PRIVACY POLICY FOR ZIPIP ADVOKAT AS

Last updated: 04.01.2021

 

tl;dr:

Zipip Advokat AS (Zipip) will hrough its work, and the website Zipip.no, collect information about customers and visitors.

We do this to be able to do our job, learn, and provide better products to Zipip's clients.

All information is stored securely, and sensitive information is subject to confidentiality.

 

The controller of your personal data being processed in our practice as described in this Privacy Policy, is Zipip advokat AS, org.nr. 926 403 915 ("we" or "us"). We are responsible for the processing of personal data described in this privacy statement. You will find our contact information below.

1. Whose personal data do we process

This privacy statement addresses our processing of personal information about the following persons:

  • Private customers 

  • Contacts at business clients 

  • Contacts at our suppliers and partners

  • Persons involved in cases we assist 

  • Other persons mentioned in case documents we have access to

  • Visitors to our website

 

2. Purpose, types of personal information and legal basis

Below we have provided an overview of the purposes for which we process personal data, the types of personal data we process and the legal basis for the processing.

Establishing client relationships: When we are contacted by a client with a request to take on an assignment, we carry out an independence check internally (conflict resolution) before we say yes to the assignment. The conflict check serves a legitimate purpose and is based on Article 6 (1) (f) of the GDPR (balancing of interests). Conflict checks of private customers usually include their full name, what the case is about and, if relevant, creditscore. In general, conflict checks of corporate customers will not involve the processing of personal data.

In connection with the establishment of a client relationship, we will carry out a customer investigation in accordance with the rules in the Money Laundering Act. Customer control is necessary to fulfill our legal obligations under the Money Laundering Act, cf. GDPR Article 6 No. 1 letter c.

If we can take on the assignment, contact information is registered, including name, telephone number, postal and e-mail address of the contact person, as well as the company address. The registration of contact information is necessary for private customers in order to enter into an agreement with the person in question, cf. GDPR article 6 no. 1 letter b. For business customers, the registration of contact information is based on a balance of interests, cf. GDPR article 6 no. 1 letter f.

Case management: Some legal assignments mean that we gain access to personal information about parties or other individuals who are affected by the matter. Such information may appear from documents the client submits or other correspondence in the case. The processing of personal data in connection with assignments for corporate customers is anchored in GDPR article 6 no. 1 letter f (balancing of interests). In some cases we also get access to sensitive personal information, e.g. health information or criminal convictions and offenses. In such cases, the processing of the information is based on GDPR article 9 no. 2 letter f (the processing is necessary to determine, assert or defend a legal claim), cf. the Personal Data Act (new 2018) § 11.

Knowledge management: The basis for processing is our interest in utilizing the prepared knowledge in developing further advice, cf. GDPR article 6 no. 1 letter f (balancing of interests). 

Client administration: Separate case files are created for assignments performed on behalf of the client. Time and costs incurred on a case are registered in our accounting system. For business customers, this is authorized in GDPR article 6 no. 1 letter f (balancing of interests), while for private customers it is considered a necessary part of fulfilling the agreement with the person in question, cf. GDPR article 6 no. 1 letter b.

Storing and sorting case documents: We store case documents for up to five years following the completion of the assignment. Storage for the specified period of time is considered necessary for the sake of both the client and for our own part, since in the future there may be questions or a dispute where the information stored on a case may again become relevant. The legal basis for the processing of personal data is GDPR Article 6 No. 1 letter f (balancing of interests, cf. the legitimate interest stated above) and GDPR Article 9 No. 2 letter f (determining, enforcing or defending legal claims), cf. the Personal Data Act ( ny 2018) § 11.

 

Invoicing: Contact information received from business customers is used to mark invoices that are sent to the business if the client requests this. For any private customers, the person's private postal address is used for sending invoices. The basis for processing is GDPR Article 6 No. 1 letter f (balancing of interests) for business customers and GDPR Article 6 No. 1 letter b (necessary to fulfill the agreement with the registered person) for private customers.

 

IT operations and security: Personal information stored in our IT systems may be available to us or to our suppliers in connection with system updates, implementation or follow-up of security measures, error correction or other maintenance. The basis for processing is GDPR Article 6 No. 1 f (balancing of interests, cf. our legitimate interest related to the mentioned activities) and our legal obligation to have satisfactory information security, cf. GDPR Articles 32 and 6 No. 1 letter c.

 

Marketing: We send out newsletters to e-mail addresses registered on clients to whom we regularly provide legal services and others who have requested to receive our newsletter. Recipients of the newsletter can easily unsubscribe from the service by using the link included in each inquiry. The basis for processing is GDPR article 6 no. 1 letter f (balancing of interests) where we have received the e-mail address in connection with a legal assignment. Zipip wants to keep its clients up to date on relevant news and knowledge in their field. If there is an existing customer relationship, the marketing will take place in accordance with the Marketing Act § 15 (3). In other contexts, marketing is based on the consent of the person in question, cf. the Marketing Act § 15 (1) and GDPR article 6 no. 1 a.

 

3.  Who do we share personal information with

Our suppliers of IT services will be able to access personal information if personal information is stored with the supplier or is otherwise available to the supplier in accordance with the contract with us. The suppliers act in accordance with the data processor agreement and under our instructions. The supplier may only use the personal information for the purposes we have determined and which are described in this privacy statement.

We use suppliers that are in countries outside the EU and the EEA. For the transfer of personal data to these providers, we use the EU's standard agreements for transfers (read more here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model- contracts-transfer-personal-data-third-countries_en) and / or the EU-US Privacy Shield framework (read more here: https://ec.europa.eu/info/law/law-topic/data-protection/data -transfers-outside-eu / eu-us-privacy-shield_en).

Norwegian Lawyers are subject to a punishable duty of confidentiality that follows from the Penal Code § 111. All information that is entrusted to us in connection with an assignment is handled confidentially.

We do not disclose personal information in other cases or in other ways than those described in this privacy statement unless the client explicitly consents to this or the disclosure is required by law.

4. Storage of personal information

As a general rule, case documents are stored for 10 years. These can be stored longer if the client requests it or in special cases where longer storage time is required. In all cases, we will store information for as long as required by law, as well as if a special need arises, for example in the case of complaints or legal claims made against us or by us who require this.

Accounting legislation further requires us to store certain accounting documents for a specified period of time. When a specific purpose requires storage for a given period of time, we ensure that the personal data is used exclusively for the relevant purpose during this period.

 

5. Your rights

You have rights regarding personal information that concerns you. What rights you have depends on the circumstances.

Withdraw consent: If you have given consent to receive newsletters from us, you can withdraw this consent at any time. We have arranged for you to easily reserve yourself against this type of inquiry by including a link to the deregistration form in each inquiry. If you have consented to other processing of personal data, you can also withdraw your consent for this processing at any time by contacting us about this. 

Request access: You have the right to access what personal information we have registered about you, as long as the duty of confidentiality does not prevent this. To ensure that personal information is disclosed to the right person, we may require that the request for access be made in writing or that identity be verified in another way.

Request correction or deletion: You may ask us to correct incorrect information we have about you or ask us to delete personal information. We will as far as possible accommodate a request to delete personal information, but we can not do this if there are compelling reasons for not deleting, for example that we must store the information for documentation purposes.

Data portability: In some cases, you may have access to personal information you have provided to us in order to have it transferred in a machine-readable format to another law firm. If it is technically possible, in some cases it will be possible to have these transferred directly to the other company.

Complaint to the supervisory authority: If you disagree with the way we process your personal data, you can submit a complaint to the Norwegian Data Protection Authority.

6. Security

We have established procedures for handling personal information in a secure manner. The measures are both of a technical and organizational nature. We make regular assessments of the security of all central systems used for handling personal data, and agreements have been entered into that provide suppliers of such systems to ensure satisfactory information security.

Access to personal information (and client / case information) is limited to personnel who need access to perform their tasks.

We have adopted internal IT guidelines, and we regularly train employees with regard to security and use of IT systems.

7. Changes to the privacy policy 

We will be able to make minor changes to this privacy statement. You will always find the latest version on our website. In the event of significant changes, we will notify you of this.

8. Contact Us

If you have any questions or comments about our privacy statement or you want to exercise your rights, you can contact us: 

Zipip advokat AS

v/Lawyer Andreas Sætre Hanssen

Herslebs gate 2B 

0561 Oslo

Norway

Org.nr. 926 403 915