.svg){kind=small}
Privacy Statement for Advokatfirmaet Seland | Rödl & Partner AS
This privacy statement applies to Advokatfirmaet Seland | Rödl & Partner AS (“we,” “us,” or “our”). We act as the data controller for the processing of personal data described in this privacy statement. Our contact information is provided below.
1. Whose Personal Data We Process
This privacy statement applies to our processing of personal data about the following individuals:
- Contact persons at corporate clients
- Private clients
- Clients in criminal cases
- Contact persons at our suppliers and partners
- Other individuals who send us inquiries
- Persons involved in cases in which we provide assistance
- Other persons mentioned in case documents to which we have access
- Visitors to our website
2. Purpose, Types of Personal Data, and Legal Basis
Below is an overview of the purposes for which we process personal data, the categories of personal data processed, and the legal basis for the processing.
2.1. General Inquiries
Purpose: To respond to inquiries we receive.
Data: Name, phone number, email address, and any personal data included in the inquiry.
Legal Basis: The processing is based on a legitimate interest (GDPR Article 6(1)(f)). Storing this information is necessary for us to respond to and handle your inquiry properly.
2.2. Establishing a Client Relationship
When we are contacted by a potential client asking if we can take on a case, we conduct an internal conflict check to ensure there is no conflict of interest before possibly accepting the assignment. This check serves a legitimate purpose and is based on GDPR Article 6(1)(f) (legitimate interest). For private clients, conflict checks usually involve full name, the nature of the matter, and if relevant, creditworthiness. Generally, conflict checks on behalf of corporate clients do not involve processing personal data.
In connection with establishing a client relationship, we carry out customer due diligence in accordance with the Norwegian Anti-Money Laundering Act. We register name, address, phone number, email address, and any personal data included in the inquiry, as well as a copy of valid identification, information about which company you represent, and your role. This customer due diligence is necessary to fulfill our legal obligations under the Anti-Money Laundering Act (GDPR Article 6(1)(c)) and to fulfill our contractual obligations to you as a client under our Engagement Letter.
If we accept the assignment, we record the contact details of the contact person at the client, or just the client’s details if the client is an individual. For private clients, registering contact information is necessary in order to enter into an agreement (GDPR Article 6(1)(b)). For corporate clients, the registration of contact information is based on a legitimate interest (GDPR Article 6(1)(f)).
2.3. Client Administration
Separate case files are created for assignments carried out on behalf of the client. Time and expenses spent on a case are recorded in our timekeeping and accounting system. For corporate clients, our client administration is based on GDPR Article 6(1)(f) (legitimate interest), whereas for private clients, it is deemed necessary to fulfill our agreement (GDPR Article 6(1)(b)).
2.4. Case Handling
Some legal assignments involve us gaining access to personal data about parties or other individuals affected by a case. Such data may be found in documents the client provides or in other correspondence related to the matter. Processing personal data in connection with engagements for corporate clients is based on GDPR Article 6(1)(f) (legitimate interest). In some cases, we also receive sensitive personal data (e.g., health data or information about criminal convictions and offenses). In these instances, the processing is permitted under GDPR Article 9(2)(f) (necessary for the establishment, exercise, or defense of legal claims) and Section 11 of the Norwegian Personal Data Act (2018).
2.5. Storage and Retention of Case Documents
We retain case documents for 10 years after the assignment has concluded. Physical files are transferred to off-site storage, and electronic case files are labeled “archived.” We consider retaining the information for this period necessary both for the client and for our own purposes, in the event that questions or disputes arise later and the stored information becomes relevant. The legal basis for this processing is GDPR Article 6(1)(f) (legitimate interest as described above) and GDPR Article 9(2)(f) (necessary for the establishment, exercise, or defense of legal claims), in conjunction with Section 11 of the Norwegian Personal Data Act (2018).
2.6. Knowledge Management
Advokatfirmaet Seland | Rödl & Partner AS has established an electronic knowledge archive, which is actively used to save time, effort, and thus costs for our clients. Documentation stored in the knowledge archive is anonymized. The legal basis for this is our legitimate interest in utilizing the knowledge we have developed for further advisory services (GDPR Article 6(1)(f)).
2.7. Invoicing
Contact details provided by corporate clients are used to reference invoices sent to the business, upon the client’s request. For private clients, the individual’s private postal address is used for sending invoices. The legal basis for processing is GDPR Article 6(1)(f) (legitimate interest) for corporate clients, and GDPR Article 6(1)(b) (necessary to fulfill the agreement with the data subject) for private clients.
2.8. IT Operations and Security
Personal data stored in our IT systems may be accessible to us or our suppliers in connection with system updates, implementing or monitoring security measures, troubleshooting, or other maintenance work. The legal basis is GDPR Article 6(1)(f) (legitimate interest, related to the aforementioned activities) and our legal obligation to ensure adequate information security (GDPR Articles 32 and 6(1)(c)).
2.9. Marketing
2.9.1. Distribution of Newsletters and General Information About Our Firm
We send newsletters to the email addresses of clients to whom we provide ongoing legal services, as well as to others who have requested our newsletter. In this connection, we store names and email addresses in our mailing list. For distribution, we use Mailchimp, which also stores data about user activity. You can learn more about how Mailchimp stores and protects your information here. Newsletter recipients can easily opt out by using the link included in each newsletter.
For clients, sending newsletters is part of our service offering, designed to keep them updated on relevant areas of expertise. The legal basis is GDPR Article 6(1)(f) (legitimate interest). If there is an existing customer relationship, the marketing is carried out in accordance with Section 15(3) of the Norwegian Marketing Control Act (markedsføringsloven). In other cases, marketing is based on the individual’s consent (Section 15(1) of the Marketing Control Act and GDPR Article 6(1)(a)).
2.9.2. Use of Websites and Cookies
To collect information about the use of our websites, we use cookies. You can read more about cookies and which cookies we use [here]. We process personal data on the basis of a legitimate interest. We have determined that it is necessary to adapt our website for our users.
2.9.3. Marketing on Facebook and LinkedIn
We use Facebook and LinkedIn to share information about our firm and to post news and updates in our practice areas.
Information that you follow our firm’s page and react to our posts is stored by Facebook or LinkedIn and is used for statistics and more targeted marketing. We also use Facebook and LinkedIn statistics to target our information—for example, we may market an Oslo-based course specifically to individuals associated with companies in the Oslo area or relevant industries. Facebook and LinkedIn allow for the storage and organization of a wide range of personal data. However, for targeting our posts, we only use location data and business/industry affiliations.
This processing is based on your consent, given through the settings on your social media profile.
For more information, please refer to Facebook’s and LinkedIn’s policies:
- Facebook
Privacy Explanation
Cookies Policy - LinkedIn
Privacy Policy
Cookie Policy
2.10. Attendance at Our Events
Data: Email address, name, and the company you represent.
These details are used for course administration, invoicing course fees, recording attendance, and issuing course certificates.
2.11. Recruiting for New Positions
When recruiting for new positions at our firm, we process CVs, applications, certificates, and references. This processing is based on your consent.
3. Who We Share Personal Data With
We do not disclose your personal data to others unless there is a lawful basis for such disclosure. Examples of a lawful basis may include an agreement with you or a legal requirement that compels us to release the information.
Our IT service providers may have access to personal data if such data is stored with them or is otherwise made available to them under our contract. These providers act under data processing agreements and follow our instructions. They may only use the data for the purposes we determine and as described in this privacy statement.
We use suppliers located in countries outside the EU/EEA. When transferring personal data to these suppliers, we use the EU’s standard contractual clauses for data transfers (read more here:
https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en) and/or the EU-US Privacy Shield framework (read more here:
https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en).
Lawyers are subject to criminally sanctioned confidentiality obligations under Section 111 of the Norwegian Penal Code (straffeloven). All information entrusted to us in connection with a matter is handled confidentially.
We will not disclose personal data in other instances or in any other manner than described in this privacy statement unless the client explicitly requests or consents to such disclosure or if we are legally required to do so.
4. Storage of Personal Data
We store your personal data for as long as necessary to fulfill the purpose for which the data was collected.
Personal data processed on the basis of your consent will be deleted if you withdraw your consent.
Personal data processed to fulfill an agreement with you will be deleted once the agreement is fulfilled and all obligations arising from it are met. Once a case is closed, it will be archived and retained for ten years from the conclusion of the assignment.
Legally mandated identification checks and other legally required retention of personal data will be stored for as long as the storage obligation exists. For identification checks under the Anti-Money Laundering Act, the data must be retained for five years after the assignment is concluded.
Accounting legislation also requires us to retain certain accounting documents for a specified period. When a particular purpose requires storage for a set period, we ensure the data is only used for that specific purpose during that period.
5. Your Rights
You have certain rights concerning the personal data that relates to you, depending on the circumstances.
We may request that you confirm your identity or provide additional information before allowing you to exercise your rights. We do this to ensure that personal data is only disclosed to you—and not to anyone impersonating you.
5.1. Withdrawing Consent
If you have given consent to receive our newsletter, you may withdraw this consent at any time. We have made it easy for you to opt out of such communications by including an unsubscribe link in each message.
If you have consented to other forms of personal data processing, you may also withdraw that consent at any time by contacting us.
5.2. Access to Personal Data
You have the right to request access to the personal data we have registered about you, provided our duty of confidentiality does not prevent it. To ensure personal data is disclosed to the correct person, we may require that you make your request in writing or that you verify your identity in another way.
5.3. Requesting Correction or Erasure
You may ask us to correct inaccurate information we hold about you or request that we delete personal data. We will comply with such requests to the extent possible, but we may not be able to do so if there are compelling reasons for us to keep the data—for example, if we need to retain the information for documentation purposes.
5.4. Data Portability
In some cases, you may have the right to obtain personal data you have provided to us in a machine-readable format for transfer to another law firm. If it is technically feasible, you may also, in certain instances, request a direct transfer to the other firm.
5.5. Complaint to the Supervisory Authority
If you believe our processing of personal data does not align with what we have described here or that we are otherwise in breach of data protection laws, you can lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet). You can find more information about how to contact the authority on its website: www.datatilsynet.no.
6. Security
We have implemented procedures to handle personal data securely, including both technical and organizational measures. We regularly assess the security of all critical systems used to process personal data, and we have agreements that require our system providers to ensure an adequate level of information security.
Access to personal data (and client/case information) is restricted to personnel who need it to perform their duties.
We have adopted internal IT guidelines and regularly train our employees in matters of security and the use of IT systems.
7. Changes
We may make minor changes to this privacy statement. You will always find the latest version on our website. In the event of significant changes, we will provide notice.
8. Contact Us
If you have any questions or comments about this privacy statement, or if you wish to exercise your rights, please contact us:
Advokatfirmaet Seland | Rödl & Partner AS
Attn: Managing Director
Address: Parkveien 55, 0256 Oslo
Phone: +47 24 13 43 40
Email: post@seland-roedl.no
