Privacy and cookie policy

This privacy and cookies statement describes how Insa advokater processes
personal data and uses cookies on its website.
All content published on our website is the property of Insa advokater. Republishing is not allowed,
unless written permission has been given. By using our website, and as a client of Insa
advokater, you consent to the processing of personal data in accordance with this statement.

Processing of personal data in Insa advokater


When you are in contact with us, for example as a private client or as a contact person for a
corporate client, Insa advokater AS processes personal data about you. Below you will
therefore find information about what personal data is collected, why we do this and what
rights you have in relation to the processing of your personal data.
The controller of the personal data we process is Insa advokater, represented by the general manager
Farooq Ansari. The contact information for Insa advokater is:

    - Address: Karvesvingen 5, 0579
- E-mail: kontakt@insa.no/ansari@insa.no
- Phone: 21 09 02 02 02
- Organization no.: 922694117

For any questions you may have about our processing of personal data, please contact us.

Why we collect personal data and what kind of information we collect


We collect and use your personal data for different purposes depending on who you are and
how we come into contact with you. We collect the following personal data for the purposes
set out here:

1. Establishment of a client relationship and administration of the client relationship. In
this connection, contact information, documentation of identity, payment information
etc. is processed. The processing takes place on the basis of GDPR Article 6 (1) (b) (processing is
necessary for the performance of a contract to which the data subject is a party) for private clients, and
GDPR Article 6 (1) (f) (processing is necessary for purposes related to legitimate
interest) for contact persons for corporate clients and other data processed in connection
with corporate clients. In addition, Insa advokater AS is subject to legal obligations in connection
with the establishment of client relationships such as section 4 (2) no. 3 of the Money Laundering Act, cf. sections 17 and 18, and
then processes in accordance with GDPR article 6 (1) c (processing is necessary to fulfill a
legal obligation).

2. Case management. In this context, personal data is processed that is
necessary in relation to the case in question. The processing takes place on the basis of GDPR
article 6 (1) letter b (processing is necessary for the performance of a contract to which the
data subject is a party) for private clients, and GDPR article 6 (1) letter f (processing is
necessary for purposes related to legitimate interest) for contact persons for
corporate clients and other data processed in connection with corporate clients.

3. Information about counterparties and other third parties. In this connection,
processes personal data that is necessary in relation to the case in question. The processing

is based on Article 6(1)(f) of the GDPR (processing is necessary for purposes
related to legitimate interest). We have assessed that the processing is necessary in order to
resolve incoming cases as efficiently as possible in accordance with commercial considerations and good
legal practice. When processing special categories of data, the processing
has a legal basis in GDPR Article 9 (2) (f) (establish, exercise or defend
legal claims).

4. Criminal convictions and offenses. In this connection,
personal data that is necessary in relation to the case in question is processed. The processing
takes place on the basis of GDPR Article 9 (2) letter f (establishing, exercising or
defending legal claims), as well as a systemic consideration of the Criminal Procedure Act and the rules of good
legal practice section 2.3.

5. Storage/retention of case documents. In this connection,
personal data that is necessary in relation to the case in question is processed. The processing
is based on a legal obligation to archive ongoing and closed cases.

6. Invoicing. In this connection, contact information and
payment information is processed.
The processing takes place on the basis of GDPR Article 6 (1) (b)
(processing is necessary for the performance of a contract to which the data subject is a party) for
private clients, and GDPR Article 6 (1) (f) (processing is necessary for purposes
related to legitimate interest) for contact persons for corporate clients.

7. Sending marketing, newsletters and other relevant information about our
business.
In this context, name and e-mail address are processed. The processing
takes place on the basis of consent from the person receiving the marketing in accordance with
section 15 of the Marketing Act, usually a private client or contact person for a
business client.

8.Information about potential clients. In this regard,
contact information is processed.
The processing takes place on the basis of GDPR Article 6 (1) (f)
(processing is necessary for purposes related to legitimate interest). We have assessed
that the processing is necessary to safeguard the commercial interests of our business.

9.Knowledge management (e.g. reuse of documents in subsequent cases).
Personal data processed in this context is personal data that is
necessary in relation to the case in question. The processing is carried out on the basis of GDPR
Article 6 (1) (f) (processing is necessary for purposes related to legitimate
interest). We have assessed that the processing is necessary for internal
learning processes and to work more efficiently.

10. Recruitment. In this context, CVs, applications, certificates, diplomas, statements
from references, internal assessments/interview summaries, personality tests and
ability tests, if applicable, are processed. Processing of personal data takes place on the basis of an agreement with the person
applying for a position with us, i.e. GDPR article 6 (1) (b). If we retain
application documentation after a recruitment process has ended, this is done on the basis
of consent from the applicant, cf. GDPR article 6 (1) (a).

11. Security.
In this connection, logs are processed on servers, detection, clarification and
follow-up of security incidents, etc. The processing takes place on the basis of GDPR
article 6 (1) (f) (processing is necessary for purposes related to legitimate
interest). We have assessed that this processing is necessary to safeguard
information security and prevent unauthorized disclosure of personal data.


12. Cookies, statistical tools and web analytics. Collected information may be used
for statistics, operation, maintenance and improvement of our website. In Solidum Advokatfirma
uses Google Analytics to collect and analyze information about how
visitors use the website. Google Analytics uses cookies. In
line with common practice on the Internet, the user's IP address is registered by the website, but
we do not have access to personal data or can link actions on the website to
individual persons. However, you can block and delete cookies in your browser. Our
subcontractors in connection with the operation of our website, web analytics and
marketing measures are:

  • Optiflow AS
  • Microsoft  
  • Avant IT
  • Hubspot
  • Oneflow
  • 24 Seven Office
  • Credit control


Disclosure of personal data to others

We do not disclose or transfer your personal data to others, unless there
is a legal basis or order for such disclosure. Examples of this will typically be
legal obligations that require us to disclose the information to counterparties, courts or
public bodies.

Insa advokater AS also uses data processors to process personal data on our
behalf. In such cases, we have entered into agreements to safeguard information security at all stages of
processing. We currently use the following data processors:

  • Optiflow AS
  • Microsoft  
  • Avant IT
  • Hubspot
  • Oneflow
  • 24 Seven Office
  • Credit control


All processing of personal data that we carry out takes place within the EU/EEA area.

Storage time
We store your personal data with us for as long as is necessary for the purpose
for which the personal data was collected. This means, for example, that personal data that we
process on the basis of your consent will be deleted if you withdraw your consent.
Personal data that we process in order to fulfill an agreement with you will be deleted when the agreement has been fulfilled
and all obligations arising from the contractual relationship have been fulfilled. Personal data that we process to
fulfill a legal obligation from the authorities is deleted when the legal basis determines it.
This applies, for example, to bookkeeping and accounting rules.
The table below provides an overview of how long we process personal data for different purposes:

Purpose
Storage time
Client management
Up to 10 years after closing the last case
Storage/retention of case documents
Up to 10 years after closing the last case
Billing information
Up to 5 years after the end of the financial year in which the invoicing was made
Information about potential clients
Up to 5 months
Knowledge management (e.g. reuse of documents in subsequent cases).
Up to 10 years
Recruitment
Up to 3 months after the application deadline.
With the applicant's consent, we store CVs,
applications, certificates and diplomas for up to 2 years for
use in new, relevant job advertisements.
Security logs
Up to 1 year
Backups (backup)
Up to 3 years

Your rights when we process personal data about you

You have the right to demand access to, rectification or erasure of the personal data we process about you.
You also have the right to demand restricted processing and, under certain conditions, to object to
the processing. You can read more about these rights on the Norwegian Data Protection Authority's website:
www.datatilsynet.no.

To exercise your rights, you must contact us by e-mail or telephone. We will respond to
your inquiry as soon as possible, and at the latest within 30 days. We will ask you to verify
your identity or to provide additional information before we allow you to exercise your rights against
us. We do this to ensure that we only provide access to your personal data to you - and
not to someone pretending to be you.
You may at any time withdraw your consent for the processing of personal data with us.

Complaints
If you believe that our processing of personal data does not comply with what we have
described here or that we are otherwise in breach of data protection legislation, you can complain to
Datatilsynet. You can find information on how to contact the Data Inspectorate on the Data Inspectorate's website:
www.datatilsynet.no.

Changes
If there are changes to our services or changes to the regulations regarding the processing of
personal data, this may result in changes to the information you have provided here. If we have your
contact details, we will make you aware of these changes. In addition, updated
information will always be readily available on our website.

Want to
have a chat?

Get in touch and we'll find out what you need help with, free of charge!

Contact us
Close

Urgent?

Call us on 21 09 02 02

If it's not an emergency, kindly book a 15-minute video meeting with us by clicking this link

Urgent?
Call us on 21 09 02 02

Book time with us

Book time with us

Voice message via WhatsApp