PRIVACY POLICY

Front Advokater AB (“Front”) is the controller of personal data in respect of the data which is processed within the scope of our business and we work actively to ensure that our processing of personal data is legal, secure, and monitored. This is all done with a focus on safeguarding the privacy of clients, visitors, job applicants, and cooperation partners.

In this privacy policy, we provide you with information regarding why and how we process personal data and how we use cookies. In this document, you can also read about your rights as a data subject and where you can turn with questions or feedback related to Front’s processing of personal data. The privacy policy was last updated on 21 January 2019.

GDPR stands for General Data Protection Regulation. The aim of the regulatory framework is to increase protection for personal data in a uniform manner in EU Member States. It includes increased rights for you when your personal data is registered, imposes significantly higher sanctions on those who fail to comply with the regulation, and affords greater latitude to supervisory authorities (in Sweden, the Data Protection Authority) to take action.

the GDPR’s primary principles

All of the Articles of the GDPR are based on six principles, which also constitute the parameters for Front’s processing of personal data. This means that Front’s processing of personal data must always be supported by the following principles.

  1. Lawfulness – all processing of personal data must have a legal basis.
  2. Transparency – the person to whom the personal data refers must obtain information regarding how the data is processed.
  3. Consistent with purpose – the data must be collected for specific, predetermined purposes and may not be processed for other purposes.
  4. Storage limitation – the personal data must not be stored for longer than necessary and, if possible, the storage period shall be predetermined.
  5. Data minimisation – the personal data must be relevant and may not be include more personal data than is necessary to achieve the purpose.
  6. Integrity and confidentiality – the personal data must be protected by, among other things, confidentiality, access authorisation, and technical solutions. Front takes extra security measures when processing sensitive personal data or information belonging to a person with a protected identity.

legal grounds when processing personal data

Front must always base its processing of personal data on one of the legal grounds stated in the GDPR. The GDPR contains six legal grounds, but four of them are of primary relevance for Front.

  1. Legal obligation – processing of personal data which is required by law.
  2. Consent – the data subject has consented to processing of personal data.
  3. Performance of a contract – the processing of personal data is necessary to enable Front to perform under a contract with the data subject.
  4. Weighing of interests – when we determine that Front’s purpose for processing personal data overrides the data subject’s interest in not having their personal data processed. In such situations, Front has a legitimate interest in processing personal data.

We need to process personal data when evaluating whether we can accept an engagement, when administering an engagement, and when carrying out an engagement. As a main rule, personal data is provided by the client, but it may also be supplemented with personal data from private and public registers or other external sources.

The purpose of our processing of personal data is to be able to perform our engagement agreement with you as a client or to perform legal obligations; these also constitute the legal grounds supporting the processing of personal data. For the same purpose, we often need to process the personal data of representatives and beneficial owners, and this processing is based on Front’s legitimate interest in being able to administer the matter.

Sensitive personal data may also be processed, for purposes identified above, on the basis of the client’s express consent or to assert or defend the client’s legal claims.

The personal data which we process might constitute a basis for marketing purposes. Such processing of personal data is based on Front’s legitimate interest. If you receive an unwanted mailout from us, pursuant to the GDPR and the Swedish Marketing Practices Act you are always entitled to object to further mailouts. You do this by clicking on the link in the mailout itself, or by contacting the relevant Front office.

For purposes identified above, the personal data can be transferred to a third party and, if necessary, to a country which is not a member of the EU/EEA (a third country) or to an international organisation. Such transfer takes place only where the personal data can be suitably and sufficiently protected.

Front does not store data longer than is necessary to fulfil the purposes stated above. As a main rule, following a completed engagement the personal data is stored for 10 years in accordance with the Swedish Bar Association’s guidelines, but the purpose of an individual processing may lead to a longer period prior to deletion.

does front process your personal data in connection with bankruptcy?

Front has lawyers who work as receivers in bankruptcy. In order for Front to be able to conduct suitable bankruptcy receivership, we need to process personal data.

In a bankruptcy, the bankruptcy estate is the controller of personal data in respect of the processing which takes place within the scope of the activities of the bankruptcy estate. Front is the controller of personal data in respect of the additional processing of personal data which takes place within the scope of the law firm’s ordinary operations.

The processing of personal data comprises handling personal data which is necessary for the administration of the bankruptcy, such as name, personal identification number, contact information, property designation, vehicle registration number, IP address, banking information, and work-related personal data regarding wages, trade union membership, and health.

The specific purposes of the processing of the personal data in a bankruptcy are to administer agreements, perform accounting obligations, prepare a bankruptcy estate inventory and statutory administration report, take decisions regarding any wage guarantee, ensure that creditors are not prejudiced, and comply with the other obligations statutorily incumbent on the receiver in bankruptcy.

The legal grounds for Front’s and the bankruptcy estate’s processing of personal data are: (1) the performance of agreements and weighing of interests for the handling of relevant business documents; (2) a legal obligation in respect of the many obligations incumbent on the receiver in bankruptcy pursuant to law; and (3) the performance of the public interest duties/exercise of official authority in conjunction with, for example, decisions regarding any wage guarantee. The processing of sensitive personal data by Front and/or the bankruptcy estate in bankruptcy proceedings is based on employment law obligations or to establish, assert, or defend legal claims.

The various categories of persons affected by the bankruptcy estate’s and Front’s processing of personal data include representatives of the bankrupt company, bankruptcy debtors, representatives of creditors, debtors, shareholders, employees, guarantors, customers, suppliers, auditors and accounting consultants, the State, banks, third parties, and family members.

Front processes the personal data which is included in the bankruptcy with appropriate confidentiality. In the course of administering the bankruptcy, personal data linked to the bankruptcy may be provided to other parties. These may be group companies, service providers, and other consultants or public authorities. The relevant personal data is processed for as long as is necessary for the bankruptcy receivership and is ordinarily saved for 10 years in accordance with the Swedish Bar Association’s guidelines.

Front has lawyers who work as receivers in bankruptcy. In order for Front to be able to conduct suitable bankruptcy receivership, we need to process personal data.

In a bankruptcy, the bankruptcy estate is the controller of personal data in respect of the processing which takes place within the scope of the activities of the bankruptcy estate. Front is the controller of personal data in respect of the additional processing of personal data which takes place within the scope of the law firm’s ordinary operations.

The processing of personal data comprises handling personal data which is necessary for the administration of the bankruptcy, such as name, personal identification number, contact information, property designation, vehicle registration number, IP address, banking information, and work-related personal data regarding wages, trade union membership, and health.

The specific purposes of the processing of the personal data in a bankruptcy are to administer agreements, perform accounting obligations, prepare a bankruptcy estate inventory and statutory administration report, take decisions regarding any wage guarantee, ensure that creditors are not prejudiced, and comply with the other obligations statutorily incumbent on the receiver in bankruptcy.

The legal grounds for Front’s and the bankruptcy estate’s processing of personal data are: (1) the performance of agreements and weighing of interests for the handling of relevant business documents; (2) a legal obligation in respect of the many obligations incumbent on the receiver in bankruptcy pursuant to law; and (3) the performance of the public interest duties/exercise of official authority in conjunction with, for example, decisions regarding any wage guarantee. The processing of sensitive personal data by Front and/or the bankruptcy estate in bankruptcy proceedings is based on employment law obligations or to establish, assert, or defend legal claims.

The various categories of persons affected by the bankruptcy estate’s and Front’s processing of personal data include representatives of the bankrupt company, bankruptcy debtors, representatives of creditors, debtors, shareholders, employees, guarantors, customers, suppliers, auditors and accounting consultants, the State, banks, third parties, and family members.

Front processes the personal data which is included in the bankruptcy with appropriate confidentiality. In the course of administering the bankruptcy, personal data linked to the bankruptcy may be provided to other parties. These may be group companies, service providers, and other consultants or public authorities. The relevant personal data is processed for as long as is necessary for the bankruptcy receivership and is ordinarily saved for 10 years in accordance with the Swedish Bar Association’s guidelines.

Front needs to process personal data in order to administer and send invitations to events. This involves, for example, names, email addresses, and telephone numbers.

If you use the “reminder function” on our events page, we will process your mailing address to be able to remind you of the relevant event, and to invite you to other events.

We send you invitations on the basis of Front’s legitimate interest, but if it is not relevant to you, you can always object to receiving further mailouts from us. You do so by clicking on the link in the invitation itself or by contacting the relevant Front office.

If we offer food or drink in connection with the event, you have the possibility to submit your food preferences or allergies to us. This means that we may process sensitive personal data regarding your health. If you submit such information, you also consent to our processing of it before and during the event.

We never store sensitive data after the event is completed. On the other hand, we may save your email address in order to invite you to other interesting events in the future.

First and foremost – we’re thrilled that you want to apply for a job with us at Front Advokater!

In order to be able to process your application, we need to save the personal data which is necessary for the application procedure. This involves your contact data and the information which you have provide personally in your personal letter, CV, and other enclosed documents. We process your data on the basis of Front’s legitimate interest or to be able to take necessary measures before entering into an employment agreement.

The starting point is that only our HR department has access to the data but it may also be provided to companies and consultants, such as recruitment firms and experts providing second opinions which help us with the recruitment process.

We will save your data during the recruitment process as well as for a reasonable time thereafter for possible future recruitment needs. If you do not want us to save your data for future recruitment needs, you are welcome to contact us at the address below in order to have it erased.

In order for us to be able to handle your matter and respond to you if you have contacted us, we need to save and use your name, your email address, and any other contact information that you provide. Front Advokater is responsible for the personal data that we collect. Our initial processing of your personal data is based on our legitimate interest in following up on your contact with us. As a result, we save your personal data for as such time as is necessary to respond to you with answers to your questions.

We use cookies so that you will have the best possible experience of our website. The use of cookies is regulated by the Swedish Electronic Communications Act, which provides that we must obtain your informed consent in order to use cookies when you surf on our website. This means that you must receive information:

  • that the website contains cookies;
  • regarding what these cookies are used for; and
  • how cookies can be avoided

before you thereafter consent to the use of cookies. The Swedish Post and Telecom Authority is the public agency responsible for supervision.

What types of cookies do we use?

A cookie is a small text file which is stored on your computer or mobile device via your browser. There are different types of cookies and Front uses both cookies which we install ourselves (first-party cookies) and those which belong to an external party (third-party cookies). Our cookies also have various lifespans. We use both session cookies which are stored temporarily and deleted when you close your browser, as well as permanent cookies which are stored for a longer time.

First-party cookies

We use first-party cookies primarily so that you encounter material on the website which is new since your last visit. Our first-party cookies are both session cookies and permanent cookies, which are stored for a maximum of 24 months.

Third-party cookies

We use cookies from external parties (third-party cookies). Google analytics is used as an analytical tool and to maintain statistics for the purpose of improving our website. In order to receive job applications, we also use third-party cookies belonging to WorkBuster. Our third-party cookies are both session cookies, which are deleted when you close the browser, and permanent cookies which are stored for a maximum of 24 months.

What do I do to prevent or delete cookies?

If you limit or delete cookies, you will not be able to access a number of functions on our website. You can delete installed cookies and change your cookie settings in your browser. Browsers do not function uniformly, but use the help function in your browser for information about how you change the cookie settings to meet your needs and preferences. Click here for information about handling cookies in Google Chrome, Safari, Internet Explorer, Mozilla Firefox.

Do you want to know more about cookies and how they are regulated?

In order to obtain information about cookies and the Electronic Communications Act, visit the  Post and Telecom Authority’s website.

As a data subject, you are entitled to know how your personal data is processed. This means that you can request access to information about the processing. You are also entitled, at any time whatsoever, to revoke consent to the processing and to demand correction of erroneous personal data, restriction of superfluous processing, erasure of unsupported processing, and transfer of personal data from our system to another party. You are also entitled to contact the Swedish Data Protection Authority at datainspektionen@datainspektionen.se to submit a complaint.

You are always welcome to contact us if you want to exercise your rights or if you have feedback or questions associated with our processing of personal data.