Rosengrens Advokatbyrå

Privacy policy for bankruptcy administration

1.INTRODUCTION

1.1. This privacy policy describes how the bankruptcy trustees operating at Rosengrens Advokatbyrå i Göteborg AB, reg. no. 556579-3311, (”Rosengrens”) and the bankruptcy estate (”we”, ”our”, and ”us”) collect and process your personal data in bankruptcy matters.

1.2. Your personal privacy is important to us at Rosengrens and we are committed to protecting your personal data and respecting your privacy. We therefore process your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (”GDPR”) and other applicable legislation for the protection of personal privacy and your personal data. We strive for transparency and clarity in how we process personal data and in how we ensure that our processing complies with current legislation. ”Personal data” means any information that can be used, directly or indirectly, to identify a living natural person.

1.3. Rosengrens has adopted a privacy policy covering the business in general, which can be accessed at the following link (the ”Privacy Policy”). For further information regarding the processing of personal data, please refer thereto.

2.RESPONSIBILITY FOR THE PROCESSING OF PERSONAL DATA

2.1. Different data controllers

2.1.1. Rosengrens, in its capacity as bankruptcy trustee, distinguishes between the processing of personal data that takes place within the framework of the law firm’s normal operations and the processing that takes place within the framework of the bankruptcy estate’s operations. This division means that there may be two different data controllers in bankruptcy matters as set out below.

2.2. Rosengrens’ normal operations

2.2.1. Rosengrens, in its capacity as bankruptcy trustee, is the data controller for the personal data processed in the role of bankruptcy trustee, i.e. for the processing of personal data within the framework of Rosengrens’ normal legal practice. Rosengrens is responsible for ensuring that such processing is carried out in accordance with GDPR and other applicable data protection legislation.

2.3. The bankruptcy estate’s operations

2.3.1. The bankruptcy estate is the data controller for the personal data that the bankruptcy trustee processes within the framework of the bankruptcy estate’s operations and in its capacity as its representative. The bankruptcy estate is responsible for ensuring that such processing is carried out in accordance with GDPR and other applicable data protection legislation.

3.PROCESSING OF PERSONAL DATA

3.1. Access to personal data

3.1.1. We primarily collect your personal data from you, the bankruptcy estate, courts and public authorities in connection with the acceptance of an engagement or as otherwise processed when the engagement is carried out. It may also occur that, during the performance of the engagement, we receive and/or collect personal data from other persons, public authorities or companies with whom we are in contact in connection with the engagement. In certain cases, we also collect personal data from publicly available sources such as credit reference agencies, public registers, databases and websites.

3.2. Categories of data subjects

3.2.1. We process personal data relating to the following persons: representatives, bankruptcy debtors, creditors, debtors, shareholders, employees, guarantors, suppliers, auditors or accounting consultants, the state, banks, third parties such as private individuals who have property in the possession of the bankrupt company (excluding property subject to rights of separation (Sw. separationsrätt)), and family members of any party.

3.3. Categories of personal data

3.3.1. The data that we may process regarding the above-mentioned persons includes the following: name, personal identity number, contact details such as address, email address and telephone number, property designation, vehicle registration number, IP address, bank details, salary information, trade union membership and health data.

3.4. Purpose of the processing and legal basis

3.4.1. We process personal data belonging to creditors, debtors, suppliers, auditors or accounting consultants, employees or banks, in order to enter into, manage and fulfil agreements with the respective party. If you, as a party, do not provide such personal data, we will not be able to fulfil our obligations towards you.

3.4.2. We also process personal data on the basis of legal obligations, for example as a result of the bankruptcy estate’s accounting obligations or other obligations arising from law.

3.4.3. As the representative of the bankruptcy estate, the bankruptcy trustee is obliged, inter alia, to ensure that creditors of the bankrupt company are not disadvantaged and that the distribution of any assets is carried out correctly. In this context, we may therefore process personal data on the basis that it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority that the handling of bankruptcy matters may entail, for example in decisions regarding wage guarantees.

3.4.4. The legal bases on which we base our processing in bankruptcy administration are thus the performance of a contract, compliance with a legal obligation and/or the performance of a task carried out in the public interest.

3.5. Storage of personal data

3.5.1. Rosengrens retains collected personal data for as long as is necessary having regard to the purpose of the processing. Rosengrens therefore regularly reviews which personal data is still necessary and subsequently carries out deletion and removes such data that is no longer needed.

3.5.2. In order to be able to administer guarantees, complaint periods, decisions by public authorities, legal claims that may be directed against the bankruptcy estate, the bankruptcy debtor and Rosengrens, and in order to comply with law, we may need to store personal data for a longer period. We may retain personal data for up to ten years in accordance with the guidelines of the Swedish Bar Association.

3.6. Transfer of personal data

3.6.1. We always exercise the utmost care when transferring personal data and do not transfer personal data without support in this policy or without ensuring that appropriate safeguards are taken.

3.6.2. We may disclose collected personal data for processing by third parties. Third parties include, for example, group companies, service providers, other legal advisors, opposing counsel, auditors, consultants, courts and other public authorities.

3.6.3. Your personal data is only disclosed to third parties if and to the extent that you have consented to the transfer and/or if the transfer is necessary and we have a legitimate interest. The transfer of personal data may be necessary due to legal obligations based on law, disputes, decisions by public authorities, requests or upon your own request. The transfer of personal data may also be necessary in order to safeguard the rights of the bankruptcy estate or your rights, and in order for our external service providers to be able to provide their services to us.

3.6.4. We engage external service providers who carry out assignments on our behalf and who may process personal data, for example in relation to our IT systems and software. External service providers generally have access to information that exists and/or is generated in the systems that the service provider provides, but may only process personal data when it is necessary for the service provider to be able to provide its service to us.

3.6.5. Depending on the circumstances, a third party may become an independent data controller, a joint data controller with us, or our data processor.

3.6.6. We may process your personal data both within and outside the EU/EEA. In cases where we process your personal data outside the EU/EEA, we will take the necessary measures to ensure that the transfer is carried out in a lawful manner and that the data continues to be protected by the receiving parties outside the EU/EEA.

3.6.7. Further information regarding the transfer of personal data can be found in the Privacy Policy.

3.7. Rights of the data subject

3.7.1. As a data subject, you have the right, subject to certain statutory exceptions, to request information about and access to your personal data that we process. You may also request rectification, erasure, restriction of processing, compensation, transfer to another data controller (data portability) and lodge complaints and object to direct marketing. If you are dissatisfied with our processing, you may lodge a complaint with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) (https://www.imy.se) or with the supervisory authority in the country where you live or work.

3.7.2. Further information about your rights can be found in the Privacy Policy.

UPDATES AND CONTACT DETAILS

4.1. We reserve the right to update this policy. The current version was published digitally on our website, rosenlaw.se, on 30 March 2026.

4.2. If you have any questions regarding this policy, our processing of your personal data or wish to exercise your rights, please do not hesitate to contact us.

4.3. Rosengrens Advokatbyrå i Göteborg AB
reg. no. 556579–3311
Södra Larmgatan 4, Box 2523
SE-411 16, Gothenburg

4.4. Tel.: +46 (0)31-701 20 00

4.5. Email: info@rosenlaw.se