Privacy statement

LAWYER JOHAN HVEDING has the following guidelines for processing personal data

1. General

Advokat Johan Hveding processes personal data (i.e. information that can be directly or indirectly linked to an individual, such as name, postal address, e-mail address, IP address and mobile number) when we carry out assignments and services for you, when you visit our websites, or otherwise comes into contact with us.

We process your personal data in order to solve assignments and deliver other agreed services. If you consent to it, we can also process your personal data for other purposes.

We are concerned that you should feel confident that your personal data will be processed in a responsible manner. This privacy policy tells you how we collect personal data and what we use it for. It also contains information about how we secure the personal data, who we share it with and your rights.

2. Purpose of collection and basis for processing

In the following, we provide an overview of the purposes for which we process personal data, the types of personal data we process and the legal basis for the processing:

Communication and dialogue

If you communicate with us electronically via e-mail or web meeting, personal data is stored in our systems for e-mail and video communication. The information is regularly deleted when it is no longer necessary for the purpose for which it was collected, unless we are required to store the information in accordance with applicable legislation.

The processing basis for storing this information is the Personal Protection Regulation's Article 6 No. 1 (f), our legitimate interest in storing the information in order to be able to document our help and possible assistance with your inquiry. Information that is collected and stored via electronic communication will often also be covered by legal activities or other services we provide as described below.

If you communicate with us electronically via e-mail or web meeting, personal data is stored in our systems for e-mail and video communication. The information is regularly deleted when it is no longer necessary for the purpose for which it was collected, unless we are required to store the information in accordance with applicable legislation.

The processing basis for storing this information is the Personal Protection Regulation's Article 6 No. 1 (f), our legitimate interest in storing the information in order to be able to document our help and possible assistance with your inquiry. Information that is collected and stored via electronic communication will often also be covered by legal activities or other services we provide as described below.

Conflict of interest clarification

When we receive a request whether we can take on an assignment, we will first clarify whether there may be a conflict of interest in relation to established client relationships and ongoing cases.

Such a conflict check will, for private persons, usually include the full name and what the case is about. A similar conflict check that applies to business clients does not usually involve the processing of personal data. This control has its basis in GDPR article 6 no. 1 letter c (legal obligation), cf. Courts Act § 224, cf. the Bar Regulations chapter 12.

For private customers, as a general rule, a credit assessment will also be carried out. This safeguards our legitimate interests and is based on GPDR article 6 no. 1 letter f (balancing of interests).

Establishing client relationships

If we can undertake the assignment, contact information such as name, contact information and any copy of identification (if necessary) is recorded. The registration of contact information is necessary in order to enter into and fulfill an agreement with the person concerned, cf. GDPR article 6 no. 1 letter b. For business clients, the registration of contact information is based on a balancing of interests, cf. GDPR article 6 no. 1 letter f.

In connection with the establishment of a customer relationship, a statutory control will also be carried out in accordance with the rules in the Money Laundering Act. This client control includes e.g. obtaining a company certificate and ID for contact persons. In some cases, an overview of the affiliation of other persons, such as board members and beneficial owners, is also obtained. For private customers, we collect ID for identity control. The customer control is necessary to fulfill our legal obligations under the Money Laundering Act, cf. GDPR article 6 no. 1 letter c.

Case management

Legal assignments mean that we get access to personal information about parties or other individuals affected by the case. Such information can, among other things, appear from documents that the client sends or other correspondence in the case.

The legal basis for processing such information is GDPR article 6 no. 1 letter b on the processing of information that is necessary to fulfill the agreement. In assignments for business clients, the basis for processing may also be GDPR article 6 no. 1 letter f (balancing of interests).

Client administration

In connection with the administration of the cases, separate electronic case files will be created for the individual cases. In addition, time and costs incurred on a case will be registered in our accounting system. Our performance of tasks in connection with client administration is considered a necessary part of fulfilling our contractual obligations towards the person concerned.

The legal basis for the processing is GDPR article 6 no. 1 letter b. For business clients, this is also considered authorized in GDPR article 6 no. 1 letter f (balancing of interests). In addition, there are legal requirements that state that we are obliged to process personal data, e.g. requirements in accounting legislation. This type of processing is authorized in GDPR article 6 no. 1 letter c.

Invoicing

Where the client is a business, it will be shown in the invoices and the hourly basis could be shown to physical persons with business clients used to mark invoices sent to the business or refer to contact with the person concerned.

The legal basis for the processing is GDPR article 6 no. 1 letter b (necessary to fulfill the agreement with the data subject). In addition, GDPR article 6 no. 1 letter f (balancing of interests) will also be the basis for processing for business clients.

Storage and retention of personal data

Personal data will not be stored longer than is necessary to safeguard and follow up the legal requirements that may arise from the assignment or service that we have performed for you.

The legal basis for processing personal data is GDPR article 6 no. 1 letter f (balancing of interests) and GDPR article 9 no. 2 letter f (determining, asserting or defending legal claims), cf. GDPR article 17 no. 3 letter b and § 11 of the Personal Data Act.

In addition, there are legal requirements which state that we are obliged to store personal information for a certain period after the case has ended, e.g. requirements in accounting legislation and the Money Laundering Act. Such storage is authorized in GDPR article 6 no. 1 letter c.

IT operation and security

Personal data stored in our IT systems may be available to us or to our suppliers in connection with system updates, implementation or follow-up of security measures, error correction or other maintenance. The supplier can only use the personal data for the purposes we have determined and which are described in this privacy policy.

The legal basis for the processing is GDPR article 6 no. 1 f (balancing of interests, cf. our legitimate interest linked to the aforementioned activities) and our legal obligation to have satisfactory information security, cf. GDPR articles 32 and 6 no. 1 letter c In addition, GDPR article 6 no. 1 letter b (necessary to fulfill the agreement with the data subject) will also be the basis for processing in general.

Marketing, use of websites and social media

Advokat Johan Hveding collects and processes personal data for marketing purposes, via the use of the website advokat.hveding.no and via other services such as Linkedin.

We will use the personal data to provide you with information and marketing of our services and offers for courses, seminars and other events. It may also be relevant to send out newsletters to e-mail addresses registered to clients, and to others who have consented to this. Recipients of such shipments can easily unsubscribe from the service by using the link included in the shipment. The information can also be used for statistics, aggregation and to manage and improve the websites, see more about cookies and web analysis below.

Where we have received the e-mail address in connection with a legal assignment, the basis for processing is GDPR article 6 no. 1 letter b (ref. our terms of engagement) and GDPR article 6 no. 1 letter f (balancing of interests). If there is an existing client relationship, the marketing will take place in accordance with §15 (3) of the Marketing Act. In other contexts, marketing is based on consent from the person concerned, cf. the Marketing Act § 15 (1) and GDPR article 6 no. 1 letter a.

3. Securing the personal information

Lawyer Johan Hveding has routines and measures to ensure that unauthorized persons do not gain access to your personal information, and that all processing of the information otherwise takes place in line with applicable law.

In order to carry out our business, we are dependent on partners who can assist with the development, delivery and operation of our IT systems. Our subcontractors will be able to access personal data we process as part of their delivery and operation of our IT systems.

We have data processing agreements with all subcontractors and routines around access and storage of personal data. Our suppliers can use subcontractors abroad. Any transfer of personal data to countries outside the EEA will be based on a legal basis, for example the EU's standard agreements.

4. Who do we share personal information with? any information with?

Lawyers are subject to a criminally sanctioned confidentiality obligation. All information entrusted to us in connection with an assignment is handled confidentially. Unless you have given special consent to the disclosure of personal data, your personal data will only be disclosed to others where this is necessary to fulfill our assignment obligations. We will be able to share personal data with our technical subcontractors, or with public authorities where there is a statutory disclosure obligation.

In certain cases, you will be able to request that personal data you have provided to us be handed over in order to have it transferred in a machine-readable electronic format to another law firm if it is technically possible, cf. the legal ethics rules.

5. Access, correction and deletion of personal data

You have the right to access the personal data we have registered about you, as long as confidentiality does not prevent this. To ensure that personal data is handed over to the right person, we will seek to verify the identity of the person making the request. You can read more about the right of access on the Norwegian Data Protection Authority's website.

You can ask us to correct incorrect information we have about you or ask us to delete personal data. The information will nevertheless not be deleted if we have other legal basis for processing and need to continue storing your personal information. In legal practice, however, weighty reasons may require failure to correct necessary and correct personal data. The legal basis for not deleting after the assignment has ended is GDPR article 17 no. 3 letters b and e.

If you have given consent to receive newsletters from us, you can withdraw this consent at any time by unsubscribing from the newsletter subscription. To unsubscribe, you can use the link to the unsubscribe form that is included in each newsletter. If you have consented to other processing of personal data, you can withdraw your consent for this processing at any time by contacting us about this.

Inquiries where it is clear what you require access to, or want something corrected or deleted, are sent in writing to the data controller (see contact information below). The inquiry will be answered as soon as possible, and at the latest within 14 working days.

6. Use of cookies

We use cookies to log the use of our website advokat.hveding.no. Cookies are small cookies that the website stores on your computer or mobile device. This enables the website to, among other things, remember your actions or preferences over time and to display the most relevant content possible.

Most browsers are set to accept cookies automatically, but you can choose to change the settings yourself so that cookies are not accepted. However, this could mean that you will not be able to access some of our services. Information is collected automatically for analytical use. The setting is to be understood as consent if it is such that the user expresses acceptance of the use of cookies. This also applies if the browser is preset for acceptance. When you visit the website advokat.hveding.no, you thus agree that we can set cookies in your browser. The websites may contain links to websites that are owned and operated by other businesses.

We use cookies for content optimization and traffic measurement/statistics. We collect visitor statistics for the website via common, commercially open digital tools for web analysis, such as Google Analytics and Hotjar. This information is used for the operation and further development of the websites.

The information is obtained from the computer's browser and may include IP address, operating system, browser software, screen resolution, time of visit, which pages on Advokathveding.no are visited, what was clicked on during the visit and the sender's website. Advokat Johan Hveding does not link the information about the IP address directly to you as a user. The information is anonymised and is not used for anything other than analysis purposes

To read more about cookies, including how you can opt out of them on your computer, see for example: http://www.allaboutcookies.org/manage-cookies/.

7. Contact information and complaint

Send an e-mail to Denne e-postadressen er beskyttet mot programmer som samler e-postadresser. Du må aktivere javaskript for å kunne se den. if you have questions about how we process personal data or wish to request access, correction or deletion, etc.

The controller for the personal data we process in connection with the performance of our tasks and services, use of our websites, or when you come into contact with us in another way is Advokat Johan Hveding (Denne e-postadressen er beskyttet mot programmer som samler e-postadresser. Du må aktivere javaskript for å kunne se den., mobile: 902 04 995).

If you believe that our processing violates privacy legislation, you can make a complaint via the data controller. Are you still of the opinion that the company's processing of your personal data is not over after the complaint processing in the company has ended? agreement with the current regulations, you can complain to the Norwegian Data Protection Authority. You can find information on how to contact the Norwegian Data Protection Authority on the Norwegian Data Protection Authority's website: www.datatilsynet.no.

8. Changes to the privacy policy

This declaration contains information you are entitled to according to the Norwegian Personal Data Act and GDPR Articles 13 and 14 (included in the new Personal Data Act of 15 June 2018 no. 38). The information on the processing of personal data may be changed, i.a. as a result of changes in our services, or changes in the regulations on the processing of personal data. The current statement will always be available on our website.

Created September 2022

© 2022 Advokat Johan Hveding - Webdesign © 2022 Web Norge