It is important to us that you feel comfortable with how we process your personal data. We are careful to keep your personal data secure in accordance with our internal routines and applicable laws, including the General Data Protection Regulation (2016/679; the "GDPR") and other applicable national data protection laws in Sweden ("Data Protection Law"). We always strive to use appropriate technical and organizational safeguards to protect the data that we handle from manipulation and unauthorized access.
In this notice we also provide information about your rights and how you may contact us or the competent authority with any queries or complaints. We ask that you read this policy carefully and we welcome you to reach out to us with any questions or comments that you may have.
What kind of personal data do we process and for what purposes?
We process personal data in the course of providing legal services to our clients. We process personal data collected by- and provided to us in preparing, administrating and carrying out legal services to our clients. If required considering the nature of a particular matter, we may supplement personal data provided to us with information collected from private or public registries and databases. The personal data collected relates to identification, contact details and matter-related background information. Our processing of personal data in client matters may be necessary for the performance of a contact between us and our clients, be based on our legitimate interest as a law firm when providing professional legal services, or may be necessary for compliance with a legal obligation to which we are subject.
You have no obligation to provide your personal data to us, but if you choose not to we may not be able to accept to support you with your matter, for example if we are unable to fulfill our obligations to perform conflict of interest procedures under the rules of the Swedish Bar Association, or fulfilling our statutory duties in relation to knowing our clients and, if applicable, anti-money laundering.
We also collect and process personal data for marketing purposes, for the purpose of developing our services, for risk management and for statistical use. Personal data collected for these purposes are processed based on our legitimate interest in developing our business and communicating with our contacts.
We may also obtain information about your use of our website https://www.calissendorffswarting.se through so called “cookies”. Cookies enable us to make the site easier to use and may collect information about your computer, IP address, browser type and operating system for administration or statistical purposes (e.g. through Google Analytics). The type of personal data collected through cookies generally does not allow us to identify specific users of the website.
How is the data processed and to whom will we disclose personal data?
Calissendorff Swarting will only process personal data for the purposes for which it was collected and as described in this policy and Data Protection Law.
The personal data we process internally is only made available to authorized employees (and, if applicable, our sub-consultants) holding a position that requires them to process the data in the scope of their work. We will not disclose or transfer your personal data to any third parties unless we are required to do so under applicable laws, to prepare and carry out legal proceedings or defend claims, to perform services for our clients, if required to enable our service providers who provide services for Calissendorff Swarting (to the extent they need to have access to the data in order to perform services to us), or if this has been agreed with you. Personal data may be disclosed to courts, competent authorities, counterparties and counterparty representatives if required to safeguard clients' interests.
We have appropriate technical and organizational measures and safeguards in place and take all reasonable measures in order to keep your personal data and other information secure. Our case and document management systems and client registries ensure that only authorized persons are given access to the data and our systems and work environments have been carefully selected and are maintained in such a way as to prevent unauthorized access and unintentional data loss or destruction. Our service providers are subject to confidentiality undertakings and other contractual obligations to ensure that data transmitted to or accessed by them remain secure.
Transfer of data to countries outside the EU/EEA
We generally only store and otherwise process personal data and other information within the EU/EEA. However, we may need to transfer your information to a location in a country outside the EU/EEA, where the laws may not protect personal data to the same extent as the laws in the EU/EEA. In case we need to transfer your personal data to a location outside the EU/EEA, for example if using a service provider in a third country or due to the nature of a client case, we will implement appropriate measures in accordance with Data Protection Law to ensure that your information remains secure and protected. Such measures may include, for example, implementing the EU Commission’s standard contractual clauses with the recipient of the data.
How long do we store personal data?
We will store personal data related to client matters for as long as required under applicable laws and the rules of the Swedish Bar Association; currently at least ten years after the client matter has been completed, or such longer period required considering the nature of the matter. Personal data processed for the purpose of developing our services and for marketing or statistics purposes will only be stored and processed for as long as required considering the purpose for which the data was collected and when we no longer have a legitimate interest in processing the information, it will be deleted.
Your rights and our obligations
You may at any time exercise your rights in relation to our processing of your personal data. Below we have summarized some of your rights under Data Protection Law.
Right to access and rectification: You have the right to request access to the personal data relating to you, including e.g. the right to be informed whether or not personal data about you is being processed, what data we are handling, and the purpose of the processing. You also have the right to request that inaccurate or incomplete personal data is corrected.
Right to object: You have the right to object to certain processing of personal data, including e.g. processing of your personal data for marketing purposes or when we otherwise base our processing of your information on a legitimate interest.
Right to withdraw consent: In cases where our processing of your personal data is based on your consent, you have the right to withdraw your consent to such processing at any time.
Opt-out from marketing: If we send you marketing material or marketing communication, you always have the right to opt-out of future marketing.
Right to erasure: You have the right to request that your personal data be erased e.g. if it is no longer necessary for us to keep the personal data for the purposes for which it was collected or if the processing is unlawful.
Right to Data Portability: If personal data that you have provided to us is being processed automatically with your consent or in accordance with a contract between you and Calissendorff Swarting, you may request that the data is transmitted to another data controller in a structured, commonly used and machine-readable format (provided this is technically feasible).
There are however situations where exceptions to such rights apply, e.g. if we have obligations under applicable laws or the rules of the Swedish Bar Association that prohibit us from disclosing or deleting personal data.
If you have any comments or complaints in relation to how we process your personal data, or if you have any questions, you are always welcome to contact us at any time.
You also have a right to lodge a complaint with a supervisory authority regarding our processing of your personal data. The competent authority in Sweden is Datainspektionen, but you may also file a complaint with the supervisory authority responsible for data protection matters in the country where you live.
Controller of personal data
Calissendorff Swarting Advokatbyrå KB, Reg.No. 969767-8531, is responsible as the controller of personal data for the purposes described above. You are always welcome to contact us if you have any questions regarding our processing of personal data.
Calissendorff Swarting Advokatbyrå KB
Hamngatan 11, SE-111 47 Stockholm, Sweden
Telephone: +46 (0)8-678 70 00