Privacy Policy

Privacy Policy for Advokatfirmaet Sveinsson

Last Modified: January 30, 2023

This privacy statement applies to Advokatfirmaet Sveinsson ("we" or "us"). We are the data controller for the processing of personal data described in this privacy statement. You can find our contact information below.

1. Who we process personal data about

This privacy statement is aimed at our processing of personal data about the following persons:

    • Private clients
    • Clients in criminal cases
    • Contact persons at business clients
    • Contact persons at our suppliers and partners
    • People involved in cases we assist in
    • Other persons mentioned in case documents we have access to
    • Visitors to our website
2. Purpose, types of personal data and legal basis

Below we have provided an overview of the purposes for which we process personal data, the types of personal data we process and the legal basis for the processing.

Establishing client relationships: When we are contacted by a client with a request if we can take an assignment, we carry out an internal independence check (conflict resolution) before accepting the assignment. The independence check serves a legitimate purpose and is based on GDPR Article 6 (1) (f) (balancing of interests). Conflict checks of private customers usually include full name, what the case concerns and, if relevant, creditworthiness. In general, conflict checks on behalf of business customers will not involve the processing of personal data.

In connection with the establishment of a client relationship, we will carry out a customer check in accordance with the provisions of the Money Laundering Act. Among other things, we will register and verify your identity. This means that your name, address and date of birth will be registered, and a copy of the identity document, such as passport, ID card or driver's license, will be taken. Customer due diligence is necessary to comply with our legal obligations under the Money Laundering Act, cf. GDPR Article 6 (1) (c).

If we can accept the assignment, contact information is recorded, including name, address, telephone number and e-mail address. For business clients, one or more contact persons will normally be registered, with associated telephone numbers and e-mail addresses. For private customers, the registration of contact information is necessary in order to enter into an agreement with the person concerned, cf. GDPR Article 6 (1) (b). For business customers, the registration of contact information is based on a balancing of interests, cf. GDPR Article 6 (1) (f).

Case management: Some legal assignments involve us gaining access to personal data about parties or other individuals affected by a case. Such information may appear from documents submitted by the client or other correspondence in the case. For private clients, the processing is necessary in order to fulfil an agreement to which the data subject is a party, cf. GDPR Article 6 (1) (b). The processing of personal data in connection with assignments for business customers is based on GDPR Article 6 (1) (f) (balancing of interests). In some cases, we also gain access to sensitive personal data, such as health data or criminal convictions and offences. In such cases, the processing of the data is based on Article 9 (2) (f) of the GDPR (the processing is necessary for the establishment, exercise or defence of a legal claim), cf. Section 11 of the Personal Data Act (new 2018).

Knowledge management: Sometimes we reuse prepared documents in other cases. In order to use these documents later, they are stored anonymously in an experience archive. Publicly available information, such as court decisions, will not normally be anonymized. The basis for processing is our interest in utilising the knowledge developed in further advice, cf. GDPR Article 6 (1) (f) (balancing of interests).

Client management: Separate case files are created for assignments performed on behalf of the client. Time and costs incurred on a case are recorded in our accounting system. For business customers, what we do in connection with client administration is authorised by GDPR Article 6 (1) (f) (balancing of interests), while for private customers it is considered a necessary part of fulfilling the agreement with the person concerned, cf. GDPR Article 6 (1) (b).

Storage and storage of case documents: We store case documents for 10 years after the assignment has ended. Storage for the specified period of time is considered necessary for the sake of both the client and for our own sake, since subsequently questions or a dispute may arise where the information stored on a case may again become relevant. The legal basis for the processing of personal data is GDPR Article 6 (1) (f) (balancing of interests) and Article 9 (2) (f) of the GDPR (establishing, exercising or defending legal claims), cf. Section 11 of the Personal Data Act (new 2018).

Invoicing: Contact information received from business customers is used to mark invoices sent to the business. For private customers, the person's private address or e-mail address is provided for sending invoices. The basis for processing is GDPR Article 6 (1) (f) (balancing of interests) for business customers and Article 6 (1) (b) of the GDPR (necessary to fulfil the agreement with the data subject) for private customers.

IT operations and security: Personal data stored in our IT systems may be available to us or to our suppliers in connection with system updates, implementation or follow-up of security measures, error correction or other maintenance. The basis for processing is GDPR Article 6 (1) f (balancing of interests, cf. our legitimate interest in these activities) and our legal obligation to have satisfactory information security, cf. GDPR Articles 32 and 6 (1) (c).

Marketing: We send out newsletters to e-mail addresses registered to clients to whom we continuously provide legal services and others who have requested our newsletter. In this connection, the name and e-mail address are processed. Recipients of the newsletter can easily unsubscribe from the service by using the link included in each inquiry. The basis for processing is GDPR Article 6 no. 1 letter f (balancing of interests) where we have received the e-mail address in connection with a legal assignment. The processing is necessary to safeguard our business considerations. We have considered that this information only includes contact information and is not of great importance to the data subjects. If there is an existing customer relationship, the marketing will take place in accordance with section 15 (3) of the Marketing Control Act. In other contexts, marketing is based on the consent of the person concerned, cf. Section 15 (1) of the Marketing Control Act and Article 6 (1) (a) of the GDPR.

3. Who we share personal data with

Our IT service providers may have access to personal data if personal data is stored with the supplier or is otherwise available to the supplier in accordance with the contract with us. The suppliers act in accordance with the data processing agreement and under our instructions. The supplier may only use the personal data for the purposes we have determined and which are described in this privacy statement.

For the transfer of personal data to these suppliers in countries outside the EU and EEA, we use EU standard transfer agreements (read more here: and/or the EU-US Privacy Shield Framework (read more here:

Lawyers are subject to a criminally sanctioned duty of confidentiality pursuant to Section 111 of the Civil Penal Code. All information entrusted to us in connection with an assignment is handled confidentially.

We do not disclose personal data in other cases or in other ways than those described in this privacy statement unless the client explicitly encourages or agrees to this or the disclosure is required by law. These may be legal obligations that require us to provide information to counterparties, courts and/or public bodies.

4. Storage of personal data

We store case documents for 10 years, as stated in section 2.

Accounting legislation otherwise requires us to store certain accounting documents for a specified period of time. When a specific purpose warrants storage for a given period of time, we ensure that the personal data is exclusively used for that purpose during that period.

5. Your rights

You have rights in personal data concerning you. Your rights depend on the circumstances.

Withdraw consent: If you have given consent to receive newsletters from us, you can withdraw this consent at any time. We have made it possible for you to easily reserve yourself against this type of inquiry by including a link to the unsubscribe form in each inquiry. If you have consented to other processing of personal data, you may also withdraw your consent at any time for this processing by contacting us.

Request access: You have the right to access what personal data we have registered about you, as long as the duty of confidentiality does not prevent this. To ensure that personal data is disclosed to the right person, we may require that requests for access be made in writing or that identity is verified in some other way.

Request correction or deletion: You can ask us to correct incorrect information we hold about you or ask us to delete personal information. We will as far as possible comply with a request to delete personal data, but we cannot do this if there are compelling reasons not to delete, for example that we need to store the data for documentation purposes.

Data portability: In some cases, you may have access to receive personal data you have provided to us in order to have it transferred in a machine-readable format to another law firm. If it is technically possible, in some cases it will be possible to have these transferred directly to the other company.

Complaint to the supervisory authority: If you disagree with the way we process your personal data, you can submit a complaint to the Data Inspectorate.

6. Security

We have established procedures to handle personal data in a secure manner. The measures are of both a technical and organisational nature. We regularly assess the security of all central systems used for the handling of personal data, and agreements have been entered into requiring suppliers of such systems to ensure satisfactory information security.

Access to personal data (and client/case information) is limited to personnel who need access to perform their duties.

We have adopted internal IT guidelines, and we regularly train employees with regard to security and use of IT systems.

7. Changes to the Privacy Statement

We may make minor changes to this Privacy Statement. You will always find the latest version on our website. In the event of significant changes, we will notify you of this.

8. Cookies

When you visit our website, we use cookies. Read more about cookies here.

9. Consent

By using our website, you agree to our privacy policy and agree to the terms.

10. Contact us

If you have any questions or comments about our privacy statement or you want to exercise your rights, please contact us:

Advokatfirmaet Sveinsson

Paul Sveinsson, Attorney-at-law


Phone: +47 98294584 NO 929 715 659 MVA
P.O.Box 235, 1301 Sandvika, Norway

Social media:


Developed by Sentu AS

Copyright © Goldenblatt 2019