Privacy notice
Overview of Cirio’s use of personal data
Cirio Advokatbyrå AB is committed to protecting and respecting your privacy. One of our highest goals is that you feel safe when we process your personal data. Our Privacy Notice explains how we process your personal data in compliance with applicable legislation. It applies to all our processing of personal data relating to our clients and clients’ representatives and to other external actors, such as representatives of potential clients. It also applies to our suppliers and partners; event attendees; web site visitors; newsletter subscribers and other business contacts.
We only use your personal data for the purposes specified in this Privacy Notice. Kindly see below for further information about our use of personal data and your rights related thereto.
Please do not hesitate to contact us at privacy@cirio.se if you have any questions about this Privacy Notice, our processing of your personal data or if you wish to exercise your rights.
Cirio Advokatbyrå AB
Org.nr. 556953–0008
Telephone: + 46 8 527 916 00
E-mail: privacy@cirio.se
Web site: www.cirio.se
Postal address: Cirio Advokatbyrå AB, Box 4, SE-737 21 Fagersta
Visiting address: Biblioteksgatan 9, 111 46 Stockholm
CONTENTS
1. General
2. Data controller
3. Our use of your personal data
4. Collection of personal data
5. Obligation to provide personal data
6. AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING
7. Retention of personal data
8. With whom do WE SHARE your personal data?
9. Where is your personal data processed?
10. Your rights if standard contractual clauses are applied
11. Your rights
12. Administration in bankruptcy and similar matters
13. Protection of your personal data
14. Cookies
15. Changes to the privacy notice
16. Contact details
Privacy notice – clients and other contacts
1. GENERAL
1.1 Cirio Advokatbyrå AB, org. nr. 556953–0008, (“Cirio”) is committed to protecting and respecting your privacy. We want you to feel safe when we process your personal data. This Privacy Notice (“Privacy Notice”) explains how we ensure that your personal data is handled in compliance with applicable legislation. It applies to all our processing of personal data relating to our clients and clients’ representatives and to other contacts, such as representatives of potential clients. It also applies to our suppliers and partners; event attendees; web site visitors; newsletter subscribers and other business contacts.
1.2 We need to process your personal data to be able to operate our business and meet our obligations and responsibilities in relation to our clients and other actors, applicable legislation and good industry practice.
2. DATA CONTROLLER
2.1 Cirio is the data controller for the processing of your personal data and is responsible for ensuring that the processing is carried out in accordance with applicable legislation. If you have any questions regarding the processing of your personal data, you will find our contact details at the end of this Privacy Notice.
3. OUR USE OF YOUR PERSONAL DATA
We use your personal data for the following purposes
- To analyse the use of our web page;
- To defend our clients’ legal interests and otherwise prepare, deliver and evaluate our legal services;
- To market our services e.g., through newsletters, social media, webinars, publications and events;
- To avoid conflicts of interest;
- To manage our relationship and contracts with our clients and other external actors such as partners and vendors, including maintaining and managing our contact lists regarding such actors;
- To comply with legal obligations;
- To enable mergers, divestitures, restructuring, reorganization, dissolution and other sale or transfers of Cirio’s’ assets; and
- To establish and defend legal claims vis a vis Cirio.
Below you can find more information about our processing of your personal data.
PURPOSES
1. To analyse the use of our web page
2. To defend our clients’ legal interests and otherwise to prepare, deliver and evaluate our legal services
3. To market our services e.g., through newsletters, social media, webinars, publications and events
4. To avoid conflicts of interest
5. To manage our relationship and contracts with our clients and other external actors such as partners and vendors, including maintaining and managing our contact lists regarding such actors
6. To comply with legal obligations
7. För att möjliggöra fusioner, avyttringar, omstruktureringar, omorganisationer och annan försäljning eller överföring av Cirios tillgångar
8. För att fastställa och försvara rättsliga anspråk gentemot Cirio
To analyse the use of our web page
Why we process your data: We analyse and process your personal data to improve, develop, maintain and manage our website and services. For this purpose, we also use third party tracking services that employ to collect aggregated data about visitors to our websites. For more information about our use of cookies and similar techniques, please read our cookie notice.
Categories of personal data:
Usage data such as cookie information and behaviour on web site. Device data such as IP-number. |
Legal basis:
When processing personal data in the form of cookies which is necessary for the functioning of the website, we base such processing on our legitimate interest of promoting, evaluating, and developing our business. However, when processing personal data in the form of non-necessary cookies to analyse the use of our website we base the processing on your consent. |
Retention time: Please see our cookie notice for more information about for how long we process your information for this purpose.
To defend our clients’ legal interests and otherwise to prepare, deliver, and evaluate our legal services
Why we process your data: We process our client’s personal data to be able to engage in matters relating to the legal services that we provide. This includes inviting and performing meetings as well as contacting clients. We also need to offer or retrieve information of our clients or of other persons (counterparts and their legal representatives, witnesses, persons affected by the legal matters etc.) which relate to our client matters, or else to Cirio’s legal services. Cirio may also, in the light of legislative requirements, process sensitive data such as data relating to criminal convictions and offences. This pertains especially when we are performing our obligations to comply with regulations intended to, for example, prevent money laundering and terrorist financing as well as to comply with international sanctions.
Categories of personal data:
Contact information such as name, address, email address, phone number. Payment information, if the data subject for example is a sole proprietorship or a private person. Work related data such as employer, title, competences, and skills. Identification documentation or background information that we have received from you or collected as a part of our client onboarding process. This includes e.g., birth dates, social security numbers and photos in identity documents. Data related to performance of checks concerning money laundering- or international sanctions including data relating to criminal convictions and offences. This includes information of nationality, ultimate beneficial ownership or data relating to being a PEP or a person affiliated with PEPs. Other matter-related data meaning data provided to or collected by us to handle client matters. |
Legal basis:
Processing is necessary for the purposes of our legitimate interests to engage and perform our legal duties in matters relating to the legal services that we provide. This also includes the client’s or other persons legitimate interests in the matter in which Cirio is engaged. Processing is also necessary for Cirio to be able to comply with legal obligations to which the controller (Cirio) is subject. This relates to complying with onboarding requirements such as performing checks concerning KYC- or international sanctions and the legal basis also applies to. processing of data related to criminal convictions and offences. Cirio refers in this matter to its obligations deriving from the Swedish AML-regulations and international/national regulations regarding international sanctions. When we process social security numbers this is done based on the fact that this is necessary according to the criteria stated in Chapter 3 Section 10 § in the Swedish “lag (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning”. This applies to the onboarding process as well as to the deliverance of legal services as it is vital that such tasks are performed vis a vis the persons concerned. |
Retention time: Data processed as part of our engagement in a client matter is stored for ten years or the longer period required by the Swedish Bar Association Code of Conduct with regards to the nature of the client matter. As a rule, and if the managing of the case does not require it, Cirio does not store client data for more than twenty years.
To market our services e.g., through newsletters, social media, webinars, publications and events
Why we process your data: We process your personal data to market Cirio and our services. We may use your data to, for example, send you our newsletters and invites to events and to manage such events. You can easily opt out from such communication. Information about how to opt-out will be given in each communication to you. Further, we conduct marketing activities on social media platforms, such as Facebook, LinkedIn and Instagram.
In addition, we will record, store and publicly disseminate recording of events performed by Cirio such as webinars and podcasts. As such, participation in such events might entail that we process your personal data and then for the end to market our services.
Categories of personal data:
Contact information such as name, address, email address, phone number. Work related data such as employer and title. Information that you share relating to meetings or events, such as food preferences. Pictures and recording of sounds and images from seminars, events, or similar occasions. Information connected to your social media account, such as profile pictures, profile name and other information you choose to provide when you interact with us on social media. |
Legal basis:
Processing is necessary for the purposes of our legitimate interests to be able to market our services. |
Retention time: Data processed as part of our marketing is stored to contact you for marketing purposes during one year from the date, we collected your data or the date when we last used your data to contact you. You may at any time unsubscribe from our mailings. If you unsubscribe, you will no longer receive mailings.
Recordings from events such as webinars and podcasts will be retained for a period of five years from the recording.
To avoid conflicts of interest
Why we process your data: As is stipulated in the Swedish Bar Association Code of Conduct, Cirio is obligated to avoid conflicts of interest. When conducting such conflict checks, Cirio must process personal data.
Categories of personal data:
Identity documentation or background information that we have received from you or collected as a part of our client intake process Work related data such as employer and title. Contact information such as name, address, email address, phone number. |
Legal basis:
Processing is necessary for the purposes of our legitimate interests of avoiding conflicts of interest in accordance with the Swedish Bar Association Code of Conduct. |
Retention time: Data processed as part of our engagement in a client matter is stored for ten years or the longer period required by the Swedish Bar Association Code of Conduct with regards to the nature of the client matter. As a rule, and if the managing of the case does not require it, Cirio does not store client data for more than twenty years.
To manage our relationship and contracts with our clients and other external actors such as partners and vendors, including maintaining and managing our contact lists regarding such actors
Why we process your data: We process your personal data to manage our relationship with you. We will also process personal data when managing contracts with our partners and vendors. We will also process personal data to manage our contact list, as for example to add or remove addresses.
Categories of personal data:
Contact information such as name, address, email address, phone number. Work related data such as employer and title. Matter related data, such as data provided to us to handle client matters and contracts. |
Legal basis:
If we have a contract with you, the processing is necessary for the performance of that contract. If we have a contract with a legal person that you represent, the processing is necessary for the purposes of our legitimate interests of managing the relationship with you or the legal person that you represent. |
Retention time: Data processed as part of our engagement in a client matter is stored for ten years or the longer period required by the Swedish Bar Association Code of Conduct with regards to the nature of the client matter. As a rule, and if the managing of the case does not require it, Cirio does not store client data for more than twenty years.
When the personal data otherwise represents or is included in documents Cirio is required to store for reasons of accounting the data will be stored and retained until the seventh year following the end of the calendar year in which the financial year ended.
To comply with legal obligations
Why we process your data: Cirio may process your personal data to comply with our legal obligations under applicable law, e.g., legislation regarding accounting, audit, and tax. Cirio may also, due to legislative requirements, process sensitive data such as data relating to criminal convictions and offences when we are acting as a receiver in bankruptcy matters.
Categories of personal data:
Contact information such as name, address, email address, phone number. Payment information. Work related data such as employer and title. Identity documentation or background information that we have received from you or collected as a part of our client intake process Matter related data, such as data provided to us to handle client matters Sensitive data, including data relating to criminal convictions and offences. |
Legal basis:
We need to process personal data to comply with our legal obligations under applicable legislation. |
Retention time: Your personal data is kept for as long as necessary to comply with applicable legal obligation, for example seven years with regards to our obligations in the Accounting Act and five to ten years, depending on the circumstances, to fulfil the Anti-Money Laundering Act.
To enable mergers, divestitures, restructuring, reorganization, dissolution and other sale or transfers of Cirio’s assets
Why we process your data: In case of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of Cirio’s’ assets we may need to process your personal data to enable such transfer.
Categories of personal data:
Contact information such as name, address, email address, phone number. Payment information. Work related data such as employer and title. Identity documentation or background information that we have received from you or collected as a part of our client intake process Matter related data, such as data provided to us to handle client matters |
Legal basis:
The processing is necessary for the purposes of our legitimate interests of enabling mergers, divestitures, restructuring, reorganization, dissolution and other sale or transfers of Cirio’s’ assets. |
Retention time: Personal data that is transferred to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Cirio’s’ assets will not be stored by Cirio after such transfer unless required to fulfil any of the other purposes set out above.
To establish and defend legal claims vis a vis Cirio
Why we process your data: In case of a dispute, we are entitled to process your personal data to establish, exercise or defend the legal claim.
Categories of personal data:
Contact information such as name, address, email address, phone number. Payment information. Work related data such as employer and title. Identity documentation or background information that we have received from you or collected as a part of our client intake process Matter related data, such as data provided to us to handle client matters Sensitive data, including data relating to criminal convictions and offences. |
Legal basis:
In case of a dispute, we are entitled to process your personal data with legitimate interest as legal basis to be able to safeguard our business interests. Processing of data relating to criminal convictions and offences will either be based on 5 § förordningen (2018:219) med kompletterande bestämmelser till EU:s dataskyddsförordning or 2 § Föreskrifter (DIFS 2018:2) om behandling av personuppgifter som rör lagöverträdelser. |
Retention time: Your personal data is kept for as long as necessary for us to exercise or defend a legal claim in case of a dispute.
4. COLLECTION OF PERSONAL DATA
4.1 The personal data that we process about you are data that you have provided us with or that we have otherwise acquired during our relationship. We collect data e.g.,
- From you or your representatives;
- From our web site and third-party vendors that assist us in collecting data for our marketing purposes;
- From our clients when we initiate a business relationship or throughout the course of handling a matter on behalf of our client;
- From our business contacts, such as suppliers and vendors;
- Through emails and letters sent to and from Cirio;
- When you share information with us through other means, such as meetings, conversations, social media, events or online forms.
4.2 We may also collect or receive information about you from other sources, such as
- Public registers;
- Bisnode Infotorg;
- Bolagsverket (Swedish Companies Registration Office);
- Swedish authorities and courts:
- Other third-party service providers.
5. OBLIGATION TO PROVIDE PERSONAL DATA
5.1 If you are a client or a client representative or a representative, contact person, agent or other employee of a (potential) business customer, supplier or partner, we process your personal data to enter into an agreement with you or the company that you represent, etc. It is necessary that you provide certain personal data to us at Cirio] to enter into an agreement with us and for us to administer the relationship with you or the company that you represent. If you do not provide us with the necessary personal data, it is not possible for us to enter into an agreement with you or the company that you represent
6. AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING
6.1 We do not use processes for automated individual decision-making, including profiling
7. RETENTION OF PERSONAL DATA
7.1 We only keep your personal data for as long as it is necessary to achieve the purposes for which they were collected in accordance with this Privacy Notice. When we no longer need your personal data, we remove the data from our systems, databases and backups.
7.2 For more information on how long we keep your personal data regarding the different purposes, see the tables above.
8. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
8.1 We may share your personal data with third parties that are trusted recipients and with whom we have an agreement ensuring that your personal data is processed in accordance with this Privacy Notice. We may therefore share data with, for example:
- Other professional advisers;
- Accountants;
- IT-suppliers;
- Third party service providers, such as translation, document review and other support functions;
- Third parties as part of our performance of legal services related to client matters, such as courts, authorities, counterparties, counterparty counsel, suppliers of data rooms;
- Third parties involved in organising events, such as hotels, restaurants, lecturers and other organisers; and
- Social media providers, such as Instagram, Facebook, LinkedIn and YouTube.
We kindly refer to the policy of each service provider for information on their processing of personal data.
8.2 In certain circumstances, we may also need to disclose data upon request from authorities or to third parties in connection with court proceedings, business acquisition, combination processes or other similar processes.
8.3 We will not sell your personal data.
9. WHERE IS YOUR PERSONAL DATA PROCESSED?
9.1 Cirio processes your personal data primarily within the EU/EEA. In some cases, we may transfer your personal data to a country outside of the EU/EEA. If personal data is transferred to any such country, we will ensure that your personal data is protected and that the transfer is carried out in accordance with applicable law.
9.2 When carrying out any transfer which is not subject to an applicable adequacy decision by the European Commission, we will use the standard contractual clauses for transfers to third countries (SCC) issued by the European Commission as legal basis for the transfer. These are based on article 46.2 (c) in the GDPR.
10. YOUR RIGHTS IF STANDARD CONTRACTUAL CLAUSES ARE APPLIED
10.1 To ensure transparency of the processing of personal data, you as a data subject can contact us should you desire to be provided with a copy of standard contractual clauses when such are used.
11. YOUR RIGHTS
11.1 Our responsibility for your rights
11.1.1 In our capacity of a data controller, we are responsible for ensuring that your personal data is processed in compliance with the law and that you can exercise your rights. You may contact us at any time if you wish to exercise your rights. You will find the contact details at the end of this Privacy Notice.
11.1.2 We have an obligation to respond to your requests to exercise your rights within one month from receiving your request. If your request is complex or if we have received many requests, we have the right to extend this deadline by two months (in total three months from receiving your request). If we are unable to take the action you request within one month, we will inform you of the reason for the delay and of your right to lodge a complaint with a supervisory authority and to seek a judicial remedy.
11.1.3 You will not be charged for any information, communication or measures that we implement. However, if your requests are manifestly unfounded or excessive, we may charge you an administrative fee for providing the information or taking the action requested. We can also refuse to act on your request.
11.2 Your rights to access, rectification, erasure and restriction
11.2.1 You have the right to request
- Access to your personal data. This means that you have the right to request access to personal data that we hold about you. You also have the right to be provided, at no cost, with information about which personal data we are processing about you. We have the right to charge a reasonable administration fee if you request several copies. If you make a request by electronic means, e.g., via e-mail, we will provide you with the information in commonly used electronic format. Please note that if your personal data is subject to the ´statutory secrecy of advocates (Sw. advokatsekretess), the right of access does not apply.
- Rectification of your personal data. At your request or on our own initiative, we will correct, anonymise, delete, or complete data that we know to be inaccurate, incomplete or misleading. Also, you have the right to complete any incomplete personal data if something relevant is missing.
- Erasure of your personal data. You have the right to request that we delete your personal data if there is no compelling reason for us to continue processing the data. Personal data should therefore be erased if:
- they are no longer needed for the purpose for which we collected them,
- we process your data only based on consent provided by you and you withdraw your consent,
- you object to us processing your data based on a legitimate interest assessment and we have no compelling interest that overrides your interests and rights,
- we have processed the personal data unlawfully, or
- we have a legal obligation to erase the personal data.
- However, there may be legal requirements or other compelling reasons that prevent us from erasing your personal data. This could for instance be the case when processing of personal data is necessary for compliance with a legal obligation which requires processing by Union or Member State law or for the establishment, exercise, or defense of legal claims.
- Right to restrict processing. This means that we temporarily restrict the processing of your data. You have the right to obtain restriction when:
-
- you consider your data to be inaccurate and you have requested rectification as defined above while we establish the accuracy of the data,
- the processing is unlawful, but you do not want the data to be erased,
- Cirio, as the personal data controller, no longer needs the personal data for our processing purposes, but you need them to be able to establish, exercise or defend a legal claim, or
- you have objected to processing as defined below, while waiting for us to consider whether our legitimate interests override yours.
11.2.2 We will take all reasonable measures possible to notify everyone who has received personal data if we have rectified, erased or restricted processing of your personal data. If you request information on recipients of your personal data, we will inform you about the recipients.
11.3 Your right to object to processing
11.3.1 You have the right to object to processing of your personal data, including profiling, if our processing is based upon legitimate interests or performance of public tasks. If you object to such processing, we will only continue to process your data if we have and can demonstrate compelling reasons for doing so that override your interests or if this is necessary for the establishment, exercise, or defense of legal claims.
11.3.2 If you do not wish that we use your personal data for direct marketing, you have the right to object to such processing by contacting us. We will cease to use your data for that purpose when we have received your objection.
11.4 Your right to data portability
11.4.1 You have the right to data portability. This means the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request that this data is transferred to another personal data controller where this is technically feasible.
11.4.2 The right to data portability only applies when the processing is being carried out by automated means and our lawful basis for processing your data is your consent or for the performance of a contract between you and us.
11.5 Your right to withdraw your consent. You have the right to withdraw your consent for a specific processing at any time. However, such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.
11.6 Your right to complain to a supervisory authority
You have the right to lodge a complaint with the Swedish Data Protection Authority (Integritetskyddsmyndigheten) if you are not satisfied with our processing of your personal data.
Their contact information is:
Phone number: +46 (0)8 657 61 00
E-mail: imy@imy.se
Postal address: Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm, Sweden
12. ADMINISTRATION IN BANKRUPTCY AND SIMILAR MATTERS
12.1 General
12.1.1 Cirio has lawyers who handle bankruptcy and similar matters in capacity as receivers. In bankruptcy and similar matters, we distinguish between processing of personal data for Cirio’s normal business activities as a law firm and processing that is done for the activities of the bankruptcy estate, as this will affect who is data controller. Cirio will be the data controller for processing conducted as part of Cirio’s normal business activities as a law firm whereas the bankruptcy estate will be the data controller for processing conducted for the bankruptcy estate’s purposes.
12.1.2 Below, we provide information on how we process your personal data within bankruptcy matters both as Cirio as representatives for the bankruptcy estate.
12.2 Cirio’s normal business activities in bankruptcy matters
Cirio is the data controller for the receiver’s processing of your personal data for purposes related to the receiver’s role, i.e., Cirio’s normal business activities in bankruptcy matters. We will collect and process personal data to administrate the bankruptcy in accordance with the information set out in the table below. Kindly see our privacy notice for information about all of Cirio’s other processing of personal data.
Purpose | Personal data | Legal basis | Retention period |
To accept, register and handle the receivership | Name, personal identification number, contact details, | Legal obligation | Up to 10 years, in accordance with the Code of Professional Conduct for Members of the Swedish Bar Association |
To prepare the insolvency table | Name, personal identification number, contact details, property unit designation, bank details, salary, | Legal obligation | Up to 10 years, in accordance with the Code of Professional Conduct for Members of the Swedish Bar Association |
To take care of the bankrupt company’s accounting | Name, contact details, accounting data | Legal obligation | Up to 10 years, in accordance with the Code of Professional Conduct for Members of the Swedish Bar Association |
To handle matters regarding employees, such as terminations | Name, contact details, personal identification number, employment details, trade union membership, health data, | Legal obligation | Up to 10 years, in accordance with the Code of Professional Conduct for Members of the Swedish Bar Association |
To handle wage guarantees | Name, contact details, personal identification number, employment details, trade union membership, health data, salary | Official authority | Up to 10 years, in accordance with the Code of Professional Conduct for Members of the Swedish Bar Association |
To prepare the administrator’s report | Name, personal identification number, contact details, property unit designation, bank details, salary, | Legal obligation | Up to 10 years, in accordance with the Code of Professional Conduct for Members of the Swedish Bar Association |
For the proof of debt procedure | Name, personal identification number, contact details, property unit designation, bank details, | Legal obligation | Up to 10 years, in accordance with the Code of Professional Conduct for Members of the Swedish Bar Association |
To prepare the biannual report | Name, personal identification number, contact details, | Legal obligation | Up to 10 years, in accordance with the Code of Professional Conduct for Members of the Swedish Bar Association |
To provide notice of crime suspicion | Name, personal identification number, suspicion of crime | Legal obligation | Up to 10 years, in accordance with the Code of Professional Conduct for Members of the Swedish Bar Association |
To finalize the bankruptcy matter. | Name, personal identification number, contact details, | Legal obligation | Up to 10 years, in accordance with the Code of Professional Conduct for Members of the Swedish Bar Association |
12.3 The bankruptcy estate’s activities
The bankruptcy estate becomes the data controller for its processing of personal data for its own purposes. This includes continuing business operations by for example fulfilling current agreements as well as concluding new agreements with creditors, debtors, suppliers, accountants, employees and banks.
Purpose | Personal data | Legal basis | Retention period |
To continue operations | Name, personal identification number, contact details, | Legal obligation | For as long as the bankruptcy process is ongoing |
To collect debts | Name, personal identification number, contact details, financial data | Legal obligation | For as long as the bankruptcy process is ongoing |
To sell the bankruptcy estate’s property | Name, personal identification number, contact details, | Legal obligation | For as long as the bankruptcy process is ongoing |
12.4 Categories of data subjects
We process personal data about the following categories of data subjects within bankruptcy matters
- Bankrupt persons,
- Company representatives,
- Creditors,
- Debtors,
- Shareholders,
- Employees,
- Guarantors,
- Suppliers,
- Accountants,
- Bank representatives,
- State representatives,
- Third party owners of property in the company’s possession,
- Family members to other categories of data subjects.
12.5 Retention of personal data
12.5.1 Cirio and the bankruptcy estate retain your personal data in accordance with above. When Cirio or the bankruptcy estate no longer need your data, it will be removed from the systems where it is stored.
12.5.2 Data processed as part of our performance of a client matter, i.e. in the performance of our lawyers’ roles as receivers in bankruptcy matters, is stored for up to ten years or for such longer period required by the Swedish Bar Association´s Code of Conduct with regards to the nature of the client matter.
12.5.3 Data processed as part of the bankruptcy estate’s activities in the bankruptcy process will be stored for as long as the process is ongoing and will be deleted or transferred to a new data controller when the bankruptcy has been finalised.
12.6 Sharing of personal data
Your personal data may be shared with third parties for the purpose of enabling or facilitating the bankruptcy and similar matters and the performance of our obligations under our receivership. We may therefore share your data with other legal advisors, companies within the group of the bankrupt company, suppliers, accountants, and authorities in disputes as well as when required by law, official decision or to fulfil a legitimate interest of the bankruptcy estate.
13. PROTECTION OF YOUR PERSONAL DATA
We want you to feel confident about always providing us with your personal data. We have therefore taken appropriate security measures to protect your personal data against unauthorised access, alteration and erasure. Should a security breach occur that may materially impact you or your personal data, e.g. risk of fraud or identity theft, we will contact you to explain what action you can take to mitigate potential adverse effects of the breach.
14. COOKIES
We use cookies that may include personal data to improve our website and your experience of our website. You can find more information in our cookie notice. https://cirio.se/cookie-policy
15. CHANGES TO THE PRIVACY NOTICE
We have the right to make changes to this Privacy Notice at any time. When we make changes that are not purely editorial, such as formatting, typographical error corrections or other changes that do not materially affect you, we will inform you of these changes and what they mean for you before they become effective.
16. CONTACT DETAILS
Do not hesitate to contact us if you have any questions about this Privacy Notice, our processing of your personal data or if you wish to exercise your rights.
Cirio Advokatbyrå AB org.nr. 556953–0008
E-mail: privacy@cirio.se
Telephone: + 46 8 527 916 00
Web site: www.cirio.se