Privacy Notice

We care about your privacy and the protection of your personal data. Below you will find information on how we collect, process and share your personal data and what your rights are.

Data controller and contact details

Mannheimer Swartling Advokatbyrå AB, reg. no. 556399-4499, Norrlandsgatan 21, 111 87 Stockholm, is the data controller for the processing of personal data which is described below and is responsible for ensuring that the personal data is processed correctly and in accordance with applicable data protection legislation. If you have questions regarding our processing of your personal data or if you wish to exercise your rights, you can contact us by emailing dataprotection@msa.se or by sending a letter to the address above, att: Data Protection Contact.

What are your rights?

Right to lodge a complaint

You have the right to contact, or lodge a complaint with, the Swedish Authority for Privacy Protection, or with the competent authority in the non-EU jurisdictions in which our foreign offices operate.

Right to information and access

You can request information regarding whether we are processing your personal data and receive a copy of your personal data (data subject access request) together with information regarding how the processing is carried out.

Right to rectification

If you believe that your personal data is inaccurate or incomplete, you can ask for it to be corrected or completed.

Right to object

You have the right to object to processing which is based on a legitimate interest assessment. If we cannot demonstrate compelling and legitimate grounds to continue processing the personal data, we must cease the processing. You always have the right to object to our processing of your personal data for direct marketing purposes.

Right to restriction

In some cases, you have the right to request a restriction of the processing of your personal data, which means that the data is marked so that, in the future, it can only be processed for certain limited purposes. This is possible, for example, if you have objected to the processing, if you have disputed the accuracy of your personal data, or if the processing is unlawful. By requesting a restriction of our processing, you have, at least for a certain period of time, the right to stop us from processing your personal data for other purposes than, for example, to defend legal claims.

Right to erasure

In some cases, you may have your personal data erased, e.g. if it is no longer necessary for the purpose for which it was collected or if you withdraw your consent. However, we may not always be able to erase your personal data, e.g. if it is needed to comply with a legal obligation, is still necessary for its purpose, or if our interest in continuing to process the data outweighs your interest in having it erased.

Right to transfer your personal data (data portability)

If we process your personal data to fulfil a contract or on the basis of your consent, you may, in certain cases, be able to obtain the data in a machine-readable format and transmit it to another data controller.

Right to withdraw consent

If we process your personal data based on your consent, you have the right to withdraw your consent at any time, whereupon we will cease any processing based on your consent.

Right not to be subject to automated decision-making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Note that the rights described above may be limited due to the duty of confidentiality and archiving obligations that apply under the rules of the Swedish Bar Association or other applicable laws and regulations. In certain cases, restricting or erasing your personal data may mean that we are unable to fulfil our commitments, e.g. issuing invitations or information or proceeding with your application in connection with recruitment.

This section applies if you are:

  • A client and natural person
  • A contact person, employee, or contractor of a client which is a legal person
  • A representative or owner of a client which is a legal person
  • A family member or close associate of a client who is a natural person
  • A family member or close associate of a representative or owner of a client which is a legal person

Client includes underlying clients, co-clients, pro bono partners and foreign counsels.

We collect your personal data from you or your employer in connection with the preparation, administration or execution of the engagement. We may also collect personal data from other individuals connected to the engagement and supplement the data by obtaining information from other sources, such as publicly available search engines and records.

You are under no obligation to provide us with your personal data. However, if you do not provide us with your personal data, we may be prevented from accepting the engagement or performing our obligations in relation to you or the legal person you represent.

Purpose Personal data Legal basis Retention period
We process your personal data in order to carry out necessary checks of our clients and to fulfil our obligations under the rules of the Swedish Bar Association and applicable legislation (e.g. anti-money laundering, sanctions, tax, or accounting legislation).
  • Contact details, such as name, title, employer, postal address, telephone number, email address and citizenship
  • Identifying information, such as passport details, identity card, photograph and date of birth/personal identity number
  • Information about whether you are authorised to represent a legal entity or whether you are a beneficial owner
  • If you are a client and a natural person or a representative or owner of a client that is a legal person, as well as if you are a family member or close associate to such a person; information that you are a politically exposed person, including your name and profession/position
  • Billing information, e.g. contact person, account number and tax information
  • If relevant for the preparation or execution of the engagement: special categories of personal data (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or data concerning health or sex life) or personal data relating to criminal convictions and offences (e.g. data regarding money laundering, other criminal offences, or trading prohibitions)
 The legal basis for the processing of personal data is the existence of a legal obligation under the Swedish Code of Judicial Procedure, anti-money laundering, sanctions, tax or accounting legislation.

To the extent that the processing involves special categories of personal data, the processing is carried out on the basis of Article 9.2(f) GDPR (establishment, exercise or defence of legal claims) or Article 9.2(g) GDPR (substantial public interest) in conjunction with applicable national legislation. To the extent that the processing involves personal data relating to criminal convictions and offences, the processing is carried out on the basis of Article 10 GDPR in conjunction with Chapter 3, Sections 8–9 of the Act (2018:218) with supplementary provisions to the EU General Data Protection Regulation.
  • Personal data processed to fulfil obligations under the rules of the Swedish Bar Association is retained for ten years from the date of completion of the engagement, or for such longer period as required by the nature of the client relationship or the engagement.
  • Personal data processed to fulfil obligations under the Anti-Money Laundering Act is generally retained for five years, but may be retained for up to ten years if it is necessary for the prevention, detection or investigation of money laundering or terrorist financing.
  • Personal data processed to fulfil obligations under the Accounting Act is retained for seven years.
  • In addition, personal data processed to comply with other legal requirements or for a legitimate interest may be retained for as long as necessary to comply with the relevant legislation.
We process your personal data in order to fulfil our obligations under the rules of the Swedish Bar Association. This includes, among other things, administering our internal risk management with regard to, for example, customer due diligence, conflicts of interest and safeguarding our clients’ interests.
  • Contact details, e.g. name, title, employer, postal address, telephone number and email address
  • Identifying information, e.g. passport details, identity card, photograph and date of birth/personal identity number
  • Billing information, e.g. responsible contact person, account number and tax information
  • Information and personal data in addition to that stated above, e.g. correspondence, course of events, or other circumstances or data that is relevant to the engagement
 To the extent that our obligations do not result from the legal obligations set out in Chapter 8 of the Swedish Code of Judicial Procedure (1942:740), the legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to fulfil the requirements of the rules of the Swedish Bar Association and the ethical requirements imposed on us as a law firm, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

 Personal data processed to fulfil obligations under the rules of the Swedish Bar Association is retained for ten years from the date of completion of the engagement, or for such longer period as required by the nature of the client relationship or the engagement.
We process your personal data in order to prepare and manage enquiries about engagements and to conduct our business by performing and managing our engagements and fulfilling our obligations. This includes communicating with you as part of our engagements and commitments, booking meetings, managing and administering timesheets, fee statements, invoicing, payments and claims, accurately documenting and processing our engagements, and archiving documents upon completion of an engagement.
  • Contact details, e.g. name, title, employer, postal address, telephone number and email address
  • Identifying information, e.g. passport details, identity card and date of birth/personal identity number
  • Information about whether you are authorised to represent a legal entity or whether you are a beneficial owner
  • If it is relevant for the preparation or execution of the engagement: special categories of personal data (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or data concerning health or sex life) or personal data relating to criminal convictions and offences (e.g. data regarding money laundering, other criminal offences, or trading prohibitions)
  • Billing information, e.g. responsible contact person, account number and tax information
  • Information and personal data in addition to that mentioned above, e.g. correspondence, course of events, or other circumstances or data that is relevant to the engagement, as well as audio and video recordings in connection with court and arbitral proceedings or other engagements
 If you are a client who is a natural person, the legal basis for the processing of personal data is the performance of a contract.

If you are representing a client which is a legal person, the legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to administer and manage our engagements and fulfil our commitments, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

In connection with certain engagements, other applicable legal bases may exist, depending on national laws and regulations that may apply to the activities of our offices abroad.
  • Personal data processed to fulfil obligations under the rules of the Swedish Bar Association is retained for ten years from the date of completion of the engagement, or for such longer period as required by the nature of the client relationship or the engagement.
  • Personal data processed to fulfil obligations under market abuse legislation is retained for five years.
  • Personal data processed to manage and administer invoicing and payments is retained for seven years in accordance with the Accounting Act.
We process your personal data in order to work on business and method development, including software development and testing, and for statistical purposes, such as reporting to ranking bodies and producing reference material.
  • Limited personal data contained in matter-related documentation, such as contact details, including name, title, employer, postal address, telephone number and email address, where relevant
  • Personal data relevant for statistical purposes will normally only be processed at an aggregated level
  • Other information and personal data in addition to the above that can be directly or indirectly attributed to you, such as correspondence, events or other circumstances or data relevant to the assignment
 The legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary for business and method development and to keep statistics, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.
  • Limited personal data included in matter-related documentation is retained as long as the engagement is underway and after completion of the engagement in accordance with Mannheimer Swartling’s archiving obligations under the rules of the Swedish Bar Association. This means that the personal data is retained for ten years from the date of completion of the engagement, or such longer period as necessary by the nature of the client relationship or the engagement.
  • Other personal data is deleted annually.
We process your personal data in order to streamline the documentation of calls and meetings through transcription.
  • Audio recordings containing identifying information mentioned (e.g. name, title, employer)
  • Voice characteristics and speech patterns present in the audio recording that may be used for speaker identification in the transcript
  • Other data occurring in calls and meetings
 The legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to streamline the documentation of calls and meetings, to enable active participation rather than manual note-taking and to ensure that no critical details are missed in minutes or documentation, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.
  • Audio files are retained for 60 days and are thereafter deleted once the transcription has been completed, unless they are deemed to be part of the matter-related documentation.
  • Personal data included in transcripts becomes part of the matter-related documentation and is retained as long as the engagement is underway and after completion of the engagement in accordance with the archiving obligations under the rules of the Swedish Bar Association, i.e. for ten years from the date of completion of the engagement, or such longer period as necessary by the nature of the client relationship or the engagement.
If applicable, we process your personal data in order to establish, exercise, or defend legal claims.
  • Contact details, e.g. name, title, employer, postal address, telephone number and email address
  • Billing information, e.g. responsible contact person, account number and tax information
  • Correspondence, payment information, descriptions of course of events, or other relevant circumstances or data
 The legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to establish, exercise and defend legal claims, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

 Personal data is retained for ten years from the date of completion of the engagement, or such longer period as necessary by the nature of the client relationship or the engagement.

 

This section applies if you are:

  • A natural person who is involved in our matters in the capacity of e.g. an opposing party, opposing party counsel, arbitrator, judge, consultant, witness, expert, public authority employee, cooperation partner, employee of a company that is acquired or sold, contracting party, etc.
  • A contact person, employee, or contractor of a legal person involved in our matters in the capacity of e.g. an opposing party, representative of an opposing party, opposing party counsel, local counsel, other counsels or advisors, cooperation partner, contracting party, etc.
  • A representative or owner of a legal person involved in our matters or a family member or close associate to such a person.

We collect your personal data from you or your employer in connection with the preparation, administration or execution of the engagement. We may also collect personal data from other individuals connected to the engagement and supplement the data by obtaining information from other sources, such as publicly available search engines and records.

You are under no obligation to provide us with your personal data. However, if you do not provide us with your personal data, we may be prevented from accepting the engagement or performing our obligations in relation to you or the legal person you represent.

Purpose Personal data Legal basis Retention period
We process your personal data in order to carry out necessary checks in the course of our engagements and to fulfil our obligations under the rules of the Swedish Bar Association and applicable legislation (e.g. anti-money laundering, sanctions, tax, or accounting legislation).
  • Contact details, e.g. name, title, employer, postal address, telephone number, email address and citizenship
  • Identifying information, e.g. passport details, identity card, photograph and date of birth/personal identity number
  • Information about whether you are authorised to represent a legal entity or whether you are a beneficial owner
  • If you are a natural person or a representative or owner of a legal person, as well as if you are a family member or close associate to such a person; information that you are a politically exposed person, including your name and profession/position
  • Billing information, e.g. responsible contact person, account number and tax information
  • If it is relevant for the preparation or execution of the engagement: special categories of personal data (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or data concerning health or sex life) or personal data relating to criminal convictions and offences (e.g. data regarding money laundering, other criminal offences, or trading prohibitions)
 The legal basis for the processing of personal data is the existence of a legal obligation under the Swedish Code of Judicial Procedure, anti-money laundering, sanctions, tax or accounting legislation.

To the extent that the processing involves special categories of personal data, the processing is carried out on the basis of Article 9.2(f) GDPR (establishment, exercise or defence of legal claims) or Article 9.2(g) GDPR (substantial public interest) in conjunction with applicable national legislation. To the extent that the processing involves personal data relating to criminal convictions and offences, the processing is carried out on the basis of Article 10 GDPR in conjunction with Chapter 3, Sections 8–9 of the Act (2018:218) with supplementary provisions to the EU General Data Protection Regulation.
  • Personal data processed to fulfil obligations under the rules of the Swedish Bar Association is retained for ten years from the date of completion of the engagement, or for such longer period as required by the nature of the client relationship or the engagement.
  • Personal data processed to fulfil obligations under the Anti-Money Laundering Act is generally retained for five years, but may be retained for up to ten years if it is necessary for the prevention, detection, or investigation of money laundering or terrorist financing.
  • Personal data processed to fulfil obligations under the Accounting Act is retained for seven years.
  • In addition, personal data processed to comply with other legal requirements or for a legitimate interest may be retained for as long as necessary to comply with the relevant legislation.
We process your personal data in order to fulfil the requirements imposed on us under the rules of the Swedish Bar Association. This includes, among other things, administering our internal risk management regarding, for example, conflicts of interest and safeguarding our clients’ interests.
  • Contact details, e.g. name, title, employer, postal address, telephone number and email address
  • Identifying information, e.g. passport details, identity card, photograph and date of birth/personal identity number
  • Billing information, e.g. responsible contact person, account number and tax information
  • Information and personal data in addition to that stated above, e.g. correspondence, course of events, or other circumstances or data that is relevant to the engagement
 To the extent that our obligations do not result from the legal obligations set out in Chapter 8 of the Code of Judicial Procedure (1942:740), the legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to fulfil the requirements of the rules of the Swedish Bar Association and the ethical requirements imposed on us as a law firm, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

 Personal data processed to fulfil obligations under the rules of the Swedish Bar Association is retained for ten years from the date of completion of the engagement, or for such longer period as required by the nature of the business relationship or the engagement.
We process your personal data in order to prepare and administer enquiries regarding engagements and to conduct our business by carrying out and administering our engagements and fulfilling our commitments. This includes communicating within the scope of our engagements and commitments, booking meetings, managing and administering time sheets, fee statements, invoicing, payments and accounts receivable, providing accurate documentation and processing of our engagements, and archiving documents after the completion of an engagement.
  • Contact details, e.g. name, title, employer, postal address, telephone number and email address
  • Billing information, e.g. responsible contact person, account number and tax information
  • If it is relevant for the preparation or execution of the engagement: special categories of personal data (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or data concerning health or sex life) or personal data relating to criminal convictions and offences (e.g. data regarding money laundering, other criminal offences, or trading prohibitions)
  • Information and personal data in addition to that mentioned above, e.g. correspondence, course of events, or other circumstances or data that is relevant to the engagement, as well as audio and video recordings in connection with court and arbitral proceedings or other engagements
 The legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to administer and manage our engagements and fulfil our commitments and to manage our relationship with you, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

In connection with certain engagements, other applicable legal bases may exist, depending on national laws and regulations that may apply to the activities of our offices abroad.
  • Personal data processed to fulfil obligations under the rules of the Swedish Bar Association is retained for ten years from the date of completion of the engagement, or for such longer period as required by the nature of the business relationship or the engagement.
  • Personal data processed to fulfil obligations under market abuse legislation is retained for five years.
  • Personal data processed to manage and administer invoicing and payments is retained for seven years in accordance with the Accounting Act.
We process your personal data in order to streamline the documentation of calls and meetings through transcription.

Participants are informed that transcription will take place before recording begins.
  • Audio recordings containing identifying information mentioned (e.g. name, title, employer)
  • Voice characteristics and speech patterns present in the audio recording that may be used for speaker identification in the transcript
  • Other data occurring in calls and meetings
 The legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to streamline the documentation of calls and meetings, to enable active participation rather than manual note-taking and to ensure that no critical details are missed in minutes or documentation, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

 Audio files are retained for 60 days and are thereafter deleted once the transcription has been completed, unless they are deemed to be part of the matter-related documentation.

Personal data included in transcripts becomes part of the matter-related documentation and is retained as long as the engagement is underway and after completion of the engagement in accordance with the archiving obligations under the rules of the Swedish Bar Association, i.e. for ten years from the date of completion of the engagement, or such longer period as necessary by the nature of the business relationship or the engagement.
If applicable, we process your personal data in order to establish, exercise and defend legal claims.
  • Contact details, e.g. name, title, employer, postal address, telephone number and email address
  • Billing information, e.g. responsible contact person, account number and tax information
  • Correspondence, payment information, descriptions of course of events, or other relevant circumstances or data
 The legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to establish, exercise and defend legal claims, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

 Personal data is retained for ten years from the date of completion of the engagement, or such longer period as necessary by the nature of the client relationship or the engagement.

This section applies if you are:

  • A supplier, consultant, or other similar external party and a natural perso
  • A contact person, employee, or contractor of a supplier, consultant, or other similar external party that is a legal person

We collect your personal data from you or your employer in the context of the business relationship that exists directly with you or between us and your employer. We may supplement the data by obtaining information from other sources, such as publicly available search engines and records.

You are under no obligation to provide us with your personal data. However, if you do not provide us with your personal data, we may be prevented from beginning or continuing our business relationship or performing our obligations in relation to you or the legal person you represent.

 

Purpose Personal data
 Legal basis
 Retention period
We process your personal data in order to carry out necessary checks on our suppliers and other external parties and to fulfil our obligations under applicable legislation (e.g. anti-money laundering, sanctions, tax, or accounting legislation) and the rules of the Swedish Bar Association (e.g. requirements related to duty of confidentiality).
  • Contact details, e.g. name, title, employer, postal address, telephone number and email address
  • Identifying information, e.g. passport details, identity card and date of birth/personal identity number
  • Billing information, e.g. responsible contact person, account number and tax information
 The legal basis for the processing of personal data is the existence of a legal obligation under the Code of Judicial Procedure, anti-money laundering, sanctions, tax or accounting legislation.
  • Personal data processed to fulfil obligations under the Anti-Money Laundering Act is generally retained for five years, but may be retained for up to ten years if it is necessary for the prevention, detection or investigation of money laundering or terrorist financing.
  • Personal data processed to fulfil obligations under the Accounting Act is retained for seven years.
  • Personal data processed to comply with other legal requirements or for a legitimate interest may be retained for as long as necessary to comply with the relevant legislation.
We process your personal data in order to administer contracts, invoicing and payment, to fulfil our obligations towards our suppliers or their representatives and other external parties, to exercise our rights, to manage deliveries and follow-up, and to communicate within the scope of the contractual relationship.
  • Contact details, e.g. name, title, employer, postal address, telephone number and email address
  • Identifying information, e.g. passport details, identity card and date of birth/personal identity number
  • Billing information, e.g. responsible contact person, account number and tax information
  • Correspondence, payment information, descriptions of course of events, or other relevant circumstances or data
 If you represent a legal person with which we intend to enter, or have entered, into a business relationship, the legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to administer contracts, invoicing, and payment, to fulfil our obligations and to protect our rights, as well as to manage deliveries, follow-up, and communication within the scope of the contractual relationship, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

If you are a natural person with whom we intend to enter, or have entered, into a business relationship, the legal basis for the processing of personal data is performance of a contract.
  • Personal data is retained for as long as necessary to enable us to administer the contractual or business relationship, exercise our rights, and fulfil our obligations, or for as long as necessary to fulfil a legitimate interest. This means that personal data that occur in connection with agreements, possible background checks, or confidentiality undertakings is retained for as long as the agreement is valid and for ten years after the end of the contractual or business relationship, with ongoing deletion assessments carried out regularly based on necessity.
  • Personal data processed to fulfil obligations under the Accounting Act is retained for seven years.
  • Personal data required to enable identification and access to our premises is retained for 30 days in our visitors management system. If an access card is used, personal data related to entry and exit logs is retained for up to one year.
If applicable, we process your personal data in order to establish, exercise and defend legal claims.
  • Contact details, e.g. name, title, employer, postal address, telephone number and email address
  • Billing information, e.g. responsible contact person, account number and tax information
  • Correspondence, payment information, descriptions of course of events, or other relevant circumstances or data
 The legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to establish, exercise and defend legal claims, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

 Personal data is retained for ten years after the end of the contractual or business relationship, with ongoing deletion assessments carried out regularly based on necessity.

This section applies if you are:

  • A recipient of newsletters
  • A recipient of other marketing communications, e.g. our annual report

We collect your personal data from you or your employer as part of our business relationship, when registering for newsletters and similar marketing communications or when you otherwise are in contact with us. We may supplement the personal data by obtaining information from other sources, such as publicly available search engines and records, industry newsletters and social media.

You are under no obligation to provide us with your personal data. However, if you do not provide us with your personal data, we may be prevented from managing and sending you newsletters and other marketing communications.

 

Purpose Personal data
 Legal basis
 Retention period
We process your personal data in order to communicate about and market our business and to manage and send newsletters or other marketing communications (e.g. annual reports).
  • Contact details, e.g. name, title, employer, postal address, telephone number and email address
  • Language preference
  • Preferences regarding the type of marketing communication
 The legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to communicate about and market our business, as well as to administer and send marketing communications, and to provide information about our business and initiatives which are relevant to the recipients or to draw attention to specific news or information about the firm in connection with a current event or engagement, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.
  • Your personal data is processed until you choose to unsubscribe.
  • You can unsubscribe from receiving newsletters or other marketing communications at any time by using the link provided in the communication or by contacting us at dataprotection@msa.se.
  • We cease all processing of your personal data and delete it immediately after receiving your deregistration. Information about your deregistration is retained for three years to avoid new contacts.
  • We send regular reminders to provide the option to unsubscribe from communications.
We process your personal data in order to maintain our record of business contacts.
  • Contact details, e.g. name, title, employer, postal address, telephone number and email address
  • Language preference
 The legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to maintain business relationships and to provide information about our business and initiatives that are relevant to the recipients, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.
  • Your personal data is processed until you choose to unregister.
  • You can unregister at any time by using the link provided in communication or by contacting us at dataprotection@msa.se.
  • We cease all processing of your personal data and delete it immediately after receiving your deregistration. Information about your deregistration is retained for three years to avoid new contacts.
  • We send regular reminders to provide the option to unregister.

This section applies if you are a participant at events, meetings, and seminars/webinars.

We collect your personal data from you or your employer as part of our business relationship, when registering for events, meetings or seminars/webinars or when you otherwise are in contact with us. We may supplement the data by obtaining information from other sources, such as publicly available search engines and records, industry newsletters and social media.

You are under no obligation to provide us with your personal data. However, if you do not provide us with your personal data, we may be prevented from issuing invitations, administering, and offering you a place at events, meetings, and seminars/webinars.

Purpose Personal data
 Legal basis
 Retention period
We process your personal data in order to invite to, organise and administer events, meetings and seminars/webinars.

We also process personal data in order to establish lists of participants to fulfil applicable accounting obligations.
  • Contact details, e.g. name, title, employer, postal address, telephone number and email address
  • Language preference
  • Information about food preferences provided in connection with the registration
 The legal basis for the processing of personal data is our legitimate interest.

We have concluded that the processing is necessary to invite to, organise and administer events, meetings and seminars/webinars and to inform about our activities, or to draw attention to particular news or information about the firm in connection with a current event or occasion, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

In cases where we are required to compile lists of attendees under the Accounting Act, the legal basis for the processing of personal data is the existence of a legal obligation.
  • Your personal data is processed until you choose to unregister.
  • You can unregister at any time by using the link provided in the communication or by contacting us at dataprotection@msa.se.
  • We cease all processing of your personal data and delete it immediately after receiving your deregistration. Information about your deregistration is retained for three years to avoid new contacts.
  • We send regular reminders to provide the option to unregister.
  • Information about food preferences is erased as soon as an event, meeting or seminar has taken place.
  • Information about participation is retained for accounting purposes for seven years in accordance with the Accounting Act.
We process your personal data in order to maintain our contact register of business contacts and cooperation partners.
  • Contact details, e.g. name, title, employer, postal address, telephone number and email address
  • Language preference
 The legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to maintain business relationships and to provide information about our business and initiatives that are relevant to the recipients, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.
  • Your personal data is processed until you choose to unregister.
  • You can unregister at any time by using the link provided in communication or by contacting us at dataprotection@msa.se.
  • We cease all processing of your personal data and delete it immediately after receiving your deregistration. Information about your deregistration is retained for three years to avoid new contacts.
  • We send regular reminders to provide the option to unregister.
We process your personal data in order to streamline the documentation of seminars/webinars through transcription.

Participants are informed that transcription will take place before recording begins.
  • Audio recordings containing identifying information mentioned (e.g. name, title, employer)
  • Voice characteristics and speech patterns present in the audio recording that may be used for speaker identification in the transcript
  • Other data occurring in calls
 The legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to streamline the documentation of meetings and seminars/webinars, to enable active participation rather than manual note-taking and to ensure that no critical details are missed in minutes or documentation, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.
  • Audio files are retained for 60 days and are thereafter deleted once the transcription has been completed.
  • Personal data included in transcripts is retained for as long as necessary for the purpose for which it was collected, with ongoing deletion assessments carried out regularly based on necessity.
If applicable, we process your personal data in order to document, provide information about, and market our business on our website, in printed and digital media, and on social media through photographs and audio and video recordings of events and seminars/webinars.
  • Photographs, audio and video recordings with associated names from events and seminars/webinars.
 The legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to provide information about and market our business through photographs, audio and video recordings, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

In some cases, the legal basis for the processing of personal data is consent. In such cases, you will be informed separately when we ask for your consent. Consent is voluntary and you always have the right to withdraw any consent previously given. We will then be required to cease the processing.
  • Personal data is retained for up to one year after an event or seminar/webinar has taken place. Any publications are deleted annually.
  • If the processing is based on your consent, the personal data will only be retained as long as your consent is valid. You can withdraw your consent at any time by contacting us at dataprotection@msa.se.

This section applies if you are a participant at student events.

We collect your personal data from you when you register for a student event. We may also collect data from student associations, academic institutions and other sources, such as publicly available search engines and records and social media.

You are under no obligation to provide us with your personal data. However, if you do not provide us with your personal data, we may be prevented from issuing invitations, administering, and offering you a place at student events.

Purpose Personal data
 Legal basis
 Retention period
We process your personal data in order to invite to, organise and administer events, meetings and seminars/webinars.

We also process personal data in order to establish lists of participants to fulfil applicable accounting obligations.
  • Contact details, e.g. name, telephone number and email address
  • Term and university/academic institution
  • Information about food preferences provided in connection with the registration
  • Data made available via a link to your LinkedIn profile, if you personally choose to include it
 The legal basis for the processing of personal data is our legitimate interest.

We have concluded that the processing is necessary to invite to, organise and administer student events and to inform about our activities, or to draw attention to particular news or information about the firm in connection with a current event or occasion, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

In cases where we are required to compile lists of attendees under the Accounting Act, the legal basis for the processing of personal data is the existence of a legal obligation.

In some cases, the legal basis for the processing of personal data is consent. In such cases, you will be informed separately when we ask for your consent. Consent is voluntary and you always have the right to withdraw any consent previously given. We will then be required to cease the processing.
  • When registering for a student event, you may consent to us retaining your personal data to maintain contact with you regarding future career opportunities, points of contact, and student events.
  • If you have given your consent, your personal data will be retained for a maximum of three years. You can withdraw your consent at any time by contacting us at dataprotection@msa.se.
  • If you do not give your consent, the personal data will be erased shortly after the student event has taken place.
  • Information about food preferences is erased as soon as an event has taken place.
  • Information about participation is retained for accounting purposes for seven years in accordance with the Accounting Act.
If applicable, we process your personal data in order to document, provide information about, and market our business on our website, in printed and digital media, and on social media through photographs and audio and video recordings of events and seminars/webinars.
  • Photographs, audio and video recordings with associated names from student events
 The legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to provide information about and market our business through photographs, audio and video recordings, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

In some cases, the legal basis for the processing of personal data is consent. In such cases, you will be informed separately when we ask for your consent. Consent is voluntary and you always have the right to withdraw any consent previously given. We will then be required to cease the processing.
  • Personal data is retained for up to one year after an event or seminar/webinar has taken place. Any publications are deleted annually.
  • If the processing is based on your consent, the personal data will only be retained as long as your consent is valid. You can withdraw your consent at any time by contacting us at dataprotection@msa.se.
If you have given us your consent, we process your personal data in order to maintain contact with you about future career opportunities, points of contact, and student events.
  • Contact details, e.g. name, telephone number and email address
  • Term and university/academic institution
  • Data made available via a link to your LinkedIn profile, if you personally choose to include it
 The legal basis for the processing of personal data is consent. Consent is voluntary and you always have the right to withdraw any consent previously given. We will then be required to cease the processing.
  • When registering for a student event, you may consent to us retaining your personal data to maintain contact with you regarding future career opportunities, points of contact, and student events.
  • If you have given your consent, your personal data will be retained for a maximum of three years. You can withdraw your consent at any time by contacting us at dataprotection@msa.se.
  • If you do not give your consent, the personal data will be erased shortly after the student event has taken place.

This section applies if you are (or wish to become) a member of our alumni club.

We collect personal data from you when you register for our alumni club. We may also supplement the personal data by obtaining information from internal records regarding your previous employment with us and from other sources, such as publicly available search engines and records, industry newsletters and social media.

You are under no obligation to provide us with your personal data. However, if you do not provide us with your personal data, we may be prevented from processing your application to our alumni club.

Purpose Personal data
 Legal basis
 Retention period
We process your personal data in order to invite to, organise and administer events and meetings.

We also process personal data in order to establish lists of participants to fulfil applicable accounting obligations.
  • Contact details, e.g. name, title, employer, postal address, telephone number and email address
  • Information about food preferences provided in connection with the registration
 The legal basis for the processing of personal data is our legitimate interest.

We have concluded that the processing is necessary to invite to, organise and administer events and meetings, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

In cases where we are required to compile lists of attendees under the Accounting Act, the legal basis for the processing of personal data is the existence of a legal obligation.
  • Your personal data is processed until you choose to unregister.
  • You can unregister at any time by using the link provided in the communication or by contacting us at dataprotection@msa.se.
  • We cease all processing of your personal data and delete it immediately after receiving your deregistration. Information about your deregistration is retained for three years to avoid new contacts.
  • We send regular reminders to provide the option to unregister.
  • Information about food preferences is erased as soon as an event, meeting or seminar has taken place.
  • Information about participation is retained for accounting purposes for seven years in accordance with the Accounting Act.
If you have given us your consent, we process your personal data in order to administer your membership in the firm’s alumni club and to maintain contact with you.
  • Contact details, e.g. name, title, employer, postal address, telephone number and email address
  • Language preference
  • Information on membership of the firm’s alumni club
  • Details of previous employment with us, e.g. role, year of employment, business group, and office affiliation
  • Information on new employment/studies
 The legal basis for the processing of personal data is consent. Consent is voluntary and you always have the right to withdraw any consent previously given. We will then be required to cease the processing.
  • Personal data is retained as long as the consent is valid.
  • You can unregister at any time by using the link provided in communication or by contacting us at dataprotection@msa.se.
  • We cease all processing of your personal data and delete it immediately after receiving your deregistration. Information about your deregistration is retained for three years to avoid new contacts.
  • We send regular reminders to provide the option to unregister.

This section applies to you if you are applying to one of our positions. It also applies if you are applying to us as a trainee, intern or participant in one of our training or mentoring programmes, such as the Training Programme or Study for Life.

We collect your personal data from you in connection with your application and during any interview with us.  If applicable, we may also collect information from recruitment agencies, previous employers, our employees, publicly available information, social media (e.g. LinkedIn) if you have used such a service for your application, and referees.

You are under no obligation to provide us with your personal data. However, if you do not provide us with your personal data, we may be prevented from processing your application or fulfilling our obligations to you.

Purpose Personal data
 Legal basis
 Retention period
We process your personal data in order to manage the recruitment process and to assess candidates on the basis of their experience, qualifications and academic achievements, to administer invitations and book interviews, and to carry out recruitment tests and checks. This may include the use of tools to compile and summarise academic results from grade transcripts. Such tools do not involve any automated decision-making.
  • Contact details, e.g. name, title, employer, postal address, telephone number and email address
  • Identifying information, e.g. passport details, identity card, and date of birth/personal identity number
  • Information about you that you provide in your CV, cover letter, or other application documents or that is provided by references, if any
  • Documentation from interviews
  • Information regarding education, evidence of professional experience, certificates and grades, work experience including diplomas and certificates of employment
  • Photographs and information about education and professional experience from your LinkedIn profile in connection with applications made using a login from a LinkedIn account
  • Results of tests and checks carried out during the recruitment process
 The legal basis for the processing of personal data is our legitimate interest.

We have concluded that the processing is necessary to administer the recruitment process, assess applicants, administer invitations and book interviews, and carry out recruitment tests and checks, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

Further processing of your personal data may take place on the basis of your consent.
  • When applying for any of our positions, you may consent to us retaining your personal data to maintain contact with you regarding future career opportunities and points of contact.
  • If you have given your consent, your personal data will be retained for a maximum of three years. You can withdraw your consent at any time via the recruitment system or by contacting the responsible recruiter.
  • If you do not give your consent, the personal data processed in connection with the recruitment process will be retained during the recruitment process and then for six months after the recruitment process has been completed.
If applicable, we may process your personal data in order to comply with legal requirements, to fulfil our obligations and to exercise our rights under labour law and to comply with the rules of the Swedish Bar Association regarding conflict of interest checks and recruitment processes.
  • Contact details, e.g. name, title, employer, postal address, telephone number, and email address
  • Identifying information, e.g. passport details, identity card, and date of birth/personal identity number
  • Information about you that you provide in your CV, cover letter, or other application documents or that is provided by references, if any
  • Information regarding education, evidence of professional experience, certificates and grades, work experience including diplomas and certificates of employment
 The legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to meet legal requirements and comply with the rules of the Swedish Bar Association, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.
  • Personal data will be retained during the recruitment process and then for six months after the recruitment process has been completed.
  • Limited personal data relevant to fulfil the rules of the Swedish Bar Association regarding, e.g. conflict of interest checks, are saved for five years with ongoing deletion assessments carried out regularly based on necessity.
  • In addition, personal data processed to comply with other legal requirements may be retained for as long as necessary to comply with the relevant legislation.
If applicable, we process your personal data in order to safeguard our rights in the event of a claim under the Discrimination Act and to defend legal claims.
  • Relevant personal data collected within the scope of the recruitment process (see above for specification)
 The legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to safeguard our rights in the event of a claim under the Discrimination Act and to defend legal claims, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.
  • Personal data will be retained during the recruitment process and then for six months after the recruitment process has been completed.
  • In the event of a claim under the Discrimination Act, personal data may be retained for a longer period of time in connection with a potential inquiry.
If you have given us your consent, we process your personal data in order to maintain contact with you about future career opportunities and points of contact.
  • Contact details, e.g. name, title, employer, postal address, telephone number, and email address
  • Information about you that you provide in your CV, cover letter, or other application documents or that is provided by references, if any
  • Documentation from job interview
  • Information regarding education, evidence of professional experience, certificates and grades, work experience including diplomas and certificates of employment
 The legal basis for the processing of personal data is consent. Consent is voluntary and you always have the right to withdraw any consent previously given. We will then be required to cease the processing.
  • When applying for any of our positions, you may consent to us retaining your personal data to maintain contact with you regarding future career opportunities and points of contact.
  • If you have given your consent, your personal data will be retained for a maximum of three years. You can withdraw your consent at any time via the recruitment system or by contacting the responsible recruiter.
  • If you do not give your consent, the personal data processed in connection with the recruitment process will be retained during the recruitment process and then for six months after the recruitment process has been completed.

This section applies if you are listed as a reference or are otherwise involved as a contact in connection with a recruitment process.

We collect your personal data either directly from you, from the applicant or from publicly available information.

You are under no obligation to provide us with your personal data. However, if you do not provide us with your personal data, we may be prevented from obtaining information or references from you.

Purpose Personal data
 Legal basis
 Retention period
We process your personal data in order to obtain information or references from you when a person is involved in a recruitment process with us.
  • Contact details, e.g. name, title, employer, postal address, telephone number, and email address
  • Relationship with and information about the applicant relevant to the reference
 The legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to obtain references and relevant information in connection with our recruitment process, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

 Personal data will be retained during the recruitment process and then for six months after the recruitment process has been completed.

This section applies if you are a visitor or if you are staying at our premises.

We collect your personal data from you or your employer when booking your visit and/or during your visit. We may also collect data from the person within the firm who is hosting or has organised your visit.

You are under no obligation to provide us with your personal data. However, if you do not provide us with your personal data, we may be prevented from administering your visit or providing you with access to our premises.

Purpose Personal data
 Legal basis
 Retention period
We process your personal data in order to administer the booking of visits and administer visits to our offices, to manage a possible emergency situation, to maintain the security and confidentiality on our premises and for our employees and our property, and to meet the requirements imposed on us as a law firm.
  • Contact details, e.g. name, title, employer, telephone number, and email address
  • Date/time for your visit and details about your visit
 The legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to administer visits, maintain the security of our offices, manage emergencies, prevent and investigate crime and unauthorised access for the purpose of increasing the safety of the firm’s staff and visitors, as well as to protect the firm’s property and to meet the requirements imposed on us as a law firm, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

 Personal data is retained for 30 days in our visitors management system.

This section applies if you are staying in areas of our premises that are subject to camera surveillance.

We collect your personal data from you when you enter and remain in areas of our premises that are subject to camera surveillance.

If you do not provide us with your personal data by choosing not to enter the camera surveilled area, we may be prevented from administering your visit or providing you with access to our premises.

Purpose Personal data
 Legal basis
 Retention period
We process your personal data by using CCTV in areas of our premises as stated on separate signs to prevent and investigate crime, to maintain the security and confidentiality of our premises and to prevent unauthorised access to our premises.
  • Video recording via CCTV

We do not record audio.

 The legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to protect our employees and property, to maintain the security and confidentiality requirements imposed on us as a law firm, and to prevent crime, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

 Recorded material is retained for seven days.
We process your personal data by retaining certain recordings and events as part of an investigation that has been initiated, as part of a police report or to preserve evidence.
  • Video recording via CCTV

We do not record audio.

 The legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to investigate and document incidents and to ensure that a police report can be made, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

To the extent that the processing involves personal data relating to criminal convictions and offences, the processing is carried out on the basis of Article 10 GDPR in conjunction with Chapter 3, Sections 8–9 of the Act (2018:218) with supplementary provisions to the EU General Data Protection Regulation.

If we have a legal obligation to disclose recorded material as part of an ongoing police report or investigation, the legal basis for the processing of personal data is the existence of a legal obligation.

 In the course of an investigation, recorded material may be retained for more than seven days. If relevant, recorded material will be retained for as long as necessary to take action, e.g. to investigate crime, unauthorised access or to report to the police.

 

This section applies if you have contact with us via various communication channels.

We collect your personal data from you or your employer in the context of your contact with us or the business relationship that exists between us. We may also collect personal data from other parties in the correspondence, from existing client relationships and from publicly available search engines and records, depending on the nature of the communication.

If you do not provide us with your personal data, we may be prevented from communicating with you or otherwise assist you in your contact with us.

Purpose Personal data
 Legal basis
 Retention period
We process your personal data in order to be able to communicate with you when you contact us through different communication channels and administer such communication.
  • Contact details, e.g. name, title, employer, postal address, telephone number and email address
  • Information that can be attributed to you or to your participation or involvement in telephone or video calls and emails, depending on the nature of the correspondence
 The legal basis for the processing of personal data is our legitimate interests.

We have concluded that the processing is necessary to enable and administer communication with you, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

In connection with certain engagements or to meet other purposes, there may be other applicable legal bases, depending on national laws and regulations that may be relevant for such purpose.

 Communications with us in the context of a client relationship or in connection with our engagements are retained for ten years from the date of completion of an engagement, or for such longer period as required by the nature of the client relationship or the engagement.

Other communications are, as a main rule, culled after a needs assessment, depending on what the communication or correspondence refers to and whether it could possibly be covered by any of the other sections of this information.

This section applies if you are a visitor to our website.

We collect your personal data when you visit our website.

Our strictly necessary cookies are always activated when you visit our website in order for it to function properly. You are under no obligation to provide us with additional personal data, but if you choose not to accept the use of additional cookies, some features or services on the website may be limited. If you want assistance with any of these services without consenting to cookies, please contact us directly using the contact details above under the section “Data controller and contact details”.

 

Purpose Personal data
 Legal basis
 Retention period
We process your personal data through strictly necessary cookies in order to provide a functional website. We only collect personal data that is strictly necessary to provide you with a functioning website. See more information in our Cookie Policy. The legal basis for the processing is our legitimate interests.

We have concluded that the processing is necessary to provide a functioning website, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

 Personal data processed in connection with visits to our website is retained for varying periods, depending on which cookie is set in your browser. For specific storage periods, see our Cookie Policy.
We process your personal data through functional and performance cookies to provide additional functions and services on our website, to measure the performance and efficiency of the website and to ensure the security and stability of the website. Some of these cookies are provided by third parties.

We do not use any promotional or advertising cookies.
  • Only personal data necessary to provide the additional features and services we offer on the website
  • IP address, language choice, visitor ID to save information in forms and session ID
  • See more information in our Cookie Policy
 The legal basis for the processing is our legitimate interests.

We have concluded that the processing is necessary to provide a well-functioning and user-friendly website, and that these interests override any competing interests and fundamental rights and freedoms. You always have the right to object to this conclusion, see the section “What are your rights?”.

 Personal data processed in connection with visits to our website is retained for varying periods, depending on which cookie is set in your browser. For specific storage periods, see our Cookie Policy.

We are committed to ensuring that personal data is processed with a high level of security and confidentiality and have implemented technical and organisational measures to protect your personal data from loss, destruction, misuse and unauthorised access or disclosure. Only authorised persons who need access to your personal data in order to fulfil our stated purposes will have access to it. The measures include, among other things, encrypted and private network connections (VPN) for transfers between our offices and internal processes and policies to comply with the requirements of applicable data protection legislation. We regularly review our security policies and procedures.

As a general rule, the firm, our suppliers and cooperation partners only process your personal data within the EU/EEA. If personal data is processed outside the EU/EEA, there is either a decision from the European Commission on an adequate level of protection or appropriate safeguards, such as standard contractual clauses. Depending on the purpose for which your personal data is processed, a transfer to the firm’s foreign offices may become relevant, which in turn may entail that the personal data is transferred outside the EU/EEA to our offices in New York or Singapore. This type of transfer is normally based on the European Commission’s standard contractual clauses. Transfers to countries outside the EU/EEA may also take place within the scope of an engagement if it is relevant for the execution of the engagement, in which case we take appropriate measures to ensure that the personal data remains protected in accordance with applicable data protection legislation, usually on the basis of adequacy decisions, standard contractual clauses, or on the basis that it is necessary for the establishment, exercise or defence of legal claims. You have the right to obtain a copy of any standard contractual clauses by contacting us via the contact details under the section “Data controller and contact details”. You can find more information about the countries which are deemed to have an “adequate level of protection” on the European Commission’s website and you can read more about standard contractual clauses on the Swedish Authority for Privacy Protection’s website.

As a general rule, the firm, our suppliers and cooperation partners only process your personal data within the EU/EEA. If personal data is processed outside the EU/EEA, there is either a decision from the European Commission on an adequate level of protection or appropriate safeguards, such as the European Commission’s standard contractual clauses, where applicable supplemented by additional technical and organisational safeguards based on an assessment of the level of protection in the recipient country. Depending on the purpose for which your personal data is processed, a transfer to the firm’s foreign offices may become relevant, which in turn may entail that the personal data is transferred outside the EU/EEA to our offices in New York or Singapore. Transfers may also take place where our suppliers or their sub-processors process personal data outside the EU/EEA. This type of transfer is normally based on the European Commission’s standard contractual clauses. Transfers to countries outside the EU/EEA may also take place within the scope of an engagement if it is relevant for the execution of the engagement, in which case we take appropriate measures to ensure that the personal data remains protected in accordance with applicable data protection legislation, usually on the basis of adequacy decisions, standard contractual clauses, or on the basis that it is necessary for the establishment, exercise or defence of legal claims. You have the right to obtain a copy of any standard contractual clauses by contacting us via the contact details under the section “Data controller and contact details”. You can find more information about the countries which are deemed to have an “adequate level of protection” on the European Commission’s website and you can read more about standard contractual clauses on the Swedish Authority for Privacy Protection’s website.

Mannheimer Swartling will not disclose your personal data to anyone outside the firm except in cases where:
(i) it is agreed between you and us;
(ii) it is necessary within the scope of a specific engagement in order for us to safeguard our clients’ rights and interests or to act in accordance with the client’s instructions (e.g. to courts, arbitral tribunals, public authorities, opposing parties, opposing party counsel, insurance companies, or auditors);
(iii) it is necessary to protect legal interests;
(iv) it is necessary for us to fulfil a statutory obligation, comply with a public authority or court decision, or comply with legislation (e.g. accounting, anti-money laundering, or market abuse legislation) or to comply with the rules of the Swedish Bar Association and meet the ethical requirements imposed on us as a law firm;
(v) we engage a third-party service provider or cooperation partner in order to perform services on our behalf, e.g. to provide IT, system, AI or cloud services, administrative services or recruitment services, or to organise events;
(vi) it is necessary for the functioning of our third-party cookies used on our website;
(vii) we market our activities on, e.g. our website and social media;
(viii) we cooperate with co-organisers of events and there is a need for access to participant lists or if other event participants have compelling reasons to access participant lists; or
(ix) it is otherwise permitted or required under applicable law.

In certain cases, the recipients are parties that are acting as data controllers (e.g. courts, public authorities, accounting firms or recruitment agencies) while, in other cases, they are data processors that process personal data in accordance with our instructions and may not use them for their own purposes (e.g. service providers and cooperation partners which are contractually allowed to process personal data only to provide the service in question and for, among other things, storage, support and development purposes).

We do not make any decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you. To the extent that we use AI tools or automated processes in our business, a human assessment is always carried out before any decision is made that affects you.

We may update this information from time to time, e.g. as a result of changes in legislation, regulatory practice, internal processes or our business. The most recent version of this information is always available on our website.

This information was last updated on 2026-06-03.

Popular search terms