Privacy Statement FOR
KRISTENSEN BERG Law Firm
Last update: 1.11.2019
This privacy statement applies to the Kristensen Berg Law Firm DA (hereinafter "we" or "us"). We are responsible for the processing of personal information described in this privacy statement. You can find our contact information below.
1 We process personal information on the following
Private customers
Clients involved in criminal cases
Contacts with business clients
Contacts with our suppliers and partners
People involved in issues we assist
Other persons mentioned in case documents to which we have access
Visitors to our website
2 Purpose, types of personal information and legal basis
Below we have provided an overview on what purposes we process personal information, what types of personal information we process and the legal basis for the processing.
Establishing client relationships: When we are contacted by a client requesting if we can take on an assignment, we conduct an internal independence check (conflict resolution) before we accept the assignment. The independence check serves a legitimate purpose and is based on The General Information Protection Regulation (GDPR) Article 6 (1) (f) (balance of interests). Conflict checks on private customers usually include a full name, what the case is about, and if relevant, credit worthiness. Generally, conflict checks on behalf of business customers will not involve the processing of personal information.
In connection with establishing a client relationship, we will conduct a customer check in accordance with the rules of the Money Laundering Act. In such cases we use passport information and addresses, and we might include consulting data bases. Such anti-money laundering control is based on Article 6c of the GDPR (legal obligation)
If we can take on the assignment, contact information will be recorded. For private customers, as a rule; full name, address, phone number and email address. For business clients, as a rule; contact names, phone numbers and email addresses. Registration of contact information for private customers is necessary in order to enter into an agreement with the person concerned, cf. GDPR Article 6 (1) (b). For business customers, the registration of contact information is based on a balance of interests, cf. GDPR Article 6 (1) (f).
Handling of cases: Some lawyer assignments implicate having access to personal information about parties or other individuals involved in the case. Such information may appear on documents the client submits or other correspondence concerning the case. The processing of personal information in connection with assignments for business customers, is stated in GDPR Article 6 (1) (f) (balance of interests). In some cases, we also have access to sensitive personal information, e.g. information concerning health issues or criminal convictions and offenses. In such cases, the processing of the information is based on Article 9 (2) (f) of the GDPR (the processing is necessary to establish, enforce or defend a legal claim), cf. section 11 of the Personal Information Act.
Knowledge management: In order to improve and further develop our services, we sometimes prepare templates based on previous advice that we have provided. When preparing templates, we will anonymize personal information unless the template is prepared for the client the personal information is selected for. As a knowledge company, we will also look at previous cases when we give advice. The basis of handling cases is our interests in using prepared knowledge in further counselling, cf. GDPR Article 6 (1) (f) (balancing of interests).
Client Management. Individual case files are created for assignments performed on behalf of the client. Time and costs incurred on a case are recorded in our accounting system. For business customers, what we do in connection with client management, is based on GDPR Article 6 (1) (f) (balancing of interests), while for private customers it is considered a necessary part of fulfilling the agreement with the person concerned, cf. GDPR Article 6 (1) letter b.
Storage and retention of case documents: We store the case documents and correspondence after the assignment is completed. After a while, this is transferred to archives (electronic and / or physical) with enhanced access control. We store case documents because it is expected necessary by our clients and because from time to time there is a need to retrieve previous cases, for example in connection with a subsequent lawsuit or process where the client needs documentation from previous cases. Processing of personal information for filing purposes is based on GDPR Article 6f (balancing of interests: our interest in meeting clients' expectations and needs). In the few cases containing sensitive personal information, the processing is based on Article 9f (legal requirements), cf. section 11 of the Personal Information Act.
We keep case documents for up to 10 years after the assignment is completed.
Storage for the specified time period is considered necessary for the benefit of both the client and we as questions or disputes may subsequently arise where the information stored on a case may become relevant again. The legal basis for the processing of personal information is GDPR Article 6 (1) (f) (balancing of interests) and GDPR Article 9 (2) (f) (establishing, enforcing or defending legal requirements), cf. section 11 of the Personal Information Act.
Invoicing: Contact information received from business customers is used to be displayed on the invoice sent to the business if the client requests it. For private customers, the person's private mail or e-mail address is used for sending an invoice. The basis for processing is GDPR Article 6 (1) (f) (balancing of interests) for business customers and GDPR Article 6 (1) (b) (necessary to fulfil the agreement with the registered data subject) for private customers.
IT-operations and security: Personal information stored in our IT systems may be available to us or to our suppliers in connection with system updates, implementation or follow-up of security measures, repairs or other maintenance work. The basis for processing is GDPR Article 6 (1f) (balancing of interests, cf. our legitimate interest related to the activities) and our legal obligation to ensure satisfactory information security, cf. GDPR Articles 32 and 6 (1) (c).
3 Who we share personal information with
Our IT service providers may have access to personal information if personal information is stored with the supplier or in any other way available to the supplier in accordance with their contract with us. The suppliers act in accordance with the information processing agreement and under our instructions. The Supplier may only use the personal information for the purposes that we have determined, and which is described in this privacy statement.
Lawyers are subject to a penalty-sanctioned duty of confidentiality in accordance with section 111. of the Criminal Code. All information entrusted to us in connection with an assignment, is handled confidentially.
4 Your rights
You have rights concerning personal information that deals with you. What rights you have, depends on the circumstances.
Withdraw of consent: If you have consented to receive newsletters from us, you may withdraw this consent at any time. We have made it easy for you to cancel receiving such information by including a link to the unsubscribe form in each newsletter. If you have consented to different processing of personal information, you may also, at any time, withdraw your consent for the purpose of such processing by contacting us.
We do not disclose personal information in other cases or in any other way than those described in this privacy statement unless the client explicitly encourages or consents to it or if the disclosure is required by law.
Accounting legislation otherwise requires us to store certain accounting documents for a specified period. When a specific purpose requires storage for a given period, we ensure that such personal information is used exclusively for that purpose for that period.
Request access: You have the right to access all personal information that we have registered in your name, insofar as the duty of confidentiality does not prevent this. To ensure that personal information is disclosed to the right person, we may require that requests for access be made in writing or that your identity can be verified in another way.
Require changes or removal: You can ask us to correct inaccurate information we have about you or to delete all personal information. We want as far as possible to accommodate your request on deleting personal information, but we cannot do this if there are compelling reasons not to delete, for example, that we must store the information for documentation purposes.
Information portability: In some cases, you may be able to have your personal information provided to us to be transferred in a machine-readable format to another law firm. In some cases, and if it is technically possible, the information can be transferred directly to the other company.
Complaints to the supervisory authority: If you disagree with the way we process your personal information, you can submit a complaint to the Information Inspectorate.
5 Security
Vi har etablert prosedyrer for å håndtere personopplysninger på̊ en sikker måte. Tiltakene er både av teknisk, og organisatorisk art. Vi foretar jevnlige vurderinger av sikkerheten i alle sentrale systemer som benyttes for håndtering av personopplysninger, og det er inngått avtaler som pålegger leverandører av slike systemer å sørge for tilfredsstillende informasjonssikkerhet.
Tilgang til personopplysninger (og klient-/saksinformasjon) er begrenset til personell som har behov for tilgang for å utføre sine oppgaver.
Vi har vedtatt interne IT-retningslinjer, og vi foretar jevnlig opplæring av ansatte med hensyn til sikkerhet og bruk av IT-systemer.
6 Changes to the privacy statement
We might make minor changes to this privacy statement. You will always find the latest version on our website. In the event of significant changes, we will announce such changes.
7 Contact us
If you have any questions or comments regarding our privacy statement or you want to execute your rights, please contact us:
Kristensen Berg Law firm
Postboks 6681 St. Olavs plass
0129 Oslo
e-mail: saverud@kristensen.no