Processing of Personal Data
Processing of Personal Data at Rime Law Firm DA
When you interact with us, either as a private client or as a contact person for a corporate client, Rime processes your personal data. Below, you will find information on the personal data collected, the reasons for this collection, and your rights associated with the processing of your personal data.
The Data Controller for the personal data we process is Rime Law Firm DA (“Rime”), represented by our managing director, Niels R. Kiær. Rime’s contact information is:
Address: Pb. 394 Sentrum, 0103 Oslo
Email: email@example.com Phone: 23 00 34 00
Organization Number: 879 469 082
For any questions regarding our processing of personal data, you can contact us.
Why We Collect Personal Data and the Type of Information We Collect
We collect and use your personal data for various purposes depending on who you are and how we come in contact with you. We collect the following personal data for the purposes stated here:
1. Establishment and administration of the client relationship.
We process contact information, identity documentation, payment information, etc. This processing is based on GDPR Article 6 (1) letter b (necessary to fulfill a contract to which the data subject is party) for private clients, and GDPR Article 6 (1) letter f (necessary for purposes related to legitimate interest) for corporate client contacts. Additionally, Rime is legally obliged under the Anti-Money Laundering Act § 4 (2) no. 3, cf. §§ 17 and 18, and processes data accordingly under GDPR Article 6 (1) c (necessary to fulfill a legal obligation).
2. Case handling.
We process personal data necessary for the case at hand. This processing is based on GDPR Article 6 (1) letter b for private clients and GDPR Article 6 (1) letter f for corporate client contacts.
3. Information about counterparts and third parties.
We process personal data necessary for the case. The processing is based on GDPR Article 6 (1) letter f (necessary for purposes related to legitimate interest). We have determined that this processing is essential for efficiently resolving cases according to commercial considerations and proper legal practice. For special categories of data, the processing has legal grounds in GDPR Article 9 (2) letter f (establishing, asserting, or defending legal claims).
4. Criminal convictions and offences.
We process necessary personal data based on GDPR Article 9 (2) letter f, alongside a systemic consideration of the Criminal Procedure Act and the rules of proper legal practice point 2.3.
5. Storage/retention of case documents.
We process personal data necessary for the case, based on the legal obligation to archive ongoing and completed cases.
We process contact and payment information based on GDPR Article 6 (1) letter b for private clients and GDPR Article 6 (1) letter f for corporate client contacts.
7. Sending marketing, newsletters, and other relevant information about our operations.
In this context, we process names and email addresses based on the consent of the recipient, usually a private client or a contact person at a corporate client, as per the Marketing Act § 15.
8. Information about potential clients.
We process contact information based on GDPR Article 6 (1) letter f (necessary for purposes related to legitimate interest), as it is essential for safeguarding our commercial interests.
9. Knowledge management
(e.g., reuse of documents in later cases). We process necessary personal data based on GDPR Article 6 (1) letter f. We have assessed that this processing is essential for internal learning processes and working more efficiently.
We process CVs, applications, certificates, diplomas, reference statements, internal evaluations/interview reports, potential personality tests, and aptitude tests based on a contract with the job applicant, i.e., GDPR Article 6 (1) letter b. If we retain application documents after the recruitment process is concluded, it’s based on the consent of the applicant, cf. GDPR Article 6 (1) letter a.
We process server logs, detection, clarification, and follow-up of security incidents, etc., based on GDPR Article 6 (1) letter f (necessary for purposes related to legitimate interest). We have assessed this processing as essential for ensuring information security and preventing unauthorized disclosure of personal data.
Disclosure of Personal Data to Others
We will not disclose or transfer your personal data to others unless there is a legal basis or obligation for such disclosure. Examples include consent from the data subject or legal orders or obligations that require us to disclose the information to counterparts, courts, public bodies, or others.
Rime also uses data processors to process personal data on our behalf. In such cases, we have entered into agreements to ensure information security throughout all stages of processing. We currently use the following data processors:
- Provider of case handling and accounting systems
- Provider of IT operational services
- Provider of newsletter solutions
All processing of personal data that we undertake occurs within the EU/EEA area.
We retain your personal data as long as necessary for the purpose for which the personal data was collected.
This means, for instance, that personal data processed based on your consent will be deleted if you withdraw your consent. Personal data processed to fulfill a contract with you will be deleted once the contract and all obligations arising from the contractual relationship are met. In both cases, deletion assumes that current legislation does not dictate continued retention and that the data is no longer necessary for the purpose for which it was collected, as per the storage time overview below.
Personal data processed to fulfill a legal obligation by the authorities will be deleted when the legal basis dictates so. This includes accounting and bookkeeping regulations.
Below is an overview of how long we process personal data for different purposes:
Up to 10 years after the conclusion of the last case
Storage/Retention of Case Documents
Up to 10 years after the conclusion of the last case
Up to 5 years after the end of the accounting year in which the invoicing occurred
Information on Potential Clients
Up to 5 months
Knowledge Management (e.g., reuse of documents in later cases)
Up to 10 years
Up to 3 months after the application deadline. With consent from the applicant, we store CVs, applications, certificates, and diplomas for up to 2 years for use in new, relevant job vacancies.
Up to 1 year
Up to 3 years
Your Rights When We Process Personal Data About You
You have the right to request access, correction, or deletion of the personal data we process about you. You also have the right to request limited processing and under certain conditions, object to the processing. You can read more about these rights on the Data Inspectorate's website: www.datatilsynet.no.
To exercise your rights, you must contact us by email or phone. We will respond to your inquiry as soon as possible, and no later than 30 days. We will ask you to confirm your identity or provide additional information before allowing you to exercise your rights over us. We do this to ensure that we only provide access to your personal data to you - not someone pretending to be you.
You can withdraw your consent for processing personal data at any time.
If you believe that our processing of personal data does not align with what we have described here, or that we otherwise violate privacy legislation, you can complain to the Data Inspectorate. You can find information on how to contact the Data Inspectorate on their website: www.datatilsynet.no.
If there are changes to our services or changes in the regulations regarding the processing of personal data, it may change the information you are given here. Updated information will always be easily accessible on our website.