Privacy Notice.

HI THERE!

Your privacy is important to us at LegalFactory Sweden AB (“LegalFactory”, “we”, “us”, or “our”) and we care about protecting your personal data.

This privacy notice (“Notice”) aims to inform you about our processing of your personal data, and what rights you have as a data subject, whether you are a valued client, a contact person of a valued client, or a visitor of our webpage.

LegalFactory is the controller of the processing of your personal data in accordance with this Notice and our processing is carried out in accordance with applicable legislation, including the general data protection regulation (“GDPR”).

WHAT DATA DO WE PROCESS?

We gather and process the following information about you to offer our legal services and the information we collect depends on the context and reason for our contact:

  • Contact information: name, email, address, phone number, employer and title;

  • ID-details: personal ID-number and passport information if required for our AML-compliance/our KYC routines;

  • Client information: information provided while providing our legal services about or by our clients, partners, and their employees or other individuals;

  • Website interaction: data you provide when using our website and filling in the contact form; and/or

  • Other information: additional data you may give us.

WHAT’S THE PURPOSE OF THE PROCESSING?

We collect information about you if you are LegalFactory’s client or a client’s designated contact person, to effectively communicate and provide our legal services.

In addition, when providing our legal services, we may process information about a client’s representatives, advisors, counterparts and their representatives or counsels. We do that for the purpose of safeguarding our clients’ interest, or establish, exercise and defend legal claims.

In a nutshell, the processing is essential for:

  • conducting conflict of interest checks;

  • conducting AML-checks;

  • managing client relationships;

  • managing and executing client assignments;

  • protecting our clients’ interests; and

  • issuing invoices and handling our accounting.

ON WHAT LEGAL BASIS DO WE PROCESS YOUR DATA?

We process personal data in accordance with this Notice:

  • in order to fulfill our obligations in accordance with an agreement with you (or with the company you represent);

  • in order to fulfill legal obligations pursuant to applicable legislation (such as those imposed by AML-regulations etc.);

  • if we have a legitimate interest to process the personal data; and/or

  • if we have your consent to process your personal data (if we process your personal data for any specific purpose which requires your consent, we will obtain your consent in advance).

If we process personal data for any specific purpose upon which we have a legitimate interest, we have prior thereto conducted an assessment of interests. We only process personal data based on our legitimate interest if we make the assessment that our legitimate interest is not overridden by the interests and rights of the relevant data subject.

HOW LONG DO WE STORE YOUR DATA?

Personal data will only be stored for a limited period of time and no longer than necessary in order for us to fulfill the purposes of the processing, or for as long as we are required to store the information according to applicable legislation and relevant guidelines. This will depend on a number of factors, including for example (i) the laws and regulations that we are required to follow, (ii) whether we are in a legal or other type of dispute with each other or a third party, (iii) the type of information that we hold about you, and (iv) whether we are asked by you or a regulatory authority to keep your personal data for a valid reason. If processing of your personal data is no longer necessary, it will be erased in accordance with our erasure procedure.

Here are the main data storage timelines that we use:

  • personal data concerning clients is deleted when the limitation or reclamation period regarding a specific customer or service has passed – this is typically ten (10) years;

  • information that you provide us with via the contact form on our webpage is stored for as long as it’s necessary to contact you and evaluate your query (if you, or the company you represent, become a client, the above item and storage period therein applies);

  • identifiers related to KYC processes is stored for five (5) years from the collection of the data in accordance with applicable AML-legislation; and

  • information related to issuing invoices and handling our accounting are typically stored for a period of seven (7) years, in accordance with applicable accounting legislation.

TO WHOM DO WE DISCLOSE THE DATA?

We may disclose your personal data to external parties with whom we collaborate in order to perform our legal services and otherwise conduct our business. This is the case when we engage external service providers on our behalf. For example, we use third party services for email management, data storage and web hosting. Such providers access personal data based on our instructions and we only share data that is required in order to perform the relevant service.

Furthermore, if necessary to perform an assignment or protect your rights, we may share your personal data with authorities, courts, counterparts, and their representatives under the following circumstances:

  • to safeguard your rights in a specific assignment;

  • if we have your explicit consent; and/or

  • if we have a legal obligation to do so, e.g., due to AML-legislation, accounting and tax legislation, court orders or requests from government authorities.

SECURITY MEASURES AND THIRD COUNTRY TRANSFERS

Personal data processed by LegalFactory will always be processed confidentially and protected by appropriate security measures. We ensure that entities that process and/or manage personal data on our behalf, use a high level of security measures in order to protect your personal data. However, please note that, in relation to any personal data you submit to us online, we cannot guarantee the security of data sent to us in this way. Transmission of data over the internet is at your own risk.

The information we process about you is mainly stored within EU/EEA. However, as we use international cloud and email services in order to perform our services and/or conduct our business, there may be occasions where your data is transferred outside the EU/EEA. We ensure that appropriate safeguards are used in such data transfers, always in accordance with the requirements of the GDPR.

YOU HAVE RIGHTS!

LegalFactory is the controller of the processing of your personal data in accordance with this Notice, and as a data subject you have certain rights as regards your personal data. The rights are however not absolute, meaning that there are exceptions to some of the rights where we cannot proceed and fulfill your request.

Here is a summary of your rights as a data subject:

  • Right to information and access – meaning that you have the right to request a confirmation of our processing of your personal data, a right to receive information about the processing, access the personal data in question, and the right to obtain a copy of your personal data;

  • Right to rectification – meaning that you have the right to have any incorrect personal data about you corrected by us;

  • Right to erasure – meaning that you have the right to have your personal data erased under certain circumstances. This is an example of a limited right, and we may be obligated to save your personal data in accordance with applicable law;

  • Right to withdraw your consent – meaning that you have the right to withdraw your consent where we process your personal data based on consent;

  • Right to object – meaning that you have the right to object to our processing of your personal data under certain circumstances. For example, you may object to processing of your personal data if we base it on our legitimate interest, and we have to cease the processing if we cannot demonstrate compelling legitimate reasons for the need of the data to be processed;

  • Right to restricted processing – meaning that you have the right to in certain cases demand that we restrict the processing of your personal data, but not delete it; and

  • Right to data portability – meaning that you in certain cases, if we process your data to fulfil a contract, may request that we transfer your personal data to another data controller.

You can find more information about your rights on IMY:s website.

If you would like to exercise your rights or if you have any questions, please contact us using the contact details below in this Notice.

ANY QUESTIONS OR COMPLAINTS?

If you have any questions, thoughts or input about our data processing, or if you want to exercise any of your rights, please get in touch with us at isabelle@legalfactory.se.

If you are unhappy with our data processing, you have a right to lodge a complaint to the Swedish Authority for Privacy Protection (IMY). For more information about how this process works, visit IMY:s webpage file a GDPR-complaint.

DO WE USE COOKIES?🍪

Nope, no cookies or similar techniques are used on this website.

CONTACT DETAILS

🏠 LegalFactory Sweden AB, reg.no 559105-5156

💌 Prästgatan 78, 111 29 Stockholm, Sweden

💻 isabelle@legalfactory.se

📞 +46 (0)70 810 30 33