<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=481164012244046&amp;ev=PageView&amp;noscript=1">
Skip to content

PRIVACY & COOKIE POLICY

Introduction

This Privacy Policy applies to Advokatfirmaet Magnus Legal AS ("Magnus Legal").

It is important for us that your personal data are processed safely and securely in accordance with prevailing data protection laws and other legislation.

The Privacy Policy describes a privacy policy, how Magnus Legal processes your personal data, the purpose of our processing activities, and the legal basis for our processing activities. It also describes your rights in connection with our processing of your personal data under prevailing data protection legislation.

Magnus Legal is the data controller for the processing of personal data as described in this Privacy Policy. We only process personal data on a lawful processing basis and not beyond what is necessary to fulfill a lawful purpose. Our subcontractors are only permitted to process personal data on our behalf by a data processing agreement and our requirements for information security.

You are always welcome to contact us if you have any questions about our processing of personal data. For contact information, please see clause 11 below.

When referring to GDPR, this is to be understood as a reference to the (EU) 2016/679 General Data Protection Regulation ("GDPR"). 

This Privacy Policy applies to Advokatfirmaet Magnus Legal AS ("Magnus Legal").

It is important for us that your personal data are processed safely and securely in accordance with prevailing data protection laws and other legislation.

The Privacy Policy describes a privacy policy, how Magnus Legal processes your data, the purpose of our processing activities, and the legal basis for our processing activities. It also describes your rights in connection with our processing of your data under prevailing data protection legislation.

Magnus Legal is the data controller for the processing of personal data as described in this Privacy Policy. We only process personal data on a lawful processing basis and not beyond what is necessary to fulfill a lawful purpose. Our subcontractors are only permitted to process personal data on our behalf by a data processing agreement and our requirements for information security.

You are always welcome to contact us if you have any questions regarding our processing of personal data. For contact information, please see clause 11 below.

When referring to GDPR, this is to be understood as a reference to the (EU) 2016/679 General Data Protection Regulation ("GDPR").

General information about personal data

Personal data means any information relating to an identified or identifiable natural person. Name, address, phone number, email address and social security number are examples of information which generally is regarded as personal data.

Individuals we process personal data about

This Privacy Policy addresses our processing of personal data regarding the following individuals:

  • Private individuals;
  • The contact persons of corporate clients;
  • Individuals involved in matters we assist in;
  • Other persons mentioned in the case documents we have access to;
  • The contact persons of suppliers and other collaborators; and
  • Visitors to our website

Below, we have listed the typical purposes for which we process personal data, the categories of personal data we typically process, and the legal bases for such processing.

Purpose, category of personal data, and legal basis

Establishing legal assignments

When a client requests our services, we perform a conflict check before taking on the engagement. The conflict check serves a legitimate purpose and is based on GDPR article 6 No. 1 (f) (balancing of interests). Conflict checks regarding private clients usually include full name, what the case concerns, and, if relevant, creditworthiness. In general, conflict checks on behalf of corporate clients will not involve the processing of personal data.

When establishing a client relationship in cases involving the execution or planning of a transaction, we will conduct customer due diligence in accordance with the Norwegian Money Laundering Act. We will collect documentation confirming the client's identity, as well as the identity of the real licensee of the client. We will also collect personal data regarding the purpose of the legal assignment. If you are a private client, we will collect your full name, social security number or identity number, and address. If you do not have a social security number or identity number, we will collect information regarding your date of birth, birthplace, gender, and citizenship. If the client is a legal person who is not registered in a public registry, we will collect personal data about the owner, general manager, or similar contact person. The client's due diligence is essential for compliance with a legal obligation, cf. GDPR Article 6 No. 1 (c).

If we can take on the assignment, the following contact information will be registered: your full name, email address, address, telephone number and job title. For private clients, this is required in order to enter into an assignment contract, cf. GDPR Article 6 No. 1 (b). For business clients, the registration of contact information is based on a balancing of interests, cf. GDPR Article 6 No. 1 (f).

Case management

Some assignments require access to personal data regarding parties, third parties or other individuals involved in the case in question. Such information may be found in documents provided by the client or in any other documentation of relevance to the case. In connection with assignments for business clients, such data processing is based on GDPR Article 6 No. 1 (f) (balancing of interests).

In some cases, we have access to special categories of personal data, such as health information or sentences and criminal offenses. The basis for such data processing is provided in GDPR Article 9 No. 2 (f) (the processing is necessary for the establishment, exercise, or defense of legal claims); cf. Section 11 of the Personal Data Act.

Knowledge management

As part of Magnus Legal's knowledge management, documents in a case could be used in subsequent cases. Documents stored in our experience archive are anonymized. In addition, documents are shared internally. The documents shared internally will be anonymized prior to storage in a different case. The basis for processing is our interest in utilizing prepared knowledge in further counseling, cf. GDPR Article 6, No. 1 (f) (balancing of interests).

Client Management

Separate electronic files are established for all assignments. Time and costs accrued are registered in our accounting system. For business clients, the client management is based on GDPR Article 6 No. 1 (f) (balancing of interests). For private clients the client management is necessary for the performance of a contract to which the data subject is party, cf. GDPR Article 6 No. 1 (b).

Filing and storage of case documents

Magnus Legal store documents for 10 years after completing an assignment. Storage in the said time span is recommended by the Norwegian Bar Association and considered necessary for both the client and us, as questions and disputes may arise, and where the information stored could be of relevance. The legal basis for the storage of personal data is GDPR article 6 No. 1 (f) (balancing of interest) and GDPR article 9 No. 2 (f) (the processing is necessary for the establishment, exercise or defense of legal claims), cf. Section 11 of the Personal Data Act.

Invoicing

Invoices to corporate clients are marked with the personal data of a contact person if requested by the client. For private clients, we will use the individual's private postal or email address for invoicing. The legal basis for the processing is GDPR Article 6 No. 1 (f) (balancing of interests) for corporate clients and GDPR Article 6 No. 1 (b) (processing is necessary for the performance of a contract to which the data subject is a party).

IT operations and security

Personal data stored in our IT systems will be available to us or our contractors in connection with system updates, implementation, or follow-up on security measures, error recovery, or other maintenance. Our contractors act in accordance with data processing agreements and under our instructions. The legal basis for the processing is GDPR Article 6 No. 1 (f) (balancing of interests) and our legal obligation to have satisfactory data security in place, cf. GDPR Article 32 and GDPR Article 6 No. 1 (c).

Marketing

Magnus Legal sends invitations to customer events and blog notifications to email addresses registered with current clients and others who have consented to receive invitations and notifications from us. Recipients of such notifications may easily unsubscribe from the service by using a link included in all emails. The legal basis for the processing is GDPR Article 6 No. 1 (f) (balancing of interest) where we have received the email address in connection with an assignment. In current client relationships, the marketing will be in accordance with the Marketing Act Section 15 (3). The marketing is otherwise based on consent from the individual, cf. GDPR Article 6 No. 1 (a) and the Marketing Act Section 15 (1).

Recruitment

Magnus Legal will keep job applications, resumes, and other submitted documentation to contact former applicants about future positions. The basis for the processing is GDPR Article 6 No. 1 (a) (consent). Access to personal data is limited to employees who need to have access to the documents. The documents are stored for a maximum of three years after the application procedure ends.

Our web pages

Magnus Legal owns the website magnuslegal.no, including respons.magnuslegal.no and blog.magnus.legal.no. All content published on our web pages belongs to Magnus Legal. By using our websites, you consent to the processing of personal data in accordance with this Privacy Policy.

Personal data collected on our websites may be used for marketing purposes, such as invitations to seminars and other events, information about our services, and other direct and indirect marketing. Personal data collected may also be used for statistical purposes and to operate, maintain, and improve our websites. The basis for the processing is GDPR Article 6 No. 1 (a) (consent), cf. the Marketing Act Section 15 (1).

Cookies

Cookies are small text files that are stored on your computer or mobile device. Magnus Legal uses cookies to analyze visits to our websites and for marketing initiatives.

By visiting our websites, you agree to our use of cookies. Most browsers accept cookies automatically. You may prevent cookies from being stored on your computer by changing the settings of your browser. In your browser, you can also delete stored cookies. For more information about managing the use of cookies in your browser, read more here (external web page). Please note that by blocking the use of cookies in your browser, our websites may not work optimally.
Magnus Legal uses Google Analytics and HubSpot. Hubspot will ask your browser to accept cookies (external web page). When visiting our websites, cookies will track you anonymously until you optionally provide your contact information in one of our forms and give your consent to direct or indirect marketing efforts from us. The consent implies that the personal data you provide may be linked to the data that has previously been anonymously stored about your use of our websites. If you would like more information on how this works, read more here (external web page).
Google Analytics is a web analytics tool that collects data and prepares statistics to improve and develop our web pages. All data collected through Google Analytics from our web pages will be anonymized before it is stored by Google. If you wish to prevent your data from being collected by Google Analytics, you will find information about the Google Analytics Opt-out Browser Add-on here (external web page).

For the operations of our websites, web analytics, and marketing efforts, we use the following subcontractors:

  • Avidly Norway AS (prev. Inbound Norway AS)
  • ECIT Software A/S
  • FrontKom AS
  • HubSpot Inc.
  • Google Inc.
  • LinkedIn
  • FaceBook
  • Vimeo
  • YouTube


Magnus Legal also uses cookies through our social media presence. When visitors visit our websites and profiles on social media, the social media channel collects personal data to compile statistics. Magnus Legal does not have access to the personal data collected, but we can access anonymous statistics prepared by the social media channel based on the information gathered.

Service providers

Meta Platforms Inc.

Detects how the user reached the website by registering their last URL address. It is also used by Facebook to deliver ads from third-party advertisers.

Google

Registers and reports the website user's actions after viewing or clicking on an ad to measure the effectiveness of an ad and present targeted ads to the user. It is also used to check if the user's web browser supports cookies.

It also tracks whether the user has shown interest in specific products or events across multiple websites and detects how the user navigates between sites. This information is used to measure the effectiveness of advertising efforts and facilitate the payment of referral fees between websites. Also used by Google AdSense to experiment with ad effectiveness across sites using their services.

HubSpot

It sends data about the visitor's device and behavior to the marketing platform HubSpot and tracks visitors across devices and marketing channels.

Collects data associated with visitors' website visits, including number of visits, time spent on visits, pages read, form submissions, and emails received and read. The purpose is to segment visitors based on interests, industries, and geographic location and thereby communicate more targeted information. This cookie recognizes visitors' identities and sends data to the HubSpot marketing platform about previous form submissions to avoid duplicate contacts.

LinkedIn

Cookies help LinkedIn display relevant ads, both on and off our services, and measure the performance of such ads. We use these technologies to learn if the content has been shown to you or if someone who was presented with an ad later returned and took action (such as downloading a brochure or making a purchase) on another website. Similarly, our partners or service providers may use these technologies to determine if we have shown an ad or a post and how it performed or provide us with information on how you interact with ads.

YouTube

Registers a unique user ID for statistics on which videos the user has watched and how the user interacts with the content shown. This ID is also used by Google to see how users use YouTube content across different sites.

The YouTube cookie is also necessary for the implementation and functionality of video content on our website. YouTube also stores the user's video preferences.

Vimeo

Vimeo tracks with a cookie (a small text file stored in your browser) that allows Vimeo or a third party to recognize you using a unique identifier.

Social Media

Magnus Legal has profiles on social media, and we are using plug-ins from social media on our websites. When visiting our websites or our profiles on social media, the social media channel will process your personal data and use cookies. More information on how the social media channel processes personal data and their use of cookies, you will find in the social media's information on data protection and cookies. In some cases, Magnus Legal can use such data to create targeted advertisements via social media.

Sharing personal data

Lawyers' professional secrecy is a statutory obligation. All information entrusted to us in connection with an assignment will be handled confidentially.

Our IT subcontractors may have access to personal data if such data is stored with the subcontractor or is available to the subcontractor in any other way. The subcontractors act under our instructions and in accordance with data processor agreements. The subcontractors can only use the personal data for the purposes we have determined and as described in this privacy policy.

We use subcontractors in countries outside the EU and EEA. For the transfer of personal data to such subcontractors, we use the EU's standard contracts for data transfers (click for more information).

Magnus Legal cooperates with Inventura AS on public procurement. We share personal data with Inventura AS only if our customers or potential customers have actively given their explicit consent to be contacted by Inventura AS.

We do not disclose personal data in any other manner than those described in this privacy policy unless the client explicitly encourages or gives their explicit consent to such disclosure or the disclosure is decreed by law. 

Your rights

You have legal rights regarding our processing of your personal data. The rights you have depend on the circumstances.

Withdrawal of consent

If you have consented to receive blog notifications or other information from us, you may withdraw this consent at any time. We have provided an easy way to opt out of this approach by including a link to a deregistration form in each communication. If you have consented to any other data processing, you may at any time withdraw your consent by directing an inquiry to us.

Right to access

You have the right to access the personal data we have registered concerning you unless professional secrecy impedes this. To ensure that personal data is delivered to the right person, we may require that a request for access be provided in writing or that your identity is otherwise verified.

Right to rectification or erasure

You have the right to obtain ratification of inaccurate personal data concerning you and the right to erasure of personal data. We will comply with a request to erase personal data to the extent possible unless further processing is necessary, e.g., we need to store the information for documentation purposes.

Data portability

If we process personal data concerning you based on consent or on the basis of an agreement, and the personal data is processed automatically, you may ask us to transmit your personal data to you or to another law firm in a structured, commonly used, and machine-readable format.

Complaint to the supervisory authority

If you disagree with how we process your personal data, you may lodge a complaint with the Norwegian Data Protection Authority.

Security

We have established routines for the secure processing of personal data and client information in general. The measures are technical and organizational. We regularly evaluate the security of all central systems used for data processing and have concluded contracts instructing subcontractors to ensure satisfactory information security.

Access to personal data (and client/case information) is limited to personnel who need it to perform their work. We have adopted IT guidelines, and our employees are regularly trained in the security and secure use of IT systems.

Contact us

If you have any questions or comments about our Privacy Policy, or you want to exercise your rights, please contact us at contact@magnuslegal.no or by post:

Advokatfirmaet Magnus Legal AS
PO Box 904 Sentrum
5808 Bergen
Norway

Changes

We reserve the right to amend or update this Privacy Policy. All changes apply from the time they are published, and you will always find the latest version of the Privacy Policy on our website. You will be notified of material changes. If you want to know when the Privacy Policy was last updated, see the "Last Updated" section at the bottom of the page.

Last updated: June 06, 2024.