Effective date: 07.10.2020. 

 

We are very keen on being compliant with the European data protection rules and principles to protect you and your personal data. We at KassaiLaw will always go the extra mile to protect your privacy data and never sell it any third parties. This Privacy Policy contains all information related to the data processing of KassaiLaw, concerning the collection, use, storage, disclosure and erasure of data.  Please, revise this Privacy Policy carefully before you disclose any of your personal data to us. 

 

1. PREAMBLE 

1.1. KassaiLaw AB as data controller (hereinafter: ’KassaiLaw’) is a company registered in Sweden, providing legal and business advisory services (hereinafter: ‘Service’). If you, as our client, use our Service or are interested in it (hereinafter: ‘Client’ or ‘Data Subject’), you may disclose certain personal data to us. 

1.2. For the purposes of this Privacy Policy, the terms ‘we’ or ‘our’ etc. shall mean the KassaiLaw and ‘you’ or ‘your’ etc. shall mean the Client.  

1.3. This Privacy Policy requires the expressed consent hereto by you which you can withdraw anytime. Your consent shall be voluntarily, specific and based on the related information we provide to you. We also need you to keep in mind, that in some cases there may be further grounds to our data processing, other than your consent, such as fulfilling our legal obligations. In these cases, withdrawal of consent does not necessarily mean that we cease to process your personal data. You can see further details of the legal grounds in Section 5. 

1.4. KassaiLaw may amend this Privacy Policy unilaterally, at any time as the business processes and the relevant legal requirements develop. This Policy comes into effect upon its publication. The prevailing version of this Policy is available on the website: https://kassailaw.com/ 

1.5. KassaiLaw handles your personal data confidentially and is committed to take all the safety, technical and organizational measures that guarantees the security of your data. 

1.6. KassaiLaw is also committed to process your personal data lawfully, fairly and in a transparent manner; we only collect and process data that are suitable and relevant for the purposes of data processing, and are necessary to achieve such purpose. 

1.7. KassaiLaw attempts to ensure the accuracy and up-to-date nature of the personal data; therefore, we take all necessary measures for the immediate erasure or rectification of inaccurate data. 

1.8. Your personal data is only yours, therefore you can request the restriction of data processing, to rectification or erasure of you data and you can object at any time, free of charge via e-mail: at office@kassailaw.com. We respond to You without undue delay, but latest within 30 days from the receipt of the request. If we have to reject to perform your request, we will provide a proper justification of rejection. In justified cases, depending on the complexity and number of requests) we can extend the deadline by two further months and we will inform you about that within one month of receipt of the request, together with the reasons for the delay. 

 

2. SERVICE PROVIDER’S DATA 

Name of Controller  KassaiLaw AB 
Registered seat of Controller Frejgatan 13, 114 79 Stockholm, Stockholms län
The contact details of Controller, its electronic mailing address used for regular communication with customers  office@kassailaw.com 
Phone number  +46 76 324 4410
Website www.kassailaw.com 

 

3. APPLICABLE LAWS

KassaiLaw hereby declares to process your personal data in compliance with the prevailing laws and regulations, with special regard to the following: 

    • The related EU regulation: the General Data Protection Regulation of the European Union (Regulation 2016/679 (EU), the ‘GDPR’) 
    • Swedish Law (2018: 218) with supplementary provisions to the EU Data Protection Regulation [Lag (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning] 

 

4. LEGAL GROUND FOR DATA PROCESSING

4.1. The legal ground for personal data processing is one or more of the followings:  

a) your voluntary consent (Article 6 (1) (a) of GDPR) 

b) contract concluded by and between KassaiLaw and the Client for contractual performance
    (Article 6(1) (b) of GDPR) 

c) the processing of the personal data is necessary for the performance of KassaiLaw’s legal obligations, such as auditing and accounting liabilities, or anti-money laundering and counterterrorist financing purposes (Article 6(1) (c) of GDPR). 

d) for the enforcement of the legitimate interest of KassaiLaw or a third party (Article 6(1) (f) of GDPR). 

4.2. You can grant and withdraw your consent to the use of your personal data for advertisement purposes. 

 

5. THE DATA PROCESSED BY KASSAILAW

5.1. We may collect personal information from you in the course of our business, including through your use of our website, when you contact or request information from us or when you engage our Services. If you reject to comply with our request to provide personal data, KassaiLaw is entitled to lawfully reject the provision of Service, so you may be unable to use them. 

5.2. Within the scope of data processing, we can in particular pursue the following activities: to collect, record, register, systematize, store and use the personal data for the purposes of data processing, to query, block, erase and destruct your data and to prevent the further use thereof. In lack of a related legal obligation, we never publish, align or coordinate your personal data with each other. 

5.3. Our primary goal in collecting personal information from you is to help us: 

    • verify your identity 
    • deliver our Services 
    • improve, develop and market new Services 
    • carry out requests made by you on the Site or in relation to our Services 
    • investigate or settle inquiries or disputes 
    • comply with any applicable law, court order, other judicial process, or the requirements of a regulator 
    • enforce our agreements with you 
    • protect the rights, property or safety of us or third parties, including our other clients and users of the Site or our Services 
    • with recruitment purposes, and 
    • use as otherwise required or permitted by law. 

5.4. To undertake these goals we may process the following data provided by you. The disclosure of these data is necessary for the provision of the Service: 

Data Subject  Legal grounds  Data category  Purpose of Data Processing
Individual Client in receipt of our Services or prospective individual Client 

4.1. a), b), c) 

 

Name, 

Contact information including email, phone number, 

Payment information,

Information that you provide to us as part of us providing the Services to you, which depends on the nature of your instructions to KassaiLaw, 

Other information relevant to provision of Services. 

Conclusion, amendment and performance of the contract, 

Maintenance and development of service 

Identification of the Client and ensuring the communication,

Establishment and maintenance of a reliable and safe environment, enforcement of claims and rights, prevention and handling of fraud. 

Person filling out the contact form as part of our Startup Toolkit 

offer 

4.1. a) 

 

Name, 

Contact information: Email address 

Identification of the Client and ensuring the communication, 

Conclusion, amendment and performance of the contract, 

Potential recruit, job applicant  4.1. a)  Name (first and last name) 

Conclusion, amendment and performance of the legal relationship; employment, 

Identification of the applicant and ensuring the communication, 

Establishment and maintenance of a reliable and safe environment, enforcement of claims and rights, prevention and handling of fraud. 

Email address 

Conclusion, amendment and performance of the legal relationship; employment,  

Identification of the applicant and ensuring the communication, Establishment and maintenance of a reliable and safe environment, enforcement of claims and rights, prevention and handling of fraud. 

Telephone 

Identification of the applicant and 

ensuring the communication 

Other data provided voluntary in the CV  Conducting the professional selection process 
Employees, contributors   4.1. b), c)  Name (first and last name) 

Performance of the contract  

Compliance with legal obligations relating to employment (e.g. reporting to the necessary authorities) 

    E-mail address 

Performance of the contract  

Identification of the applicant and ensuring the communication 

    Telephone  Identification of the applicant and ensuring the communication 
    Mother’s name  Performance of the contract  
   

Address and post 

address Tax number 

Social security number Bank account number, bank account details 

Compliance with legal obligations relating to employment (e.g. informing necessary authorities) 
Compliant, requestor  4.1. a), c)   Name (first and last name) 

Conducting the complaint management process, carrying out a request 

Identification of the user and ensuring 

the communication 

    E-mail address 

Conducting the complaint management process, carrying out a request 

Identification of the user and ensuring 

the communication 

    Phone number 

Conducting the complaint management process, carrying out a request 

Identification of the user and ensuring 

the communication 

    Address 

Conducting the complaint management process, carrying out a request 

Identification of the user and ensuring the communication 

5.5. KassaiLaw is primarily engaged by corporate entities, who are not data subjects. However, personal information may be provided to us as part of instructions by the Client while engaging with our Service (e.g. personal information relating to the corporate clients’ or prospective clients’ officers or personnel, any opponent or vendor or purchaser or personal information relating to their legal advisors or personnel, as relevant or similar). 

5.6. We do not control or process any sensitive data under any circumstances. We re-examine this from time to time, and if at any time in the future we may process sensitive data, we will do this with special care and diligence, and we will only process the sensitive data to the extent it is required, and only based on your expressed consent. 

5.7. If the you do not expressly provide us with your personal data in line with this of Privacy Policy, we do not collect or process any personal data in a way that would enable the identification. We do not collect or process any data automatically. 

5.8. Data collected from third parties 

5. 8.1. We only collect your personal data collected by third parties if you have given your explicit consent to the data transfer directly to those third parties which is your responsibility to arrange. We do not supervise that your consent is properly given, we trust both you and those third parties who shall also be compliant with the data protection rules. Therefore, we are not liable for the collection and processing of such data by third parties. 

5.8.2. If you use the services of a third-party service provider (like Facebook, Instagram, etc.) to contact us, then we can request those data of yours from the concerned third party that are essential to the provision of the Services. To the provision or change of such data, the privacy policies of the concerned third-party service provider shall apply. 

5.9. Cookies applied by the Controller 

5.9.1. What is a cookie? Cookies are small data files of information that our website transfers to your hard drive or mobile device to store and sometimes track information about you. Although cookies do identify a User’s device, cookies do not personally identify Users. Additionally, mobile devices may use other tracking files which are similar to cookies (for example iOS devices use Apple’s ‘identifier for advertisers’ (IDFA) and Android devices use Google’s Android ID). In the context of tracking within KassaiLaw, the concept of a cookie will include an IDFA and an Android ID for the purpose of this Cookie Policy. 

5.9.2. Why we use cookies: Our website uses cookies to distinguish you from other Customers. This helps us to improve our website and to provide you with a good experience when you browse. 

 5.9.3. Types of cookies we use: 

      • Strictly necessary cookies: these are cookies that are required for the operation of a website, such as to enable you to log into secure areas. 
      • Performance cookies: these types of cookies recognise and count the number of visitors to a website and are used to see how users move around. This information is used to improve the way the website works. 
      •  The cookies we use only last for the duration of your visit to the website or expire when you close the website: these are known as ‘session cookies’. 
      •  Third party cookies: We only use cookies set by third parties who are delivering services on our behalf (e.g.: Google). 

 5.9.4. Blocking cookies: Most websites, mobile devices and apps automatically accept cookies but, if you prefer, you can change your browser, device or app settings to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting www.allaboutcookies.org which includes additional useful information on cookies and how to block cookies using different types of browser or device. To block the IDFA on your iOS mobile device, you should follow this path: Settings > General > About > Advertising and then turn on ‘Limit Ad Tracking’. To block Android ID on your Android device, you should follow this path: Google Settings > Ads and then turn on ‘Opt out of interest-based ads’. 

 

6. The method and term of the use of the data collected 

6.1 We only process your personal data if it is essential, suitable for and limited to the extent and duration required to the achievement of the purposes set for processing. 

Purpose of Data Processing Justification of purpose Duration of data processing
The conclusion, amendment and performance of the contract KassaiLaw uses the data collected by them or through third party providers for the following purposes to create, modify and conclude the contract. The personal data collected in the course of the use of the Services are to facilitate and enable the performance of the transaction required by the Client. KassaiLaw uses the Client’s personal data to creation of the contractual background of the Client’s service order and to facilitate the fulfilment of the contract. KassaiLaw shall process the personal data during the term of the contractual relationship or in case a contractual relationship has not been established, until the purpose of processing has ceased, or erases them in case further processing of such data is no longer necessary for the purpose of processing in accordance with the requirements for lawyers. Client may request for the erasure of his/her data in a letter sent to the office@kassailaw.com email address. For the purposes of evidencing in the case of a dispute, the data of the concerned Client shall be processed during the term of the general limitation period (5 years), and for five (5) years after the final and binding closure of the dispute.
Maintenance and development of service KassaiLaw shall use the data collected by it or through third-party service provider for the following purposes of maintenance and development of the Service. KassaiLaw shall use the personal data of the Client to enable the continuous development and improvement of the Services.
Identification of the user and ensuring the communication KassaiLaw may use the Client’s personal data to ensure effective communication with the Client, in the course of which KassaiLaw contacts and identifies user through their contact data provided.
Establishment and maintenance of a reliable and safe environment, enforcement of claims and rights, prevention and handling of fraud KassaiLaw may use the personal data of the Client to secure the legitimate interests of Clients in the course of the use of Services. In the scope of the above, KassaiLaw shall be entitled to the following activities: the prevention and termination of fraud, spam, misuses and other harmful activities, to perform security investigations and risk analysis, to check and verify the data provided by the user.
Compliance with legal obligations relating to our Clients (e.g. informing necessary authorities) Compliance with relevant informational, reporting obligations, authority administrations and obligations connected to taxation, contributions, etc.
Complaint management procedure Documentation and verification of the conduct of the procedure, the actual examination. KassaiLaw shall process the personal data concerned until the purpose of processing has ceased, or erases them in case further processing of such data is no longer necessary for the purpose of processing. The data shall be stored for 5 years according to consumer protection rules.
Compliance with legal obligations relating to employment (e.g. informing necessary authorities) Compliance with relevant informational, reporting obligations and obligations connected to taxation, contributions, etc. KassaiLaw processes the data for 5 years starting form the last day of the calendar year in which employment ends, with the prohibition to discard labor, wage and social security records. Otherwise the limitation period in labor law is 7 years.

 

7. The persons having access to the data processed, data transfers 

7.1. To be able to provide you with undisturbed Services, for quality assurance purposes, as well as to enable the investigation of customer claims and complaints, we might have to transfer your data to third parties. By accepting this Privacy Policy you give your expressed consent to these data transfers.

7.2. Data transfer may take place in the following cases: 

Recipient of data transfer  Scope of data that may be transferred
Transfer of data to employees To the personal data processed by us, KassaiLaw shall have access; the personal data shall also be made available to the employees of KassaiLaw, but only if their access to and processing of personal data is required for the purposes of data processing related to the given data category.
Transfer of data to contributors To the personal data processed by us, KassaiLaw shall have access; the personal data shall also be made available to the contributors, as data processors of KassaiLaw, but only if their access to and processing of personal data is required for the purposes of data processing related to the given data category.
Publicly displayable information KassaiLaw may only display publicly those information with respect to which the Data Subject has granted its consent to the disclosure thereof on the social/public surfaces of the KassaiLaw’s Partners.
Compliance with Laws Except for the cases defined in this section 7 and the case if KassaiLaw is instructed by the court to transfer data upon provisions prescribing mandatory data transfer to a specific authority, state or administrative organ and such instruction cannot be lawfully rejected, KassaiLaw may not transfer the personal data provided to it to third parties.

 

7.3. To be able to provide you with undisturbed Services, we use the contribution of the following third-party service providers: 

Hosting service provider, or a company providing system operation services to KassaiLaw upon contractual relationship 

(Data Processor) 

Name: Google Ireland Limited 

The address of the hosting service provider: Gordon House, Barrow Street, Dublin 4, Ireland 

Company reg. no.: 368047 

Telephone number of the hosting service provider: 353-1-436-1000 

Contact page of the hosting service provider: https://about.google/contact-google/ 

The website of the hosting service provider: https://google.com/ 

7.4. The Data Processor assists KassaiLaw in the smooth operation of the IT infrastructure that facilitates the storage of personal data provided to KassaiLaw, Data Processor has no direct access to personal data. We expressly declare that  we have no direct or indirect liability with respect to the data processing activity of the Data Processor and the security of personal data in the course thereof; in this regard, the privacy policies and regulations of the Data Processor shall apply. 

7.5. If we need to involve further Data Processors, we will notify you about that by the modification of our Privacy Policy. 

 

8. Rights and obligations of the Parties 

8.1. Processing of Clients’ data, rights of information 

8.1.1. You can access your personal data which have been collected by us. Please, notify us of any change in your data, at office@kassailaw.com. You are responsible for ensuring the up-to-date status of the personal data. In order to protect you, in case of any requests coming concerning your data, we need to verify the person. We do not retain personal data for the sole purpose of being able to react to potential requests. 

8.1.2. KassaiLaw shall take appropriate measures to provide you with all information concerning the processing of personal data, in a concise, transparent, comprehensible and easily accessible form, in a clear and comprehensible form. The information is mainly provided electronically on request at the e-mail address office@kassailaw.com. Proof of the identity of the Data Subject is always required for the information. 

8.1.3. KassaiLaw shall, without undue delay, but in any case within one month from the receipt of the request, inform the Data Subject of the action taken following his / her request. If necessary, taking into account the complexity of the application and the number of applications, this time limit may be extended by a further two months. KassaiLaw shall inform the Data Subject of the extension of the deadline, indicating the reasons for the delay, within one month from the receipt of the request. 

8.1.4. If KassaiLaw does not take action at the request of the Data Subject, it shall inform the Data Subject without delay, but no later than within one month from the receipt of the request, of the reasons for non-action and that the Data Subject may lodge a complaint with one of its supervisory authorities and may exercise its right of judicial review. 

8.1.5. This right of the Data Subject shall be provided free of charge by KassaiLaw, however, if the request is unfounded or excessive, for example due to repetition, taking into account the administrative costs of providing the requested information or action or taking the requested action,  KassaiLaw may refuse the action or charge a fee. 

 8.1.6. If we process a large quantity of information concerning you, we may need you to specify the information or processing activities to which the request relates before the information is delivered. 

8.2. Rectification and erasure: You can ask us to rectify your personal data if necessary or to delete them where the retention of such data infringes the provisions of the related laws and regulations or if they are no longer necessary in relation to the purposes for which they are originally processed. 

8.3. Withdrawal of consent and restriction of processing: In case you withdraw your consent to out processing of your personal data, we might not do that if processing is necessary for the protection of exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest etc. The processing of personal data is essential until the proper, contractual completion of the contract concluded by and between KassaiLaw  and you. 

8.4. Right to object: You still have the right object against the processing of your personal data considering your individual circumstances even if it is lawfully processed for the performance of a task carried out in the public interest or in the exercise of official authority vested in KassaiLaw, or on grounds of the legitimate interests of controller a or a third party.  

8.5. Right to data portability: If you need it, we can provide you with a structured, commonly used and machinereadable format or all of your personal data processed by us and you can transmit those data to another controller. 

8.6. The Obligation of the Client 

8.6.1. You are the only one who is responsible for the lawfulness, reality and accuracy (i.e. the quality) of your data under criminal liability. You should only provide your own data when using our Services. If the you provide another person’s data, the consent of the actual data subject shall be acquired by the you, as the data source.  

8.6.2. KassaiLaw has no liability, either direct or indirect, for the legal consequences arising from the fact that the you provided another person’s data or provided false data. 

8.7. Competent Supervisory Organ 

8.7.1 The supervisory organ with regards to the data processing of KassaiLaw is the following authority:  

 

Swedish Data Protection Authority, with regards to the owner of KassaiLaw 

Name: Swedish Authority for Privacy Protection (IMY) 

Website: https://www.imy.se/

Address: Drottninggatan 29, plan 5, 10420 Stockholm 

Post address: Integritetsskyddsmyndigheten, Box 8114, 10420 Stockholm 

Phone: 08-657 61 00  

Email: imy@imy.se 

 

9. Automated decision making, profiling 

9.1. We do not apply decision-making procedures that are based solely on automated processing, including profiling, which would have legal effects on you. Should we introduce such procedures in the future, you will be properly notified about that and we will ask for your consent thereto.  

 

10. Further important information 

10.1. Data Protection Officer: in our standpoint, KassaiLaw is not obliged to appoint a data protection officer, as the main activities do not involve data processing operations that would allow a regular, systematic and high-scale follow-up monitoring of the Data Subjects; furthermore, KassaiLaw does not process any special categories of personal data or crime-related data which have relevance from criminal law aspect. 

 10.2. Supervisory organs and other authorities: the territorial scope of this Privacy Policy may cover also foreign authorities, if the Client has a registered seat or business site out of KassaiLaw’s area of operation, in a foreign country. 

10.3.  Processing of sensitive data 

We do not process personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. If we decide to process such sensitive data, this activity shall be pursued with special care and diligence, having your expressed consent thereto, and only the extent it is required. 

We do not process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation or criminal data.  

10.4. Processing children’s data 

We do not knowingly collect personal information online from children under the age of 18. 

 

11. Personal data breach 

11.1. In case of personal data breach, where the incident is likely to pose a high risk to the rights and freedoms of those concerned, we submit the report towards the data protection supervisory authority required by the laws and regulations, without undue delay, but in any case, within 72 hours from getting aware of the incident. We have developed internal procedures in case of personal data breach, and personal data breaches are also recorded into a registry. If you are affected by such personal data breach will also be notified, if the prevailing laws and regulations require so. 

11.2. If you detect a threat of personal data breach, we ask to report it immediately via email at office@kassailaw.com. Furthermore, in case of personal data breach, you may initiate a court case against KassaiLaw. 

 

12. Changes of the Privacy Policy 

12.1. Kassailaw reserves the right to amend this Privacy Policy at any time. Amendments will be published immediately on the website  

12.2. In case of amendment, the Data Subject will be notified thereof thirty (30) days prior to the date of effectiveness of amendment, via e-mail or through the website. 

12.3. In case the Data Subject objects to such amendment, he/she may notify KassaiLaw thereof and disclose his/her respective comments and notices via e-mail, furthermore, he/she may request the erasure of his/her personal data. 

 

 

 

×
Contact us!

By continuing to use the site, you agree to the use of cookies. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

For more information on how to set the preferences for cookies via your browser, refer to the following instructions:

Chrome
Mozilla Firefox
Internet Explorer

Close