Privacy Policy

Last updated 2024-02-14.

1.1 Introduction

As part of our business activities, Wigge & Partners Advokat KB (”Wigge”) may process personal data relating to you. We care about your privacy and we process your personal data in accordance with applicable personal data legislation, including the General Data Protection Regulation (“GDPR”).

This privacy policy describes how we collect, process and share personal data, and what rights you have in relation to us as data controller.

2 What personal data is processed and for what purposes?

Personal data is data that can be directly or indirectly linked to a natural person, e.g. name, photo, social security number, IP address, telephone number and content of e-mails and other mailings.

We process personal data for the purposes described in this privacy policy.

Our processing of personal data may concern any natural person who is:

  • an employee of a client or counterparty,
  • a counterparty representative,
  • a client,
  • otherwise affected by our assignments,
  • participating in our seminars and other events or receive our newsletters, or
  • seeking employment with or assignments for us.

Wigge acts as data controller in accordance with this privacy policy. See our contact details in section 9 below.

You are not obliged to provide personal data to us (except where required by law), but failure to do so may mean that we cannot undertake assignments for you, process your job application, send you newsletters or seminar invitations, etc.

Most of our communication is by telephone, email and electronic meetings. As a general rule, anyone who calls, participates in an electronic meeting or sends us an e-mail always provides us with personal data.

2.1 Personal data related to assignments

We process personal data provided to us by, or on behalf of, you, the client, counterparty, counterparty representative or other person involved in the engagement or obtained by us from such persons or from private or public registers or sources.

The personal data will be processed for necessary conflict checks, to evaluate and decide whether we can undertake or need to withdraw from the engagement and to fulfil our legal, regulatory and risk management obligations in general. The processing takes place due to our legitimate interests in an effective and correct control and effective and correct decision-making basis, and because it is necessary to fulfil our obligations under the Swedish Anti-Money Laundering Act, the EU Market Abuse Regulation, other applicable laws and the Swedish Bar Association’s (Sw. Advokatsamfundet) regulations.

The personal data will also be processed for invoicing, accounting of the assignment and fees and debt collection and to otherwise safeguard our rights in connection with the assignment. The processing takes place on the basis of our (and the client’s) legitimate interest in efficient and correct invoicing, assignment and fee accounting and debt collection, and because it is necessary to establish, exercise or defend our legal claims.

The personal data will also be processed for internal statistics and analyses and the development of our operations. The processing is based on our legitimate interest in monitoring and developing our operations.

2.2 Personal data related to seminars, events, newsletters and other mailings

When you use our website, social media, digital mailing systems or otherwise register your interest in our seminars, events, newsletters and other mailings or register for one of our seminars or events, we will collect, store and otherwise process personal data relating to you. The personal data that we process may include name, title, employer, contact details (address, telephone number and email address), information about your stated areas of interest for newsletters and other mailings and about your desired participation in a seminar or event and, in the case of a seminar or event with food, specific food preferences.

The personal data will be processed to administer the sending of invitations to seminars and events, newsletters and other mailings, and to organise seminars or events with you as a participant. The processing is based on our legitimate interest in administering mailings to you and organising the seminar or event with you as a participant, in accordance with your stated preferences.

2.3 Personal data of job applicants

When you apply for a job or otherwise express interest in a job with us, we will collect, store and otherwise process personal data relating to you. We collect and process personal data such as name, title, position, e-mail address, telephone number, photographs, education, professional experience and other information you provide in your contact with us.

The personal data is processed for the purpose of carrying out the recruitment procedure. The processing is based on our legitimate interest in effective and correct recruitment. If you have consented to us processing your data for future recruitments, the data will be processed for that purpose on the basis of such consent.

2.4 Use of our website and cookies

When you visit our website, indirect personal data is also generated through our use of cookies, as described in our cookie policy. We will use such data for statistical purposes. However, as far as possible, we will use anonymised data for statistical purposes.

We process your personal data when it is necessary to carry out our mission, send newsletters to which you subscribe and organise seminars and other events to which you have subscribed. We also process the data when we have a legitimate interest in processing them, e.g. an interest in being able to communicate with you, carry out recruitment, market ourselves and develop our services. If we process your personal data for any purpose that requires your consent under data protection legislation, we will obtain your consent in advance.

3 Storage

We do not store personal data longer than necessary for the purpose of the processing, unless the data may or must be stored longer under applicable law.

Personal data that we process in connection with an assignment is stored for the period of time that we are obliged under the Swedish Bar Association’s regulations to keep the file for the assignment, i.e. for ten years after the completion of the assignment (or such longer period as the nature of the assignment requires). Thereafter, we may store the name, social security number (or equivalent information) and assignment title of natural persons who are clients or counterparties in order to enable necessary conflict of interests checks in accordance with the Swedish Bar Association’s regulations.

4 Transfer of personal data to third parties

The personal data we process may be disclosed to third parties with whom we cooperate, such as marketing agencies and IT service providers. We may also disclose personal data when we have a legal obligation, e.g. due to money laundering legislation.

If your personal data is transferred to a third party that performs services for us, we will enter into a data processing agreement with such third party. We will only transfer personal data to fulfil the purpose set out in this privacy policy and will only do so to data processors with whom we have a data processing agreement. Under these data processing agreements, the data processor must comply with our instructions and any other agreements that exist between us and the data processor. Before entering into a data processing agreement, we ensure that the data processor has adequate technical and organisational measures in place to protect your personal data.

When using IT service providers located outside the EU/EEA, we ensure that your personal data is adequately protected, e.g. by signing a data transfer agreement with the non-EU/EEA service provider accessing our IT systems.

5 Security measures

We have internal policies in place to ensure that our processing of personal data is done in accordance with this privacy policy and applicable law. Furthermore, we have technical and organisational measures in place to protect your personal data so that only authorised personnel have access to it.

6 Your rights

The personal data legislation gives you certain rights in relation to us and our processing of your personal data. Information about these rights is set out below. Note, however, that the rights may be limited due to the duty of confidentiality and archiving obligations applying to members of the Swedish Bar Association.

  • Accessibility – You have the right to obtain confirmation as to whether we are processing personal data concerning you. If this is the case, you also have the right to access this personal data through a so-called register extract and further information about the processing in question, such as the purpose(s) of the processing, the categories of personal data concerned and the recipients to whom the personal data have been disclosed.
  • Rectification – You have the right to have inaccurate personal data about you corrected without delay. You may also have the right to complete incomplete personal data in certain cases.
  • Deletion – You have the right to have personal data deleted. This right is limited to data which by law can only be processed with your consent, if you withdraw your consent and object to the processing.
  • Processing restrictions – You have the right to request restriction of the processing of your personal data, for example if you object to the accuracy of the personal data. While the accuracy is being investigated, our access to the personal data is restricted.
  • Objections – You have the right to object to the processing of your personal data based on our or another party’s legitimate interest. In this case, in order to continue processing, we must be able to demonstrate compelling legitimate grounds which override your interests, rights and freedoms.
  • Data portability – If we process your personal data on the basis of a contract with you (or on the basis of your consent), you have the right to obtain the personal data you have provided to us relating to you in an electronic format. You have the right to have the personal data in question transmitted from us directly to another data controller, where technically feasible.
  • Consent withdrawal – Should our processing of your personal data be based on your consent, you always have the right to withdraw your consent at any time. A withdrawal of your consent does not affect the lawfulness of the processing based on the consent before its withdrawal.

7 Complaints to the supervisory authority

The Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) is the authority responsible for monitoring the application of applicable data protection legislation in Sweden. If you believe that we are processing your personal data incorrectly, we encourage you to contact us in the first instance so that we can review your concerns. However, you can always lodge your complaint with the supervisory authority.

8 Amendments and supplements

We may make amendments or supplements to this policy. If we do, we will publish the updated privacy policy on our website and refer to it in our emails and in our communication through our digital mailing system. If this happens, we ask you to read the updated policy carefully.

9 Contact details

If you would like further information on how your personal data is processed, or wish to exercise any of the above rights, please contact us:

Wigge & Partners Advokat KB
Att: Privacy
Birger Jarlsgatan 25
111 45 Stockholm
E-mail: gdpr@wiggepartners.se