice, and such data cannot, for example, be disclosed. If you wish to exercise your rights, please contact us through the contact information at the bottom of the document, and we will respond to your inquiry as soon as possible, and normally within 30 days.
5. SECURITY AND DEVIATIONS
We have physical and technical measures as well as procedures appropriate for protecting personal data depending on the type of data. These measures are designed to protect your personal data from accidental loss, unauthorised access, accidental copying, use, alteration and disclosure.
6. CONTACT INFORMATION
We are available for any questions you may have – e-mail us firstname.lastname@example.org