Contact us

Privacy Policy

1. INTRODUCTION

Advokatfirmaet Forsberg AS “the Law Firm” takes the privacy of our clients and users of our website seriously.

This statement concerns the processing of personal data collected and processed by The Law Firm in connection with legal assignments, for marketing purposes and when using the website. The statement contains information you are entitled to under the Norwegian Personal Data Act and Articles 13 and 14 of the GDPR.

The Law Firm is the Data Controller for the processing of personal data carried out by the law firm.

Contact information:
If you have any questions or comments about this policy or how we process personal data, please contact us by e-mail: er@forsberglaw.no or send a letter to Advokatfirmaet Forsberg AS, P.O. Box 1289 Vika, NO-0111 Oslo, Norway.

2. COOKIES.

2.1 What are cookies and what does the Law Firm use them for?

The Law Firm uses cookies on our website. A cookie is a small data file that is stored as a text file on your computer when you visit our website. Temporary cookies are stored until you close the browser window and are used, among other things, to speed up the display of pages. Permanent cookies are stored and used for a shorter or longer period, e.g. to improve your user experience and to detect JavaScript properties. The Law Firm only uses necessary cookies for user experience and for general statistics for traffic on our website. We do not share information with others for marketing purposes.

2.2 Control of cookies
Through settings in your browser, you can control the use of cookies by blocking or restricting their use or by getting information every time a website wants to save a cookie. If you block or restrict the use of cookies, this may reduce or remove functionality when you access our websites. You can also delete cookies that have been stored on your computer via the menu in your browser.

3. LEGAL SERVICES

3.1 Data Controller
We collect and process personal data as part of the performance of legal assignments and as described in our confirmation of assignment and any other instructions received from the client.
The performance of legal services will normally involve the processing of personal data about individuals received from the customer. The customer is then responsible for ensuring that the personal data is transferred to the Law Firm in accordance with the provisions of the Personal Data Act. For further processing of the personal data, the Law Firm is the data controller.

The Law Firms’ processing of personal data is exempt from the Personal Data Act for all cases that are processed under the Administration of Justice Acts.

All employees of the Law Firm are subject to a strict duty of confidentiality in their legal practice, so that cases outside the scope of administration of justice laws are also treated confidentially and securely.

3.2 Collection and processing of personal data
When performing an assignment, we may receive personal data directly from the client, but possibly also from others, such as counterparties and public authorities, etc. The Law Firm will normally not request information from others unless it is necessary for the case and clarified with the client. The Law Firm is also the data controller for this information once it has been received.

In the performance of assignments, the Law Firm may process information about the following categories of persons:

  • Private customers
  • Contact persons at business customers
  • Persons involved in cases the Law Firm is engaged in
  • Counterparties
  • Other persons referred to in case documents to which we have access in connection with an engagement

Establishment of client relationship
The Law Firm performs a conflict clarification before an assignment is initiated. This control is based on GDPR Article 6 (1) (c) (legal obligation), cf. Section 224 of the Norwegian Courts of Justice Act, cf. Chapter 12 of the Norwegian Lawyers’ Regulations. Conflict clarification of private clients or counterparties usually includes full name, address and what the case concerns.

When establishing a client relationship, the Law Firm will carry out a statutory client check in accordance with the rules of the Anti-Money Laundering Act. Where the Anti-Money Laundering Act applies (i.e. in the case of transactions), the customer’s due diligence will include obtaining company certificate and identification documents for contact persons. It may also be relevant to obtain an overview of the affiliation of other persons, so-called “beneficial owners”. For private customers, we will obtain ID (passport, driver’s license, etc.) for identity checks. The customer check is necessary for us to be able to fulfill our legal obligations under the Money Laundering Act, cf. GDPR Article 6 (1) (c).

In some cases, it may also be relevant to carry out a credit assessment. This safeguards our legitimate interests and is based on Article 6 (1) (f) of the GDPR.

When we take on an assignment, the contact information and any copy of identification (if necessary) are registered. For business customers, such registration is based on our legitimate interests and a balancing of interests, cf. GDPR Article 6 (1) (f). For private customers, registration is necessary to enter into an agreement with the person concerned, cf. GDPR Article 6 (1) (b).

Case management and performance of our assignments
Some assignments involve the Law Firm gaining access to and processing personal data about parties and/or other individuals affected by the assignment. In the case of assignments for corporate clients, such processing of personal data is based on Article 6 (1) (f) of the GDPR (balancing of interests). For our private clients, the legal basis may be GDPR Article 6 (1) (f) (balancing of interests) or (b) (fulfilling an agreement with the data subject).

In some cases, the Law Firm will also have access to special categories of personal data, e.g. offenses or health information. The processing will then have a legal basis in Article 9 (2) (a) (consent) or (f) (processing is necessary for the establishment, exercise or defense of legal claims) of the GDPR. Section 11 of the Personal Data Act also applies to personal data relating to criminal convictions and offenses.

Administration and follow-up of customer relationships
The Law Firm will process personal data before, during and after an assignment has been completed as part of the follow-up and administration of the customer relationship. It is necessary that we register time and costs incurred on the case in our accounting system. For business customers, the aforementioned customer administration is based on Article 6(1)(f) of the GDPR (balancing of interests), and for private customers the legal basis is Article 6(1)(b) of the GDPR.

Invoicing
Collected contact information from business customers is normally used to mark invoices sent to the business. For private customers, we use the data subject’s private postal address or other stated address when sending out invoices. The basis for processing is then GDPR Article 6 (1) (f) (balancing of interests) for business customers and GDPR Article 6 (1) (b) (necessary to fulfill the agreement) for private customers.

Security and IT operations
Personal data located in the Law Firms’ IT system may be processed by us and our suppliers to ensure the necessary operation, administration and security of the systems. The processing basis for this is GDPR Article 6 (1) (f) (balancing of interests) and legal obligation to have satisfactory information security, cf. GDPR Articles 32 and 6 (1) (c).

3.3 Storage and retention of case documents and accounting documents
After completion of the assignment, we will archive the case documents for at least 10 years, in accordance with the provisions of Section 36 of the Lawyers Act. Storage for the aforementioned period is considered necessary for the benefit of the client and for the legal and legitimate interests of the Law Firm. Particular emphasis has been placed on the fact that questions may subsequently arise where the information stored on a case may be relevant again. The legal basis for the processing of personal data is GDPR Article 6 (1) (c) (legal obligation), GDPR Article 6 (1) (f) (balancing of interests, cf. the legitimate interest stated above) and GDPR Article 9 (2) (f) (establishing, exercising or defending legal claims), cf. Section 11 of the Personal Data Act.

Due to accounting legislation, we are also required to store accounting documents for a specified period, normally 3.5 or 5 years.

4. DATA PROCESSORS – TRANSFER OF DATA ABROAD

For our processing of personal data as described in section 3, the Law Firm has entered into agreements with certain data processors who process personal data on our behalf. This may include, for example:

  • Supplier(s) of IT services and systems.
  • Supplier(s) for hosting, development and operation of our website

The Law Firms’ servers are located in Norway, but our supplier(s) may use subcontractors abroad. Any transfer of personal data outside the EEA will be based on a lawful basis, such as the EU Standard Contracts.

5. SECURITY OF THE INFORMATION

The Law Firm has established routines for the protection of information and privacy. We will use reasonable precautions to ensure that our employees and data processors, who have access to information, have relevant information that ensures the processing of personal data in accordance with the law and this policy.

6. YOUR RIGHTS

Pursuant to Articles 13 and 14 of the GDPR, all data subjects have the right to information about the processing of personal data, which is stated in this policy. If The Law Firm processes personal data about you, you have, with certain reservations, the right to:

  • obtain confirmation as to whether personal data about you is being processed, and
  • access to your own data and information about the processing,
  • to have incorrect or incomplete information about you corrected,
  • under specified conditions, as described by law, you may request that the processing be restricted, or you may object to the processing,
  • to have information about you deleted if legal conditions are met,
  • request that the data be transferred to another controller where the processing is based on your consent, or
  • if the processing is based on consent, you may withdraw your consent at any time.

The above-mentioned rights do not apply unconditionally, and we refer in particular to these exceptions:

The rights to information and access pursuant to Articles 13, 14 and 15 of the GDPR do not comprise information which in or pursuant to a statute is subject to a duty of secrecy, cf. Section 14 of the Personal Data Act. Section 211 of the Norwegian Criminal Code imposes a duty of confidentiality on lawyers for information entrusted to them in connection with their engagement or position. Section 2.3.2 of the Norwegian Code of Conduct (appendix 1 to the Norwegian Lawyers’ Regulations) also imposes a duty of confidentiality on lawyers in respect of information that the lawyer becomes aware of in the course of his or her work as a lawyer, even if the information is not covered by the statutory duty of confidentiality. The aforementioned duties of confidentiality therefore entail exceptions to the data subject’s right to information and access under the GDPR. This means that The Law Firm cannot provide access to personal data that we are entrusted with or made aware of by virtue of our business. Article 15 of the GDPR does not provide the right to access information in case documents, unless the data subject is our customer as a private individual.

In case you are not satisfied with our processing of personal data, you can complain to the Norwegian Data Protection Authority.

The Law Firm does not use automated decisions.

7. CONSENT, CHOICE OF LAW AND JURISDICTION

This privacy policy applies to all our customers and to all users of our website. By using our website or by receiving our legal services, you accept that personal data may be processed as described in this statement. At the same time, you agree that any disputes shall be dealt with by the courts in Oslo in accordance with Norwegian law, unless otherwise stated in the confirmation of assignment or mandatory law.

8. CHANGES IN THE DECLARATION

The Law Firm reserves the right to amend this declaration. All changes are valid from the time they are published. Changes will then include all information collected from the date of change as well as existing information.

Data Controller: Erik Rosen

Contact us

Phone
+47 22 00 79 50

Email
post@forsberglaw.no

Adress
P.O. Box 1289 Vika
NO-0111 Oslo
Norway

Visiting address
Wergelandsveien 1

Advokatfirmaet Forsberg AS
935 518 083 MVA

Menu

Expertise
Articles
People
About us
Contact Us

Expertise

Arbitration

Contract law

Corporate Law

Dispute Resolution

Employment Law

General business law

Inheritance and generational change

Intellectual property rights

Mergers, demergers and transformations

Real estate

Taxes and fees

Transactions / M&A

Links

Terms of assignment
Privacy
Cookies

Newsletter

Subscribe to our newsletter

Portrait and action photos are taken by Nicolas Tourrenc