You have been referred here because Advokatfirman Morris AB (”Morris Law”, ”we” or ”us”), as personal data controller, process personal data about you. We do this because you are an important person for us and our operations. The processing takes place in accordance with applicable regulations, including the general data protection regulation (”GDPR”), and as described further below. If you have questions or queries concerning how we process your personal data or want to have advice on data protection and privacy issues, you are welcome to contact us, see contact details below.
Besides ensuring that our processing of your personal data is correct and transparent in relation to you, we always endeavour to maintain a high level of security in all processing of personal data where we continuously assess and take into account both technical and organisational risks in order to optimally protect your personal data from unauthorised access, use, change and deletion.
Our processing of your data is described below in four different sections, one or several of which may affect you depending on the relationship you have with us, followed by a general description of how and what you can contact us about concerning our processing of your personal data.
Describes the personal data processing which takes place in connection with our communication with and maintenance of our network of contacts for marketing and exchange of knowledge, as well as for processing of our suppliers.
Is targeted at those who have submitted or plan to submit a job application to Morris Law.
Describes how we process you as a client. Either in the capacity of a private individual or representative for a company or other legal entity.
Very briefly describes the processing of data about persons other than the client or client representative that can take place under the execution of the assignments for our clients. However, due to the strict legal professional privilege which applies to our practice and our assignments for the benefit of our clients, this processing may not be disclosed in detail.
Provides further information about who can gain access to your data, which rights you have as an individual and how you can contact us to find out more.
We process your data in order to maintain our contacts and network to keep our knowledge and information about you up-to-date, and also to market our services and maintain the relationship with our suppliers.
We also process for the purpose of complying with accounting requirements in relation to suppliers and in connection with representation activities.
We collect the data and compile it, including on the basis of the type of law in which we consider you to be interested, and your participation in training and seminars with us. For mailings and invitations, we use external suppliers for technical functionality within the framework of the purposes stated, such as dispatch of mails and processing of registrations for seminars, for example.
We primarily process your contact details, your role in your organisation and information about which type of law we feel is of the most interest and relevance for you.
To a limited extent we can process data about any leisure interests such as golf or similar that we organise, however, we will provide further information in connection with these events.
In the processing detailed above we take into account and weigh up your interest in privacy in relation to our interest and purposes (as indicated above) in performing the processing. We then balance these interests, taking into account both positive and negative effects and draw the conclusion that our interest is legitimate.
The Book-keeping Act places requirements on us in relation to accounting and invoicing.
The data we have about you is primarily collected from you. We share the data solely with such suppliers that are needed for execution of the processing, and within the framework of the purposes indicated above. For example:
– Payment solutions (card companies, banks and other payment service providers).
– Marketing (via advertising agencies, online/media agencies and distribution linked thereto, as well as social media).
– IT services (companies which handle necessary operations, technical support and maintenance of our IT solutions).
We only keep your data for as long as we judge to be legitimate, taking into account what is stated above regarding legal basis and purpose, in this case, two years from the last time we heard from you.
We process your data in order to manage your application and to be able to evaluate, compare and match with the needs we have for resources.
We store your data as indicated below so that we can contact you if a new need should arise within the storage period.
We compile the information you submitted and compare with other candidates as well as with our needs. We check the information verbally with the references you provided, and also supplement the information with whatever data that we receive from these references.
We primarily process such information that you submitted to us in your application, i.e. your resumé and your personal letter.
We supplement this information with data from the references you have provided in order to obtain as useful picture as possible of you as a candidate.
In the processing detailed above we take into account and weigh up your interest in privacy in relation to our interest and purpose (as indicated above) in performing the processing. We then balance these interests, taking into account both positive and negative effects and draw the conclusion that our interest is legitimate.
The data we have about you is primarily collected from you. In connection with the application we can may collect in data from the references you give to us in the application. We do not share your application unless we have specifically requested to.
We only keep your data for as long as we judge to be legitimate, taking into account what is indicated above regarding legal basis and purpose, in this case, 12 months from the time of your application (unless you request otherwise, which we of course will respect). If you are subsequently employed by us, the data in your application will be stored and processed in accordance with that stated in our policy for processing of employees’ personal data, which is provided solely to our employees.
We process the data in order to perform mandatory conflict of interest checks and (when required) money laundering checks, to execute and administer the assignment, to safeguard your interests, and for accounting and invoicing purposes.
We collect the information and reconcile it with our records, and store it in our case and invoicing management systems.
We also compile the information in our client management and client care systems.
The data we process about you includes the information you provide to us that is relevant to the matter at hand, your role in the organization you represent, and in each specific case. Where applicable, we may need your personal identification number to correctly identify you.
The Money Laundering Act prescribes obligations for law firms to investigate risks associated with acceptance of and execution of assignments for clients. The Book-keeping Act requires us in relation to accounting and invoicing. Further, as a law firm we are obliged to check that no disqualification situation exists when accepting each new assignment. If you do not provide this information in cases where we request it, we will not be able to offer you our legal advice.
Besides the processing that is necessary to meet our statutory obligations, some processing also takes place by virtue of a legitimate interest. In that respect, we take into account and balance your interest in privacy in relation to our interest and purposes (as indicated above) in performing the processing. We then balance these interests, taking into account both positive and negative effects and draw the conclusion that our interest is legitimate
The data we have about you is primarily collected directly from you. In connection with acceptance of new clients, we may need to collect in data from public registers such as www.allabolag.se, UC AB and equivalent in order to supplement and confirm the data we have received from you about the activity you represent, and also about you as a person and other representatives for the organisation.
We will not provide personal data to third parties other than in cases where (i) it has been specifically agreed between us and you, (ii) when it is necessary within the framework of a particular assignment to safeguard your rights, (iii) if it is necessary to enable us to perform our statutory obligation or comply with an official decision or a decision of a court, or (iv) in the event that we engage outside service providers to perform the assignment on our behalf. The data may be surrendered to courts, authorities, counterparties and representatives of counterparties if it is necessary in order to safeguard your rights.
We store your data only for as long as we judge it to be legitimate, taking into account that indicated above regarding legal basis and purpose; according to our Swedish guiding rules for good legal practice, over a period of ten years from the date of the case’s completion, or the longer period demanded by the case’s nature, for example, with continued advice for the same client when it is often in the client’s interest that older cases are also stored.
Within the framework of the execution of our assignments, we process data about counterparties, representatives for counterparties and other actors relevant to the assignment and the safeguarding of our client’s interests. The strict confidentiality which applies to our practice and which is detailed in the Code of Judicial Procedure means that we cannot provide any parties other than our client with any further details about this particular part of our processing of personal data. However, in other respects, this processing is also performed in accordance with applicable rules on data protection.
In accordance with applicable data protection legislation, you are entitled at any time to request access to the personal data that is processed about you. You are also entitled to have incorrect personal data about you amended, to request deletion of your personal data or restriction of our processing of your personal data, exercise your right to data portability and object to processing of your personal data.
If processing is based on consent, you are entitled at any time to withdraw your consent to processing. If you wish to exercise any of your rights, please contact us via the contact details below.You are also entitled at any time to submit complaints to applicable supervisory authority (Integritetsskyddsmyndigheten) if you consider that your personal data is not being processed in accordance with applicable data protection legislation.
Please send us an e-mail: dataprotection@morrislaw.se