Last updated: 25 June 2024
Haver Advokatfirma AS (“we” or “us”) processes personal data about you when you are in contact with us. We want you to feel confident that your personal data is handled responsibly.
This privacy policy explains how we collect personal data, what personal data we process, what we use it for, and the legal basis for our processing. It also describes how we safeguard personal data, who we may share it with, and your rights.
Personal data is any information that can be linked to an individual, directly or indirectly, such as name, postal address, email address, IP address or mobile phone number. Haver Advokatfirma AS, represented by its Managing Partner, is the data controller for the personal data we process.
We process personal data for different purposes depending on who you are and how you come into contact with us. Below is an overview of the types of personal data we process in various situations, along with the purpose and legal basis for each type of processing.
Establishing and administering client relationships:
We process contact information, identity documentation, payment information, and similar data. For private individuals, the legal basis is GDPR Article 6(1)(b) (processing necessary for the performance of a contract to which the data subject is a party). For contact persons at companies and other personal data processed in connection with corporate clients, the legal basis is GDPR Article 6(1)(f) (processing necessary for legitimate interests). We are also legally required to conduct customer due diligence under the Anti-Money Laundering Act section 4(2)(3) and sections 17 and 18. The legal basis for this is GDPR Article 6(1)(c) (processing necessary for compliance with a legal obligation).
Case handling:
In handling cases, we process the personal data necessary in relation to the specific matter. For private clients, the basis is GDPR Article 6(1)(b). For corporate clients, the basis is GDPR Article 6(1)(f). In some cases we receive sensitive personal data, such as health information. In such cases the basis is GDPR Article 9(2)(f) (processing necessary for the establishment, exercise or defence of legal claims), cf. the The Personal Data Act section 11. During case handling we may also receive information about opposing parties and other third parties. In such cases we process personal data necessary for the specific matter, based on GDPR Article 6(1)(f). If sensitive personal data is processed, the basis is GDPR Article 9(2)(f).
Knowledge management (e.g., reuse of documents in later matters):
We process the personal data necessary in relation to the relevant case. The legal basis is GDPR Article 6(1)(f), as using developed knowledge is considered necessary for internal learning processes and more efficient work.
Storage and retention of case documents:
Retention of personal data after a case has concluded is considered necessary both for the client and for us, for example because questions or disputes may arise later where the stored information becomes relevant again. The basis is GDPR Article 6(1)(f) and GDPR Article 9(2)(f), cf. the The Personal Data Act section 11.
Invoicing:
We process contact information and payment information. For private clients, the basis is GDPR Article 6(1)(b). For corporate clients, the basis is GDPR Article 6(1)(f).
IT operations and security:
Personal data stored in our IT systems may be accessible to us or our IT service providers in connection with system updates, implementation or follow-up of security measures, error correction or other maintenance. The legal basis is GDPR Article 6(1)(f) and our obligation to ensure adequate information security under GDPR Article 32 and Article 6(1)(c).
Marketing:
In connection with newsletters and other marketing, we process names, email addresses and potentially other contact information. Recipients can easily unsubscribe by using the link at the bottom of each newsletter. The basis for processing is GDPR Article 6(1)(f) when the email address was obtained in connection with a legal engagement. For existing customer relationships, the basis is the Marketing Control Act section 15(3). In other cases the basis is consent under the Marketing Control Act section 15(1) and GDPR Article 6(1)(a).
Potential clients:
We process contact information. The legal basis is GDPR Article 6(1)(f), as the processing is necessary for protecting our commercial interests.
Recruitment:
We process job applications, CVs, certificates, transcripts, statements from referees, and internal assessments and interview notes. The basis is GDPR Article 6(1)(b). If we retain application materials after the recruitment process has concluded, this is based on the applicant’s consent, under GDPR Article 6(1)(a).
Unless you have given explicit consent, or disclosure is required by law, we do not disclose personal data in situations other than those described in this privacy policy. Lawyers are bound by a statutory duty of confidentiality under the Penal Code section 111, and all information entrusted to us in connection with an engagement is handled confidentially.
Our IT service providers may have access to personal data. They act under a data processing agreement that ensures confidentiality and operate under our instructions.
We retain personal data for as long as necessary to fulfil the purposes described in this privacy policy.
We store case documents for up to 20 years after the case has concluded. After 10 years, access to the documents is restricted to only a few of our employees.
You have rights relating to the personal data that concerns you.
If you have given consent to the processing of personal data, you may withdraw your consent at any time. You have the right to access the personal data we hold about you, unless confidentiality rules prevent this. You may ask us to correct inaccurate information or request deletion. We will comply with deletion requests as far as possible, unless there are compelling reasons for retaining the data or we are legally required to keep it for a certain period. You also have the right to data portability, meaning you may request personal data in a machine-readable format.
We have established routines and measures to ensure that unauthorised parties do not gain access to your personal data, and that all processing is carried out in accordance with applicable law. Our measures include regular risk assessments, technical systems and physical procedures to ensure information security, as well as routines for verifying access and correction requests.
We use cookies to log the use of haver.no. The purpose is to compile usage statistics and form a basis for improving the website. You can choose to disable cookies in your browser settings. Doing so may prevent access to certain services.
If you have questions or comments about this privacy policy, or if you wish to request access, rectification or deletion, you may contact us:
Address: Haakon VIIs gate 8, 4005 Stavanger
Email: post@haver.no
Telephone: +47 51 55 44 10