Privacy Policy

 

Privacy policy with appendix (pdf)

 

1 Introduction

Your integrity and digital security is of importance to us at Moll Wendén Advokatbyrå AB, corporate identification number 556648-7939 (”Moll Wendén”). This integrity policy (the ”Integrity Policy”) describes how we process personal data belonging to:

  • Customers who are natural persons
  • Authorised signatories who enters into agreement with Moll Wendén on behalf of a customer
  • Owners to customers who enters into agreement with Moll Wendén
  • Contact persons of customers who enters into agreement with Moll Wendén
  • Where applicable, contact persons of potential customers and other prospects
  • Counterparties who are natural persons
  • Contact persons of counterparties
  • Other persons who occur in the assignment

You shall always feel safe when you submit personal data to Moll Wendén. Moll Wen-dén is controller for the processing of personal data and you can at any time contact us in order to ask questions on the processing of personal data (see contact details in section Fel! Hittar inte referenskälla.). You are not obliged to submit personal data to us, except when it is required by law (e.g. an injuctrion to produce documents), however not submitting personal data may lead to us not being able to commit to the assignment, fulfil our assignment, or send newsletters or invitations to seminars to you etc.

The Integrity Policy is valid from 25 May 2018 and its purpose is to inform you regarding our processing of your personal data and your rights in connection with such processing.

Personal data is all the information which directly or indirectly can be linked to a natural person who is alive, e.g. name, addresses, telephone number and IP-addresses.

All personal data that we collect about you have a connection to our advocacy activities and we do not use the information for any other purpose.

Moll Wendén will always comply with applicable legislation on how your personal data may be processed, including The General Data Protection Regulation (GDPR), the Swedish Data Protection Act and other applicable laws. In addition, we are obliged to observe confidentiality regarding information which occurs in our customer related activities, in accordance with law and the Swedish Bar Association’s Code of Conduct. Our obligation to observe confidentiality in customer related matters normally prevents us to disclose information attributable to such matter without the customer’s approval. This is also relevant regarding other personal data than the customer’s own data, which we in some cases may need to process as a necessary step in our professional advocacy activities in order to maintain our customers interests appropriately.

2 Which personal data do we collect about you and why?

The type of personal data being processed about you and for what purposes depends on which category of registered persons that you belong to.

2.1 Customers who are natural persons

Personal data being processed about you as a customer is i.a. name, personal identification number, address, e-mail, telephone, certified copy of legitimation, bank account number and, if relevant for the execution of the assignment, also health data, political opinion etc.

We do this i.a. in order to undertake an assignment, control conflict of interest and exexecute money laundering control, execute and administer assignments, maintain your interests and for purposes of accounting and invoicing. A compilation on what personal data is processed, why and for how long, see Appendix 1.

2.2 Authorised signatories who enters into agreements on behalf of customers

Personal data that is being processed about you as an authorised signatory who enters into agreements on behalf of customers are i.a. name, personal identification number, certified copy of legitimation and employer. We do this i.a. in order to undertake an assignment and execute money laundering control. A compilation on what personal data is processed, why and for how long, see Appendix 1.

2.3 Beneficial owner

Personal data that is being processed about you as beneficial owner in some of our customer companies is i.a. name, personal identification number and shareholding. We mdo this i.e. in order to control conflict of interest  and execute money laundering control.

A compilation on what personal data is processed, why and for how long, see Appendix 1.

2.4 Contact persons at the customer

Personal data that is being processed about you as contact person at our customer is i.a. name, e-mail, employer and position.

We do this i.a. in order to undertake an assignment, execute and administer assignments and for purposes of accounting and invoicing.

A compilation on what personal data is processed, why and for how long, see Appendix 1.

2.5 Counterparties and other persons who occur in the assignment

2.5.1 For counterparty who is a natural person

Personal data that is being processed about you as a counterparty or a natural person are i.a. your name, personal identification number (or other information regarding date of birth), e-mail, telephone etc. We do this i.a. in order to execute necessary controls of conflict of interest.

A compilation on what personal data is processed, why and for how long, see Appendix 1.

For counterparty who is a legal person

Personal data that is being processed about you as a counterparty and legal person are i.a. contact details to a contact person at the company which you have appointed including name, e-mail etc. and data regarding employees and persons in senior management. We do this i.a. in order to execute necessary
control of conflict of interest. A compilation on what personal data is processed, why and for how long, see
Appendix 1.

2.5.2 Other persons who may occur within the framework of the assignment

With other persons who may occur within the assignment means e.g. the counterparty’s legal representative, an employee at the client, for the assignment hired consultants, witnesses et al. Personal data which is being processed regarding such persons are i.a. name, title, employer and contact details. We do
this i.a. in order to be able to execute the assignment and act as legal representative for the customer.

A compilation on what personal data is processed, why and for how long, see Appendix 1.

3 Other processing

3.1 Personal data in customer relations

In certain cases, it may happen that you in the capacity of a customer, representative for a customer or as a potential customer, contact our employees, e.g. by e-mail or telephone. In such communication we save personal data and contact details that you submit to us in order to accommodate your question. We are responsible for the personal data regarding contact persons and other persons of customer companies which are given to us in connection to undertaking the assignment, preparation and administration of the assignment.

3.2 Personal data in interest forms

When you subscribe to our newsletter we collect a number of personal data. We do this in order to send newsletters to you and drafting upcoming newsletters based on the interest that the recipients of our newsletters may have. We also store the data in order to send upcoming newsletters to you and execute market analysis for the purpose of improving our distribution of newsletters and our business.

3.3 Personal data at notifications to events

When you sign up to an event we collect personal data about you in order to get an overview of the number of participants and the particpants themselves, perform the event in an efficient way, be able to follow up the participation with you when necessary, statistical purposes and fulfil statutory requirements regarding accounting. We also store the data in order to invite you to similar upcoming events, perform market analysis
and to improve our events and our business.

In some cases, personal data may be collected at the events, e.g. in the form of photographies of participants. In such cases the photographies are saved for the purpose  of publishing news and information regarding the event and for the purpose of documentation in order to improve the arrangements. In this context we would like to point out that you are welcome to refuse to participate on a photography on such an occasion and would like to remind you that you can always object to such processing of data.

3.4 Personal data in connection with market researchs and marketing

We process your personal data when you participate in market researchs carried out by a third party – in which we sometimes occur in different researchs regarding law firms which require information from customer representatives and in order to publish news regarding our business, e.g. on our homepage. We may also process your personal data in connection with our marketing.

4 How do we collect the personal data?

The personal data is submitted to us by, or on behalf of, you, the customer, potential customer, counterparty, legal representative or any other person who occurs in the assignment or is collected by us from such persons or from private or public registers or sources. The personal data may also be submitted to us by, or on behalf of, you via our webpage, our social media, our digital mailing- and invite system or in another way. Finally, the data may be given us in our function as external cooperation partner for whistleblowing.

5 How do we share the information with other companies?

5.1

Our business is generally covered by strict confidentiality and we do not share any kind of customer or case information in breach of the framework regulating our advocacy activities We will not disclose any personal data to third parties other than in the cases where (i) it has been specifically agreed between Moll Wendén and you, (ii) when in the framework of a certain assignment it is necessary in order to safeguard your rights, (iii) it is necessary in order for us to fulfil a legal obligation or comply with a decision from a Regulatory Authority or a court decision, (iv) in the case we hire a third party for services performed on our behalf.

5.2

Example on recipients of personal data are:

  • The customer’s auditor or an other person according to the customer’s instructions.
  • The Financial Police when and to the extent that we are obliged to do it according to the Law on Measures against Money Laundering and Terrorism.
  • When we have client funds for the customer at the bank, to our bank when the bank demands information regarding the customer and the beneficial owner and our documentation regarding this matter according to the Law on Measures against Money Laundering and Terrorism, given that the customer as a condition for the use of our client fund account have given separate consent stating that such a disclosure may take place.
  • The Swedish Bar Association when and to the extent we are obliged to do so according to the Swedish Bar Association’s framework.
  • Authority or other when and to the extent we are obliged to do so according to applicable law.
  • Our indemnity insurance provider, our broker of indemnity insurance, representative that we or such broker have hired, the Swedish Enforcement Authority, debt collecting companies, court, arbitration panel or our counterparty or its legal representative to the extent it is necessary to protect our legal interest.
  • The customer’s insurer (legal protection insurance), counterparty, legal representative of a counterparty, arbitration panel, court, authority, bank, other with connection to the assignment engaged consultant or similar person to the extent it is necessary in order to safeguard the customer’s interests and not in breach with the customer’s instructions.

5.3

We may share information to you regarding e.g. events which we have together with cooperation partners in order to give you the services you have signed up interest for, or if you due to your position is deemed to have an interest to receive information from us. E.g. a HR manager may receive invitations to labour law seminars which we arrange together with our cooperation partners, if interest for this matter have been notified or otherwise is deemed relevant for you as a contact person of the customer.

5.4

Moll Wendén uses a number of suppliers of servers, databases and programs to make the processing of your personal data and the communication with you as smooth as possible. We enter into agreements with the external parties, which are governed by confidentiality and comply with the requirements stated in applicable law regarding the transferring, execution and processing of personal data. In that way the security and confidentiality regarding your personal data is guaranteed.

6 Transfer to other countries

Moll Wendén does not normally transfer your personal data to another country outside the EU or EEA. However, due to the nature of your case it may be necessary to transfer personal data to such a country if your case e.g. requires assistance from a foreign legal representative or concerns an international transaction or dispute.

Such transfer will always be executed in a safe and legal way. Moll Wendén will not transfer your personal data to an external party outside the EU or EEA without, prior to the transfer, having entered into an agreement, ensuring that the country is approved by the European Commission or that the external party is certified under the Privacy Shield-principles.

If you would like to know more about the requirements on transfers of personal data to a country outside the EU or the EEA with support of the European Commission’s decision on standard clauses for the transfer of personal data to processors established in third countries you can read more here.

7 Your rights

It is our obligation to only process personal data which are correct, relevant and necessary with regards to the purposes of the processing, and you are entitled to control this. Moll Wendén are responsible of processing your personal data in accordance with applicable law. Moll Wendén will, on your request or on its own initiative, correct, anonymize, erase or complement data which are detected to be inaccurate, incomplete or misleading. With reservation for such exceptions following from the above mentioned obligation for us to observe confidentiality, you have as an individual a number of rights under applicable law. If you would like to use one of your rights below you are welcome to contact us. Our contact details can be found in section 11. You have the right to:

I. Gain access to your personal data

  • We will, on your request, as soon as possible and no later than 30 days from when we received your message on gaining access to the data, provide information regarding what personal data we are processing about you.
  • This means that you have a right to, by a written and signed application, without any cost, receive an extraction of a register regarding which personal data is registered about you, the purposes of the processing and to which recipients the data have been submitted to or shall be submitted to. You also have a right to, from the extraction of the register, gain information regarding where the data has been collected when it has not been collected from you, the existence of automated decision-making (including profiling) and the predicted period for which the details will be stored, or the criteria used to determine that period.
  • You are also entitled to obtain a copy of the personal data which is being processed.

II. Demand rectification of your personal data

  • We will, on your request, as soon as possible and no later than 30 days from when we received your message on rectification, rectify your personal data if they are no longer necessary for the purpose for which they were collected.

III. Demand erasure of your personal data

  • We will, on your request, as as soon as possible and no later than 30 days from when we received your message on erasure, erase your personal data if they are no longer necessary for the purpose for which they were collected.
  • There may exist reasons causing us to be unable to immediately erase your personal data. E.g. case related personal data are saved in accordance with the obligations in the Swedish Bar Association’s Code of Conduct, during a period of ten years from the day of the completion of the case, or the longer period which is appropriate due to the nature of the case. In that case, we will cease the processing which is being made for other purposes and inform you about the legal basis and the relevant purpose for continued processing.

IV. Demand limitation of processing

  • You have a right to mark your personal data in order for it to only be processed for certain limited purposes. You can i.a. demand limitation when you consider that your personal data are inaccurate and you have demanded rectification according to above. Whilst the time when the personal data’s correctness is investigated, the processing of it will be limited.
  • Moll Wendén will inform you if the investigation results in that the processing should be limited. We will also make sure that necessary rectifications or erasure of personal data and limitation of processing of personal data is made by the companies to which Moll Wendén have disclosed your personal data (see section 5 above).

V. Demand data portability

  • You have a right to, under certain circumstances, receive and transmit your personal data in a structured, commonly used and machine-readable format to another controller.

VI. Object to processing of personal data which is being done with the support of a balancing test

  • You can object to the processing if it is based on a balancing test. If you object to such processing, we will only continue to process your personal data if there are eligible reasons to the processing which outweighs your interest. We will inform you of the reasons if that is the case.

VII. Demand that we cease to process your personal data for direct marketing

  • You always have a right to object against direct marketing by sending an e-mail to info@mollwenden.se. When we have received your objection, we will cease to process the personal data for such marketing purpose. You can always contact us on info@mollwenden.se or unsubscribe for our newsletter and similar mailings.

VIII. Complain on our processing of your personal data and compliance with the law to the Swedish Data Protection Authority

  • You are entitled to complain on the processing that we perform on your personal data to the Swedish Data Protection Authority, if you think that we are in breach of the Integrity Policy, do not fulfil your rights or in any other way are acting contrary to applicable law.
  • Note that the Swedish Data Protection Authority changes name to the Integrity Protection Authority, Sw. “Integritetsskyddsmyndigheten” from 25 May 2018.

8 Security

You shall always feel secure when you submit personal data to us. Moll Wendén have therefore introduced the necessary security measures to protect your personal data against unjustified access, change and erasure and secured that our suppliers of technical services maintain asuitable high level of technical security in the technical infrastructure in which your personal data are being processed. Example on measures which improve the security is the use of encrypted connections, anti virus, fire walls, clear, and for the purpose, adjusted policies and guidelines which have been introduced and are maintained, as well as physical security applications such as fire and water protection.

It is important to us that the information regarding our customers is protected. Even if we observe necessary precautions for data protection no security measures are completely secure, and we can therefore not fully guarantee the security of your personal data.

If we were to lose control over your personal data which are sensitive in relation to integrity, e.g. personal identification number, we will inform you immediately and no later than 72 hours from when we detected the incident.

9 Changes in the Integrity Policy

Sometimes we may change the Integrity Policy. We will, if it is appropriate with regards to the circumstances, send you a message if we do major changes in the Integrity Policy, e.g. by sending a message to you by e-mail or SMS. Therefore, we kindly advise you to ensure that you read all such messages carefully.

If you do not wish to continue to use the webpage or do not wish that we continue to process your personal data in our registers in accordance with the new version of the Integrity Policy, you can notify us, and we will erase your personal data within 30 days from your message. Note that we cannot erase your details if there are legal reasons for continued processing. If that is the case, we will notify you of the reasons for continued processing.

10 Information regarding cookies, other technology and third partys’ collection of data

When you use the webpage www.mollwenden.se we register information regarding your use. This information covers which pages you visit and how you act on the webpage. For more information regarding our use of cookies, see our cookiepolicy. This policy describes the use of cookies and other technology at the webpage of Moll Wendén.

11 Contact details

Thank you for reading our Integrity Policy. If you have questions regarding our processing of personal data you find our contact details here.

Controller
Moll Wendén Advokatbyrå AB

Postal address

Stortorget 8
211 34 Malmö
Sweden

Telephone

(+46) 40-665 65 00
E-mail
info@mollwenden.se