Svenska

Privacy policy


1.INTRODUCTION

1.1. Rosengrens Advokatbyrå i Göteborg AB, reg. no. 556579-3311, (”Rosengrens”, ”we”, ”our” or ”us”) is the data controller for the processing of your personal data, which means that Rosengrens is responsible for how your personal data is collected, processed and erased once the purpose of the processing has ceased.

1.2. Your personal privacy is important to us at Rosengrens and we are committed to protecting your personal data and respecting your privacy. Rosengrens therefore processes your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (”GDPR”) and other applicable legislation for the protection of personal privacy and your personal data. We strive for transparency and clarity in how we process personal data and in how we ensure that our processing complies with current legislation. ”Personal data” refers to all information that can be used, directly or indirectly, to identify a living natural person.

1.3. In this privacy policy (”Policy”), we inform you about how Rosengrens collects and processes personal data in connection with obligations under law, client engagements, other business contacts such as contacts with opposing counsel, service providers, applicants in recruitment processes, when you communicate with us via email or other channels, and in connection with the use of cookies on our website.

1.4. All contact with us means that Rosengrens may process certain of your personal data. This Policy describes how Rosengrens uses, stores or otherwise processes your personal data and what rights you have.

1.5. If you have any questions about this Policy or about our processing of personal data, you are always welcome to contact us at info@rosenlaw.se.


2.PERSONAL DATA PROCESSED

2.1. In accordance with the definition in GDPR, personal data refers to information relating to an identified or identifiable person.

2.2. Rosengrens processes personal data that we receive in connection with performing legal engagements or that is otherwise processed when the engagement is administered or prepared. The personal data that may be processed in connection with performing legal engagements includes, for example, name, personal identity number, title, contact details, billing information and other business-related information provided to us by the client, the client’s representatives or opposing parties.

2.3. In some cases, Rosengrens also needs to process additional personal data depending on the type of matter you require assistance with. Rosengrens may therefore need to process sensitive personal data such as medical certificates, sick leave certificates, notifications from social insurance agencies, unemployment funds, employment agencies, trade unions, the Swedish Enforcement Authority (Sw. Kronofogdemyndigheten) and the police. Sensitive personal data relating to race, ethnic origin, political opinions, religious or philosophical beliefs, health, trade union membership or sexual orientation may be processed if it is relevant to the performance of the engagement. Data concerning criminal offences that we may process may relate to information about money laundering, disqualification from business activities or other criminal activity relevant to the performance of our engagement.

2.4. Rosengrens also processes personal data relating to employees and contractors of suppliers in connection with the business relationship that exists between Rosengrens and your employer or principal, or that you or your employer or principal provides to us within the business relationship. The personal data that may be collected in such cases includes, for example, name, telephone number, email address and information about workplace and position.

2.5. Rosengrens further processes personal data that you voluntarily provide to us, for example when you communicate with us via email or other channels and when you register for an event, a lecture or seminar. The data we then process includes your name, postal address, email address, telephone number, title and employer or the business relationship we have with you.

2.6. Rosengrens also processes personal data in connection with applications for employment with us. In connection with your application, we receive information such as name, personal identity number, address, telephone number, email address, education, grades and certificates from educational institutions and employers, professional experience, photographs and other information that you provide in your application.

2.7. The personal data you provide may be supplemented with information that we obtain from public databases and websites or paid databases, such as the Swedish Companies Registration Office (Sw. Bolagsverket), InfoTorg, Bisnode and UC. Supplementary personal data is processed for the purpose of ensuring that the personal data you provide is accurate.

2.8. Processing of other personal data may also occur.

2.9. Your provision of personal data is not a statutory requirement but is necessary for you to enter into an agreement with Rosengrens as a client and for us to carry out conflict of interest and anti-money laundering checks. If you do not provide your personal data, we will therefore be unable to fulfil the agreement with you or to meet our obligations in relation to you.


3.PROCESSING OF PERSONAL DATA

3.1. Purpose and legal basis for the processing of personal data

3.1.1. Rosengrens only processes personal data where there is a legal basis and a defined purpose for the processing.

3.1.2. Personal identity numbers have a particularly high level of protection under GDPR and are processed by Rosengrens on the basis of consent, for the performance of a contract, or where, having regard to the purpose and the importance of secure identification, it appears necessary and justified.

3.1.3. Rosengrens processes personal data to fulfil agreements with its clients, i.e. to prepare, perform and administer engagements and to carry out mandatory conflict of interest and anti-money laundering checks, to safeguard the client’s interests and for accounting and billing purposes. The processing is based on our obligation to perform the agreement with our client and our legitimate interest in being able to deliver legal services.

3.1.4. Rosengrens also processes personal data to fulfil legal obligations incumbent upon Rosengrens under law or regulation, including but not limited to the Swedish Anti-Money Laundering Act (2017:630) (Sw. lagen om åtgärder mot penningtvätt och finansiering av terrorism) or the Swedish Bookkeeping Act (1999:1078) (Sw. bokföringslagen), as well as obligations arising from decisions of courts or public authorities. Processing of personal data also takes place to fulfil the obligations incumbent upon us under the rules and regulations of the Swedish Bar Association.

3.1.5. Processing of personal data belonging to contact persons at a legal entity with which we have a business relationship is carried out to fulfil the agreement with the client, supplier or contractor for the purposes of payment, billing, management of deliveries, communication and other administration of the contractual relationship. Rosengrens has a legitimate interest in being able to administer agreements and fulfil our obligations and commitments towards our clients, suppliers and other business contacts.

3.1.6. Processing of personal data may further take place for market analysis, statistics, business and methodology development and risk management. Processing of personal data for such purposes is carried out on the basis of Rosengrens’ legitimate interest in developing its business and managing potential risk.

3.1.7. Processing of personal data for the purpose of inviting to events, meetings and seminars and for other such communication is carried out on the basis of our legitimate interest in maintaining client and business relationships and the ability to communicate with you regarding our business.

3.1.8. Where personal data is processed on the basis of consent, such consent is obtained through a separate consent form, which provides information about why and for what purpose consent is required and how consent given may be withdrawn.

3.2. Retention period for your personal data

3.2.1. The personal data processed by Rosengrens is retained in accordance with the obligations incumbent upon Rosengrens under the Swedish Bar Association’s Code of Professional Conduct (Sw. Sveriges Advokatsamfunds Vägledande regler för god advokatsed) or under law or regulation, including but not limited to the Swedish Anti-Money Laundering Act (2017:630) (Sw. lagen om åtgärder mot penningtvätt och finansiering av terrorism), the Swedish Bookkeeping Act (1999:1078) (Sw. bokföringslagen), the Swedish Discrimination Act (2008:567) (Sw. diskrimineringslagen) or the Swedish Limitation Act (1981:130) (Sw. preskriptionslagen).

3.2.2. In accordance with the Swedish Bar Association’s regulations, Rosengrens is obliged to archive documents related to client engagements for ten (10) years from the date of completion of the engagement, or for such longer period as the nature of the engagement requires. Under the Swedish Bookkeeping Act (1999:1078), Rosengrens is obliged to retain accounting records for seven (7) years from the end of the calendar year in which the financial year ended.

3.2.3. We do not retain your personal data for longer than is necessary having regard to the purpose of the processing, which means that we systematically carry out disposal, de-identification or erasure of your personal data when it is no longer relevant for the purpose for which it was initially collected. However, Rosengrens may retain personal data for a longer period if required by law or by a decision of a public authority or court. Rosengrens may also retain personal data for such longer period as is required for the fulfilment of agreements or in connection with disputes.

3.2.4. Rosengrens will cease processing personal data processed on the basis of consent when you withdraw your consent, unless there is another legal basis for the processing.

3.2.5. If Rosengrens ceases to exist, for example through a liquidation or bankruptcy, your personal data will be erased unless it needs to be retained to fulfil obligations under applicable laws, regulations or decisions of public authorities.

3.3. More about the storage of personal data

3.3.1. Your registered personal data will be accessible to personnel at Rosengrens. It is important that all personnel are aware that you are a client of Rosengrens in order to avoid conflicts of interest. Rosengrens will nevertheless apply the principle of access minimisation, meaning that personal data is only shared to the extent and with such personnel as require such access.

3.3.2. Rosengrens will store your digital personal data on its own servers, but has IT support from an IT company operating in an Apple environment.


4.SHARING AND TRANSFER TO THIRD COUNTRIES

4.1. Rosengrens always exercises the utmost caution when transferring personal data and does not transfer personal data without support in this Policy or without ensuring that appropriate safeguards are taken.

4.2. Rosengrens will not transfer your personal data to any other party except in cases where i) it has been specifically agreed between Rosengrens and you, ii) it is necessary within the scope of a particular engagement to safeguard your rights, iii) it is necessary for Rosengrens to fulfil a statutory obligation or comply with a decision of a public authority or court, or iv) Rosengrens engages an external service provider performing services on behalf of Rosengrens.

4.3. We engage external service providers that perform services on our behalf and that may process personal data, for example in relation to our IT systems and software. External service providers generally have access to information that exists and/or is generated in the systems provided by the service provider, but may only process personal data when it is necessary for the service provider to be able to provide its service to us.

4.4. Your personal data may also be disclosed to courts, public authorities, opposing parties and opposing counsel if it is necessary to safeguard your rights.

4.5. Depending on the circumstances, a third party may become an independent data controller, a joint data controller with us, or our data processor.

4.6. Rosengrens strives to process your personal data only within the EU/EEA. If we are required in a particular case to transfer your personal data to a country outside the EU/EEA, for example when using a service provider domiciled outside the EU/EEA or if our client or opposing party is domiciled in a country outside the EU/EEA, we or a subcontractor will ensure that your personal data is subject to an adequate level of protection by taking appropriate safeguards.

4.7. Your interaction with Rosengrens on LinkedIn also means that personal data is transferred to the USA.


5.YOUR RIGHTS

5.1. Responsibility

5.1.1. As data controller, Rosengrens is responsible for ensuring that your personal data is processed in accordance with applicable data protection legislation, and that you can exercise your rights in accordance with GDPR.

5.2. Right to information and access

5.2.1. As a data subject, you have the right to receive, free of charge, information about what personal data concerning you Rosengrens processes and how. Rosengrens provides such information primarily through this Policy but also by responding to your enquiries.

5.2.2. A request for an extract of the personal data concerning you that Rosengrens processes should preferably be made in writing and be signed by you. Please specify the categories of personal data you wish to access.

5.2.3. If the request is not made in writing, Rosengrens may need to verify your identity by other means. We reserve the right to take reasonable measures to verify the identity of the person requesting a register extract and will only disclose such data that we can confirm with certainty belongs to you.

5.2.4. Rosengrens may charge a reasonable fee for administering a request for a register extract if such a request is submitted on repeated occasions.

5.3. Right to restriction, rectification and erasure (”the right to be forgotten”)

5.3.1. Rosengrens will, without undue delay, upon your request or on its own initiative, supplement, rectify or erase personal data that is outdated, inaccurate, incomplete or processed in contravention of the purposes stated above or relevant legislation. You may also request that we restrict the processing of such data.

5.4. Right to data portability

5.4.1. You have the right to receive your personal data in a structured digital format and you have the right to have your personal data transferred to a third party designated by you. If technically feasible, we will carry out such a transfer directly. The right to data portability requires that the processing is based on your consent or on a contract.

5.5. Right to object

5.5.1. If we process personal data to perform a task in the public interest, as part of the exercise of official authority or following a balancing of interests, you have, under certain conditions, the right to object to our processing of your personal data. We may then only continue to process your personal data if we have compelling legitimate grounds that override your interests. You always have the right to object to the processing of your personal data for direct marketing purposes, upon which Rosengrens is obliged to cease processing for such purposes.

5.6. Right to withdraw consent

5.6.1. You have the right at any given time to withdraw all or part of a consent that you have given. Following such a request, Rosengrens will immediately cease the processing to which the withdrawal relates, unless another legal basis for the processing exists. A request for withdrawal of consent may be sent to info@rosenlaw.se.

5.7. Right to lodge a complaint

5.7.1. If you are dissatisfied with our processing, you may lodge a complaint with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) (https://www.imy.se) or with the supervisory authority in the country where you live or work.


6.AUTOMATED DECISION-MAKING INCLUDING PROFILING

6.1. Rosengrens does not apply any processes for automated decision-making, including profiling.


7.BANKRUPTCY ADMINISTRATION

7.1. Rosengrens has adopted a separate privacy policy for bankruptcy administration that applies to the bankruptcy estate’s processing of personal data, which can be accessed at the following link (Bankruptcy administration).


8. COOKIES

8.1. Rosengrens further collects information by means of cookies that are set when you visit our website. We process the information generated by the website’s cookies including but not limited to anonymised IP address, number of page views and how you found our website.

8.2. We use necessary cookies for the basic functions of the website to work and functional cookies to improve the user-friendliness of our website. Your consent does not need to be obtained for the use of necessary cookies. For the use of functional cookies, we need to obtain your consent in advance. Consent is given by you accepting the use of cookies the first time you visit our website. You always have the right to withdraw consent given.

8.3. The purposes of the processing are to improve the visitor’s user experience by facilitating and optimising the use of the website, and for statistics in order to evaluate the content and structure of the website. The personal data is processed by Rosengrens on the basis of our legitimate interest in providing a good user experience for our website visitors, and as regards personal data collected by means of functional cookies, is processed on the basis of the consent you have given.

8.4. If you do not wish to allow cookies to be stored on your computer, you can change this in the browser settings on your computer. It is also possible to delete cookies that are already stored. However, if you decline cookies, this may mean that the Rosengrens website does not function correctly.

8.5. How long we process your personal data depends on the type of cookie set in your browser. Persistent cookies remain on your computer until you remove them or the expiry date has passed. Session cookies have no expiry date and are stored temporarily on your computer while you are on any of the websites. When you close your browser, all session cookies are deleted.

8.6. More information about our use of cookies can be found in Rosengrens’ separate cookie policy, which can be accessed at the following link (Cookie policy).


9.UPDATES AND CONTACT INFORMATION

9.1. We reserve the right to update this Policy. The current version was published digitally on our website, rosenlaw.se, on 30 March 2026.

9.2. If you have any questions about this Policy, Rosengrens’ processing of your personal data or to exercise your rights, you are welcome to contact us.

9.3. Rosengrens Advokatbyrå i Göteborg AB,
reg. no. 556579–3311
Södra Larmgatan 4, Box 2523
SE-411 16, Gothenburg
Tel.: +46 (0)31-701 20 00
Email: info@rosenlaw.se