Privacy policy
HERE YOU WILL FIND INFORMATION ABOUT HOW WE PROCESS PERSONAL DATA IN PL@4MAS
August 1. 2023
1. INTRODUCTION
The controller of your data being processed in our practice, as described in this Privacy Policy, are PL@4M (NO826682442) (from now on “PL@4M” “we” or “us”). Your privacy is important to us, and we want to keep our clients and contacts informed on how we process personal data.
This Privacy Policy provides you with information about how we process your data and your rights in that regard. This Privacy Policy applies to the following natural persons:
– persons who are clients
– persons who work at clients that are enterprises
– persons who are opposing parties
– persons who work at opposing parties
– persons who are or work in an enterprise that is an opposing party’s counsel
– persons who are in contact with us in connection with applying for a position
– persons who work at our suppliers
– persons who are otherwise in contacts with us, such as persons who attend seminars or lectures, persons who receive newsletters, journalists who contact us, or visitors.
We also collect personal data through the use of cookies on our website. For more information on this, see our cookie policy at www.platform-b.no
We keep a versions overview of this Privacy Policy to find out which Privacy Policy was applicable at what time. Changes to the Privacy Policy are published on our website.
2. PROCESSING OF PERSONAL DATA
2.1 Personal data
“Personal data” means any information relating to you as a natural person. “Processing” of personal data means any operation or set of functions that are performed on personal data or stages of personal data, whether or not by automated means. We process personal data for a variety of purposes, and these will be described below.
We do not use personal data to make automated decisions with legal effects or similarly affect data subjects.
2.2 Processing of personal data in our practice
We process personal data in connection with our practice. For example, clients and opposing parties/counsels to opposing parties disclose personal data to practice law. Our method includes conducting ID checks, money laundering checks, conflict of interest checks, case management, billing, and internal and external correspondence with personal and legal players.
In our practice, we process all types of personal data, including specific categories of personal data. Typically, we will process the name, contact information, and job title of the client or one or more contacts of a client who is an enterprise and personal data collected in connection with the performance of client assignments.
We process this personal data to fulfill an agreement with and perform an assignment on behalf of clients. The legal basis is an agreement, consent, or, in some cases, that the processing is necessary for establishing, exercising, or defending legal claims. For some processing, the legal basis will be our legitimate interests, which exceed the need to protect the data subjects’ interests. This will typically apply to knowledge management (not specific categories of personal data) and marketing.
Case documents (all documents stored on file in our case management system) are usually held for ten years but can be held longer if requested by the client or in exceptional cases where more extended storage is required. In any case, we will store information as long as is required by law, and if there is a particular need, for example, at complaints or legal claims submitted at us or by us.
2.3 Processing of personal data at events
We process personal data when organizing seminars, courses, and lectures for clients, students, and others. For example, we collect names, contact information, position/student status, and employer/educational institution to organize the events, typically using registration and attendance lists. In some contexts, we may also send registration and attendance lists to other participants. The legal basis for such processing will be, in part, consent, sometimes agreement, or that it is necessary for purposes related to our legitimate interests, which exceed the need for the protection of the data subjects’ interests or fundamental rights and freedoms.
2.4 Processing of personal data at recruitment
We process personal data in our recruitment work. We collect data such as name, contact information, picture, CV, application, diploma, testimonials, statements from references, interview papers, and other data that potential candidates provide. The legal basis is partly that the applicant has consented to the processing, typically obtaining references, or that the processing is necessary and in our legitimate interest in connection with the processing of the application. For applicants who are not hired, we automatically delete all information every six months. If the information is to be kept longer, we ask for your consent.
2.5 Confidentiality declarations and the use of electronic equipment
In connection with visits to our premises, we sometimes require visitors to sign a confidentiality declaration. The purpose is to ensure that visitors do not share confidential information with third parties. The legal basis is that processing is necessary for fulfilling a legal obligation resting with us. Therefore, confidentiality declarations are kept for as long as our law practice exists.
2.6 Newsletters and other marketing
Newsletters and other marketing are sent via e-mail to persons who have consented to this and to persons with whom we have an existing client relationship. We process names, contact information, and information about the employer for this purpose.
You can always withdraw your consent to receive such marketing directly in the e-mail (for example, by clicking “unsubscribe” at the bottom of the e-mail) or by contacting us through the contact information at the bottom of the document. The legal basis for processing such personal data is that the processing is necessary for purposes related to our legitimate interests, which exceed the need for protection of the data subjects’ interests or fundamental rights and freedoms.
We process personal data for this purpose until you consent to receive marketing withdrawal or until the existing client relationship ends.
3. WHOM WE SHARE YOUR DATA WITH AND PROCESS OUTSIDE THE EEA AREA
We use data processors to assist us with various processes and services. The data processors we use are suppliers of IT systems and other technical systems and suppliers of operating services. We have entered into data processing agreements with our data processors to ensure that personal data is processed lawfully and according to our instructions.
In some situations, we need to share your data with other players connected with mergers, demergers, and possible acquisitions. We may also share personal data with other third parties if necessary, for example, if required by law (for example, with public authorities).
Our processing of personal data may involve transfer to countries outside the EEA. We are taking appropriate measures under GDPR Chapter V to ensure that such transfers are lawful. Such efforts include the use of EU Standard Contractual Clauses. For more information, please get in touch with us.
4. YOUR RIGHTS
Personal data regulations give you several rights related to the processing of your data. Although this Privacy Policy provides a great deal of information, you can request more information about how we process data about you. Furthermore, you have the right to access your data. If your data is incorrect, you have the right to have it corrected. Personal data that we may not have a legal basis for processing shall be deleted, and you may require this to be done if we have not done so on our initiative. You can request that we limit the use of your data. You have the right to data portability, which means asking that your data be transferred to you or another controller in a structured, commonly used, and machine-readable format. You may object to our use of your data.
If you believe that we process your data without a legal basis, you may also appeal to the Data Protection Authority (Datatilsynet). However, we ask that you contact us beforehand to address your objections and resolve any misunderstandings.
Personal data regulations have comprehensive provisions on the above, and there may be exemptions to some rights. For example, we are under a statutory duty of confidentiality regarding a lot of the personal data we process in our practice, and such data cannot, for example, be disclosed. If you wish to exercise your rights, please get in touch with us through the contact information at the bottom of the document, and we will respond to your inquiry as soon as possible and generally within 30 days.
5. SECURITY AND DEVIATIONS
We have physical and technical measures and procedures appropriate for protecting personal data depending on the type of data. These measures are designed to protect your data from accidental loss, unauthorized access, accidental copying, use, alteration, and disclosure.
6. CONTACT INFORMATION
We are available for any questions you may have – e-mail us hello@platform-b.no.