You are not obliged to disclose your personal data to us, however unless you do so, we may not be able to perform our engagements in which it is necessary to process personal data in order to carry out our legal work. In addition, we may be prevented to accept engagements if we do not receive necessary personal data in order to perform mandatory conflict of interest and anti-money laundering checks.
What personal data we process
We process your personal data in the following situations:
- When you are a contact person for a client, counter party or another type of parties related to our legal work or the preparation and administration of the engagement (“Contact Person”). This includes contact persons for potential clients, other advisors or people we would like to inform about our services.
- When you are a service provider, partner or any other party that provides, or will provide, services to us behalf (”Service Provider”).
- When you sign up for or participate in any of our events, seminars or similar activities (”Participant”).
- When you, by visiting our webpage, contact us via our contact form or sign up to our newsletter (”Webpage Visitor”).
As for Contact Persons and Service Providers, the personal data generally includes name, contact information, work title and in exceptional cases personal identity number, bank account number and pictures. We process the personal data for the purposes of (i) performing obligatory conflict of interest and/or anti-money laundering checks, (ii) fulfilling other legal and regulatory obligations, (iii) performing and administrating the engagement, (iv) safeguarding our and our clients interests, (v) managing our service provider relations, and (vi) accounting and invoicing. In addition, the personal data may form a basis for internal market and client analysis, statistics, risk management as well as business and performance development. The personal data may also be used for marketing purposes.
We collect the personal data from you or your employer. Some personal data may arise within the scope of the performance of our services. If necessary, we collect and store personal data from external sources such as publicly accessible registers and webpages and/or credit information agencies.
Our legal bases
We process Contact Persons’ personal data when necessary for (i) the performance of our contract with you or in order to take steps prior entering into a contract with you, and/or (ii) the compliance with our legal obligations according to the anti-money laundering and counter terrorism regulations as well as other applicable legislations and the Code of Conduct of the Swedish Bar Association. Service Providers’ personal data is processed to perform our contract or to take steps prior entering into a contract.
We process Participants’ and Webpage Visitors’ personal data in order to fulfill our legitimate interest to send out invitations to events and newsletters to subscribers as marketing activities. We also process personal data with the legitimate interest to develop our business as legal basis.
Storage and disclosure of personal data
We only store your personal data for as long as necessary considering the purpose of the processing. As stipulated in the Code of Conduct of the Swedish Bar Association, personal data related to client engagements shall be stored for ten (10) years as of the date of termination of the engagement, or, if applicable, for a longer period of time required by the nature of the engagement.
If you unsubscribe from our newsletter, we will no longer process your personal data for this purpose. Upon participation in our events or seminars, we process the personal data for the specified purposes for a maximum of one (1) year. Please note, if we delete your personal data for a certain processing, we may keep personal data for other purposes (e.g. if you are still a client to us).
Our processing of personal data within the scope of our services is subject to confidentiality regulations and the personal data will not be disclosed to a third party unless (i) you have given your consent, (ii) it is necessary to safeguard your interests and is not in conflict with your instructions, (iii) it is necessary to fulfill a legal obligation, a commitment towards the Swedish Bar Association or to comply with decisions of courts or public authorities, (iv) it is necessary to safeguard our legal interests, or (v) we engage third-party service providers who carry out services on our behalf (e.g. providing IT systems etc.)
Transfer of personal data outside the EU/EEA
Normally we do not transfer any personal data to third countries. However, a transfer to a third country may be necessary within the scope of a client engagement if e.g. the case requires the assistance of a foreign legal advisor or concerns an international dispute or transaction. Any transfer of personal data outside the EU/EEA is made in line with applicable data protection legislation.
Your rights under the GDPR
As data subject, you have certain rights regarding our processing of your personal data under the GDPR. Please note that the rights under the GDPR are not unconditional. Therefore, an attempt to invoke any of the rights might not lead to an action. Due to confidentiality obligations, we may be prevented from disclosing any information of the personal data we process. The Code of Conduct of the Swedish Bar Association may also prevent deletion or rectification of certain personal data processing.
Your rights under the GDPR include the following:
- Right to access – According to article 15 GDPR, you are entitled to access your personal data and receive certain information about the processing. Such information is provided on this webpage.
- Right to rectification – According to article 16 GDPR, you are entitled to obtain rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
- Right to erasure – Under certain circumstances, you are according to article 17 GDPR entitled to have the personal data erased. This is the so-called “right to be forgotten”.
- Right to restriction of processing – Under certain circumstances, you are according to article 18 GDPR entitled to restrict the processing of the personal data that TIME DANOWSKY carries out.
- Right to data portability – You are according to article 20 GDPR entitled to receive the personal data (or have the data directly transmitted to another data controller) in a structured, commonly used and machine-readable format from TIME DANOWSKY.
- Right to object – According to article 21 GDPR, you are entitled to object to certain processing activities conducted by TIME DANOWSKY on the personal data, such as our processing of the personal data based on legitimate interest.
If you have any questions regarding TIME DANOWSKY’s processing of personal data, please contact us at [email protected]. You may also contact us if you would like to exercise any of your rights as a data subject according to above. If you are dissatisfied with our processing of your personal data, you may lodge a complaint to the Swedish Authority for Privacy Protection. You may also turn to your local supervisory authority.