1. About our privacy notice
When we process your personal data, you can rest assured that we are commited to upholdthe highest data protection standards, and we process your personal data in a secure and lawful manner.
2. When do we process personal data?
We process personal data when:
- providing legal services
- providing digital services
- marketing our activities
- corresponding with suppliers and partners
3. Who may the data subject be:
- Contact persons with our business clients
- Private clients
- Persons involved in or mentioned in cases that we handle
- Contact persons with our suppliers and partners
- Visitors to our webpages
- Subscribers to our newsletters
4. How we process personal data
In the following we have listed the typical purposes for our procesing of personal data, the categories of personal data and the legal basis for the processing. .
4.1. Establishing client relationships
When we are contacted by a client requesting our services, we perform a conflict check before taking on the engagement. Such conflict checks of private clients is normally limited to the name of the individuals, the nature of the engagement and in some event credit checks. Conflict checks related to business clients, not individuals, do normally not involve the processing of personal data. Such conflict checks are required to ensure that we comply with rules of professional conduct for lawyers, and the legal basis for processing personal data while performing such a check is provided in the GDPR Article 6c (legal obligation) and Article 6f (balancing of interests: our interest in behaving ethically correct).
Where necessary pursuant to the Norwegian Money Laundering Act, we will perform a background check of our clients. For this purpose, we process passport information and the client’s address details and we may conduct database searches. The basis for conducting such a money laundering check is provided in the GDPR Article 6c (legal obligation).
If we take on the assignment, we will register the client’s contact details. For business clients, we primarily register the name, telephone number and e-mail address of contact persons. The basis for such processing is provided in the GDPR Article 6f (balancing of interests: our interest in communicating with our client). Correspondingly, we will for any private clients register name, telephone number, address and e-mail address. The basis for such data processing is provided in the GDPR Article 6b (contract) and in some event the GDPR Article 6f (balancing of interests: our interest in communicating with our client).
4.2. Case handling
In carrying out legal assignments, we normally process personal data, for example regarding private clients and opponents, employees and owners of the client’s business or the opponent’s business, witnesses, the opponent’s counsel and other individuals involved in the case. Such data may appear in documents and correspondence prepared or received by us in connection with the case. The legal basis for processing of personal data in connection with assignments s provided in the GDPR Article 6b (contract) and in the GDPR Article 6f (balancing of interests: our interest in providing services to our clients), whereas the basis in connection with assignments for private clients is provided in the GDPR Article 6b (contract). In our handling of cases, we occasionally gain access to sensitive personal data, such as health information in employment matters. or in matters related to benefits from the public athorities. The legal basis for such processing is provided in the GDPR Article 9,2f (legal claims), cf. the Norwegian Personal Data Act, Section 11.
Time and costs accrued in a case are registered in our accounting system Advisor. We use the contact details we have received from our clients for invoicing purposes. The legal basis for such processing of personal data in respect of business clients is provided in the GDPR Article 6f (balancing of interests: our interest in invoicing) and for the corresponding processing in respect of private clients in the GDPR Article 6b (contract).
We send out newsletters and event invitations by email to contact persons with our existing clients (clients we have assisted during the course of the last three years), and to others who have subscribed for such communication. The basis for sending such emails to contact persons with our existing clients is provided in the GDPR Article 6f (balancing of interests: our legitimate interest in following up our clients by providing legal news and relevant information about our services), cf. the Norwegian Marketing Control Act, Section 15(3). The basis for sending such e-mails to other individuals is provided in the GDPR Article 6a (consent), cf. the Norwegian Marketing Control Act, Section 15(1). Any recipients of our communication items can easily opt out using the link included in our e-mails.
4.5 Supliers and partners
We process personal data when we use or administrate the services of suppliers and partners.For such parties we register contact details, primarily the name, telephone number and email address of contact persons. The basis for this processing is provided in the GDPR Article 6b (contract) and the GDPR Article 6f (balancing of interests: our interest in administering our relationship with suppliers and partners).
4.8. Other purposes
We may also process personal data for purposes that are not incompatible with the original purpose for which the data was collected. This will only take place if we have a sufficient legal basis in GDPR Article 6.
Lawyers are as a general rule subject to a statutory duty of confidentiality with regard to all data associated with their provision of legal services. Everyone who works at Tenden is subject to a duty of confidentiality.
We will only disclose personal data in the following events:
- To the extend necessary in order to execute our assignments personal data may be disclosed to opponents, other advisers, the court or other authorities
- The suppliers of our IT services and their sub-suppliers may have access to personal data if such access is necessary in order for them to provide their services to us. We have data processing agreements with such parties ensuring that they do not use such data for their own purposes. Our client and case administration system is stored on Tenden's own servers in Norway
We do not disclose personal data in any other way, unless requested to by our clients or unless it is necessary in order to comply with laws or public authority requirements.
6. Data retention
We store your personal data as long as it is necessary to fulfil the purposes described in this privacy statement. This essentially means the following:
- We store case information for a period of 25 years, unless otherwise explicitly agreed or the information is of such kind that requires longer retention period.
- We store invoice information for a period of 5 years.
- We store the details of contact persons with our clients for a period of 5 years or if the client relationsship last longer 5 years after the client relationship has ended.
- We store information collected for money laundering check purposes for a period of 5 years.
- We store information about contact persons with our suppliers and partners for a period of 5 years after the relations have ended
- We store the names and e-mail addresses of individuals who have consented to receiving newsletters until such consent is withdrawn.
- We make backup copies of our data, which are continuously deleted when overwritten by new backup copies
7. Your privacy rights
You have the right to:
- Access. You have the right to know which of your personal data we process.
- Rectification. You may ask us to rectify any error in your personal data.
- Erasure (the right to be forgotten). You may ask us to erase your personal data, which request we will respect and comply with.
- Restriction. You may ask us to restrict the processing of your personal data.
- Object. You may object to the processing of your personal data.
- Data portability. You may ask us to provide you or others with your personal data in a structured, commonly used and machine-readable format.
- Right to appeal to the Norwegian Data Protection Authority. If you do not agree with the way in which we process your personal data, you may submit an appeal to the Norwegian Data Protection Authority (Datatilsynet), cf. section 11. We kindly ask that you contact us beforehand, so that we may clarify any misunderstandings.
We do not carry out automated decision-making or profiling.
Please note that the above rights may be subject to exceptions and limitations. We cannot, for example, provide personal data if it would violate our duty of confidentiality, or if we have a legal obligations to retain such data.
We have implemented technical and organisational security measures in order to ensure that we handle personal data in a secure manner. We perform regular assessments of the security of all of our systems used for the handling of personal data, and have entered into agreements instructing the suppliers of such systems to ensure an adequate level of data security.
In cases where the disclosure of data, as described in section 5, involves transfer of data out of the EEA, we implement measures to protect the personal data, such as entering into agreements on the basis of EU standard contractual clauses with the recipient includeing additional messures if necessary.
10. Amendments to this privacy notice
We may amend this privacy notice from time to time. You will be notified by email if we make any significant amendments. The most up-to-date version of our privacy statement is available on our website.
11. Contact the Controller
We are available for any questions you may have.
Tenden Advokatfirma ANS
Org. No. 959 704 996
P.O. Box 423
Tel: + 47 33 35 46 00