Privacy policy

Last updated: [2025-08-20]

1. Introduction

At NORDIA Law, your personal privacy is of the utmost importance to us. We always process your personal data with respect and in compliance with the General Data Protection Regulation (GDPR), other applicable legislation, as well as the specific professional rules governing the legal profession. The purpose of this policy is to provide you with a clear and transparent account of how we collect, use, store, and protect your personal data, and to explain the rights you have as a data subject.

2. Data Controller

NORDIA Law is the data controller responsible for the processing of personal data carried out within the framework of our operations. You may always contact us should you have any questions regarding our handling of personal data. Our contact details are listed below.

3. How and Which Personal Data We Process

The personal data we process depends on your relationship with us. If you are a client, we may process data such as your name, personal identification number, address, contact details, financial information, and other data necessary to perform our assignment. This may include sensitive personal data which is required to safeguard your interests or to act in accordance with our legal obligations. If you are an opposing party, witness, business partner, or a representative of an authority, we may process corresponding data to the extent necessary to perform our services or to comply with legal requirements.

We primarily collect personal data directly from you, but may also obtain supplementary information from public registers, authorities, banks, insurance companies, credit reference agencies, counterparties, and other relevant third parties. When you visit our website, we may also process technical data such as IP addresses and Cookie information.

4. Purposes and Legal Bases

All processing of personal data is carried out for specific and explicitly stated purposes. The primary purpose is to perform and administer client assignments and to provide legal advice in accordance with the agreements with you. Such processing is based on the legal grounds of contract or legitimate interest.

In certain cases, we are legally required to process your personal data, for example to conduct conflict-of-interest checks, to comply with anti-money laundering legislation, accounting obligations, or other mandatory legal requirements. Furthermore, it is necessary to process and retain personal data for the administration of client relationships. Personal data may also be used to develop and evaluate our business through market and risk analyses, or to organize alumni activities and other communications relating to our practice. Such processing is based on legitimate interest and is never carried out to a greater extent than necessary.

In exceptional cases, we may request your consent for certain types of processing, for example in connection with marketing activities or in relation to the specific handling of sensitive personal data. Consent is always voluntary and may be withdrawn at any time.

5. Data Retention and Deletion

We never retain your personal data longer than necessary. For client assignments, the rules of the Swedish Bar Association require us to retain data for at least ten years after the matter has been concluded, or longer if the nature of the assignment so demands. Accounting records are retained for seven years pursuant to law, and data processed in order to comply with anti-money laundering legislation is retained for between five and ten years. Data that is no longer required for these or other clearly defined purposes will be deleted, anonymized, or otherwise disposed of.

6. Disclosure of Personal Data

We disclose personal data only when necessary to safeguard your interests or to comply with legal obligations. This may involve disclosure to third parties such as courts, public authorities, banks, insurance companies, business partners, or IT service providers. Where we engage service providers that process personal data on our behalf, we always enter into data processing agreements to ensure secure and lawful handling of data.

We strive to ensure that all processing of personal data takes place within the EU/EEA. If personal data must be transferred to a country outside the EU/EEA, such transfer will only occur where the recipient country ensures an adequate level of protection or where we have implemented appropriate safeguards, such as the European Commission’s Standard Contractual Clauses.

NORDIA Law conducts its business through several offices in Sweden as well as abroad, and personal data may be shared between these offices.

7. Security and Confidentiality

We work systematically to protect your personal data against unauthorized access, loss, misuse, or unlawful disclosure. Access to personal data is restricted to authorized personnel within our organization who require such access to perform their duties, and all employees are subject to strict confidentiality obligations. As a law firm, we are also subject to statutory professional secrecy and the ethical rules of the Swedish Bar Association, which impose enhanced duties to protect information relating to our clients.

8. Amendments to this Policy

We may update this Privacy Policy to reflect changes in our business, applicable legislation, or regulatory requirements. The most recent version is always available on our website, Nordialaw.com.

9. Your Rights

As a data subject, you have several rights under the GDPR. You have the right to obtain information about the personal data we process concerning you, to request rectification of inaccurate data, to request erasure of data that is no longer necessary, and to request restriction of processing in certain circumstances. You also have the right to object to processing carried out based on legitimate interest, the right to data portability, and the right to withdraw your consent at any time.

We would particularly emphasize that you have the right to lodge a complaint with the supervisory authority in the country in which NORDIA Law operates if you consider that our processing of your personal data is not in compliance with applicable data protection law. For further information, please see information below:

Sweden
Integritetsskyddsmyndigheten: www.imy.se

Denmark
Datatilsynet: www.datatilsynet.dk

Norway
Datatilsynet: www.datatilsynet.no

Finland
Tietosuojavaltuutetun toimisto: www.tietosuoja.fi

If you want to make any inquiry regarding the processing of your personal data, do not hesitate to contact our offices. All the offices listed below, will act as data controller in relation to you when they process your personal data:

STOCKHOLM
Advokatfirman NORDIA
Box 856, 101 37 Stockholm, Sweden
Phone: +46 8 563 08 100, email: stockholm@nordialaw.com

GOTHENBURG
Advokatfirman NORDIA Göteborg
Kungsportsavenyen 1, 411 36 Göteborg, Sweden
Phone +46 31 778 35 00, email: gbg@nordialaw.com

COPENHAGEN
NORDIA Advokatfirma
Østergade 16, 1100 København K, Denmark
Phone: +45 70 20 18 10, email: copenhagen@nordialaw.com

OSLO
NORDIA Law Advokatfirma AS
Dronning Eufemias gate 8, 0191 Oslo, Norway
Phone: +47 224 21 020, email: oslo@nordialaw.com

HELSINKI
Asianajotoimisto Nordia Oy
Eteläesplanadi 22 A (7th floor), 00130 Helsinki, Finland
Phone: +358 9 4250 5000, email: helsinki@nordialaw.com