It is important for us that your personal data are processed in a safe and secure manner, in accordance with prevailing data protection laws and other legislation.
You are always welcome to contact us if you have any questions regarding our processing of personal data. For contact information, please see clause 11 below.
When referring to GDPR, this is to be understood as a reference to the (EU) 2016/679 General Data Protection Regulation ("GDPR").
Personal data means any information relating to an identified or identifiable natural person. Name, address, phone number, e-mail address and social security number are examples of information which generally is regarded as personal data.
Below, we have listed the typical purposes for our processing of personal data, the categories of personal data we typically process, and the legal bases for such processing.
When a client requests our services, we perform a conflict check before taking on the engagement. The conflict check serves a legitimate purpose and has a basis in GDPR article 6 No. 1 (f) (balancing of interests). Conflict checks regarding private clients usually include full name, what the case concerns and, if relevant, credit worthiness. In general, conflict checks on behalf of corporate clients will not involve processing of personal data.
When establishing a client relationship in cases involving the execution or planning of a transaction, we will conduct a customer due diligence in accordance with the Norwegian Money Laundering Act. We will collect documentation confirming the client’s identity, as well as the identity of the real licensee of the client. We will also collect personal data regarding the purpose of the legal assignment. If you are a private client, we will collect your full name, social security number or identity number and address. If you do not have a social security number or identity number, we will collect information regarding your date of birth, birthplace, gender and citizenship. If the client is a legal person that is not registered in a public registry, we will collect personal data about the owner, general manager or similar contact person. The client due diligence is essential for the compliance with a legal obligation, cf. GDPR Article 6 No. 1 (c).
If we can take on the assignment, the following contact information will be registered: your full name, email address, address, telephone number and job title. For private clients, this is required in order to enter into an assignment contract, cf. GDPR Article 6 No. 1 (b). For business clients, the registration of contact information is based on a balancing of interests, cf. GDPR Article 6 No. 1 (f).
Some assignments require access to personal data regarding parties, third parties or other individuals involved in the case in question. Such information may be found in documents provided by the client or in any other documentation of relevance to the case. In connection with assignments for business clients, such data processing is based on GDPR Article 6 No. 1 (f) (balancing of interests).
In some cases, we get access to special categories of personal data, such as health information or sentences and criminal offenses. The basis for such data processing is provided in the GDPR Article 9 No. 2 (f) (the processing is necessary for the establishment, exercise or defense of legal claims), cf. Section 11 of the Personal Data Act.
As part of the knowledge management in Magnus Legal, documents in a case could be used in subsequent cases. Documents stored in our experience archive are anonymized. In addition, internal sharing of documents occurs. The documents shared internally will be anonymized prior to storage on a different case. The basis for processing is our interest in utilizing prepared knowledge in further counselling, cf. GDPR Article 6, No. 1 (f) (balancing of interests).
Separate electronic files are established for all assignments. Time and costs accrued are registered in our accounting system. For business clients, the client management is based on GDPR Article 6 No. 1 (f) (balancing of interests). For private clients the client management is necessary for the performance of a contract to which the data subject is party, cf. GDPR Article 6 No. 1 (b).
Magnus Legal store documents for 10 years after completing an assignment. Storage in the said time span is recommended by the Norwegian Bar Association and considered necessary for both the client and us, as questions and disputes may arise, and where the information stored could be of relevance. The legal basis for the storage of personal data is GDPR article 6 No. 1 (f) (balancing of interest) and GDPR article 9 No. 2 (f) (the processing is necessary for the establishment, exercise or defense of legal claims), cf. Section 11 of the Personal Data Act.
Invoices to corporate clients are marked with personal data of a contact person if requested by the client. For private clients, we will use the individual's private postal address or email address for invoicing. The legal basis for the processing is GDPR Article 6 No. 1 (f) (balancing of interests) for corporate clients and for private clients GDPR Article 6 No. 1 (b) (processing is necessary for the performance of a contract to which the data subject is party).
Personal data stored in our IT systems will be available to us or our contractors in connection with system updates, implementation or follow-up on security measures, error recovery or other maintenance. Our contractors act in accordance with data processing agreements and under our instructions. The legal basis for the processing is GDPR Article 6 No. 1 (f) (balancing of interests), and our legal obligation to have satisfactory data security in place, cf. GDPR Article 32 and GDPR Article 6 No. 1 (c).
Magnus Legal sends invitations to customer events and blog notifications to e-mail addresses registered on current clients and others who have consented to receive invitations and notifications from us. Recipients of such notifications may easily unsubscribe from the service by using a link included in all e-mails. The legal basis for the processing is GDPR Article 6 No. 1 (f) (balancing of interest) where we have received the e-mail address in connection with an assignment. In current client relationships the marketing will be in accordance with the Marketing Act Section 15 (3). The marketing is otherwise based on consent from the individual, cf. GDPR Article 6 No. 1 (a) and the Marketing Act Section 15 (1).
Magnus Legal will keep job applications, resumes and other submitted documentation in order to contact former applicants for future available positions. The basis for the processing is GDPR Article 6 No. 1 (a) (consent). The access to the personal data is limited to employees who need to have access to the documents. The documents are stored for maximum three years after ended application procedure.
Personal data collected on our websites may be used for marketing purposes such as invitations to seminars and other events, as well as information about our services and other direct and indirect marketing. Personal data collected may also be used for statistical purposes, as well as operation, maintenance and improvement of our websites. The basis for the processing is GDPR Article 6 No. 1 (a) (consent), cf. the Marketing Act Section 15 (1).
Magnus Legal uses Google Analytics and HubSpot. Hubspot will ask your browser to accept cookies (external web page). When visiting our websites, cookies will track you anonymously until you optionally provide your contact information in one of our forms and give your consent to direct or indirect marketing efforts from us. The consent implies that personal data you provide may be linked to the data that has previously been anonymously stored about your use of our websites. If you would like more information on how this works, read more here (external web page).
Google Analytics is a web analytics tool that collects data and prepares statistics for improvement and development of our web pages. All data collected through Google Analytics from our web pages will be anonymized before it is stored by Google. If you wish to prevent your data from being collected by Google Analytics, you will find information about Google Analytics Opt-out Browser Add-on here (external web page).
For the operations of our websites, web analytics and marketing efforts, we use the following subcontractors:
Magnus Legal is also using cookies through our presence in social media. When visiting our websites and our profiles in social media, the social media channel collects personal data that is used to compile statistics. Magnus Legal does not have access to the personal data collected, but we can access anonymous statistics prepared by the social media channel based on the information gathered.
Lawyers’ professional secrecy is a statutory obligation. All information entrusted to us in connection with an assignment will be handled confidentially.
We are using subcontractors in countries outside the EU and EEA. Regarding transfer of personal data to such subcontractors we use EUs standard contracts for data transfers (click for more information) and/or EU-US Privacy Shield (click for more information).
Magnus Legal cooperates with Inventura AS on public procurement. We share personal data with Inventura AS only if our customers or potential customers actively have given their explicit consent to be contacted by Inventura AS.
You have legal rights in connection with our processing of your personal data. What rights you have depend on the circumstances.
If you have given you consent to receive blog notifications or other information from us, you may at any time withdraw this consent. We have arranged for an easy way to opt-out of this kind of approach by including a link to a deregistration form in each communication. If you have consented to any other data processing, you may at any time withdraw your consent by directing an enquiry to us.
You have the right to access the personal data we have registered concerning you, unless professional secrecy impedes this. In order to ensure that personal data is delivered to the right person, we may require that a request for access is provided in writing or that your identity is otherwise verified.
You have the right to obtain ratification of inaccurate personal data concerning you, and the right to erasure of personal data. We will to the extent possible comply with a request to erase personal data, unless further processing is necessary, e.g. that we need to store the information for documentation purposes.
If we process personal data concerning you based on consent or on the basis of an agreement, and the personal data is processed automatically, you may ask us to transmit your personal data to you or to another law firm in a structured, commonly used and machine-readable format.
If you disagree with the way in which we process your personal data, you may lodge a complaint with the Norwegian Data Protection Authority.
We have established routines for secure processing of personal data and client information in general. The measures are of both technical and organisational nature. We regularly evaluate the security of all central systems used for data processing, and we have concluded contracts that instruct subcontractors of such systems to ensure satisfactory information security.
Access to personal data (and client/case information) is limited to personnel that need such access in order to perform their work.
We have adopted IT guidelines, and our employees are regularly trained about security and secure use of IT systems.
Advokatfirmaet Magnus Legal AS
P.O. Box 904 Sentrum
Last updated: November 8, 2019.