Latest update 2021-09-08
Your integrity and digital security are of importance to us at Moll Wendén Advokatbyrå AB, company reg. no. 556648-7939 (”Moll Wendén”). This integrity policy (the ”Integrity Policy”) describes how we process personal data belonging to:
- Clients who are natural persons
- Authorised signatories who enter into agreement with Moll Wendén on behalf of a client
- Owners to clients who enter into agreements with Moll Wendén
- Contact persons of clients who enter into agreements with Moll Wendén
- Where applicable, contact persons of potential clients and other prospects
- Counterparties who are natural persons
- Contact persons of counterparties
- Other persons who occur in the assignment
You shall always feel safe when you submit personal data to Moll Wendén. Moll Wendén is the controller for the processing of personal data and you can contact us at any time to ask questions related to the processing of your personal data (see contact details in section 11 below). You are not obliged to submit personal data to us, except when it is required by law (e.g., through an injunction to produce documents), however not submitting personal data may, inter alia, lead to us not being able to commit to the assignment, fulfil our assignment, or send newsletters and/or invitations to seminars to you.
The Integrity Policy has been valid since the 25 May 2018 with subsequent updates and its purpose is to inform you of our processing of your personal data and your rights in connection with such processing.
Personal data is all the information which directly or indirectly can be linked to a natural person who is alive, e.g., name, addresses, telephone number and IP-addresses.
All personal data that we collect about you have a connection to our legal practice and we do not use the information for any other purpose.
Moll Wendén will always comply with applicable legislation on how your personal data may be processed, including The General Data Protection Regulation (GDPR), the Swedish Data Protection Act and other applicable laws. Moreover, we are obliged to observe the confidentiality of information that occurs in our client-related business, which follows from both applicable law and the Swedish Bar Association’s Code of Conduct. Our obligation to observe confidentiality in client related matters normally prevent us to disclose information attributable to such matters without the clients approval. This is also relevant for other personal data, not directly related to the client’s own data, which we in some cases may need to process as a necessary step in our legal practice in order to maintain our client’s interests appropriately.
2 Which personal data do we collect about you and why?
The type of personal data being processed about you and for what purposes depends on which category of data subject that you belong to.
2.1 Clients who are natural persons
Personal data being processed about you as a client is, inter alia, name, personal identification number, address, e-mail, telephone, certified copy of identification, bank account number and, if relevant for the execution of our assignment, health data, political opinion et al.
We, inter alia, engage in such processing activities to perform an assignment, control conflict of interest and execute money laundering control, execute, and administer assignments, maintain your interests and for purposes of accounting and invoicing.
For a compilation on what personal data is processed, why and for how long, please consider Appendix 1.
2.2 Authorised signatories who enters into agreements on behalf of clients
Personal data that is being processed about you as an authorised signatory who enters into agreements on behalf of clients are, inter alia, name, personal identification number, certified copy of legitimation and your employer. We, inter alia, engage in such processing activities to undertake and perform an assignment as well as to carry out mandatory conflict of interest and money laundering checks.
For a compilation on what personal data is processed, why and for how long, please consider Appendix 1.
2.3 Beneficial owner
Personal data that we process about you as beneficial owner in some of our client companies are, inter alia, your name, personal identification number, and shareholding. We, inter alia, engage in such processing activities to undertake and perform an assignment as well as to carry out mandatory conflict of interest and money laundering checks.
For a compilation on what personal data is processed, why and for how long, please consider Appendix 1.
2.4 Contact persons at the client
Personal data that is being processed about you as contact person at our client is, inter alia, name, e-mail, employer, and position.
We, inter alia, engage in such processing activities to undertake, administer and carry out an assignment as well as for accounting and invoicing purposes.
2.5 Counterparties and other persons who occur in the assignment
2.5.1 For counterparty who is a natural person
Personal data that is being processed about you as a counterparty or a natural person are, among other things, your name, personal identification number (or other information regarding date of birth), e-mail, telephone number et al. We, inter alia, engage in such processing activities to carry out mandatory conflict of interest checks.
For counterparty who is a legal person
Personal data that is being processed about you as a counterparty and legal person are, among other things, contact details to a contact person at the company which you have appointed including name, e-mail, as well as data regarding employees and persons in senior management. We, inter alia, engage in such processing activities to carry out mandatory conflict of interest checks.
2.5.2 Other persons who may occur within the framework of the assignment
With other persons who may occur within the assignment means e.g., the counterparty’s legal representative, an employee at the client, for the assignment hired consultants, witnesses et al. Personal data which is being processed regarding such persons are, amongst other things, name, title, employer and contact details. We, inter alia, engage in such processing activities to execute the assignment and act as legal representative for the client.
3 Other processing
3.1 Personal data in client relations
In certain cases, it may happen that you in the capacity of a client, representative for a client or as a potential client, contact our employees, e.g., by e-mail or telephone. During such communication, we save personal data and contact details that you submit to us to accommodate your question. We are responsible for the personal data regarding contact persons and other persons of client companies which are given to us in connection to undertaking the assignment, preparation, and administration of the assignment.
3.2 Personal data in interest forms
When you subscribe to our newsletter, we collect some personal data. We do this to send newsletters to you and to assess the content when drafting upcoming newsletters based on the interest that the recipients of our newsletters may have. We also store the data as this allows us to send upcoming newsletters to you and to execute market analysis for the purpose of improving both our distribution of newsletters as well as our business in general.
3.3 Personal data at notifications to events
When you sign up to an event, we collect personal data about you to get an overview of the number of participants as well as the participants themselves, perform the event in an efficient way, follow up the participation with you when necessary, for statistical purposes related to such events and to fulfil statutory requirements regarding our accounting. We also store the data to invite you to similar upcoming events, perform market analysis and to improve our events and our business.
In some cases, personal data may be collected at the events, e.g., in the form of photographs of participants. In such cases the photographs are saved for the purpose of publishing news and information regarding the event and for the purpose of documentation to improve our future arrangements. In this context, we would like to point out that you are welcome to refuse to participate on a photograph on such an occasion and to remind you that you can always object to such processing of data.
3.4 Personal data in connection with market research and marketing
We process your personal data when you participate in market research carried out by a third party – in which we sometimes occur in different research regarding law firms which require information from client representatives and to publish news regarding our business, e.g., on our website. We may also process your personal data in connection with our marketing activities.
4 How do we collect the personal data?
The personal data is submitted to us by, or on behalf of, you, the client, potential client, counterparty, legal representative, or any other person who occurs in the assignment or is collected by us from such persons or from private or public registers or sources. The personal data may also be submitted to us by, or on behalf of, you via our webpage, our social media, our digital mailing- and invite system or in another way. Finally, the data may be given us in our function as external cooperation partner for whistleblowing.
5 How do we share the information with other companies?
Our business is generally covered by strict confidentiality, and we do not share any kind of client or case information in breach of the framework regulating our law practice activities. We will not disclose any personal data to third parties other than in the cases where (i) it has been specifically agreed between Moll Wendén and you, (ii) when, in the framework of a certain assignment, it is necessary in order to safeguard your rights, (iii) it is necessary in order for us to fulfil a legal obligation or comply with a decision from a Regulatory Authority or a court decision, (iv) in the case we hire a third party for services performed on our behalf.
Example on recipients of personal data are:
- The client’s auditor or any other person according to the client’s instructions.
- The Financial Police (SW: Finanspolisen) when and to the extent that we are obliged to do it according to the Law on Measures against Money Laundering and Terrorism (SW: Lag (2017:630) om åtgärder mot penningtvätt och finansiering av terrorism).
- When we have client funds for the client at the bank, to our bank when the bank demands information regarding the client and the beneficial owner and our documentation regarding this matter according to the Law on Measures against Money Laundering and Terrorism (as above), given that the client, as a condition for the use of our client fund account, has given separate consent stating that such a disclosure may take place.
- The Swedish Bar Association when and to the extent we are obliged to do so according to the Swedish Bar Association’s regulative framework.
- Authority or other when and to the extent we are obliged to do so according to applicable law.
- Our indemnity insurance provider, our broker of indemnity insurance, as well as a representative that we or such broker have hired, the Swedish Enforcement Authority, debt collecting companies, court, arbitration panel, or our counterparty or its legal representative to the extent it is necessary to protect our legal interest.
- The client’s insurer (legal protection insurance), counterparty, legal representative of a counterparty, arbitration panel, court, authority, bank, or any in connection with the assignment engaged consultant or similar person to the extent it is necessary in order to safeguard the client’s interests and not in breach with the client’s instructions.
We may share information to you regarding events which we have organized ourselves or together with partners to give you the services you have signed up interest for, or if you due to your position is deemed to have an interest to receive information from us. To exemplify, a HR manager may receive invitations to labour law seminars, which we may arrange together with partners of ours, if interest for such matters have been notified or otherwise is deemed relevant for you as a contact person of the client.
Moll Wendén uses different suppliers of servers, databases, and programs to make the processing of your personal data and the communication with you as smooth as possible. We always enter into agreements with such external parties, as to ensure that our relationships are covered by confidentiality and comply with the requirements stated in applicable law regarding the transferring, execution, and processing of personal data. All to ensure that security and confidentiality regarding your personal data is guaranteed.
6 Transfers to countries outside the EU/EEA
Moll Wendén does not normally transfer your personal data to another country outside the EU or EEA. However, due to the nature of your case it may be necessary to transfer personal data to such a country if the case within which you are involved for instance requires assistance from a foreign legal representative or concerns an international transaction or dispute.
Such transfers will always be executed in a safe and legal way. We will not transfer your personal data to an external party outside the EU or EEA without, prior to the transfer, having entered into an agreement or having ensured that the country is approved by the European Commission.
Alternatively, we will ensure that appropriate safeguards are in place between us as data exporter and the third country data importer. Such appropriate safeguards are, subject to the transfer itself, constituted of us having entered into an agreement containing either contractual clauses or standard contractual clauses which are binding between us and the third country data importer and in accordance with the relevant provisions of the GDPR and other applicable data protection provisions. A copy of such standard contractual clauses can be found here.
We may also employ an approved code of conduct in accordance with art. 40 GDPR and the requirements set out in art. 46.2 (e) GDPR or utilize an approved certification mechanism pursuant to article 42 GDPR in accordance with the requirements set out in art. 46.2 (f) GDPR.
In specific situations where neither an adequacy decision nor any of the above appropriate safeguards are applicable for such a transfer, we may also conduct a third country data transfer in accordance with an applicable derogation as stated within art. 49 of the GDPR. If such derogations are actualized for a specific transfer, we may inform you further about this separately.
If you would like to know more about the requirements on transfers of personal data to a country outside the EU or the EEA with support of the European Commission’s decision on standard clauses for the transfer of personal data to controllers or processors established in third countries you can read more here.
7 Your rights
It is our obligation to only process personal data which are correct, relevant, and necessary with regards to the purposes of the processing, and you are, in your capacity as a data subject for such personal data, entitled to control this. Moll Wendén are responsible of processing your personal data in accordance with applicable law. Moll Wendén will, on your request or on our own initiative, correct, anonymize, erase, or complement data which is found to be inaccurate, incomplete, or misleading. With reservations for applicable exceptions emanating from the above-mentioned obligations for us to observe confidentiality, you may have several rights as a data subject under applicable law. If you want to invoke any such rights as stated below, you are welcome to contact us. Our contact details are specified in section 11.
In your capacity as a data subject, you may have the right to:
- Gain access to your personal data
- On your request, we will as soon as possible and no later than 30 days from when your message on gaining access to your personal data was received, provide information regarding what personal data we are processing about you.
- This means that you have a right to, by a written and signed application, without any cost, receive registry copy wherein it is stated which personal data we are processing about you, the purposes of such processing, and to which recipients the data have been submitted to or shall be submitted to. Moreover, the registry shall include information on where the data has been collected when it has not been collected from you, the existence of any automated decision-making (including profiling), as well as the predicted period for which the details will be stored, or the criteria used to determine that period.
- You are also entitled to obtain a copy of the personal data which is being processed.
- Demand rectification of your personal data
- On your request we will as soon as possible and no later than 30 days from having received your message regarding rectification, rectify your personal data which we process if such data are no longer necessary for the purpose for which they were collected.
III. Demand erasure of your personal data
- On your request, we will as soon as possible and no later than 30 days from when we received your message on erasure, erase your personal data if they are no longer necessary for the purpose for which they were collected.
- There may exist reasons causing us to be unable to immediately erase your personal data. To exemplify, such is the case if the related personal data are saved in accordance with the obligations in the Swedish Bar Association’s Code of Conduct, during a period of ten years from the day of the completion of the case, or, alternatively if found appropriate, for a longer period due to the nature of the case. If so, we will cease our processing for other purposes than such and inform you about the legal basis and the relevant purpose for our continued processing.
- Demand limitation of processing
- You have the right to have your personal data marked so that it may only be processed for certain limited purposes. For instance, you may demand us to limit our processing of such data when you consider that your personal data processed by us are inaccurate, and you have demanded rectification in accordance with II, above. Whilst we assess the correctness of such personal data, we will limit our processing of it.
- We will inform you if our assessment results in us limiting our future of such data. We will also make sure that necessary measures of rectification, erasure, and/or limitation of our future processing, of such personal data is made by us as well as the companies or other entities to which we have disclosed your personal data (in accordance with section 5, above).
- Demand data portability
- Under certain conditions, you have a right to receive your personal data which we are processing in a structured, commonly used, and machine-readable format, such data may also be transmitted to another controller.
- Object to processing of personal data which is being done with the support of a balancing test
- You can object to our processing of your personal data where we have based such processing on a balancing test as the applicable legal ground. If you object to such processing, we will only continue to process your personal data if there are eligible reasons for us to continue such activities which outweigh your interests. We will inform you of our reasoning for such assessments if applicable.
VII. Demand that we cease to process your personal data for direct marketing
- You always have a right to object against our direct marketing measures by sending an e-mail to email@example.com. When we have received your objection, we will cease to process the personal data for such marketing purposes. Moreover, you may irrespective of such objections always contact us at firstname.lastname@example.org for such inquiries or unsubscribe for our newsletter and similar mailings.
VIII. Complain about our processing of your personal data and compliance with the law to the Swedish Authority for Privacy Protection (SW: Integritetsskyddsmyndigheten, IMY).
You have the right to file a complaint regarding our processing of your personal data to the Swedish Authority for Privacy Protection if you think we are violating the Integrity Policy, do not fulfil your rights, or are otherwise acting in violation of applicable law.
Please note that the Swedish Authority for Privacy Protection is the former Swedish Data Inspection Authority (SW: Datainspektionen) that changed its name.
You should always feel secure when you submit personal data to us. To ensure this, Moll Wendén have introduced the necessary security measures to protect your personal data against unjustified access, change, and/or erasure as well as ensured that our suppliers of technical services maintain a suitably high level of technical security in their technical infrastructure within which your personal data are being processed. For instance, such security improving measures are the use of encrypted connections, antivirus software, firewalls, clear, and for this purpose, adjusted policies and guidelines which have been introduced and are maintained, as well as physical security applications such as installed fire and water protection.
It is important to us that the information regarding our clients is protected. Even if we observe necessary precautions for data protection, no security measures are completely secure, and we can therefore not fully guarantee the security of your personal data.
Should we lose control of your personal data, and given that it is likely that such loss of control entails a risk to your rights and freedoms, we will notify you immediately and no later than within 72 hours of us having discovered the incident.
9 Changes in the Integrity Policy
Sometimes we may make changes to the Integrity Policy. If such changes are significant, you will, based on what is deemed appropriate in view of the circumstances, be notified by us, e.g., by e-mail or text message. In the event of such a notice, please read it carefully.
If you do not want us to continue to process your personal data in accordance with the new version of the Integrity Policy, you can notify us. We will then delete your personal information within 30 days of receiving your message. However, please note that we cannot delete your information if there are legal reasons for us to further process your personal data. If so, we will notify you of the reasons for our further processing.
10 Information regarding cookies, other technology and third partys’ collection of data
When you use the website www.mollwenden.se, we may, mainly based on you having given consent thereto in connection with your visit to our website, register information about your use. This information includes which pages you visit and how you behave on the website.
11 Contact details
Thank you for reading our Integrity Policy. If you have questions regarding our processing of personal data, you find our contact details below.
Moll Wendén Advokatbyrå AB
211 34 Malmö
(+46) 40-665 65 00