INFORMATION ON MAQS’ PROCESSING OF PERSONAL DATA
1. INTRODUCTION
MAQS Advokatbyrå AB, reg. no. 556950-7733 and MAQS Advokatbyrå KB, reg. no. 916539-0692, (collectively referred to as "MAQS" and individually as "the companies" or "we", "us", "our") process personal data in various situations in our business. Below you will find more information about our processing of your personal data and how you can exercise your rights.
2. WHO IS THE DATA CONTROLLER AND WHO SHOULD YOU CONTACT?
Our operations in Gothenburg, Stockholm and Sundsvall are conducted in the company MAQS Advokatbyrå AB, while the operations in Malmö are conducted in the company MAQS Advokatbyrå KB. Each company is independently responsible for its processing of your personal data and is responsible for ensuring that such processing is carried out in accordance with applicable legislation, including the General Data Protection Regulation ("GDPR"). However, for personal data processing on our website, in podcasts and on social media, the companies are jointly responsible for personal data. The companies agree that MAQS Advokatbyrå AB administers these channels and any questions about the personal data processing that occurs should therefore be directed there.
If you want to get in touch with us, you can contact us in the following ways:
For the Malmö office:
MAQS Advokatbyrå KB
Address: Gibraltargatan 7, Box 226, 201 22 Malmö, Sweden
Telephone number: +46 40 664 26 00
For the offices in Gothenburg, Stockholm and Sundsvall:
MAQS Advokatbyrå AB
Address: Östra Hamngatan 24, Box 11918, 404 39 Göteborg, Sweden
Telephone number: +46 10 265 73 00
For all offices:
E-mail address: dataskydd@maqs.com
3. WHO ARE THE PEOPLE WHOSE PERSONAL DATA WE PROCESS?
We process the personal data of individuals who come into contact with our activities in various ways. Below you will find more detailed information on the different categories of individuals whose personal data we process. You will also find a summary of the data processing activities in this information text that are typically relevant to each category of person, as well as references to where you can read more about these.
3.1 Clients
You are our client (natural person or sole trader) or our client's (legal person) contact person, employee, contractor, representative or owner.
We process personal data about you in the context of our assignments (section 4.1), when you visit us (section 4.4) or our website (section 4.5), when you receive marketing communications from us, attend our events, fairs, seminars, meetings and webinars (section 4.3) and for certain general processing (section 4.6). In section 5-7 you will also find information on where we get your personal data from, whether you have to provide it to us, who we share it with and where we process your personal data geographically. You can also read about your rights in section 8.
3.2 Other people who appear in our assignments
For example, counterparties and their representatives, contact persons or employees, counterparty representatives, arbitrators, judges, witnesses, experts, government officials, consultants and other advisors.
We process personal data about you in the context of our assignments (section 4.1.2), when you visit us (section 4.4) or our website (section 4.5) and in certain general data processing activities (section 4.6), and in section 5-7 you will also find information on where we get your personal data from, whether you have to provide it to us, who we share it with, and where we process your personal data geographically. You can also read about your rights in section 8.
3.3 Suppliers and partners
You, who are our supplier or partner (natural person or sole trader) or our supplier's or partner's (legal person) contact person, employee, contractor, representative or owner.
We process personal data about you in the context of our business relationship (section 4.2), when you visit us (section 4.4) and in certain general data processing activities (section 4.6). In section 5-7 you will also find information on where we get your personal data from, whether you have to provide it to us, who we share it with and where we process your personal data geographically. You can also read about your rights in section 8.
3.4 Participants and invitees to seminars, events, etc.
For example, invitees, participants, external speakers and students at seminars/webinars, events, fairs and digital meetings.
We process personal data about you when you attend our events, fairs, seminars, meetings and webinars, receive marketing communications from us (section 4.3), visit us (section 4.4) or our website (section 4.5) and for certain general data processing activities (section 4.6), and in section 5-7 you will also find information on where we get your personal data from, whether you have to provide it to us, who we share it with, and where we process your personal data geographically. You can also read about your rights in section 8.
3.5 People who receive marketing from us or who appear in our marketing material
We process personal data about you when we send you marketing material or when you are featured in our marketing material, e.g. if you are an external speaker at one of our events (section 4.3) and for certain general data processing activities (section 4.6). In section 5-7 you will also find information on where we get your personal data from, whether you have to provide it to us, who we share it with, and where we process your personal data geographically. You can also read about your rights in section 8.
3.6 Website visitors and guests in our podcasts
We process personal data about you when you visit our website www.maqs.com or guest on one of our podcasts (section 4.5) and for certain general data processing activities (section 4.6). In section 5-7 you will also find information on where we get your personal data from, whether you have to provide it to us, who we share it with, and where we process your personal data geographically. You can also read about your rights in section 8.
3.7 Visitors to our premises, such as tradesmen and callers
We process personal data about you when you visit us (section 4.4) and during certain general data processing activities (section 4.6). In section 5-7 you will also find information on where we get your personal data from, whether you have to provide it to us, who we share it with, and where we process your personal data geographically. You can also read about your rights in section 8.
3.8 People involved in our bankruptcy matters assignments
See separate information on the website.
3.9 Recruitment candidates
See separate information on the website under careers/ vacancies.
3.10 Employees
See separate information on the intranet.
4. WHEN DO WE PROCESS YOUR PERSONAL DATA?
In this section, you can read more about what personal data we process about you, for what purposes, what our legal basis is and how long we will process your personal data. Please note that we may process your personal data for several different purposes at the same time.
In the following, we have categorised the information according to the different situations in which we process personal data. In section 3 above, we have listed the sections that are typically relevant for each category of people. Therefore, if you only want to read the information that concerns you, it is easiest to follow the references given for each category of people in section 3 above.
4.1 In our assignments
4.1.1 Clients and their contact persons, employees, contractors, representatives or owners
We process your personal data in order to carry out the necessary checks on our clients and fulfil our obligations under applicable legislation and the rules of the Swedish Bar Association, to conduct our legal practice by carrying out our assignments and otherwise fulfil our commitments, and to establish, assert and defend ourselves against legal claims. Please read more in the table below.
|
Purpose |
Personal data |
Legal basis |
Retention period |
|---|---|---|---|
Carry out the necessary checks on our clients and fulfil our obligations under applicable legislation (e.g. anti-money laundering, sanctions or tax legislation). |
Name, address, email address, telephone number, personal identity number, identification details such as passport details, ID, photograph, etc., information on your authority to represent the client, information on profession/position/title. For clients who are natural persons or sole proprietorships, we also process financial data, invoicing data and any information that you or your relatives are a politically exposed person (if applicable). |
Legal obligation (GDPR, Article 6(1)(c) and e.g. Code of Judicial Procedure, anti-money laundering, sanctions or tax legislation. Personal identity number: processed due to the importance of secure identification, Chapter 3, Section 10 of the Data Protection Act). |
|
Fulfilling the requirements imposed on us by the rules of the Swedish Bar Association, including, among other things, managing conflict of interest rules and protecting our clients' interests. |
Name, address, email address, telephone number, personal identity number, identification details such as passport details, ID, photograph, information on your authority to represent the client, information on title/position. |
Legitimate interest (GDPR, Article 6(1)(f)), unless our obligations follow from the legal obligations set out in Chapter 8 of the Code of Judicial Procedure. The processing is necessary for our legitimate interest in being able to fulfil the requirements placed on us as a law firm. Please contact us if you want to know more about how we have balanced your interests against ours. Personal identity number: processed due to the importance of secure identification, Chapter 3, Section 10 of the Data Protection Act). |
At least 10 years from the date of completion of the assignment. However, the Bar Association's rules on conflicts of interest often require us to store certain personal data for longer than this - in some cases forever - depending on the nature of the client relationship and/or the assignment. |
Operate our law firm by carrying out our duties and otherwise fulfilling our obligations. This includes, among other things, communicating with you and other parties (including when special security is required, such as when the Security Protection Act applies), preparing and managing client cards, dealing with legal expenses insurance issues, making credit assessments, booking meetings, managing deadlines, managing documentation, time reporting and fees, providing documentation of our assignments, storing original documents and valuable documents in certain cases, and archiving documents in our assignments after the assignment has been completed. |
Name, address, e-mail address, telephone number, your title/position, client and matter number, IP address (in case of electronic signing), personal identity number (in some cases in case of electronic signing), correspondence. For clients who are natural persons or sole proprietorships, we also process insurance numbers (in case of legal expenses insurance). |
Client who is a natural person or a sole proprietorship: Performance of a contract (GDPR, Article 6(1)(b)). Other clients: Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for our legitimate interest to perform our tasks and otherwise fulfil our obligations. Contact us if you want to know more about how we have balanced your interests against ours. Personal identity number: processed due to the importance of secure identification, Chapter 3, Section 10 of the Data Protection Act). |
Personal data is stored for the duration of the assignment and then archived in accordance with:
|
Establish, enforce and defend ourselves against legal claims. |
Name, address, e-mail address, telephone number, correspondence, payment information, invoicing information, description of assignment/event and similar, personal identity number and information about any debts owed to us (e.g. in case of debt collection). |
Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for the establishment, exercise or defence of legal claims. If you want to know more about how we have balanced your interests against ours, please contact us. Personal identity number: processed due to the importance of secure identification, Chapter 3, Section 10 of the Data Protection Act). |
Personal data are kept for at least ten years from the date of completion of the assignment, or such longer period as may be required by the nature of the client relationship, assignment or dispute. |
We also process personal data about you when you visit us (section 4.4) or our website (section 4.5), when you receive marketing communications from us, attend our events, fairs, seminars, meetings and webinars (section 4.3) and in certain general data processing activities (section 4.6). In section 5-7 you will also find information on where we get your personal data from, whether you have to provide it to us, who we share it with and where we process your personal data geographically. You can also read about your rights in section 8.
4.1.2 Other people in our assignments
This section relates to our processing of personal data of people involved in our engagements other than our clients, such as counterparties and their representatives, contact persons or employees, opposing counsel, arbitrators, judges, witnesses, experts, government officials, consultants and other advisors and the like.
We process your personal data in order to carry out the necessary checks on our clients and fulfil our obligations under applicable legislation and the rules of the Swedish Bar Association, to conduct our legal practice by carrying out our assignments and otherwise fulfil our commitments, and to establish, assert and defend ourselves against legal claims. Please read more in the table below.
|
Purpose |
Personal data |
Legal basis |
Retention period |
|---|---|---|---|
Carry out the necessary checks on our clients and fulfil our obligations under applicable legislation (e.g. anti-money laundering, sanctions or tax legislation). |
Name, address, e-mail address, telephone number, personal identity number, information on profession/position/title. For counterparties who are natural persons or sole proprietorships, we also process financial data, as well as any information that you or your relatives are a politically exposed person (if applicable). |
Legal obligation (GDPR, Article 6(1)(c) and e.g. Code of Judicial Procedure, anti-money laundering, sanctions or tax legislation. Personal identity number: processed due to the importance of secure identification, Chapter 3, Section 10 of the Data Protection Act). |
|
Fulfilling requirements imposed on us by the Rules of the Bar Association, including, among other things, managing conflict of interest rules and protecting our clients' interests. |
Name, address, e-mail address, telephone number. For counterparties who are natural persons or sole traders, we also process your personal identity number, your title/position and financial data. |
Legitimate interest (GDPR, Article 6(1)(f)), unless our obligations arise from the legal obligations set out in Chapter 8 of the Code of Judicial Procedure (GDPR, Article 6(1)(c) and Code of Judicial Procedure). The processing is necessary for our legitimate interest of being able to fulfil the requirements placed on us as a law firm. Please contact us if you want to know more about how we have balanced your interests against ours. Personal identity number: processed due to the importance of secure identification, Chapter 3, Section 10 of the Data Protection Act). |
At least 10 years from the date of completion of the assignment. However, conflict of interest rules often require us to keep personal data for longer than that - in some cases forever - depending on the nature of the client relationship and/or the assignment. |
Operate our law firm by carrying out our tasks and otherwise fulfilling our obligations. This includes, among other things, communicating with you and other parties (including when special security is required, such as when the Security Protection Act applies), preparing and managing client cards, dealing with legal expenses insurance issues, booking meetings, managing deadlines, managing documentation, time reporting and fees, providing documentation of our assignments and storing original documents and valuables in certain cases. |
Name, address, e-mail address, telephone number, your title/position, IP address (in case of electronic signing), personal identity number (in some cases in case of electronic signing), correspondence. |
Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for our legitimate interest to perform our tasks and otherwise fulfil our obligations. Contact us if you want to know more about how we have balanced your interests against ours. |
Personal data is stored for the duration of the assignment and then archived in accordance with:
|
Establish, assert and defend ourselves against legal claims, where applicable. |
Name, address, e-mail address, telephone number, correspondence, payment information, billing information, description of the assignment/event, etc. |
Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for the establishment, exercise or defence of legal claims. If you want to know more about how we have balanced your interests against ours, please contact us. Personal identity number: processed due to the importance of secure identification, Chapter 3, Section 10 of the Data Protection Act). |
Personal data are kept for at least ten years from the date of completion of the assignment, or such longer period as may be required by the nature of the client relationship, assignment or dispute. |
We also process personal data about you when you visit us (section 4.4) or our website (section 4.5) and in certain general data processing activities (section 4.6), and in section 5-7 you will also find information on where we get your personal data from, whether you have to provide it to us, who we share it with, and where we process your personal data geographically. You can also read about your rights in section 8.
4.2 Contact persons, employees and contractors of our suppliers and partners
We process your personal data in order to fulfil our obligations towards our suppliers/partners and to establish, exercise and defend ourselves against legal claims. Please read more in the table below.
|
Purpose |
Personal data |
Legal basis |
Retention period |
|---|---|---|---|
Fulfilling our obligations towards our suppliers/partners, managing purchases, deliveries and follow-ups, administering contracts, invoicing and payment, communicating within the framework of the contractual relationship, exercising our rights and archiving contracts. |
Name, title, employer, postal address, telephone number and e-mail address, supplier number, billing information, e.g. responsible contact person, account number and tax information, correspondence, payment information, descriptions of events or other relevant circumstances or information. |
Supplier/partner who is a natural person or a sole proprietorship: Performance of a contract (GDPR, Article 6(1)(b)). Other suppliers/ partners: Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for our legitimate interest in fulfilling our obligations to our suppliers/ partners, managing your deliveries and follow-ups, administering contracts, invoicing and payment, communicating within the framework of the contractual relationship, exercising our rights and archiving contracts. Contact us if you want to know more about how we have balanced your interests with ours. Personal identity number: processed due to the importance of secure identification, Chapter 3, Section 10 of the Data Protection Act). |
As long as we have an ongoing business relationship with the supplier and you are our contact person and one year thereafter. Contracts are archived for 10 years from the date of expiry. |
Establish, enforce and defend ourselves against legal claims. |
Name, address, e-mail address, telephone number, personal identity number (e.g. in case of debt collection), correspondence, payment information, invoicing information, description of assignment/event and similar. |
Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for the establishment, exercise or defence of legal claims. If you want to know more about how we have balanced your interests against ours, please contact us. Personal identity number: processed due to the importance of secure identification, Chapter 3, Section 10 of the Data Protection Act). |
As long as the contract is valid and for ten years thereafter. |
We also process personal data about you when you visit us (section 4.4) or our website (section 4.5) and in certain general data processing activities (section 4.6), and in section 5-7 you will also find information on where we get your personal data from, whether you have to provide it to us, who we share it with and where we process your personal data geographically. You can also read about your rights in section 8.
4.3 Marketing, events, trade fairs, seminars/webinars and digital meetings
We process personal data for the purposes of organising events, competitions and student activities, follow-up, producing marketing material, sending newsletters, publishing content on our social media channels and administering blacklists. Read more in the table below.
|
Purpose |
Personal data |
Legal basis |
Retention period |
|---|---|---|---|
Organising events etc. Invite you to events, fairs, digital meetings and seminars/webinars and manage your registration and participation. |
Name, email address, organisation/university affiliation and term (student), title, telephone number, photo, film and audio recording from events, fairs, meetings and seminars, possible connection to MAQS employee, possible dietary preferences. |
Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for our legitimate interest of inviting, organising and administering events, fairs, digital meetings and seminars/webinars. Please contact us if you want to know more about how we have balanced your interests against ours. |
For as long as we have an ongoing business relationship with you or until you notify us that you no longer wish to receive invitations from us. Food preferences are screened after the event. |
Competitions at fairs and student activities Organising and running competitions at fairs and student activities. |
Name, email address, organisation/university affiliation and term (student), title, mobile number, university. |
Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for our legitimate interest of organising and running competitions at fairs and student activities. Please contact us if you want to know more about how we have balanced your interests against ours. |
For the duration of the competition and for a maximum of three months thereafter. |
Follow-up with participants through questionnaires We follow up our organised events, fairs, seminars/webinars through surveys of participants in order to make improvements. |
Name, email address, organisation affiliation, title, phone number and your feedback. |
Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for our legitimate interest to follow up and make improvements to our events, fairs, and seminars/webinars. Please contact us if you want to know more about how we have balanced your interests against ours. |
One year after you responded to the survey. |
Newsletters etc. Manage and send newsletters or other market communications (e.g. annual reports). |
Name, email address, organisation affiliation, title, telephone number. |
Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for our legitimate interest to send you newsletters and other marketing communications. Please contact us if you want to know more about how we have balanced your interests against ours. |
As long as we have an ongoing business relationship with you or until you notify us that you no longer wish to receive invitations from us. |
Marketing material Promote our events, fairs, seminars/webinars and MAQS' activities in general, e.g. by providing information about external speakers and previous years' events in marketing material material |
Name, email address, organisation, title, phone number, photo and video (of external speakers, participants in previous events, fairs, meetings and seminars, and other people featured in our promotional material, such as extras). |
Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for our legitimate interest to inform about our external speakers in our invitations. Please contact us if you want to know more about how we have balanced your interests against ours. |
One year from the date the invitation is sent. |
Social media Publish content on our social media channels, including Facebook, Instagram, LinkedIn and YouTube. |
Personal data in our posts/publications, such as name, photo, voice recording, comments and other reactions. |
Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for our interest in publishing content on our social media channels. Please contact us if you want to know more about how we have balanced your interests with ours. |
The posts/publications will remain as long as you do not object. |
Blocked lists If you unsubscribe from our mailings or otherwise inform us that you do not wish to receive future mailings from us, we will put your data on an internal blocking list. We do this to ensure that your request is honoured in practice. |
E-mail address. |
Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for our legitimate interest of maintaining and managing blocking lists to ensure that we comply with your request not to be contacted. Please contact us if you want to know more about how we have balanced your interests against ours. |
Blocked lists If you unsubscribe from our mailings or otherwise inform us that you do not wish to receive future mailings from us, we will put your data on an internal blocking list. We do this to ensure that your request is honoured in practice. |
We also process personal data about you when you visit us (section 4.4) or our website (section 4.5) and in certain general data processing activities (section 4.6), and in section 5-7 you will also find information on where we get your personal data from, whether you have to provide it to us, who we share it with and where we process your personal data geographically. You can also read about your rights in section 8.
4.4 At telephone contact with us and visit to our premises
We process personal data to connect incoming calls, sign confidentiality agreements and administer alarm codes and access cards. Please read more in the table below.
|
Purpose |
Personal data |
Legal basis |
Retention period |
|---|---|---|---|
Connect phone calls To be able to transfer incoming calls to the right person in our organisation. |
Name and telephone number. |
Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for our interest in being able to transfer incoming calls to the right person in our organisation. Please contact us if you want to know more about how we have balanced your interests against ours. |
Deleted after the call is disconnected. |
Confidentiality agreement We sign confidentiality agreements with external people (e.g. craftsmen) who visit our premises within the locked, internal areas to ensure the confidentiality of our clients and assignments. |
Name, signature and other information in the confidentiality agreement. |
Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for our interest in ensuring the confidentiality of our clients and assignments in accordance with the requirements imposed on us as a law firm. Please contact us if you want to know more about how we have balanced your interests against ours. |
10 years from signature. |
Alarm codes and access cards To ensure that no unauthorised person gains access to internal areas of our premises, external visitors, craftsmen, etc. are given individual alarm codes. |
Name, date and time, arming/disarming, indication of triggered alarm, tag number. |
Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for our interest in ensuring that no unauthorised person has access to internal areas of our premises. Please contact us if you want to know more about how we have balanced your interests against ours. |
Name and tag number: Access cards are deleted after the end of employment. Other data: 90 days from the date of collection, unless the data is required for action due to e.g. triggered alarm. |
We also process personal data about you in certain general data processing activities (section 4.6); in section 5-7 you will also find information on where we get your personal data from, whether you have to provide it to us, who we share it with and where we process your personal data geographically. You can also read about your rights in section 8.
4.5 On the website and in our podcasts
We process personal data to administer contact via our website contact form, for the functioning of our website (necessary cookies), to analyse user patterns in order to understand the use of our services and develop our website, and to include guests in our podcasts. Please read more in the table below.
|
Purpose |
Personal data |
Legal basis |
Retention period |
|---|---|---|---|
The website Manage contact via our contact form on the website |
Name, email address, postcode, title, organisational affiliation, areas of interest and how you would like to be contacted. |
Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for our interest in contacting you when you have contacted us via our contact form. Please contact us if you want to know more about how we have balanced your interests with ours. |
Two years from the date you contacted us. |
The website In order for our website www.maqs.com to work, we collect personal data about you via our so-called "necessary cookies". Please read more in our cookie banner on the website. |
IP address and digital footprints that you leave behind when you browse the web, such as device data and other information about the hardware and software you use, as well as information about your browsing behaviour. |
Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for our interest in providing the services on www.maqs.com in a safe and accurate manner and to comply with data protection, IT security and information security guidelines. Please contact us if you want to know more about how we have balanced your interests with ours. |
See the deletion time in the cookie settings on the website. |
The website To analyse user patterns in order to understand the use of our services and to develop our website . Please read more in our cookie banner on the website. |
IP address and digital footprints that you leave behind when you browse the web such as device data and other data about the hardware and software you use as well as data about your browsing behaviour such as how you move around the website, what page you were on before you came to the website, the number of times you visited the website and whether or not you are a unique visitor. |
Consent (GDPR, Article 6(1)(a)). |
See the deletion time in the cookie settings on the website. |
Podcasts To have you as a guest in our podcasts and thereby promote us |
Name, film, photo, sound recording, title, organisation affiliation. |
Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for our interest in having you as a guest in our podcasts and promoting us. Please contact us if you want to know more about how we have balanced your interests against ours. |
The podcast is publicly available as long as you do not object. |
We also process personal data about you in certain general data processing activities (section 4.6); in section 5-7 you will also find information on where we get your personal data from, whether you have to provide it to us, who we share it with, and where we process your personal data geographically. You can also read about your rights in section 8.
4.6 General processing: to comply with laws, legal obligations and other commitments
We process personal data in relation to incidents and supervision, individual rights under the GDPR, disputes, claims or complaints, requests or other contacts with authorities, possible mergers, acquisitions or sales of our business, and for accounting purposes. Please read more in the table below.
|
Ändamål |
Personuppgifter |
Rättslig grund |
Gallringstid |
|---|---|---|---|
Incidents and supervision To investigate and report incidents, respond to claims and provide requested information to the supervisory authority in case of supervision. |
The categories of pople and personal data requested during supervision. |
Personal data breach: legal obligation (GDPR, Article 6(1)(c) and, inter alia, GDPR, Articles 33-34 and 58 respectively). Other incidents: Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for our legitimate interest to be able to investigate and report incidents, respond to claims and provide requested information to the supervisory authority in case of supervision. Contact us if you want to know more about how we have balanced your interests against ours. |
For the duration of the incident or a subsequent supervision and up to two years thereafter. |
Rights under the GDPR To fulfil your request to exercise any of your rights under the GDPR. |
Name, contact details, any other information about you that you provide in your request and any other information necessary to fulfil your request. |
Legal obligation (GDPR, Article 6(1)(c) and Chapter III). |
For one year from the date we finalise your request. |
Disputes To defend and protect our interests in the event of a dispute. |
The categories of people and personal data necessary in view of the nature of the dispute and the parties involved. |
Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for our legitimate interest to be able to defend and protect our interests in the event of a dispute. Please contact us if you want to know more about how we have balanced your interests against ours. |
For the duration of the dispute and 10 years thereafter. |
Claims or complaints To manage, investigate and respond to any claims or complaints. |
The personal data necessary in relation to the claim or complaint. |
Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for our legitimate interest of managing claims or complaints against our organisation. Please contact us if you want to know more about how we have balanced your interests against ours. |
Until we have investigated and dealt with your claim or complaint. |
Authorisation request or other contact with an authority To transfer personal data to authorities when we have a legal obligation to do so or when we have another interest in contacting authorities, e.g. when reporting a criminal offence. |
The categories of people and personal data requested. |
In case of binding orders: Legal obligation (GDPR, Article 6(1)(c)). In other cases: Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for our legitimate interest of e.g. being able to report offences even when it is not required by law. Please contact us if you want to know more about how we have balanced your interests against ours. |
Not applicable. |
Merger, acquisition or sale of our business To transfer data in the event of a merger, acquisition or sale of all or part of our business and/or assets. |
The categories of people and personal data involved in the merger, acquisition or sale. |
Legitimate interest (GDPR, Article 6(1)(f)). The processing is necessary for our legitimate interest to be able to implement structural business changes. Please contact us if you want to know more about how we have balanced your interests with ours. |
Not applicable. |
Bookkeeping For accounting purposes, e.g. managing and documenting invoicing, payments, refunds, keeping accounting records, etc. |
Clients, suppliers, partners, participants in paid seminars/webinars: Data linked to transactions and payments such as name, personal identity number, telephone number, e-mail address. For clients who are natural persons or sole traders, we also process postal address, invoice number, invoice-related information (such as matter name and payment period), account number, bank. |
Legal obligation (GDPR, Article 6(1)(c)) - Accounting Act (1999:1078). Personal identity number: processed due to the importance of secure identification, Chapter 3, Section 10 of the Data Protection Act). |
Personal data is stored until the seventh year after the end of the calendar year in which the financial year ended, in accordance with the rules of the Accounting Act (1999:1078). |
5. WHERE DO WE GET YOUR PERSONAL DATA FROM?
We mainly collect personal data directly from you, for example in connection with our assignments or when you communicate with us, sign up for our newsletters or register for one of our events. We also collect personal data from other actors and sources. Please read more in the table below.
Personal data
|
Whose data? See more information on each category of people in section 3 |
Where do we get your personal data from? |
Type of personal data |
|---|---|---|
Clients |
You or your employer. |
Name, address, e-mail address, telephone number, personal identity number, identification data such as passport details, ID, photograph, etc, information on profession/position/title, financial information, client and matter number, IP address (in case of electronic signature), correspondence, insurance number (in case of legal expenses insurance), payment information, account number, bank, invoicing information, description of assignment/event and similar, personal data requested for supervision, other information about you that you provide in your request to exercise your rights, personal data necessary with regard to the dispute and the parties involved. |
Clients |
Other people who appear in our assignments |
Correspondence, description of assignment/event and similar |
Clients |
Obtaining information from external sources, such as search results from publicly available, public or private search engines and directories. |
Information on your authority to represent the client, information that you or your close relatives are a politically exposed person (if applicable), personal data subject to merger, acquisition or sale. |
Clients |
Information from our systems |
Information about any debts owed to us (e.g. in the case of debt collection), personal data necessary in relation to a claim or complaint. |
Clients |
We create certain personal data about you. |
Client and matter number, invoice number, invoice-related information (such as matter name, payment period), information on any debts owed to us. |
Other people who appear in our assignments |
You, your employer or agent/representative |
Name, address, e-mail address, telephone number, personal identity number, information on profession/position/title, financial data, IP address, correspondence, payment information, invoicing information, description of assignment/event and similar. |
Other people who appear in our assignments |
Other people who appear in our assignments |
Correspondence, description of assignment/event, etc. |
Other people who appear in our assignments |
Obtaining information from external sources, such as search results from publicly available, public or private search engines and directories. |
Whether you or your family member is a politically exposed person (if applicable) |
Suppliers and partners |
You or your employer |
ame, title, employer, postal address, telephone number and email address, billing information such as responsible contact person, account number and tax information, correspondence, payment information, descriptions of events or other circumstances or information that is relevant, signature and other information in confidentiality agreements, other information about you that you provide in your request to exercise your rights, other information necessary to fulfil your request, personal data subject to a merger, acquisition or sale. |
Suppliers and partners |
Information from our systems |
Date and time of arming/disarming, indication of alarm triggered, tag number, personal data necessary with regard to a claim or complaint. |
Suppliers and partners |
We create certain personal data about you. |
Supplier number. |
Participants and invitees to seminars, events, etc. |
You or your employer |
Name, email address, organisation/university affiliation and term (student), title, phone number, possible connection to MAQS employee, possible dietary preferences, your feedback after events, personal data in our posts/publications on social media, areas of interest and information about how you want to be contacted, IP address and digital footprints that you leave behind when you surf the web. |
Participants and invitees to seminars, events, etc. |
We create certain personal data about you. |
Photos, films and sound recordings from events, fairs, meetings and seminars. |
People who receive marketing from us |
You or your employer |
Name, email address, organisation/university affiliation and term (student), title, telephone number, dietary preferences (if any), your feedback, any information about you provided in your request to exercise your rights and any other information necessary to comply with your request, personal data necessary in relation to a dispute and the parties involved, personal data necessary in relation to a claim or complaint, personal data involved in a merger, acquisition or sale, Data related to transactions and payments such as name, personal identity number, telephone number, e-mail address. |
People who receive marketing from us |
We create certain personal data about you. |
Possible link to MAQS employee. |
People who appear in our marketing material |
You or your employer |
Name, email address, organisational affiliation, title, telephone number and any other personal data that appears in our marketing, including our social media posts and publications. |
People who appear in our marketing material |
We create certain personal data about you. |
Photo and film (of external speakers, participants at previous events, fairs, meetings and seminars, and other people featured in our promotional material, such as extras). |
Website visitors |
We collect (through cookies and other tracking technologies) personal data from the device you use when you visit the website, such as your phone or computer. |
IP address and digital footprints that you leave behind when you browse the web/, such as device data and other data about the hardware and software you use and data about your browsing behaviour. For those who use our contact form, we also process your name, email address, postcode, title, organisational affiliation, areas of interest and information on how you would like to be contacted. |
Guests in our podcasts |
You or your employer |
Name, title, organisation affiliation. |
Guests in our podcasts |
We create certain personal data about you. |
Film, photo, sound recording |
Visitors to our premises and people who contact us by other means |
You or your employer |
Name and telephone number, signature and other information contained in the confidentiality agreement, date and time, arming/disarming, indication of alarm triggered, tag number, any other information about you that you provide in your request to exercise your rights and other information necessary to fulfil your request, personal data necessary in relation to any dispute and parties involved, personal data necessary in relation to any claim or complaint, personal data subject to any merger, acquisition or sale. |
6. DO YOU HAVE TO PROVIDE US WITH YOUR PERSONAL DATA?
In order to enter into and fulfil our contract with you or the company you represent, to comply with legal requirements and to enable you to communicate with us, you will need to provide some of the personal data we request. We will inform you which information is mandatory. If you do not provide us with the personal data we request, this may, in some cases, result in us not being able to provide you with the services and products requested by you or the company you represent or in us not being able to fulfil our legal obligations or our commitments to you or the company you represent.
7. HOW DO WE SHARE YOUR PERSONAL DATA?
7.1 Who do we share your personal data with?
We share your personal data with various actors, such as our IT system suppliers, counterparties in assignments, etc. Please read more in the relevant section in the table below, which is divided by each category of person.
|
Whose data? (Category of person) |
Who do we share your data with? (Recipients) |
|---|---|
All categories of people, see section 3. |
Subcontractors to us for our programmes, systems, IT services, office technology and telephony (data processors) To enable our subcontractors to carry out the tasks we have entrusted to them in relation to our programmes, systems, IT services, office technology and telephony, such as providing software and managing the necessary operation, technical support and maintenance of our IT solutions. These subcontractors process personal data on our behalf as data processors, which is regulated by contract. |
|
MAQS Advokatbyrå KB, MAQS Advokatbyrå AB When we work together across the office borders of, on the one hand, Malmö and, on the other hand, Stockholm, Gothenburg and Sundsvall in our client assignments, in data protection related matters (such as requests to exercise any of your rights under the GDPR) and conflict of interest checks, we transfer personal data between the different MAQS companies. |
|
MAQS Service HB (data processor) When we manage our website, our podcasts and our social media, we transfer personal data to MAQS Service HB. |
All categories of people |
MAQS Service HB (data processor) When we handle incidents, we transfer personal data to MAQS Service HB. |
All categories of people covered by the dispute/trial |
Courts and other dispute resolution bodies, in the event of a disputed case or other review. |
The categories of people necessary in view of the dispute and the parties involved |
Counterparties and other external parties involved in our assignments. |
The categories of people necessary in view of the nature of the dispute, the legal expenses insurance case and the parties involved |
Insurance companies We share your personal data with insurance companies in the event of disputes and legal defence cases. The insurance company is an independent data controller for its processing of your personal data. |
People who receive marketing from us or who appear in our marketing material |
Companies that provide us with marketing tools/services for digital mailings. |
Participants and invitees to seminars, events, etc. |
Companies that provide us with digital tools for events and entertainment. |
Person who appears in our social media posts/publications |
Social media platform providers, such as Facebook, Instagram, LinkedIn and YouTube. |
|
Companies that provide us with payment solutions or provide billing services. |
|
Banks, to utilise banking services such as making payments, receiving payments and providing client funds accounts. |
|
Debt collection agencies that help us recover debts. |
|
External advisers and consultants who help us in our activities, such as audit firms and other law firms |
|
External company that stores archived documents for us. |
Website visitors |
Companies that provide us with analytical or research tools/services used to analyse and develop our business. |
Guests in our podcasts |
Subcontractors who store, publish and make available our podcasts. |
The categories of people requested. |
Authorities, e.g. the Police, the Swedish Authority for Privacy Protection, the Swedish Companies Registration Office and tax authorities, in the event of an official enquiry or other contact with an authority. |
7.2 Transfer of personal data outside the EU/EEA
We endeavour to process your personal data within the EU/EEA area. However, in certain situations we may need to transfer your personal data to partners or service providers located in the United States. For transfers to recipients in the United States, the adequacy decisions of the European Commission apply to those third parties that have signed up to the EU-US Data Privacy Framework (which you can find here (Article 45 of the GDPR)). For other third parties, we enter into the European Commission's Standard Contractual Clauses (Article 46 of the GDPR), which you can find here.
8. YOUR RIGHTS
8.1 Overview of the programme
The General Data Protection Regulation (GDPR) gives you a number of rights. If you want to exercise your rights, please contact us, see our contact details in section 2 above. Below you can find out more about what they are and what they mean. In short, you have the right to:
- to know if and what data about you we process, as set out above in this notice,
- to have incorrect information about you corrected,
- to have your personal data erased in certain cases,
- to object to our processing of your personal data when it is based on a balance of interests or in the case of direct marketing,
- in certain cases, to request that the processing of your personal data be restricted,
- to withdraw your consent,
- to move your personal data (data portability) and
- to complain about our processing of your personal data to the Data Protection Authority (IMY).
Please read more about your rights below.
8.2 Right to information and access (so-called register extracts)
You have the right to know whether or not we process personal data about you. If we do, you also have the right to receive information about what personal data we process and how we process it. You also have the right to receive a copy of the personal data we process about you.
If you are interested in certain specific data, please indicate this in your request. For example, you can specify whether you are interested in a certain type of data or whether you want information on data from a certain time period.
8.3 Right to rectification
If any of the personal data we process about you is inaccurate, you have the right to have it rectified. You also have the right to complete incomplete personal data with additional information needed for the data to be accurate. Alternatively, you can try to correct or complete your personal data yourself after you have logged in to the Services. If we have corrected your personal data, or supplemented it with new information, we will inform those to whom we have disclosed your data of the updated data, unless this is impossible or too burdensome. If you request it, we will also tell you to whom we have disclosed your data. If you request rectification, you also have the right to request that we restrict our processing of your data while we investigate the matter.
8.4 Right to erasure ("right to be forgotten")
In certain cases, you have the right to request that we delete the personal data we have registered about you. You have the right to have your data deleted if:
- The data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You object to the processing of your data based on our legitimate interest and we cannot demonstrate that our reasons for processing outweigh your interests.
- Personal data is processed in an unlawful manner.
- We have a legal obligation to delete the personal data.
If we delete your data after you have requested it, we will also inform those to whom we have disclosed the data of the deletion, unless this is impossible or too burdensome. If you ask us to, we will also tell you to whom we have disclosed your data.
8.5 Right to object
You have the right to object to our processing of your personal data based on our legitimate interest. If you object to the processing, we will, based on your particular situation, evaluate whether our interests in processing the data outweigh your interests in not having the data processed for that purpose. If we cannot demonstrate compelling legitimate grounds that override yours, we will cease the processing to which you object - provided that we do not need to process the data for the establishment, exercise or defence of legal claims.
You always have the right to object to the processing of your personal data for direct marketing purposes. We then no longer have the right to process your personal data for direct marketing purposes. If you object to the processing, you also have the right to request restriction during the time we are investigating the matter.
8.6 Right to restriction
Restriction means that the data are marked so that they can only be processed for certain limited purposes in the future. The right to restriction applies:
- When you consider the data to be inaccurate and you have requested rectification. You can also request that the processing be restricted while we investigate whether the data is correct or not.
- If the processing is unlawful and you do not want the data to be erased.
- When we no longer need to process the data for the purposes for which we collected it, but you need it to establish, exercise or defend legal claims.
- If you have objected to processing based on our legitimate interest. In this case, you can request that we restrict processing while we investigate whether our interest in processing your data outweighs your interests.
Even if you have requested that we restrict processing, we have the right to use the data for storage, to assert or defend legal claims or to protect someone's rights. We may also process the data for reasons of important public interest. When the restriction ends, we will inform you of this. If we restrict the processing of your data, we will also inform those to whom we have disclosed the data, unless this is impossible or too burdensome. If you ask us to, we will also tell you to whom we have disclosed your data.
8.7 Right to withdraw consent
You have the right to withdraw consent you have given for a particular processing operation at any time. Withdrawal does not affect the lawfulness of processing before the consent was withdrawn.
8.8 Right to data portability
Data portability means that you have the right to receive the data we have collected about you, from you, in a structured, publicly available and machine-readable format and that you have the right to transmit this to another controller.
The right to data portability only applies:
- for data collected from you, about you,
- if the use is for the fulfilment of a contract with you or on the basis of your consent, and
- the processing is automated.
8.9 Right to complain
If you are dissatisfied with the way we process your personal data, please contact us so that we can jointly try to resolve your issue, see our contact details in section 2 above.
You also have the right to lodge a complaint with the supervisory authority. The Swedish Authority for Privacy Protection (IMY) is the Swedish supervisory authority for our processing of your personal data. You also have the right to lodge a complaint with the supervisory authority in the country where you live or work, or in the country where you consider that a breach of the rules has taken place.
9. CHANGES TO THIS INFORMATION TEXT
We reserve the right to change this notice from time to time. We will inform you of any changes by publishing the updated information text on our website.
The information text was last updated in March 2025.