Pages: 0 hits
Overview of competence
Articles: 0 hits
News
Employees: 0 hits
Team

Privacy policy

Contact persons

Last updated 11 July 2018.

 


1. Our privacy policy

Harris processes personal information about you when we undertake work and services for you, or when you visit our website or make contact with us in some other way.

We process your personal data in order to carry out assignments and deliver other agreed services. With your consent, we can also process your personal data for other purposes.

We are committed to ensuring that you feel reassured that your personal data is processed responsibly. This privacy policy informs you of how we collect personal data and what we use it for. It also includes information on how we secure the personal data, whom we share it with, and your rights.

2. What is personal data?

Personal data refers to every piece of information that can be linked to a specific individual, either directly or indirectly, such as a name, physical address, e-mail address, IP address or mobile number.

3. Who is the data controller?

Harris Advokatfirma AS (Harris Law Firm) (e-mail: post@harris.no, tel: +47 55 30 27 00, address: P.O. Box 4115 Sandviken, NO-5835 Bergen, Norway) with Managing Partner Børje L. Hoff, is the data controller for the personal data we process in connection with carrying out our assignments and services, use of our websites, or when you come into contact with us in some other way.

4. Purposes, types of personal data and lawful basis

In the following section, we provide an overview of the purposes for which we process personal data, which types of personal data we process, and the lawful basis for the processing.

4.1. Establishment of client relationship

When a potential client contacts us with an enquiry about a possible assignment for us, we first ascertain whether the assignment could represent a conflict of interest in relation to existing client relationships and current cases.

This check serves a legitimate purpose and has a lawful basis in the General Data Protection Regulation (GDPR) Article 6.1(f) (balancing of legitimate interests). Checking for conflict of interest in relation to private clients normally encompasses the individual’s full name and what the case is about, and may also include a creditworthiness assessment if required. An equivalent check for conflict of interest in relation to corporate clients does not typically encompass processing of personal data.

When establishing a customer relationship, we will verify the customer in accordance with the Norwegian Money Laundering Act. Customer verification is necessary for us to comply with our legal obligations as set out in the Norwegian Money Laundering Act, see GDPR Article 6.1(c).

In the event that we can take on the assignment, we will register contact details such as name, address, e-mail address and telephone number. Registering the contact details of private clients is necessary in order to enter into and fulfil an agreement on behalf of the individual, see GDPR Article 6.1(b). In respect of corporate clients, we register personal data based on the concept of balancing of interests, see GDPR Article 6.1(f), and such registration will also be necessary in order to enter into and fulfil agreements with the business concerned, see GDPR Article 6.1(b).

4.2. Case management

Legal assignments require that we have access to personal data pertaining to the parties or other individuals involved in a case. Such information may be included in documents provided by the client or in other correspondence related to the case. GDPR Article 6.1(b) (processing is necessary for the performance of a contract to which the data subject is party) is the general lawful basis for processing personal data pertaining to both private and corporate clients.

Processing personal data in connection with assignments on behalf of corporate clients can also be based on GDPR Article 6.1(f) (balancing of legitimate interests). In some cases, we also gain access to sensitive personal data, such as health information or judgments and criminal offences. In such cases, the processing of the data has a lawful basis in GDPR Article 9.2(f) (processing is necessary for the establishment, exercise or defence of legal claims), see Section 11 of the Personal Data Act.

4.3. Client administration

We create separate case folders for assignments carried out on behalf of our clients. The time and expenses spent on a case are registered in our accounting system. We regard the completion of tasks in connection with client administration as an essential part of our contractual obligation to the individual, which is pursuant to GDPR Article 6.1(b) for both corporate and private clients. For corporate clients, we also regard this as stipulated in GDPR Article 6.1(f) (balancing of legitimate interests). There are also legal requirements that require us to process personal data, e.g. requirements outlined in the Norwegian accounting legislation. This type of processing is sanctioned by GDPR Article 6.1(c).

4.4. Saving and storage of case documents

We can store case documents for up to 13 years after the assignment has been completed. Saving documents for the stipulated duration is regarded as necessary, since a dispute may arise at a later date that could lead to the saved information once again becoming relevant. The lawful basis for processing personal data is stipulated in GDPR Article 6.1(f) (balancing of legitimate interests) and GDPR Article 9.2(f) (establishment, exercise or defence of legal claims), see Section 11 of the Personal Data Act. There are also legal requirements stipulating that we are obligated to save personal data for a certain period of time after a case has been finalised, e.g. requirements in the Norwegian accounting regulations and the Norwegian Money Laundering Act. This requirement is stipulated in GDPR Article 6.1(c).

4.5. Invoicing

Contact details of employees or other natural persons affiliated with corporate clients are used to label invoices which are sent to the company if the client requests this. For private clients, the individual’s private postal address is used for disseminating invoices, unless otherwise agreed. The lawful basis for this processing is stipulated in GDPR Article 6.1(b) (necessary for the performance of a contract to which the data subject is party) for both private and corporate clients. In addition, GDPR Article 6.1(f) (balancing of legitimate interests) also provides a lawful basis for processing in respect of corporate clients.

4.6. IT operations and security

Personal data saved in our IT systems will be accessible to us and to our suppliers in connection with upgrading systems, implementing or following up on security measures, fault rectification or other maintenance work. The lawful basis for this processing is stipulated in GDPR Article 6.1(f) (balancing of legitimate interests, see our legitimate interests linked to specified activities) and our legal obligation to have satisfactory data security, see GDPR Articles 32 and 6.1(c). In addition, GDPR Article 6.1(b) (necessary for the performance of a contract to which the data subject is party) provides a general lawful basis for processing in respect of both private and corporate clients.

4.7. Marketing

We send newsletters out to e-mail addresses registered to clients and to others who have given us their consent to receive our newsletters. Recipients of our newsletters can easily unsubscribe from the service by using a link provided in every newsletter. The lawful basis for this processing is stipulated in GDPR Article 6.1(b) (agreement) and GDPR Article 6.1(f) (balancing of legitimate interests) in cases where we have received the e-mail address in connection with a legal assignment. If an existing customer relationship exists, our marketing efforts will comply with Section 15 (3) of the Norwegian Marketing Practices Act. In other instances, our marketing efforts will be based on the individual’s consent, see Section 15 (1) of the Norwegian Marketing Practices Act and GDPR Article 6.1(a).

5. What do we use the personal data for?

We process personal data as part of managing and delivering assignments on behalf of our clients. We also use it for invoicing and other administrative tasks associated with the client relationship. We also use personal data for recruitment purposes, and to disseminate newsletters and other marketing materials. The information we collect for the aforementioned purposes includes data that you have provided by virtue of being our client as well as the far more limited information we collect when you use our websites.

6. How do we secure your personal data?

Harris has established routines and measures to ensure that unauthorised parties do not gain access to your personal data, and that all processing of personal data takes place in accordance with the applicable law in general. These measures include technical systems and physical procedures to safeguard information security as well as routines to verify requests for access and rectification.

7. When do we delete personal data?

Harris does not store personal data for longer than is necessary for adhering to and following up on the legal requirements that could emerge from the assignment or service that we have completed for you, see GDPR Articles 17.3(b) and 17.3(e) and point 4.4 above.

8. Whom do we share personal data with?

Unless you have provided explicit consent for your personal data to be disclosed, your personal data will only be shared with other parties when necessary in order for us to meet our commitment to complete an assignment. We may share personal data with our IT contractors or with public authorities when there is a statutory obligation for us to do so.

Lawyers must abide by a duty of confidentiality that is subject to penal sanctions in accordance with Section 211 of the Norwegian Penal Code. All data entrusted to us in connection with an assignment will be handled confidentially.

9. Your rights

You have rights in respect of personal data that pertains to you. The specific nature of those rights depends on the circumstances.

In order to exercise your rights you need to direct a written request to the data controller. In your request you must clearly state what you require insight into or want corrected or deleted. We will respond to your enquiry as soon as possible and within no more than 30 days.

9.1. Withdrawal of consent

In the event that you have given us your consent to send you newsletters, you can withdraw this consent at any time by unsubscribing from our newsletter. To unsubscribe, you can use the link to the deregistration form included in every newsletter. If you have consented to other processing of your personal data, you can withdraw your consent at any time with reference to this processing by sending us a request about this.

9.2. Right of access

You have a right to access any of the data we have that pertains to you, provided our duty of confidentiality does not preclude this. To ensure that the personal data is provided to the correct individual, we require that the request is made in such a way that we can verify the identity of the individual making the request. You can read more about the right of access on the Norwegian Data Protection Authority’s website.

9.3. Right of rectification or erasure

You can ask us to correct erroneous information we have about you or ask us to delete personal data. As a general rule, we will not be able to comply with requests for information to be deleted since a law firm usually has compelling reasons to not delete data. This is limited to necessary and correct personal data. The lawful basis for not deleting data after completing an assignment is stipulated in GDPR Articles 17.3(b) and 17.3(e).

9.4. Data portability

In some cases, you will be able to have personal data that you have provided to us transferred to another law firm in a computer-readable format, see also the Code of Conduct for Lawyers. Provided it is technically possible, it will occasionally be possible to have such data transferred directly to the other company.

9.5. Complaints to the supervisory authority

In the event that you believe that our processing of your personal data does not correspond with what we have described here or that we have contravened the data protection regulation in some other way, you must send an enquiry about this to our data controller.

If, after your complaint has been dealt with by the company, you are of the opinion that the company’s processing of your personal data still does not correspond with the applicable regulations, you can submit a complaint to the Norwegian Data Protection Authority.

You will find information about how to contact the Norwegian Data Protection Authority on their website: www.datatilsynet.no.

10. Our use of cookies

We use cookies to track the use of harris.no. The purpose of this is to generate usage statistics and understand how the website can be improved. You can choose to refrain from using cookies by changing the settings in your browser. However, this may lead to you not having access to some of our services. You can learn more about how we use cookies here.

11. Changes to the privacy policy

We reserve the right to make changes to this privacy policy. You will always find the latest version on our website.

12. Contact us

Send us an e-mail via post@harris.no if you have any questions about how we process personal data or would like to request access, rectification or erasure, etc.