Through organic growth, especially since 1990, Harris has developed sound competencies in most legal fields and today has specialist expertise in:
- Immovable property
- Contracts and agreements
- Company law and transaction support
- Dispute resolution and litigation
Today our clients include private individuals, business owners, companies, municipalities, intermunicipal companies and public institutions.
Expropriation cases have always been central to our business. Our own archive of judgments in expropriation matters dates back to 1946 and is Norway’s largest judgments archive outside Oslo. Within inheritance law, Harris has several attorneys with the best expertise in Norway. Our steadily increasing contact with public administration (administration law, pollution law and planning and building law) has led to considerable professional involvement, as evidenced by Harris’s current position as the most active law firm in the field of planning and building law in Western Norway.
We have followed the local and regional business community as growth has led to increased diversity, with new business areas emerging and companies expanding into international markets. As an example, traditional fields such as company law and acquisitions are now complemented by patent law,competition law and rules for business consolidations. Building on this, Harris has long been a member of The Global Law Group (Globaladvocaten, formerly Euroadvocaten), of which one of our partners has been President. Through The Global Law Group, we have also established ties to cooperative law firms all over the world.
In the event of disagreement, the best solution takes precedence. What is “best” for our client in the given case will depend on a number of factors. We assess these as a team, including by adopting quality control by a second party in all cases of a certain complexity. An extrajudicial solution will obviously be preferable. If a case must be resolved before the courts, our attorneys have extensive litigation experience, including before the Supreme Court of Norway. Seven of our attorneys are Supreme Court advocates.
From 2011 to 2016, the Harris Law Firm had, following a tender process, responsibility for land use and contract management of the Norwegian Church Endowment’s properties throughout Norway. The property portfolio includes some 8,000 leasehold sites, 433 clerical and episcopal residences and 85,000 hectares of forestland. This has given the company special expertise in ground leases and the management of large and small property portfolios.
Last updated 11 July 2018.
Harris processes personal information about you when we undertake work and services for you, or when you visit our website or make contact with us in some other way.
We process your personal data in order to carry out assignments and deliver other agreed services. With your consent, we can also process your personal data for other purposes.
2. What is personal data?
Personal data refers to every piece of information that can be linked to a specific individual, either directly or indirectly, such as a name, physical address, e-mail address, IP address or mobile number.
3. Who is the data controller?
Harris Advokatfirma AS (Harris Law Firm) (e-mail: firstname.lastname@example.org, tel: +47 55 30 27 00, address: P.O. Box 4115 Sandviken, NO-5835 Bergen, Norway) with Managing Partner Børje L. Hoff, is the data controller for the personal data we process in connection with carrying out our assignments and services, use of our websites, or when you come into contact with us in some other way.
4. Purposes, types of personal data and lawful basis
In the following section, we provide an overview of the purposes for which we process personal data, which types of personal data we process, and the lawful basis for the processing.
4.1. Establishment of client relationship
When a potential client contacts us with an enquiry about a possible assignment for us, we first ascertain whether the assignment could represent a conflict of interest in relation to existing client relationships and current cases.
This check serves a legitimate purpose and has a lawful basis in the General Data Protection Regulation (GDPR) Article 6.1(f) (balancing of legitimate interests). Checking for conflict of interest in relation to private clients normally encompasses the individual’s full name and what the case is about, and may also include a creditworthiness assessment if required. An equivalent check for conflict of interest in relation to corporate clients does not typically encompass processing of personal data.
When establishing a customer relationship, we will verify the customer in accordance with the Norwegian Money Laundering Act. Customer verification is necessary for us to comply with our legal obligations as set out in the Norwegian Money Laundering Act, see GDPR Article 6.1(c).
In the event that we can take on the assignment, we will register contact details such as name, address, e-mail address and telephone number. Registering the contact details of private clients is necessary in order to enter into and fulfil an agreement on behalf of the individual, see GDPR Article 6.1(b). In respect of corporate clients, we register personal data based on the concept of balancing of interests, see GDPR Article 6.1(f), and such registration will also be necessary in order to enter into and fulfil agreements with the business concerned, see GDPR Article 6.1(b).
4.2. Case management
Legal assignments require that we have access to personal data pertaining to the parties or other individuals involved in a case. Such information may be included in documents provided by the client or in other correspondence related to the case. GDPR Article 6.1(b) (processing is necessary for the performance of a contract to which the data subject is party) is the general lawful basis for processing personal data pertaining to both private and corporate clients.
Processing personal data in connection with assignments on behalf of corporate clients can also be based on GDPR Article 6.1(f) (balancing of legitimate interests). In some cases, we also gain access to sensitive personal data, such as health information or judgments and criminal offences. In such cases, the processing of the data has a lawful basis in GDPR Article 9.2(f) (processing is necessary for the establishment, exercise or defence of legal claims), see Section 11 of the Personal Data Act.
4.3. Client administration
We create separate case folders for assignments carried out on behalf of our clients. The time and expenses spent on a case are registered in our accounting system. We regard the completion of tasks in connection with client administration as an essential part of our contractual obligation to the individual, which is pursuant to GDPR Article 6.1(b) for both corporate and private clients. For corporate clients, we also regard this as stipulated in GDPR Article 6.1(f) (balancing of legitimate interests). There are also legal requirements that require us to process personal data, e.g. requirements outlined in the Norwegian accounting legislation. This type of processing is sanctioned by GDPR Article 6.1(c).
4.4. Saving and storage of case documents
We can store case documents for up to 13 years after the assignment has been completed. Saving documents for the stipulated duration is regarded as necessary, since a dispute may arise at a later date that could lead to the saved information once again becoming relevant. The lawful basis for processing personal data is stipulated in GDPR Article 6.1(f) (balancing of legitimate interests) and GDPR Article 9.2(f) (establishment, exercise or defence of legal claims), see Section 11 of the Personal Data Act. There are also legal requirements stipulating that we are obligated to save personal data for a certain period of time after a case has been finalised, e.g. requirements in the Norwegian accounting regulations and the Norwegian Money Laundering Act. This requirement is stipulated in GDPR Article 6.1(c).
Contact details of employees or other natural persons affiliated with corporate clients are used to label invoices which are sent to the company if the client requests this. For private clients, the individual’s private postal address is used for disseminating invoices, unless otherwise agreed. The lawful basis for this processing is stipulated in GDPR Article 6.1(b) (necessary for the performance of a contract to which the data subject is party) for both private and corporate clients. In addition, GDPR Article 6.1(f) (balancing of legitimate interests) also provides a lawful basis for processing in respect of corporate clients.
4.6. IT operations and security
Personal data saved in our IT systems will be accessible to us and to our suppliers in connection with upgrading systems, implementing or following up on security measures, fault rectification or other maintenance work. The lawful basis for this processing is stipulated in GDPR Article 6.1(f) (balancing of legitimate interests, see our legitimate interests linked to specified activities) and our legal obligation to have satisfactory data security, see GDPR Articles 32 and 6.1(c). In addition, GDPR Article 6.1(b) (necessary for the performance of a contract to which the data subject is party) provides a general lawful basis for processing in respect of both private and corporate clients.
We send newsletters out to e-mail addresses registered to clients and to others who have given us their consent to receive our newsletters. Recipients of our newsletters can easily unsubscribe from the service by using a link provided in every newsletter. The lawful basis for this processing is stipulated in GDPR Article 6.1(b) (agreement) and GDPR Article 6.1(f) (balancing of legitimate interests) in cases where we have received the e-mail address in connection with a legal assignment. If an existing customer relationship exists, our marketing efforts will comply with Section 15 (3) of the Norwegian Marketing Practices Act. In other instances, our marketing efforts will be based on the individual’s consent, see Section 15 (1) of the Norwegian Marketing Practices Act and GDPR Article 6.1(a).
5. What do we use the personal data for?
We process personal data as part of managing and delivering assignments on behalf of our clients. We also use it for invoicing and other administrative tasks associated with the client relationship. We also use personal data for recruitment purposes, and to disseminate newsletters and other marketing materials. The information we collect for the aforementioned purposes includes data that you have provided by virtue of being our client as well as the far more limited information we collect when you use our websites.
6. How do we secure your personal data?
Harris has established routines and measures to ensure that unauthorised parties do not gain access to your personal data, and that all processing of personal data takes place in accordance with the applicable law in general. These measures include technical systems and physical procedures to safeguard information security as well as routines to verify requests for access and rectification.
7. When do we delete personal data?
Harris does not store personal data for longer than is necessary for adhering to and following up on the legal requirements that could emerge from the assignment or service that we have completed for you, see GDPR Articles 17.3(b) and 17.3(e) and point 4.4 above.
8. Whom do we share personal data with?
Unless you have provided explicit consent for your personal data to be disclosed, your personal data will only be shared with other parties when necessary in order for us to meet our commitment to complete an assignment. We may share personal data with our IT contractors or with public authorities when there is a statutory obligation for us to do so.
Lawyers must abide by a duty of confidentiality that is subject to penal sanctions in accordance with Section 211 of the Norwegian Penal Code. All data entrusted to us in connection with an assignment will be handled confidentially.
9. Your rights
You have rights in respect of personal data that pertains to you. The specific nature of those rights depends on the circumstances.
In order to exercise your rights you need to direct a written request to the data controller. In your request you must clearly state what you require insight into or want corrected or deleted. We will respond to your enquiry as soon as possible and within no more than 30 days.
9.1. Withdrawal of consent
In the event that you have given us your consent to send you newsletters, you can withdraw this consent at any time by unsubscribing from our newsletter. To unsubscribe, you can use the link to the deregistration form included in every newsletter. If you have consented to other processing of your personal data, you can withdraw your consent at any time with reference to this processing by sending us a request about this.
9.2. Right of access
You have a right to access any of the data we have that pertains to you, provided our duty of confidentiality does not preclude this. To ensure that the personal data is provided to the correct individual, we require that the request is made in such a way that we can verify the identity of the individual making the request. You can read more about the right of access on the Norwegian Data Protection Authority’s website.
9.3. Right of rectification or erasure
You can ask us to correct erroneous information we have about you or ask us to delete personal data. As a general rule, we will not be able to comply with requests for information to be deleted since a law firm usually has compelling reasons to not delete data. This is limited to necessary and correct personal data. The lawful basis for not deleting data after completing an assignment is stipulated in GDPR Articles 17.3(b) and 17.3(e).
9.4. Data portability
In some cases, you will be able to have personal data that you have provided to us transferred to another law firm in a computer-readable format, see also the Code of Conduct for Lawyers. Provided it is technically possible, it will occasionally be possible to have such data transferred directly to the other company.
9.5. Complaints to the supervisory authority
In the event that you believe that our processing of your personal data does not correspond with what we have described here or that we have contravened the data protection regulation in some other way, you must send an enquiry about this to our data controller.
If, after your complaint has been dealt with by the company, you are of the opinion that the company’s processing of your personal data still does not correspond with the applicable regulations, you can submit a complaint to the Norwegian Data Protection Authority.
You will find information about how to contact the Norwegian Data Protection Authority on their website: www.datatilsynet.no.
12. Contact us
Send us an e-mail via email@example.com if you have any questions about how we process personal data or would like to request access, rectification or erasure, etc.
Engagement terms and conditions
Click here for Harris’s standard terms and conditions of engagement.