Privacy policy for Langseth Advokatfirma DA

Contact us

Privacy policy for Langseth Advokatfirma DA

Når du besøker vårt nettsted vil nettleseren din laste ned informasjonskapsler (“cookies”). Dette er små tekstfiler som utveksles mellom din enhet og dette nettstedet og som brukes for å få nettstedet til å fungere best mulig. Nedenfor finner du oversikt over hvilke informasjonskapsler som benyttes.

Langseth Law Firm processes personal data in accordance with the EU General Data Protection Regulation 2016/679 ("GDPR"), which came into force on May 25, 2018. These rules apply as Norwegian law after implementation.

This privacy policy describes how Langseth Advokatfirma DA processes personal data.

I The purpose of collecting and storing personal data

Langseth Advokatfirma DA offers legal services. In order for us to do our job and fulfill our purpose, we need to use various types of personal data, including sensitive personal data. It is also necessary to store personal data after the assignment has been completed, due to our obligation to retain data and the possibility of reopening the case.

Personal data will only be collected and stored to the extent necessary to perform our assignment, and in accordance with consent or legal grounds for collection.

II Data controller

Langseth Law Firm, represented by its chairperson, is responsible for the company's processing of personal data and for ensuring that our processing systems comply with the regulations in force at any given time.

Tasks related to the daily processing of personal data are delegated to the responsible partner in the specific case where personal data is collected and stored. The responsible partner will be specified in the assignment agreement.

In the case of specially delegated responsibility for individual/special tasks, this will be stated under the individual processing point.

III What kind of information we collect

The collection and storage of personal data will be based on consent from clients, where it is voluntary to provide the information. In certain cases, information will also be collected on the basis of laws/regulations (e.g. the Money Laundering Act, the right of access to tax assessments for spouses, collection of information from the National Population Register, etc.).

We collect and use your personal data for various purposes depending on who you are and how we come into contact with you. We collect the following personal data for the purposes stated here:

  1. Establishment of client relationships and administration of client relationships. In this context, contact information, identity documentation, payment details, etc. are processed. The processing is based on GDPR Article 6 (1) letter b (processing is necessary for the performance of a contract to which the data subject is party) for private clients, and GDPR Article 6(1)(f) (processing is necessary for purposes related to legitimate interests) for contact persons for corporate clients and other matters processed in connection with corporate clients. In addition, [the law firm] is subject to legal obligations in connection with the establishment of client relationships, such as the Money Laundering Act § 4 (2) no. 3, cf. §§ 17 and 18, and therefore processes data in accordance with GDPR Article 6 (1) c (processing is necessary for compliance with a legal obligation).
  2. Case handling. In this context, personal data necessary in relation to the case in question is processed. The processing is based on GDPR Article 6 (1) letter b (processing is necessary for the performance of a contract to which the data subject is party) for private clients, and GDPR Article 6 (1) letter f (processing is necessary for purposes related to legitimate interests) for contact persons for corporate clients and other matters processed in connection with corporate clients.
  3. Information about counterparties and other third parties. In this context, personal data necessary in relation to the case in question is processed. The processing is based on GDPR Article 6 (1) letter f (processing is necessary for purposes related to legitimate interests). We have assessed that the processing is necessary in order to resolve incoming cases as efficiently as possible in accordance with commercial considerations and good legal practice. When processing special categories of data, the processing has a legal basis in GDPR Article 9 (2) letter f (establishing, exercising or defending legal claims).
  4. Criminal convictions and offenses. In this context, personal data necessary in relation to the case in question is processed. The processing is based on GDPR Article 9 (2) letter f (establishing, exercising, or defending legal claims), as well as a systemic consideration of the Criminal Procedure Act and the rules of professional conduct for lawyers, section 2.3.
  5. Storage/retention of case documents. In this context, personal data necessary in relation to the case in question is processed. The processing is based on a legal obligation to archive ongoing and closed cases.
  6. Invoicing. In this context, contact information and payment information are processed. The processing is based on GDPR Article 6(1)(b) (processing is necessary for the performance of a contract to which the data subject is party) for private clients, and GDPR Article 6(1)(f) (processing is necessary for the purposes of legitimate interests) for contact persons for corporate clients.
  7. Sending marketing material, newsletters, and other relevant informationabout our business. In this context, names and email addresses are processed. Processing is based on consent from the recipient of the marketing material in accordance with Section 15 of the Marketing Act, usually a private client or contact person at a business client.
  8. Information about potential clients. In this context, contact information is processed. The processing is based on GDPR Article 6 (1) letter f (the processing is necessary for purposes related to legitimate interests). We have assessed that the processing is necessary to safeguard commercial considerations in our business.
  9. Knowledge management(e.g., reuse of documents in subsequent cases). Personal data processed in this context is personal data that is necessary in relation to the case in question. The processing is based on GDPR Article 6 (1) letter f (processing is necessary for purposes related to legitimate interests). We have assessed that the processing is necessary for internal learning processes and to work more efficiently.
  10. Recruitment. In this context, we process CVs, applications, certificates, diplomas, statements from references, internal assessments/interview reports, and any personality tests and aptitude tests. The processing of personal data is based on an agreement with the applicant, i.e. GDPR Article 6(1)(b). If we retain application documentation after a recruitment process has been completed, this is done on the basis of consent from the applicant, cf. GDPR Article 6 (1) letter a.
  1. Security. In this context, logs on servers, detection, investigation, and follow-up of security incidents, etc. are processed. The processing is based on GDPR Article 6 (1) letter f (processing is necessary for purposes related to legitimate interests). We have assessed that this processing is necessary to ensure information security and prevent unauthorized disclosure of personal data.

IV Online processing of personal data

Visitors to our website are free to provide personal information when filling out the contact form. Enquiries will not be registered or collected for later use unless a separate agreement is entered into or a client relationship is established. Enquiries are stored solely for use in our own statistics, and only the management of Langseth Advokatfirma has access to the information.

Data processing agreements have been established with companies that provide services such as website operation and maintenance.

We use the Google Analytics analysis tool on our website. Information from this tool is not disclosed by Langseth Law Firm to other parties and is not traced to individuals.

V Case processing and archives

Langseth Advokatfirma DA uses Datalex case management and archiving system for electronic processing, and also has physical folders and archives.

Electronic case management/archiving:

The necessary procedures for its use have been drawn up, with strict access control.

The respective partners responsible for the various cases ensure that the actual case handling complies with the procedures.

Langseth Law Firm processes personal data in order to safeguard its clients' interests in connection with the practice of law in accordance with the specific assignment.

Various types of personal data are recorded in the archive and case management system. This includes information such as name, address, telephone number, and, in accordance with the provisions of the Money Laundering Act, ID checks are also required and will be stored. Registration, storage, and retention are carried out in accordance with the provisions of the archiving legislation. 

The case documents may also contain sensitive personal data. Since all documentation stored in the archive is subject to particularly strict protection, no special procedures have been established for sensitive information, but such information will be deleted earlier than other information after the case has been closed.

Physical case processing/archiving

During case processing, the physical files are stored in the individual case handler's office. The offices have security locks with codes to prevent unauthorized access.

After the case has been closed, the files are stored in a secure archive room. Sensitive personal data is shredded, unless there is a specific reason to retain it after the case has been closed.

All documents are deleted 10 years after the case is closed.

VI Email and telephone

Langseth Advokatfirma DA uses email and telephone as part of its daily work to protect the interests of its insurance clients.

Relevant information obtained from telephone conversations and email exchanges that take place as part of case processing is recorded. This information is then processed as described above (see "Case processing and archiving").

Langseth Law Firm's employees also use email in general correspondence with internal and external contacts. Each lawyer/associate/service employee is responsible for archiving relevant emails in digital case files belonging to the individual case, and otherwise deleting messages that are no longer relevant. Upon resignation, email accounts are deleted, but certain relevant emails will normally be transferred to colleagues.

No sensitive personal data is sent via unencrypted email, and all attachments will be encrypted, even if they do not contain sensitive content.

Please note that regular email is unencrypted, and we therefore advise you not to send confidential, sensitive, or other confidential information via email.

Telephone calls (telephone numbers to and from, as well as the time of the call) are logged in our Shoretel telephone system.

If a telephone call relates to a specific case, a note may be written after the call and recorded in the journal. No other systematic recording of telephone calls where the caller can be identified is made.

VII Visit to Langseth Law Firm's offices

When visiting our premises, the visitor's name and mobile phone number are registered at the reception desk in the office building, and the visit is reported by text message and email to the employee receiving the visitor. Unless visitors themselves consent to their mobile phone number and name being stored, this information will be deleted after 30 days. Reception staff are bound by a duty of confidentiality.

Visitors only have access to meeting rooms and common areas. The office premises are physically secured and locked with codes that require a separate access code.

VIII Who we share information with (data processing agreements)

Certain third parties perform services on our behalf and assist us in operating our business and providing data and accounting services. Such third parties are given access to relevant information for the same purposes as described above, but also in connection with payroll (see below).

We enter into written agreements with third parties with whom we share information, and set clear requirements for compliance with applicable privacy laws, including information security requirements.

IX Information about employees

Langseth Law Firm processes personal data about its employees for the purpose of administering payroll and personnel responsibilities in accordance with the Personal Data Act § 8, first paragraph, and § 8 a), b) or f), as well as § 9 a), b) and f). The personnel manager has day-to-day responsibility for this. The information necessary for the payment of salaries is recorded, such as basic data, salary level, time registration, tax percentage, tax municipality, and union membership. Other information about employees is related to their work instructions and the organization of their work.

In addition, information relating to key management for entry and exit and information about access control in the IT system is recorded. The information is obtained from the employees themselves. The information is only disclosed in connection with salary payments and other legally required disclosures. Deletion routines for personal data comply with the Accounting Act and the Archives Act. Information about names, positions, and areas of work is considered public information and may be published on our website.

The processing of personal data relating to employees is explained in detail in the staff handbook, which is available to employees.

XI Rights: access, deletion, disclosure of information

Anyone who asks is entitled to basic information about the processing of personal data in a business. Langseth Advokatfirma DA has provided this information in this statement and will refer to it in the event of any inquiries.

Those who are registered in one of Langseth Advokatfirma's systems have the right to access their own information. The person concerned also has the right to request that incorrect, incomplete, or information that Langseth Advokatfirma does not have access to process be corrected, deleted, or supplemented. As a general rule, the person concerned also has the right to have all information about themselves deleted, but there may be exceptions to this due to special regulations. Requests from the registered person shall be answered free of charge and within 30 days at the latest.

To the extent that personal data is disclosed to others, this will be in accordance with the purpose of the case and will be linked to specific cases where information must be provided to the opposing party or the court. Public authorities may have the right of access under special rules. The duty of confidentiality for lawyers ensures further disclosure of information.

XII Contact Information

Please contact us if you have any questions about our processing of personal data:

Email:advokat@ladv.no

Phone: +47 22 42 42 42