Privacy statement for Bull & Co Advokatfirma AS
Bull is the data controller for the personal data we collect, as described here. We are responsible for processing personal data in a safe and lawful manner. Bull has profiles/user accounts on various social media sites. If you visit or use our profiles, we – as account manager – become the controller for the personal data we process for our own purposes. Various social media have their own policies for their processing of your personal data.
You can contact us at email@example.com if you would like to access your data. If you are our client, feel free to contact the responsible attorney for the engagement.
To make it easier to understand the Privacy statement, we have defined some terms:
Personal data means any data that may directly or indirectly be linked to you as an individual or to other individuals.
The processing of personal data means any use of personal data, including collection, retention, revision, assembly, disclosure and deletion.
The data controller means the person or company responsible for processing personal data and the one who determines the purpose of the collection and use of personal data. In this case, it is Bull & Co.
The basis for processing means the basis for processing personal data, either in the form of consent or by law.
What kinds of personal data do we process?
- identification and contact details (email address, telephone number, date of birth and gender)
- data we need for the engagement, such as case information, information about ownership, finances and health, family relationships and photos
- data that is retained when you visit our website (including the time, the type of computer/mobile phone, operating system and browser you use, IP addresses, screen size, etc.)
- any other data that is collected based on your consent. When we ask for your consent, you will receive specific information about which data we collect and what they are used for.
How do we collect personal data?
We collect data in several ways:
- We receive personal data that are needed for the engagement or for follow-up on your enquiries.
- We may collect personal data from public records.
- We receive personal data when you use our services, e.g. our website.
What do we use the personal data for?
We process personal data:
- to carry out our engagement
- to store case documents
- to handle our client relationships
- for knowledge management purposes
- for marketing
- to evaluate how our website and social media accounts are used (using analytical tools)
- to comply with legal requirements for customer control, retention and disclosure (if relevant)
- for security purposes (e.g. login to servers as well as detection, resolution and follow-up during data security incidents.
Bases for processing
The processing of client data is regulated by articles 6 (1) (b) of GDPR (agreement with the private client) and 6(1) (c) of GDPR (fulfilment of legal obligation, e.g. attorneys’ obligations pursuant to section 4 (2) no. 3 of the Anti-Money Laundering Act, cf. sections 17 and 18). The processing of data about anyone other than the client, e.g. counterparties and witnesses, is regulated by article 6 (1) (f) of GDPR (legitimate interest).
The processing of special categories of (sensitive) personal data is regulated by article 9 (2) (f) of GDPR, when processing is necessary to assess, assert or defend a legal claim.
The processing of personal data for marketing purposes through electronic communications, such as through our website and social media sites, e.g., Facebook, LinkedIn and Instagram, is governed by article 6 (1) (a) of GDPR (consent) – unless otherwise stated.
If required by applicable data protection regulations, Bull will obtain your explicit consent for the processing of your personal data.
You may withdraw your consent at any time by contacting us at firstname.lastname@example.org.
Bull uses the following social media channels:
Bull & Co follows the guidelines that apply to account managers and processes personal data in accordance with the processing terms for the relevant medium.
Facebook: Through Facebook Insights, we can view anonymous data about individuals who follow Bull & Co, such as gender, country, city/village and language. We can also see how many people have visited our page and how many have been reached through posts during a selected time period. In addition, we can see the number of likes, shares and followers on pages and page activities.
We use Facebook’s advertising pixel to direct ads toward the people who have visited our websites. We adhere to Facebook’s current policies at all times. You can control your advertising settings on your Facebook profile.
A cookie is a small text file that is stored locally on your device (i.e. computer, smartphone, etc.) when a website is opened. The purpose of cookies vary and may make a website more user-friendly and adapted to the individual user. When a user visits a website, the cookie asks for permission to be stored locally on the device. Most modern browsers such as Internet Explorer, Safari, Mozilla Firefox and Google Chrome are set to accept cookies automatically, but you can withdraw your consent at any time. This is done by changing your browser’s cookie settings. To learn more about cookies and how to manage or delete them, please visit allaboutcookies.org and/or your browser’s help section.
Please note that if you choose not to accept certain technical and/or functional cookies, our web pages’ functionality may be reduced.
We use – or may use in the future – modules to share content from services such as Facebook, Twitter, Google Maps, Google+ or YouTube. These services may set cookies to identify users of the various services or “remember” preferences from previous visits, such as which audio level was last used by the user’s YouTube player or whether the user has liked our Facebook page.
Disclosure of personal data
Data are disclosed as necessary to carry out the engagement and to data processors providing operational services, maintenance and other technical assistance to Bull & Co. Our use of data processors may involve a transfer of your personal to data processors located in countries outside the EU/EEA. This means that personal data may be transferred to a country whose regulations do not provide the same level of protection of personal data as in Norway. In order to ensure your privacy, such transfer will only take place in accordance with applicable data protection legislation, for example through contractual arrangements approved under GDPR.
Otherwise, your personal data will not be disclosed to a third party without your consent or unless there is a legal basis or a court decision requiring disclosure of such data.
If you would like to access your retained personal data, or you would like more information about how your personal data are processed, please contact email@example.com.
In many cases, our duty of confidentiality prevents us from providing access to the personal data we have registered. If the data are not subject to the duty of confidentiality, you have the right to:
- receive information and access to your personal data (with the limitations set by applicable law – in particular attorneys’ duty of confidentiality)
- require that incorrect, unnecessary, inadequate or outdated personal data be revised or removed
- withdraw any consent to the processing of personal data that you have provided to us (which may result in us no longer being able to provide some of our services to you)
- require that the personal data we process about you be disclosed in a structured, widely used and machine-readable format that allows you to take your data with you to another business
If you disagree with the way we process your personal data, you can lodge a complaint with the Data Protection Authority. We hope you choose to direct an enquiry to us first.
Storage, deletion and correction
We store your personal data for as long as necessary to fulfil the purposes presented in this Privacy statement, unless a longer retention period is required or permitted under applicable law or by your consent. Retention of anonymised data is not subject to such restrictions or requirements.
In addition, we strive to ensure that your personal data are up to date and correct and that we do not store data that are unnecessary based on the purposes of processing.
We follow the Norwegian Bar Association’s recommendation and normally store case documents for 10 years after the conclusion of an engagement.
How do we safeguard your personal data?
Bullhas internal procedures and security measures to ensure the safe and secure processing of your personal data. We have an internal security manager who is in charge of ensuring data security in general and the safe processing of personal data in particular. Our personnel receive training and guidance in the secure processing of personal data. Our procedures and access control prevent unauthorised access to your personal data. We also have procedures and measures that will prevent the loss of personal data as well as the loss and destruction of the systems that store personal data. We make sure the processing of personal data is done correctly and in a safe manner and that the processing is protected from malware.
We ensure that personal data are protected in connection with the transfer of personal data internally and externally and are required to ensure that external parties who will process the data maintain a satisfactory level of security. Any threats to data security are effectively addressed, and the security and protection of personal data is part of our day-to-day operations. We comply with the applicable data protection laws’ requirements for the protection of personal data.
Bull is well aware of its duty of confidentiality. Attorneys are subject to a criminally sanctioned duty of confidentiality that follows from section 111 of the Penal Code. All data entrusted to us in connection with an engagement is treated as confidential unless otherwise agreed.
Any breach of security procedures is documented, and we have procedures and capacity to detect and deal with any security breaches.
If security breaches are uncovered, they are reported to management, damage risk is evaluated, the Norwegian Data Protection Authority is notified if necessary, and we will notify you as a user if the breach poses a risk to you and your rights.
How to contact us
For questions and enquiries regarding our processing of personal data, please contact firstname.lastname@example.org
We may make minor changes to this Privacy statement. You will always find the latest version on www.bull.no. We will notify you in the event of significant changes.