Mannheimer Swartling cares about individual privacy and protecting the personal data processed by the firm. All processing of personal data takes place in accordance with current data protection legislation.

When various people, e.g. clients or their representatives, business partners and consultants, foreign counsel, witnesses, counterparties, representatives or counsel of counterparties have contact with us in conjunction with our engagements, this means that personal data will be provided to us or obtained by us. We also collect and process personal data on contact persons of suppliers and other external parties. Moreover, anyone who applies to work for us, visits our offices, communicates with us, signs up for newsletters, enrols for events or applies to join the firm’s alumni club will provide us with personal data.

We describe below how we collect, process and share personal data in these cases. Further down, we also provide information about the rights that data subjects have in relation to us as controller and our contact details.

Processing of personal data in conjunction with engagements and by our support organisation

We collect the personal data that are provided to us in conjunction with engagements or otherwise processed when the engagement is prepared or administered. We mainly collect personal data direct from the individuals concerned, but during engagements we sometimes receive information about individuals involved that does not come direct from them. In some cases, we may also supplement the personal data by obtaining information from other sources, e.g. search results using generally available search engines and records.

Our support organisation collects and processes personal data in contact with suppliers or their representatives and other external parties, for example.

The personal data we process in the above contexts may consist of contact details (e.g. name, title, employer, postal address, telephone number and email address), identification details (e.g. passport details and date of birth/ID number), and invoicing information (e.g. account number and tax details). In specific engagements, the personal data may also comprise other information, e.g. course of events or other circumstances, or other information relevant to the engagement. We may also process personal data in the form of sound or image recordings in conjunction with court or arbitral proceedings or other engagements, and webinars.

Processing of personal data in conjunction with marketing, events and our alumni club

We collect the personal data provided to us when people sign up for newsletters and similar material, when they enrol for events, and when they apply for membership of the firm’s alumni club. The data collected may include contact details, language preference, job title, workplace and, for members of our alumni club, certain details about former employment with us. When enrolment takes place for student events, the data may include year of birth and term. In some cases we may collect and/or supplement personal data by obtaining information from other sources, e.g. search results using generally available search engines and records, industry newsletters and social media.

When we arrange events, we may process personal data in the form of photographs and sound and image recordings. When people enrol for events, we also process details of food preferences provided in conjunction with enrolment.

Processing of personal data in conjunction with recruitment

We collect the personal data provided to us when people apply to work for the firm. The data collected includes contact details, identification information, CV and personal letter, as well as information on education and work experience, including degree and employment certificates. Where applications are made using login from a LinkedIn account, we will also collect photographs and information on education and professional experience from the applicant’s LinkedIn profile. We may also supplement personal data by obtaining information from other sources, e.g. search results using generally available search engines and records, industry newsletters and/or social media, as well as the applicant’s current or previous employer’s website. In some cases we also collect and process results of tests performed during the recruitment process.

Processing of personal data in conjunction with visits and CCTV surveillance

We normally register the name and employer (or equivalent) of people visiting our offices. CCTV is in operation at some of our offices in Sweden. This includes image recording.

Miscellaneous

Much of our communication takes place via telephone or video calls and email, which essentially always entail processing of personal data. As a rule, those who call, take part in video calls or send emails to us provide personal data that can be attributed to individuals.

Processing of personal data in conjunction with engagements and by our support organisation

We process personal data in conjunction with engagements so we can meet our commitments and safeguard our clients’ interests, and also perform administration in conjunction with the engagements we accept, and meet the requirements to which we are subject by law and the regulations of the Swedish Bar Association. Before we accept an engagement, we must also perform compulsory conflict of interest and money laundering checks.

Our support organisation processes personal data so we can manage and administer our relationships with suppliers or their representatives and other external parties. Personal data may also be processed for marketing and client analyses, business and methodology development, and statistical purposes.

Processing of personal data in conjunction with marketing, events and our alumni club

Processing of personal data in conjunction with enrolment for newsletters and similar marketing material, enrolment for events and in connection with membership of the firm’s alumni club, takes place for marketing and communication purposes, e.g. so we can

(i) send invitations to events, and arrange and administer those events;
(i) send newsletters, annual reports and similar marketing material; and/or
(iii) maintain our contact register.

Processing of personal data in conjunction with recruitment

Processing of personal data in conjunction with recruitment takes place for the following purposes:

(i) to administer our recruitment process and evaluate applicants;
(ii) to manage certain legal aspects of recruitment and to meet the Swedish Bar Association’s regulations governing recruitment processes; and
(iii) to be able to inform applicants of future career opportunities and events, provided the applicant has consented to such processing.

Processing of personal data in conjunction with visits and CCTV surveillance

We process personal data when people visit our offices so we can manage and administer visits, and for security reasons. Where CCTV surveillance is in operation at the office, processing of personal data takes place so we can prevent and investigate crime, and thereby enhance security for the firm’s staff and visitors, and protect the firm’s property.

Processing of personal data in conjunction with engagements and by our support organisation

In relation to information about clients who are private individuals, the legal basis for processing personal data is so we can perform our engagement letter with the client. In relation to clients’ representatives, business partners and consultants, foreign counsel, witnesses, counterparties, representatives and counsel of counterparties, etc., our processing of personal data is normally based on our legitimate interest in conducting our business and performing our engagements.

The processing of personal data that we carry out when making conflict of interest and money laundering checks and archiving of documents after an engagement has been completed is based on our duty to perform our legal obligations (e.g. under accounting and anti-money laundering legislation, as well as Swedish Bar Association regulations).

In conjunction with the various engagements we have accepted we may have additional lawful grounds for the processing, or other lawful grounds may apply due to national laws and regulations governing the operations of our non-Swedish offices.

Processing of personal data relating to suppliers or their representatives and other external parties is based on our legitimate interest in administering the relationship and performing our contractual obligations. When we process personal data in order to analyse and develop our business, processing is based on our legitimate interest in improving our business.

In the above instances where processing of personal data is based on a balance of interests, we consider that the processing of the personal data is necessary for the purposes that concern our clients or, where applicable, our legitimate interests, and that these outweigh any opposing interests and/or fundamental rights and freedoms.

Processing of personal data in conjunction with marketing, events and our alumni club

The processing of personal data that takes place for marketing and communication purposes is based on our legitimate interest in maintaining our business contacts, communicating with business contacts about our business and our events, and to arrange and administer those events. We consider that our interest in processing personal data for these purposes outweighs the individual’s interest in having their privacy protected.

The processing of personal data that takes place to administer membership of the firm’s alumni club, and to communicate with alumni about our business and our events is based on consent. The processing of personal data that takes place to maintain contact with attendees of previous student events about future career opportunities and events is also based on consent.

Processing of personal data in conjunction with recruitment

The processing of job applicants’ personal data that takes place to administer our recruitment process and evaluate whether an applicant is a suitable candidate for the firm, and also to manage certain legal aspects of recruitment and to meet the regulations of the Swedish Bar Association governing recruitment processes is based on our legitimate interest in managing the recruitment process. We consider that our interest in processing personal data for this purpose outweighs the individual’s interest in having their privacy protected.

The processing of a job applicant’s personal data that takes to allow contact about future career opportunities and events is based on the applicant’s consent.

Processing of personal data in conjunction with visits and CCTV surveillance

In relation to information registered in conjunction with visits to our offices, the legal ground for the processing – in addition to the fact that the processing may also be covered by the preceding paragraphs – is our legitimate interest in managing the visit and maintaining security at our facilities, or our duty to meet our legal obligations. The processing of personal data in conjunction with CCTV surveillance is based on our legitimate interest in maintaining security at our offices and protecting the firm’s property. We consider that our interest in processing personal data for these purposes outweighs the individual’s interest in having their privacy protected.

We have taken appropriate technical and organisational security measures to protect the personal data we process from loss and unauthorised access, among other things. Only those who need to process personal data for the purposes for which they are processed have access to the personal data. Appropriate security measures we have taken include implementation of encrypted and private network connections (VPN connections) for all transmissions between our offices. We regularly review our security policies and processes to ensure that our systems are secure and protected.

When data are transferred to the firm’s non-Swedish offices, personal data may be transferred to countries outside the EU/EEA. Transfers of this type are normally based on the EU Commission’s standard contract clauses. Transfers to countries outside the EU/EEA may otherwise take place within the scope of a given engagement. If so, we will take appropriate measures to ensure the personal data remain protected in accordance with applicable personal data laws, usually on the strength of standard contract clauses or on the basis that it is necessary to establish, exercise or defend legal claims.

Mannheimer Swartling will not divulge personal data to anyone outside the firm, except where

(i) it has been agreed between us and the person whose personal data we process;

(ii) it is necessary within the scope of a given engagement so we can safeguard our clients’ rights and interests (e.g. in relation to courts of law, public authorities, counterparties and counsel of counterparties);

(iii) it is necessary so we can perform a statutory obligation, comply with a decision of a public authority or a court of law or the regulations of the Swedish Bar Association;

(iv) we engage an external service provider or business partner who performs services on our behalf, e.g. for the provision of IT services or administrative services, or to arrange events. Such service providers and business partners may only process personal data in accordance with our instructions, and may not use personal data for their own purposes; or

(v) it is otherwise permitted under applicable law.

In addition, we may, in the context of events, share personal data on the participants with co-arrangers, and in some cases share the list of participants with other participants at the event.

We do not save personal data longer than is necessary given the purpose of the processing, unless the data may or must be saved for a longer period under applicable law.

Processing of personal data in conjunction with engagements and by our support organisation

The personal data that may be processed before and during performance of an engagement are saved during performance of the engagement and kept afterwards in accordance with Mannheimer Swartling’s archiving obligations under Swedish Bar Association regulations. This means that the personal data are saved for at least ten years from the date on which the engagement is completed, or for a longer period as required by the nature of the engagement.

Personal data that we process in our relationships with suppliers and other external parties are saved for the period that is necessary so we can administer the contractual or business relationship, exercise our rights and perform our obligations in relation to the supplier or other external parties, or for as long as is required or permitted under applicable law.

Processing of personal data in conjunction with marketing, events and our alumni club

Personal data on business contacts are saved for as long as the person whose data are processed is our business contact, or as long as is required or permitted under applicable law.

Personal data on alumni are saved for as long as we have the person’s consent.

In the case of student events, personal data are saved until the event has taken place, unless the student has consented to the information being saved for a longer period so the firm can contact the person in question, e.g. in relation to future career opportunities and events. In these cases, personal data are saved for as long as we have the person’s consent. However, we do not save personal data for these purposes for longer than two years from the date on which the student is expected to graduate.

In all the above categories, details of food preferences are always deleted after the relevant event.

If we record an event, the recorded material will be saved for up to one year after the event.

We regularly send reminders to anyone whose personal data are processed for marketing and event purposes, to give them the opportunity to unregister from receiving information and invitations from us. Anyone whose personal data are processed can also unregister at any time by contacting us at dataprotection@msa.se or, if the person in question is a student, at rekrytering@msa.se. If a person chooses to unregister, we will no longer send the information or invitations mentioned above.

Processing of personal data in conjunction with recruitment

Personal data of job applicants are stored during the recruitment process and are then saved for a further six months after completion of the process, or for as long as is required or permitted under applicable law, unless the applicant has consented to the personal data being saved for longer so the firm can contact the person in question, e.g. in relation to future career opportunities and events. In these cases, the personal data are saved for as long as we have the person’s consent. However, if the person in question is a student, we do not save personal data for these purposes for longer than two years from the date on which the student is expected to graduate.

We will send regular reminders to anyone who has consented to our saving their personal data for a longer period, and give them the opportunity to unregister from receiving information and invitations from us. The applicant can unregister at any time by contacting us at rekrytering@msa.se or by using the unregister feature on our Career pages. If a person chooses to unregister, we will no longer send the information or invitations mentioned above.

Processing of personal data in conjunction with visits and CCTV surveillance

The data in our visitor management system are saved for 30 days. As a rule, CCTV surveillance recordings are saved for seven days. However, when specific material is required to take action in relation to a person who has been recorded in order to achieve the purpose of the recording, the material can be saved for as long as necessary to take that action.

What are the rights of the data subject?

Mannheimer Swartling Advokatbyrå AB, Reg. No. 556399-4499, having the address Norrlandsgatan 21, SE-111 87, Stockholm, is controller of the processing of personal data described above. This means we are responsible for ensuring that the personal data are processed correctly and in accordance with current data protection legislation.

Data subjects have the right

(i) to know what personal data we process about them;

(ii) to request that we rectify inaccurate or incomplete personal data about them;

(iii) to request that we erase their personal data (e.g. if the data are no longer needed for the purpose or if consent is withdrawn) or request that processing of the personal data be restricted;

(iv) to object to specific processing of personal data; and

(v) in some circumstances, to receive the personal data they have provided in machine-readable form, and to transmit them to another controller.

Note that the above rights may be limited by the duty of confidentiality and archiving obligation applying to members of the Swedish Bar Association or other applicable laws and regulations in the jurisdictions outside the EU in which our non-Swedish offices operate. In some cases, restriction or erasure of personal data may also prevent us from meeting our commitments, e.g. to provide certain invitations or certain information. In the context of recruitment, restriction or erasure of personal data may prevent us from proceeding with a person’s application.

Anyone with objections about, or comments on, the way we process personal data has the right to contact or file a complaint with the Swedish Authority for Privacy Protection, which is the supervisory authority for our processing of personal data, or the competent authority in the jurisdictions outside the EU in which our non-Swedish offices operate.

If you have any questions or complaints about the way we process personal data, or wish to request exercise of rights as described above, you are welcome to contact us by email at dataprotection@msa.se or by post to the address above, at Data Protection Contact.

Cookies

This website uses cookies to perform certain functions and help you navigate the site efficiently. A cookie is a text file with a small amount of information that is stored on your device. We share some of the information we obtain through these cookies with third parties. We only use cookies that are necessary for the site to function correctly and they therefore cannot be turned off. For further information, see Information on the use of cookies.