Privacy Policy

1.1 Introduction

Your privacy is important to us, we will process your personal data in accordance with the applicable data protection laws, including the General Data Protection Regulation (GDPR). Your personal data will only be used for the purposes specified in this privacy policy. Any data disclosed by you will immediately be deleted unless we have a reason and right to use the data under applicable data protection laws.

1.2 Data controller and contact details

Wigge & Partners Advokat KB acts as the controller in accordance with this privacy policy. If you have any questions regarding our processing of personal data, do not hesitate to contact us at

1.3 Collection of personal data via our website/e-mail

We collect and process personal data such as name, title, position, email address, phone number, and other information that you may provide (for example in a recruitment process) when you communicate with us via email or other channels, sign up for newsletters, participate in our events or visit our website. The data may be used for marketing and recruitment purposes, to invite you to our events and send you newsletters. When processing this type of personal data, we rely on our legitimate interests in maintaining business relationships, and communicating with you about our operations and our events.

We may obtain information about your use of our website through “cookies” which enables us to give visitors access to various basic features that facilitate use and enhance the website experience. When you enter our website, we may also collect information about your computer, IP address, operating system and browser type, for example, for statistical purposes or for the purposes of system administration. This information generally comprises data which does not allow individual identification of information related to a specific user and is subject to your approval.

1.4 Collection of personal data in relation to clients

We collect information provided to us by or on behalf of our clients or generated by us in the course of providing legal services to our clients. This collection of data is based on our legitimate interest as a law firm when providing legal services.

We also use personal data collected in relation to our legal services to fulfil our statutory duties for example in relation to anti-money laundering and know your client (KYC) procedures. In addition, we collect personal data that is needed to fulfil our obligations under the Rules of the Swedish Bar Association in relation to conflicts of interest procedures.

You are not obligated to provide personal data to us but if you do not, we cannot provide you with any legal services as we would not be able to perform our statutory duties in relation to anti-money laundering, KYC and our obligations under the Rules of the Swedish Bar Association in relation to conflict of interest procedures.

The personal data collected relates to identification, contact details and matter-related background information provided by our clients, their representatives or their counterparties.  We will store personal data related to our matters for as long as we are required under applicable legislation or the Rules of the Swedish Bar Association (at least 10 years after a matter is closed).

In some cases, your personal data have been supplemented by information retrieved from publicly available sources, for the purpose of confirming your identity and current professional position.

1.5 How data is processed

We will only process personal data for the purpose it was collected for and as set out in this privacy policy. Personal data will only be available to authorised employees holding a position that requires them to process personal data to perform their work. Personal data is processed in accordance with our internal retention policy and our statutory retention obligations. Personal data will not be processed any longer than necessary for the stated purpose of the processing unless we have a legal obligation to retain the personal data for a longer period of time.  

1.6 Security measures

We have internal policies in place to ensure secure processing of personal data and have taken appropriate technical and organizational measures to keep your personal data secure to ensure that only authorized persons are given access to the personal data.

1.7 Transfer of data to third parties

We will not disclose personal data to any third parties unless (i) you have given your prior consent, or (ii) it is required to do so under applicable laws, to defend a claim or to perform services for our clients.  

However, your personal data may be transferred to and processed by third-party providers which perform services for Wigge & Partners (data processors). We will only provide personal data necessary to fulfil the purposes stated in this privacy policy to such data processors and we enter into data processor agreements with all data processors. According to the agreements the data processors must follow our instructions and any other agreements that are in place between Wigge & Partners and such data processors. Before entering into a data processing agreement, we ensure that the data processor has appropriate technical and organizational measures for the protection of the personal data.

1.8 Where is data processed

We primarily process personal data on servers within the EU/EEA. However, we may process personal data in countries outside of the EU/EEA. We will implement appropriate measures under the GDPR to ensure that your personal information remains protected and secure if data is processed outside of the EU/EEA. To ensure that appropriate safeguard measures in accordance with the provisions of GDPR are implemented by a processor outside of the EU/EEA such processing will always be based in on the EU Commission’s standard contractual clauses.

1.9 Rights of the data subject

You have the right to receive confirmation from us as to whether or not personal data concerning you are being processed, or whether personal data has been processed. You are entitled to receive a copy of the processed personal data and the personal data undergoing processing. You have also the right to obtain the rectification or erasure of personal data concerning you and the right to prohibit the processing of personal data for direct marketing purposes. In certain cases, you have the right to request a restriction of processing of personal data or otherwise object to processing. Furthermore, you may require the transmission of the personal data, which you have provided to us in a machine-readable format. All requests mentioned above shall be sent to If you find the processing of your personal data unlawful, you may lodge a complaint with a supervisory authority. The relevant supervisory authority in Sweden is Datainspektionen.

(version 2018:1)

Address Birger Jarlsgatan 25, 111 45 Stockholm