Privacy Policy for the Law firm Arktis AS.

Organisation number: 994 586 971

Last updated: 20.06.2019



1. The content of this Privacy Policy

This Privacy Policy will describe Arktis Law’s ( hereinafter “we” or “us” ) processing of personal data. We are the Controller (the legal person that determines the purposes and means of the processing of personal data. GDPR article 4.) for the personal data described in this privacy policy. It is important for us that the management of your personal data is carried out in a safe and secure manner. The purpose of this privacy policy is for us to explain to you as a client or cooperating partner how we process your personal data and the different purposes of this processing.


Our contact details can be found below.



2. Information we collect

This Privacy policy is aimed towards our processing of personal data in connection with our daily managing and business as a law firm.


We process personal data about:

  • our clients; including private clients and company contacts;
  • personal data about individuals in connection to our clients (such as counterparties, suppliers and collaborators) or other individuals involved or affected by cases we assist in;
  • other individuals mentioned in case files;
  • personal data about our employees;
  • personal data about potential employees (job applicants)
  • personal data about our partners;
  • visitors to our website;



3. Purpose, categories of data and lawful grounds

In the following you will find an overview over the purposes for our collection of personal data, what categories of personal data we collect in different situations and the lawful grounds for the collection.


All employees at Arktis Law are subject to the general duty of confidentiality and have each signed his/her own declaration of confidentiality.



When a client contacts us asking for legal advice and a legal assignment we have to do a conflict assessment. The conflict assessment is based on a legitimate interest in accordance with GDPR article 6 no.1, f) and also Domstolloven § 224 and the norwegian Attorney Regulations chapter 12.

For potential private clients an assessment like this means that we process their full name, the facts of their legal matter and if it is necessary in order to assess their legal matter we also collect their credit information.

We are obliged to carry out customer control according to sections 6 to 13 and continuing follow-up pursuant to section 14 cf. money laundering act section 5. Also in accordance with GDPR article 6. no 1, c).

If we accept to carry out the legal assignment for a new client, the following information will be registered both for private clients and for company clients:

    • full name for the clients contact person(s)
    • phone number for the clients contact person(s)
    • email address for the clients contact person(s)
    • the clients postal address
    • any other information we deem necessary to assess money laundering risk in respect of a client
    • in addition we are obliged to collect a copy of an identifier like a passport, national ID-card, drivers licence or similar approved documents in accordance with the money laundering act.

The collection of such data is necessary in order to enter into an agreement with the client in accordance with GDPR art. 6 no.1 letter b). For company clients the lawful grounds for this processing is a legitimate interest in accordance with article 6. no.1 f).



Some assignments include us getting access to personal data about parties or other individuals that are affected by a case. These personal data might be visible to us in documents the client sends to us or through general correspondence in each case. The lawful ground for the processing of data when working with company clients is GDPR article 6. no 1. f) a legitimate interest.

in some cases we collect special categories of personal data like data concerning health or personal data relating to criminal convictions and offences. For these processing activities the lawful ground is in GDPR article 9. no 2 f) ( the processing is necessary for the establishment, exercise or defence of legal claims) cf. personopplysningsloven § 11.


When working in cases we make documents customized for the specific case. Sometimes we make templates out of the documents to use in later cases. The lawful ground for this processing activity is the legitimate interest cf. GDPR article 6 no 1 f) in our business to benefit of knowledge based and prepared templates in future cases.


We make case files for each case category or client. The time and cost for a specific case is registered in our accounting program. The management of the economic aspects of client administration for company clients has it’s lawful ground in GDPR article 6 no 1 f) a legitimate interest. And for private clients it is a necessary part of the performance of the contract with individual based on GDPR article 6. no 1 b).


We store case files for up to 10 years after the end of the clients assignment is closed, unless we receive a specific request from the client to store their case files for a longer or shorter period of time. When a case is closed in our system the case is transferred to our archives and stored in a secure way in a separate and closed system. Storage in the specified time period (10 years) is necessary in order to ensure both our interests in knowledge of the case and the clients interest should there be questions in the future or further legal disputes/claims arising out of the case or making the case files relevant.

The lawful grounds for this processing is GDPR article 6 no.1 f) in accordance with the legitimate interest described above and GDPR article 9 no. 2 f) (the processing is necessary for the establishment, exercise or defence of legal claims) cf. personopplysningsloven § 11.


If you are applying for a job at Arktis Law we collect the following information about you in relation to job applications:

    • name and address
    • national identity number
    • e-mail
    • telephone number
    • CV
    • transcripts of grade papers
    • references

The processing of personal data related to the job applications we receive are processed on the lawful ground of consent from the applicant cf. GDPR article 6 no.1 a) and fulfillment of an agreement with the party in question, or implementation of measures on the party’s request prior to conclusion of an agreement, cf. GDPR article 6 no.1 b).


Data received by company clients is used on the invoice that we send out to the clients for the work we perform. We also use the company's email address in order to distribute the invoice.

For private clients we use the clients personal address as earlier received, or an email address obtained from the customer.

The lawful grounds for this processing activity is GDPR article 6. no. 1 b) (necessary for the performance of a contract).


Personal data that are stored in our IT-systems will be available for us and our IT suppliers when updating our systems, when implementing or following up security measures, correction or other maintenance. The lawful basis for this processing is GDPR article 6 no.1 f) a legitimate interest for us to upkeep the security measures and our duty to meet the requirements for security of processing cf. GDPR article 32 and 6 no.1 c).

4. Sharing of personal data

Third parties delivering our IT-systems will have access to personal data if the data is stored with the supplier or in some other way is visible for the third party.


We process personal data through different platforms in order to communicate, for spesific cases, and general management of the law firm. Examples of IT-suppliers and tools we use are for example but not limited to Microsoft word, Gmail, Google Drive, Slack, Trello, Tripletex and LinkedIn.


The third parties can only process personal data to the extent strictly necessary for the purposes we have described and as described in this privacy policy.



5. Confidentiality

As a profession, Lawyers are subject to a strict duty of confidentiality cf. the norwegian criminal act § 211. All personal data that is provided and entrusted to us in conjunction with a case will be held strictly confidential.


We do not share personal data in other situations than the ones described in this privacy policy unless our clients explicitly encourages or consents to this, or where the sharing of information is required by law.



6. Storage

While working with a case all the information regarding the case will be stored in our system. We store case files for finished cases for up to 10 years in our system.


Accounting rules and procedures might require that we keep information for a more specified time frame. When a specific purpose requires us to to store documents for a purpose like this we make sure that the personal data stored is strictly necessary for this purpose and not stored for longer, or used for any other means than the purpose.



7. Your rights

As a customer of Arktis Law you have rights relating to the personal data we have registered about you. You can request access to the personal data we have registered about you. You may also request correction, deletion, and limitation of the processing of your personal data in accordance with applicable data protection legislation.


Your rights as a data subject contains, but are not restricted to, the following:



A. Right to withdraw consent

If the processing of personal data is based on a given consent, you can at all times during the processing withdraw your consent by request. We will do our best to comply with requests.

B. Right of access to personal data

As a customer/user of our services you have the right to know what data we have about you, as far as this does not conflict with the duty of confidentiality. You can use your right of access by request. For security measures we might ask for a confirmation of identity upon such request. This is in order to make sure that we don’t breach the privacy of others or give out information to the wrong individual.

C. Right to data portability

The right of data portability gives you the possibility to by request, receive the personal data concerning you in order to have these transferred in a machine readable format in order to transmit those data to another controller. If technically possible we might in some cases assist with transferring these data directly to the new controller.

D. Right to rectification and erasure

You can at any time ask us to edit incorrect information about you, or ask us to delete personal data. We will fulfil such requests as long as it is possible in accordance with the purposes of processing and as long as there are none legal obligations that requires us to keep the data. We will do our best to fulfill your request without undue delay.

E. Right to object

You have the right to object to the processing of your personal data at any time during the processing. If you don’t agree in the way we process your personal data we will always try to accommodate your wishes.

If you believe that Arktis Law has not complied with your rights pursuant to the data protection legislation, you have the right to send a complaint to the Norwegian Data protection Authority, which is the supervisory authority.

More information about your rights as a data subject can be found in GDPR articles 12 to 23.

In order to use your rights you can simply send us a request at: [email protected]



8. Security

We have established both technical and organisational routines in order to keep your information safe. We carry out continuous considerations of the safety of our central systems that are in use for processing of personal data, and we have agreements in place that requires the suppliers to comply and keep a required level of information security.


Access to personal data (including client and case information) is restricted to individuals with a necessary need to access in order to complete their assigned tasks.


This website is secured with SSL encryption.



9. Changes to our privacy policy


Arktis Law reserves the right to adjust and adapt this privacy policy, for example due to regulatory requirements. Our updated privacy policy will be published on our website at all times.


If substantial changes are made, we will notify our clients.



10. Get in touch


Contact phone: (+47) 970 65 313 (+47) 924 87 012

Address: Torggata 15, 0181 Oslo Norway.

Contact via email: [email protected]