Privacy- and cookie policy

menu-sep

This privacy statement and cookie policy describes how Advokatfirmaet Dehn DA (Dehn/vi) collects, processes and protects your personal data. Dehn represented by its general manager is the data controller for our processing of personal data. The privacy policy also covers how personal data is processed when a lawyer in Dehn is appointed as trustee.

1. Who we process personal data about

Dehn processes personal data about the following persons:

  • Private clients
  • Clients in criminal cases
  • Contact persons at business clients, including state, county and municipal clients and courts
  • Counterparties and other persons who are involved or mentioned in cases we handle
  • Contact persons at suppliers and partners
  • Persons involved in estate administration
  • Visitors to our website and in social media

2. Purposes, types of personal data and legal basis

Below is an overview of the types of personal data we process, the purposes for which we process personal data and the legal basis for the processing.

 

Establishment of client relationships and new assignments:

When we are contacted with a request to take on an assignment, we carry out an independence check internally (conflict clarification) before we possibly take on the assignment. The independence check is necessary in order to comply with the Code of Conduct for Lawyers, and serves a legitimate purpose, cf. GDPR article 6 no. 1 c (legal obligation) and f (balancing of interests). Conflict checks of private clients usually include full name, what the case concerns and any creditworthiness. Conflict checks of business clients may involve similar checks of key persons in the business and contact persons. In connection with the establishment of a client relationship and new assignments, we will be able to carry out customer checks where we use identification with a bank ID, or alternatively obtain a copy of a passport.

If we accept the assignment, we will register identification and contact information such as full name, address, date of birth, e-mail address and telephone number. For private clients, the registration is necessary in order to enter into an agreement with the person in question, cf. Article 6(1)(b) of the GDPR. For business clients, the registration is based on a balancing of interests, cf. GDPR Article 6(1)(f). For assignments subject to the Money Laundering Act, we will also register the required information and make ongoing searches in databases to fulfill our legal obligations under the Money Laundering Act, cf. GDPR Article 6(1)(c).

 

Case management:

When we carry out an assignment, we normally gain access to and process personal data about parties or other individuals affected by the case. This may, for example, be information about employees or owners, property, ownership, financial information, various interests, health information, family relationships and photos. The same applies when we are appointed as defense counsel, assistant attorney or public spousal support. Information may appear from documents submitted by the client or other correspondence, or may be obtained in other ways in connection with our work on the case. The processing of personal data in connection with assignments is based on Article 6(1)(b) of the GDPR with regard to information about the client and Article 6(1)(f) of the GDPR (balancing of interests) with regard to information about others, such as opposing parties and witnesses. In some cases, we process sensitive personal data, e.g. health information or criminal convictions and offenses. In such cases, the processing has a legal basis in section 11 of the Personal Data Act, cf. Article 9(2)(f) of the GDPR, where the processing is necessary to establish, exercise or defend a legal claim.

 

Trustee assignments - bankruptcy estates, compulsory dissolution estates and estates of deceased persons:

Dehn has lawyers who undertake trustee assignments within bankruptcy estates, compulsory dissolution estates and estates of deceased persons. In such cases, the processing of personal data will take place partly within the framework of the law firm's activities, where the law firm is the data controller, and partly within the framework of the estate's activities, where the estate is the data controller. The responsibility only covers personal data that Dehn or the estate actively dispose of. Responsibility for personal data that is not actively used lies with the bankruptcy debtor/deceased.

The bankruptcy estate normally processes information about the bankruptcy debtor, employees, management, creditors, debtors, shareholders, guarantors, customers, suppliers, auditors, accountants, but there may also be personal data about others of importance to the assignment, such as stakeholders.

The estate normally processes information about heirs, representatives and creditors, and personal data about others of importance to the assignment, such as stakeholders. Information about the deceased does not fall within the scope of the Personal Data Act.

The following categories of personal data are normally processed: Name, national identity number, contact information, vehicle registration number, property, photos, bank details, salary information, health information and other information relevant to the administration of the estate. In bankruptcy estates, matters may also be processed that provide a basis for bankruptcy quarantine and reporting of criminal offenses.

The processing of personal data in estates and estate work is anchored in GDPR art. 6 (1) c and e, cf. sections 85 and 117 of the Bankruptcy Act, as well as the Coverage Act and the Wage Guarantee Act / Chapter 13 A of the Probate Act and Chapter 17 of the Inheritance Act (necessary to handle the estate) and GDPR art. 6 (1) f (legitimate interest).

 

Property settlements and forced sales:

Dehn has lawyers who undertake settlement assignments and who are appointed by the district court to assist with forced sales.

In these cases, we normally process the following categories of personal data: Name, national identity number, contact information, property, purchase price, bank details, contractual, attachment and legal pledges, creditors, debtors, and possibly salary information and other relevant information. In the event of a forced sale, information submitted in the forced sale process will also be processed. In the event of a forced sale, information about the property, photos, bidding and bidders will also be processed.

The processing is based on GDPR art. 6 no. 1 c and e, cf. Chapter 6 of the Real Estate Agency Act and Section 11-17 of the Enforcement Act.

 

Knowledge management etc:

We process personal data for knowledge management and development of our services. Normally, there will be no personal data in documents that are reused, but if there is, everything will be duly anonymized before others have access to the document. The basis for processing is our interest in utilizing acquired knowledge in further case work and advice, and as a basis for further developing our services, cf. GDPR Article 6 No. 1 f (balancing of interests).

 

Client and case management:

We register and store case documents and correspondence during the performance of the assignment and after the assignment has been completed in electronic and/or physical case files. After a period of time, these are transferred to our electronic and/or physical archive before being deleted in accordance with section 4. 4. We archive case documents because this is expected by our clients and because the need to retrieve previous cases arises from time to time. For business clients, this is based on Article 6(1)(f) of the GDPR (balancing of interests), while for private clients it is considered a necessary part of fulfilling the agreement with the person concerned, cf. Article 6(1)(b) of the GDPR.

 

Client funds:

We may hold or manage funds on behalf of clients, as part of an assignment. This may be money, securities or valuables. Personal data occurs in particular when we handle private law documents such as marriage contracts, wills, promissory notes, deeds and agreements between private individuals. When we handle funds on behalf of business clients, the personal data will normally be limited to the contact person and contact details. The processing basis for handling personal data for client funds is GDPR article 6 no. 1 b (necessary to fulfill the agreement with the data subject).

 

Invoicing:

Time and costs incurred on a case are registered in our case management system and accounting system. Contact information that we have received from the client is used for invoicing, and to mark the invoices and ensure that they reach the right person. The basis for processing is GDPR article 6 no. 1 f (balancing of interests) for business clients and GDPR article 6 no. 1 b (necessary to fulfill the agreement with the data subject) for private clients.

 

IT operations:

We store personal data in our IT systems, which will be accessible to employees of Dehn. The information will also be available to our suppliers in connection with system updates, implementation or follow-up of security measures, user support, error correction or other maintenance. The basis for processing is GDPR article 6 no. 1 f (balancing of interests, cf. our legitimate interest related to the aforementioned activities) and our legal obligation to have satisfactory information security, cf. GDPR articles 32 and 6 no. 1 c. See also sect. 3.

 

Marketing:

We may send out news and/or invitations by e-mail to seminars, etc. to clients with whom we have an existing customer relationship, and others who have requested to receive this. Recipients can easily opt out of such communications, cf. section 8. 8. The basis for processing is GDPR article 6 no. 1 f (balancing of interests) and the Marketing Act section 15 (3) where we have received the e-mail address in connection with an assignment. In our opinion, we have a legitimate interest in making such inquiries for marketing purposes. In other contexts, marketing is based on consent, cf. Article 6(1)(a) of the GDPR and Section 15(1) of the Marketing Control Act.

 

Social media:

We have profiles/user accounts on LinkedIn, Facebook and Instagram, but do not use advertising pixels. The basis for processing is GDPR article 6 no. 1 f (balancing of interests) and possible consent. In our opinion, we have a legitimate interest in having accounts/profiles in these social media. If you visit our social media profiles, we will be the data controller for the personal data we gain access to by being the account administrator, and the personal data we process for our own purposes.

Dehn follows the guidelines that apply to account administrators and processes personal data in accordance with the terms for processing in the individual channel. When you visit our profiles, personal data is collected and used to compile statistics. We do not have access to all the personal data that is collected, but we do have access to anonymized statistics that are compiled on the basis of the collected data. When it comes to Facebook, we can also see aggregated information about those who have liked our page, such as age, gender, country, city/location and what other people who like us have liked. We can also see how many people have visited our page and how many have been reached through posts in the selected time period. In addition, we can see likes, shares and followers with profile and page activities such as what has been clicked on and comments, which we can use to communicate with. When it comes to LinkedIn, we do not have access to information about usage or visits to our page that can be linked to individuals, unless you comment, like or share posts, which we in turn can use to communicate with. On Instagram, via the insights panel, we can see a general and anonymized overview in predefined time intervals of total interactions with the profile and what types of interactions this includes. In addition, we can see a total overview of the demographics, age and gender of our followers. We also have access to who follows us, who likes our posts and who comments. For each publication, we have insight into how many people have saved, forwarded, commented and liked the post and the post's organic exposure to followers and non-followers. We cannot see who has saved or forwarded posts. We encourage you to familiarize yourself with LinkedIn's, Facebook's and Instagram's terms of use of the services and how they process your personal data.

 

Administration of suppliers and partners:

We use suppliers and partners in connection with our operations and delivery of assignments. For these, we register contact information, preferably the contact person's name, telephone number and e-mail address and information about current assignments and contracts to manage the relationship. This is based on GDPR Article 6f (balancing of interests).

 

Other purposes:

We may also process personal data for purposes that are not incompatible with the original purpose for which they were collected, cf. GDPR Article 6(4). This applies, for example, to storage for bookkeeping purposes, the use of data for innovation projects (which preferably take place without personal data), and the use of data that may be required if we as a law firm become involved in legal proceedings or other processes.

 

3. Disclosure of personal data

We disclose personal data to the extent necessary to carry out our assignments, as well as to our suppliers of IT services, accounting services and other service providers, who process your personal data in accordance with the contract and data processing agreement entered into with us.

We only store and process personal data in the EU/EEA area and in third countries in accordance with the EU's standard transfer agreement and in accordance with applicable data protection legislation.

Otherwise, we do not disclose personal data unless the client consents to this or it is required by law.

 

4. Storage and retention of personal data

We store your personal data for as long as necessary to fulfill the stated purposes, unless a longer retention period is required or permitted by applicable law or with your consent.

We normally store case documents for 3-10 years after the assignment has been completed, but may store some cases or information for up to 20 years. Storage for the specified period is considered necessary for the sake of both the client and ourselves, since questions or disputes may subsequently arise where the information stored on a case may again become relevant. For cases where we have access to documents/information via the client's or third party's IT solution, data room, etc., we will not normally store documents or have access to them after the assignment has been completed.

Storage for knowledge management will not normally be carried out for longer than 10 years. Information obtained for money laundering purposes is stored for 5 years. Invoice information and certain accounting documents are stored for 3-5 years. Backup copies of our data are continuously deleted and stored for a maximum of 2 years. When a specific purpose requires storage for a longer period, we ensure that the personal data is only used for the purpose in question during this period. The legal basis for the processing of personal data is Article 6(1)(f) of the GDPR (balancing of interests, cf. the stated legitimate interest) and Section 11 of the Personal Data Act, cf. Article 9(2)(f) of the GDPR (establishment, exercise or defense of legal claims).

 

5. Your rights

Lawyers' duty of confidentiality prevents us in many cases from providing access to the personal data we have registered and process. For information that is not covered by the duty of confidentiality, you have the right to demand access to, disclosure and corrections or deletion of your personal data. You can also withdraw your consent to the processing of your personal data. To exercise your rights, you must confirm your identity. If you disagree with how we process your personal data, you can complain to the Norwegian Data Protection Authority.

 

6. Security measures

We have established routines and systems to secure our processing of your personal data, including confidentiality, integrity and availability. The measures are both technical and organizational in nature. We carry out regular assessments of the security of all central systems, and agreements have been entered into that require suppliers of such systems to ensure satisfactory information security. Access to personal data is limited to people who need access to perform their duties, and we regularly train employees on security and the use of IT systems.

 

7. Cookie policy for Dehn.no

The website www.dehn.no uses cookies.

Cookies are small temporary files that are stored on your device (PC, smartphone, etc.) when you visit a website. Cookies can have different purposes, such as making a website more user-friendly and customized.

Most modern browsers are set to accept cookies automatically, but you can change this at any time. By visiting our website www.dehn.no, you consent to the setting of cookies in your browser as described below, unless your browser is set to not accept cookies.

If you do not wish to accept cookies, you can withdraw your consent by changing the settings in your browser. However, you should be aware that if you do this, you may experience reduced functionality. Cookies can also be easily deleted on a regular basis or after a session. The method of handling cookies varies depending on the type of browser you use.Here you can find more information on how to reject, delete and manage cookies (nettvett.no). Remember that if you use more than one browser, you must delete and change the settings for cookies in each individual browser.

There is an overview of cookies at www.dehn.no:

Necessary cookies: ARRAffinity which handles load balancing in Microsoft Azure and ensures that the visitor is sent to the same server for each query. The cookie is removed when the visitor closes the browser.

Analysis/statistics cookies: Google Analytics, which collects anonymous information about the visitor on how the website is used, which website the user comes from, the exit page, the number and length of visits, and the operating system and communication device used. This is done in order to analyze the activity and optimize the website. The cookie is removed after a maximum of 730 days.

 

8. Amendments

We may make changes to this privacy statement and cookie policy. You will always find the latest version on our website. In the event of significant changes, we will notify you of this.

 

9. Contacting us

If you have any questions or comments about our privacy policy or if you wish to exercise your rights, please contact the lawyer responsible for the case, the trustee or the general manager.

 

Contact information etc.

Brambanigården, Rådhustorget 5

PO Box 216, N-1300 Sandvika

Org.nr. 921 625 189 MVA.

E-mail: personvern@dehn.no

 

Last rev. 30.01.2024