Privacy policy

The protection of your privacy is of the utmost importance to us.  This policy describes how Kjellberg Legal, Attorneys Ltd. (“Berg Legal” or “we”) as a controller processes personal data in the context of our provision of legal services to our clients, our prospective clients, service providers and other business contacts. 

We process personal data in accordance with this privacy policy and the applicable laws, such as the EU General Data Protection Regulation (2016/679) (“GDPR”). Please note that we may make changes and updates to this policy from time to time without advance notification.

By personal data we refer to any data that allows the identification of a natural person. Processing means any operation performed on that personal data, such as collection, recording, organisation, storage, use, combination, disclosure, transfer, deletion or erasure.

Purposes of Processing

In connection with our business activities and the services we provide, we collect and process the
following types of personal data:

  • name, date of birth, address, e-mail address, telephone number, title or position in the company or organisation you represent;

  • information that we are required to collect due to our statutory obligations relating to know-your client and anti-money laundering procedures, and by the rules of the Finnish Bar Association relating to the performance of conflict of interest verifications, such as id or passport information, political exposure and beneficial ownership;

  • other information relevant for the handling of our client assignments, which depending on the nature of the assignment, may include personal data relating to the client, the client’s family members or other beneficiaries, employees, business partners and/or counterparties, and special categories of sensitive personal data to the extent necessary for compliance with legal obligations binding on us. 

Personal Data of the Visitors on the Site

For marketing purposes we may collect personal data of visitors on the site including some cookies, web beacons and similar technologies for collecting information in a non-identifiable form (e.g., browser type or number of visitors to the website) and some in the form of personal data (e.g. IP address).

Where consent has been requested and and obtained, we process your personal data based on our rights under the Electronic Communications Act (former Information Society Code) to do so.

How Do We Collect Data 

We obtain personal data of our client’s representatives directly from our clients. Personal data required for Know Your Client purposes we obtain from our clients and from public sources such as Companies Register. For conflicts of interest verification purposes we obtain personal data from our prospective clients and from public sources, such as the websites of the relevant companies.

The personal data we process is mainly obtained from our client or other business partner directly, through emails and other communication and documentation you provide to us. We may also process personal data obtained from counterparties or their counsels, government agencies, credit information service providers and publicly available records and sources as well as data generated by us internally in the course of handling our client assignments.

How Do We Use Your Data

We will process your personal data for the purposes of:

  • client identification and anti-money laundering procedures and performance of conflict checks;

  • management and administration of client assignments and providing legal services to our clients;

  • processing of payment, billing, collection, accounting, auditing and related support services; and

  • management and administration of business relationships.

If we process your personal data based on your consent, you have the right, at any time, to withdraw your consent to that processing. Please note, that if you withdraw your consent to processing of necessary personal data, we may not be able to continue our business relationship or continue providing services to you.

Disclosures of Your Data

We use third party service providers to process certain personal data on our behalf. This primarily includes IT systems and service providers.

We will not disclose your personal data to any third parties unless we are required to do so either by law, in order to assert or defend against legal claims, or for the handling of our client’s assignment, which may involve disclosure of personal data to courts and public authorities, witnesses, counsels, advisors and other third parties involved in the assignment, including parties based outside the EEA. As part of our Know Your Client obligations, we may be obliged to transfer personal data to the Finnish Bar Association or relevant public authorities, as required by applicable laws and regulations.

We may need to allow certain access to your personal data to our external service providers who process data on our behalf, mainly for the purposes of maintaining our IT systems. All our service providers are obliged by their service agreement to process data only on our behalf and for the agreed purpose. 

Transfers of Your Data

We do not regularly transfer personal data outside the EEA, with the exception of certain processing that due to the technical environments of our external IT service providers may be necessary for the maintenance of our IT systems. Any transfers of personal data outside the EEA will be subject to appropriate safeguards as required by the applicable data protection legislation.

Protection of Your Data

We have implemented certain technical and organizational safeguards to ensure appropriate security and confidentiality of your personal data under the applicable legislation and good data security practices. These includes, for example, measures to prevent unauthorized access to or processing of your personal data.

Your rights

You have various rights with regard to your personal data that we process. These rights include the rights described below. However, these various rights may be subject to certain qualifications, such as arising from applicable laws or regulations by public authorities, which qualifications are not fully described below. Certain exceptions to the rights may also arise from the confidentiality and other obligations that we have as a law firm subject to the rules and regulations of the Finnish Bar Association. Therefore, we encourage you to contact us at berg(at)berglegal.co if you have any questions concerning your rights.

  • Access: You have the right to obtain confirmation from us whether your personal data is being processed. You also have the right to access your personal data and to obtain certain information, such as the purposes of processing your personal data and the types of personal data involved;

  • Rectification: You have the right to request us to rectify inaccurate personal data concerning you;

  • Erasure: You have the right to request us to erase your personal data for example when the data is no longer necessary for the purposes for which it was collected or if your personal data have been unlawfully processed;

  • Restriction: You have the right to restrict processing of your personal data, for example, for the period that is required for us to verify the accuracy of your personal data if you contest the accuracy of the personal data.

  • Objection: You have the right to object to processing your personal data for direct marketing purposes. You are also entitled to, on the grounds of your particular situation, object to processing of your personal data that we do based on our legitimate interest.

  • Data Portability: You may have the right to obtain your personal data in a structured, commonly used and machine-readable format and to transfer the data to another controller, if we process your personal data based on your consent or because it is necessary for performance of a contract that we have entered with you or in order to enter a contract with you. For this right to be available to you, our processing of your personal data must take place by automated means.

  • Withdrawal of consent: To the extent we process your personal data based on your consent, you have the right to withdraw your consent any time. You can do so by sending an email to berg(at)berglegal.co. Withdrawing your consent does not affect the lawfulness of processing of your personal data based on consent before its withdrawal.

  • Complaints: You have the right to make a complaint with the data protection authorities concerning our processing of your personal data. You can make the complaint with the data protection authority of the EU member state where you have your permanent residence or where you work, or where you find that a potential breach with regard to your personal data has occurred. In Finland, the relevant data protection authority is the Data Protection Ombudsman’s office: https://tietosuoja.fi/en/home.