1 Introduction

1.1 This privacy policy (the “Privacy Policy”) is published on behalf of Bergenstråhle & Partners AB, org.nr 556206-4310 with address Magnus Ladulåsgatan 63B, 118 27 Stockholm, and all its subsidiaries within the Bergenstråhle group (“Bergenstråhle”). When you request our services, use our website, or access our IP Partner Digital platform (the “Portal”) we collect, use and process your personal data. The protection and confidentiality of your personal data is important to us, and we are determined to protect it. In this Privacy Policy, we explain how we are processing your personal data, what category of personal data these activities involve, the purpose and the legal basis for these processing activities. In this Privacy Policy we also inform you of your rights related to our processing of your personal data, and any transfer we may make of your personal data. Bergenstråhle is the controller of the personal data collected from you. This means Bergenstråhle is responsible for defining the purposes for processing your personal data and for compliance with applicable data protection legislation.

2 Bergenstråhles processing of your personal data

2.1 Providing Bergenstråhle services: If you choose to use Bergenstråhle’s services and we enter into a contract with you, we may collect and process your personal data such as name, contact details and company name for providing the requested services. In addition, we may occasionally use personal information to send you details of new services, legal updates, and invites to seminars and events. The legal basis for the processing of your data as described in this section is the contract and our legitimate interests to operate and manage our business (Art 6 (1) f GDPR).

2.2 Filling in a web form: If you choose to contact us during your visit to our website, personal contact information may be saved. The data you enter in the web form is managed and stored so that we can contact you and answer your request. The type of personal data we may collect is your contact details such as name, company, phone number, email address, city and country and any other information that you choose to provide to us. The legal basis for the processing of your data as described in this section is your consent by providing the personal information to us.

2.3 Signing up for events: If you choose to sign up to one of our events, we process your contact information you provide to us, such as name, phone number, email, company name in order for you to participate in the event. The legal basis for the processing of your personal data is your consent by signing up and participating to our event.

2.4 Applying for positions at Bergenstråhle: If you apply for a position at Bergenstråhle, we process and store the personal data such as name, contact details, age, curriculum vitae (CV) that you share with us. We will keep your application and any other information you have provided to us until the recruitment process has been completed and for a period thereafter for as long as we consider your application relevant to us, but under no circumstances for longer than 6 months. If you send in your CV through our open application, we may process your personal data provided to us for future recruitment opportunities. The legal basis for the processing of personal data is your consent by applying for a position and/or sending your CV through our open application.

2.5 Using our Portal: When you use our Portal, we collect and process your personal data such as name, contact details (email and phone number), company name, and company role. This information is necessary for providing the requested services and for communication purposes. The legal basis for the processing of your data as described in this section is the contract and our legitimate interests to operate and manage our business. Personal data collected through our Portal will be retained for as long as necessary in relation to the purpose of the processing.
Please note that the storage periods may not apply if Bergenstråhle is required to retain your personal data (partly or in full) under applicable mandatory law (e.g., accounting laws).

3 What are our legitimate interests?

3.1 As you can see under section 2, we may process your personal information because it is necessary for the purposes of our legitimate interests
3.2 Our “legitimate interest” corresponds to the purpose for which we perform each processing based on our interest.
3.3 When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

3.4 We do not consider that our processing disadvantages you in any way. We use your information only in ways you would understand and reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing.

3.5 You have a right to object to processing that is based on our legitimate interests. If you wish to do so, please contact us. For more information on your rights, please see “Your rights” section below.

4 Why personal data may be disclosed by Bergenstråhle

4.1 Only the people who need to process personal data for the purposes mentioned above have access to your personal data within Bergenstråhle. In order to provide the services to you we need to allow our suppliers access to your personal data when they perform services on our behalf as data processors, mainly to provide support and maintenance of IT systems, storage services and marketing.

5  How do we protect your information?

5.1 You should always feel secure when you provide us with your personal data. Therefore, we have taken the suitable legal, technical and organisational precautions to prevent unauthorized access, use, change and deletion of your personal information. We have adopted an IT policy which applies to all our employees that set up the provisions for how we use our information systems. All our processing of your personal data is in accordance with current applicable data protection legislation. Further, as it relates to our Portal we have implemented specific technical and organisational measures to protect your personal data including encryption and access controls.

6  Where are we processing your information?

6.1 It is our objective to process all your personal data within the EU/EEA. In some situations however, your personal data might be transferred to and processed by a company within the Bergenstråhle group or by supplier, subcontractor or other business partner with registered office in a country outside the EU/EEA. All such sharing and processing of information will be in accordance with current applicable data protection legislation and we will take all reasonable legal-, technical- and organisational actions to make sure that your personal data will be processed securely and with an adequate level of protection comparable with, and at the same level as, the protection that is provided within the EU/ EEA.

7  Cookies

7.1 When you visit our website or use our Portal we collect certain information by automated means using cookies. Cookies are small text files stored on your device when you visit a website. When you first visit a website, a cookie file is sent to your device that identifies your browser. By using cookies you help Bergenstråhle improve the functionality of our website and Portal as they are important to reduce download time and improve your user experience. You can read more about cookies in our Cookie Policy.

8 Your rights

8.1 Right to access – Article 15 GDPR
You have the right to access your personal data and receive certain information about the processing. That information is provided in this document.

8.2 Right to rectification – Article 16 GDPR
You have the right to obtain from us, the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed.

8.3 Right to erasure (“right to be forgotten”) – Article 17 GDPR

8.3.1 You have the right to obtain from us, the erasure of personal data concerning you and we have the obligation to erase your personal data in some situations, for example:
(a) if the personal data is no longer necessary in relation to the purposes for which they were collected,
(b) if the processing is based on your consent and you withdraw that consent,
(c) if the processing is based on our legitimate interests and you object to the processing and there are no overriding legitimate grounds for the processing,
(d) if the personal data have been unlawfully processed, or
(e) if the personal data have to be erased for compliance with a legal obligation, etc.
8.3.2 There might be reasons as to why we cannot immediately erase all your personal data. Our continuous processing of your personal data might for example be necessary in order for us to fulfil a legal obligation that requires processing of your personal data, for example bookkeeping and tax legislation, or to establish, exercise or defend a legal claim. In that case we will block the information that could not be immediately erased from use for any other purposes than the ones that hindered the information from being erased immediately.

8.4 Right to restriction of processing – Article 18 GDPR
You have the right, under certain conditions; to obtain from us restriction of processing of your personal data. Restriction of processing means that your stored personal data will be marked with the aim of limiting their processing in the future to certain given purposes. The right to restriction applies for example when you have contested the accuracy of your personal data, for a period enabling us to verify the accuracy of the personal data, and when you have objected to our processing based on our legitimate interests, pending the verification whether our legitimate grounds override yours.

8.5 Right to data portability – Article 20 GDPR

8.5.1 You have the right, under certain conditions, to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from us.

8.5.2 When exercising your right to data portability you have the right to have your personal data transmitted directly from us to another controller, where technically feasible.

8.6 Right to object – Article 21 GDPR

8.6.1 You have the right to object, on grounds relating to your particular situation, at any time to certain processing of your personal data. The right to object applies e.g. when we process your personal data on the basis of our legitimate interests.

8.6.2 Where personal data are processed for direct marketing purposes, you have the right to object at any time to our processing of your personal data for such marketing.

8.7 Right to lodge a complaint
If you consider that our processing of your personal data infringes the GDPR you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY), which is the supervisory authority in Sweden.

8.8 Exercise your rights
If you wish to exercise any of your rights you can easily do so by contacting us. In order to protect your integrity and your personal data we might require that you identify yourself when you require our assistance.

9 Updates to this privacy policy

9.1 This Privacy Policy may be updated from time to time, any new version of this Privacy Policy will be published on our website

10  Contact details

10.1 Please contact us if you have any questions or comments about our privacy practices or this Privacy Policy. You can reach us at privacy@bergenstrahle.se. For concerns regarding our collection and use of your personal data you may raise your concern directly to the lead supervising authority, which in Sweden (the seat of Bergenstråhle) is the Swedish Authority for Privacy Protection (IMY) imy@imy.se.

This Privacy Policy was last reviewed and updated: 2024-11-29