1 Responsibility

Projure Advokatfirma AS (Law Firm, Bus. Ent. no.  NO-922253676), represented by Board Chair Per Bergstad, is responsible for the processing of personal data carried out by the firm’s employees and partners.

Please contact us directly if you have any questions regarding Projure’s processing of personal data.

We at Projure are specialists in the field of personal data and have procedures in place to ensure that we comply with the provisions of the Norwegian Personal Data Protection Act (personopplysningsloven).

2 Contact

Our contact representative for personal data protection matters is Ulrik Haukali.

Nedre Holmegate 30, 4001 Stavanger.

Telephone: +47 51 85 84 00

E-mail: stavanger@projure.no

3 Whose personal data do we process?

At Projure we process personal data belonging to:

  • Our clients
  • Contact persons employed by our suppliers and business clients
  • Contact persons employed by the courts, the Norwegian Labour and Welfare Administration (NAV) and the public supervisory authorities
  • Persons involved in cases for which we provide our services
  • Other persons named in case documents to which we have access
  • Persons registered in our e-mail lists for newsletters and invitations to courses
  • Visitors to our website
  • Job applicants

4 How we process personal data at Projure

4.1 Casework

The majority of the personal data that we process is in connection with our role as a law firm. Certain legal assignments entail that we obtain access to personal data concerning parties or other individuals involved in a case. Such data will be contained in documents sent to us by our client or in other correspondence related to the case. In some cases we obtain access to sensitive information, such as concerning an individual’s health, criminal record or links to a trades union. In such cases, our processing of such data has its legal basis in Article 9, no. 2 (f) of the GDPR (processing is necessary for the establishment, exercise or defence of a legal claim), cf. Section 11 of the recently (2018) amended Norwegian Personal Data Protection Act.

Depending on the specifics of the case, we may process data such as an individual’s name, telephone number, e-mail and other addresses, age, gender, employment details, finances, family relations and health. We limit our processing activities to data that are relevant to case administration linked to the specific legal assignment in question.

Data we record in connection with a legal assignment is used by the firm to establish our client relations and carry out casework, client administration and invoicing. More detailed information is provided in our letter of confirmation.

Pursuant to Section 22 of the Norwegian Money Laundering Act (hvitvaskingsloven), Projure has a mandatory obligation to report, and must retain copies of, documents used in connection with client accreditation for a period of five years after our dealings with the client have ceased. Parties that are obliged to report must, pursuant to Section 8, register an individual's full name, date of birth, fixed address and a copy of their proof of identity.

Both publicly available and sensitive personal data that are used in our casework are afforded strict protection by means of the relevant lawyer’s duty of non-disclosure. This duty of non-disclosure is set out Section 111 of the Norwegian Penal Code (straffeloven) and Chapter 12 of the statutory regulations governing legal advocates (advokatforskriften – rules governing good legal practice).

4.2 Contact persons employed by suppliers and business clients

It is necessary for us to maintain contact with our suppliers in order to follow up agreements and new product offers. In this regard, we store the names, telephone numbers, e-mail addresses and employer details of relevant persons. The data are stored in our casework software (Advisor), and we use them to contact business clients or suppliers in order to follow up cases, product offers, orders, invoices, and to send out newsletters and invitations to courses. Employees at Projure will have access to contact information registered in the Advisor system. We do not disseminate contact information unless the contact person in question has requested this for marketing purposes.

4.3 Our website and promotion of the firm

We send out newsletters to e-mail addresses registered in the names of our clients for whom we provide legal services on a regular basis, as well as to other parties that have requested our newsletter. Newsletter recipients may easily cancel this service using the link provided when the newsletter is delivered. Data processing is based on a balanced assessment of interests in situations in which we have received the e-mail address in connection with a legal assignment. Our aim is promotion of the firm, which we believe is a justified interest. In situations where Projure has an existing relationship with the client, promotion of the firm will take place pursuant to the provisions of Section 15 (3) of the Norwegian Marketing Control Act (markedsføringsloven). In other contexts, promotion will be based on consent from the party in question, cf. Section 15 (1) of the aforementioned Act and Article 6, no. 1 (a), of the GDPR.

The “Mailchimp” marketing platform places a so-called “web beacon” tracker in our newsletter. This is a type of cookie that allows Mailchimp and Projure to view source data such as the IP address, country and e-mail software, as well as the date and time of each occasion that a newsletter is opened by a recipient. The aim of this is to obtain an overall picture of who opens the newsletters, so that we can improve our promotion of the firm.

We use Google Analytics in connection with our website. This enables us to record information regarding the languages, towns/cities, browsers, operative systems and service providers linked to those visiting the site. The source of these data is anonymised and cannot be traced to a named person. As such they are not regarded as personal information.

4.4 Job applicants

It is necessary for us to use information as a means of evaluating the job applications we receive. We request that those who apply to work at the firm send us their name, educational qualifications, a CV, references, and other information they may consider relevant to an assessment of their application. If you are invited to an interview, we will ask you questions as a basis for deciding whether or not you will be suitable for the post in question. We will also obtain references from former employers.

Information on job applicants is stored in a protected digital directory. We use the information solely for the purpose of evaluating applicants as part of the employment process. Only the firm’s Head of Administration, Recruitment Manager and relevant legal specialists have access to this information. The information is stored for a period of 12 months with a view to future employment.

5 Your rights

You can contact Projure at any time if you require information as to whether the firm is processing your personal data. If Projure is processing your personal data, you can obtain information regarding both the data itself and the nature of the processing. This information will be sent to you on request. If you are a client with the firm and have questions concerning our processing of your personal data in connection with a case, please contact the case lawyer in question.

However, please note that we have to be certain that we only divulge your personal data to you alone, and not to persons pretending to be you. For this reason, we will ask you to confirm your identity or provide further information before we grant you access to view or update your personal data. A lawyer’s duties of non-disclosure confer an exemption from entitlement to access. Persons other than clients, who are named in case documents linked to cases in which we are providing our services, thus have no entitlement to access.

In the case of data processing based on consent, you will have the opportunity to withdraw your consent if you later decide that you wish processing to be discontinued.

Projure employs data processing contractors to process personal data as part of their provision of IT services to the firm. Strict agreements are entered into with our data processing contractors to guarantee that information security is maintained.

You can read more about your rights on the website of the Norwegian Data Protection Authority (Datatilsynet): www.datatilsynet.no