Our processing of personal data

Eyer Juridik, reg. no. 671116-4894 (“Eyer Juridik”, “we”, “us”), Arkipelagen, Järnvågsgatan 3, 413 27 Gothenburg, Sweden, is the data controller for the processing of personal data described below. This means we are responsible for ensuring that personal data is processed correctly and in accordance with applicable data protection legislation.

Processing takes place in accordance with applicable rules, including the General Data Protection Regulation (“GDPR”). In addition to ensuring that our processing of your personal data is correct and transparent, we always strive to maintain a high level of security when processing personal data, taking both technical and organisational risks into account in order to protect your personal data from unauthorised access, use, alteration or deletion.

If you have questions about our processing of personal data or wish to exercise your rights, please contact us by email at info@eyerjuridik.se or by post at the address above.

Eyer Juridik’s processing of your personal data is described below in five separate sections, one or more of which may apply to you depending on your relationship with us.

• Section 1 – Networking, marketing and knowledge sharing: processing related to communicating with and maintaining our network of contacts and managing our suppliers.
• Section 2 – Job applicants: for those who have applied or plan to apply for a job at Eyer Juridik.
• Section 3 – Personal data of clients and client representatives in connection with onboarding clients and engagements and during the performance of engagements.
• Section 4 – Personal data when performing our engagements: a short description of how we handle personal data relating to persons other than the client or its representative.
• Section 5 – Your rights: who may access your data, what rights you have and how to contact us.

Why we process (purpose): Eyer Juridik processes your data to maintain our contacts and network, to keep our knowledge and information about you up to date, to market our services and to stay in touch with our suppliers. We also process data to fulfil our accounting obligations towards suppliers and in connection with representation.

How we process: We collect and compile the data, in part based on the type of legal matters we believe you are interested in. For mailings and invitations we use external suppliers for technical functionality within the scope of the stated purposes, for example email distribution.

What we process: We mainly handle your contact details, your role in your organisation and information about the type of legal matters we understand to be most relevant to you. To a limited extent we may process data about leisure interests such as golf or similar where we organise such events, which we will then inform you about separately.

Legal basis – Legitimate interest: In the processing described above we take into account and weigh your interest in privacy against our interest and purpose (as set out above) in carrying out the processing. We balance these interests, considering both positive and negative effects, and conclude that our interest is legitimate.

Legal obligation: The Swedish Bookkeeping Act also imposes obligations on us regarding accounting and invoicing.

Collection and disclosure: The data we hold about you is primarily collected from you. We share data only with suppliers needed to perform the processing within the purposes set out above. For example:

• Payment solutions (card companies, banks and other payment providers).
• Marketing (via advertising, web/media agencies and associated distribution channels including social media).
• IT services (companies that handle the operation, technical support and maintenance of our IT systems).

Retention period: We retain your data only for as long as we consider it justified given the legal basis and purpose set out above – in this case, two years from the last time we heard from you.

Why we process (purpose): We process your data to handle your application and to assess, compare and match it against our resourcing needs. We retain your data (see below) to be able to get back to you if a new need arises within the retention period.

How we process: We compile the information you have sent and compare it with other candidates and our needs. We verify the information verbally with the references you provided and supplement it with information from those references.

What we process: We primarily process the information you submitted with your application, i.e. your CV and personal letter. We supplement this with input from the references you have listed in order to form as complete a picture as possible of you as a candidate.

Legal basis – Legitimate interest: We weigh your privacy interest against our interest and purpose in carrying out the processing and conclude that our interest is legitimate.

Collection and disclosure: Data is primarily collected from you. We may collect data from the references you listed. We do not share your application unless we have specifically asked you about doing so.

Retention period: We retain your data only for as long as we consider it justified – in this case 12 months from the date of your application (unless you request otherwise). If you are hired, the data in your application will be stored and processed in accordance with our internal employee privacy policy, which is only made available to our employees.

Why we process (purpose): We process the data to perform conflict-of-interest and (where applicable) anti-money-laundering checks, to perform and administer the engagement, to protect your interests and for accounting and invoicing purposes. The data may also be used for business and methodology development, market analysis, statistics and risk management.

How we process: We collect the data, check it against our records and store it in our case and invoicing systems. We also compile the data in our client management and client care systems.

What we process: We process the information you provide to us that is relevant to the matter, your role in the organisation you represent and in each engagement. Where required, we need your personal identity number in order to identify you correctly.

Legal basis – Legal obligation: The Swedish Anti-Money Laundering Act imposes obligations on legal advisers to investigate the risks associated with onboarding and performing engagements. The Bookkeeping Act imposes obligations on us regarding accounting and invoicing. We are also required to verify that no conflict of interest exists when accepting each new engagement. If you do not provide this information when we request it, we cannot complete our advice.

Legitimate interest: In addition to processing necessary to fulfil our legal obligations, certain processing takes place based on a legitimate interest, after balancing your privacy interest against our interest and purpose in carrying out the processing.

Collection and possible disclosure: The data is primarily collected directly from you. When onboarding a new client we may collect data from public registers such as www.allabolag.se, UC AB and equivalents to complete and verify the data. We will not disclose personal data to third parties other than where (i) it has been agreed between us and you, (ii) it is necessary within an engagement to safeguard your rights, (iii) it is necessary to comply with a statutory obligation or with a decision by an authority or court, or (iv) where we engage external service providers performing assignments on our behalf. Data may be disclosed to courts, authorities, counterparties and counterparty representatives where necessary to safeguard your rights.

Retention period: We retain your data only for as long as we consider it justified – a period of ten years from the completion of the matter, or the longer period required by the nature of the matter (for example where we continue to advise the same client, in which case it is often in the client’s interest that older matters are also retained).

When carrying out our engagements we process data about counterparties, representatives of counterparties and other parties relevant to the engagement and to safeguarding our client’s interests. The strict confidentiality that follows from our engagement means that we cannot share further details about this particular part of our processing with anyone other than our client. The processing nevertheless takes place in accordance with applicable data protection rules.

You have the right, in accordance with applicable data protection legislation, to request access to the personal data we process about you at any time. You also have the right to have inaccurate personal data corrected, to request erasure of your data or restriction of our processing, to exercise your right to data portability and to object to the processing. Where processing is based on consent, you have the right to withdraw your consent at any time.

If you wish to exercise any of your rights, please contact us using the contact details above. You also have the right at any time to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) if you believe your personal data is not being processed in accordance with applicable data protection legislation.