Global
Denmark
Estonia
Finland
Lithuania
Latvia
Sweden
Eesti
English
Magnusson Estonia
Start / Privacy Notice

Privacy Notice

Your privacy is important to us

We value your right to privacy and data protection. We want you to know for which purposes and how we collect and use your personal data (also known as personal information) and which rights you have. You will find important information about the processing of your personal data in this Privacy Notice. The Privacy Notice may be supplemented by other privacy notices and notices applicable to cookies (Cookie Policy) published on the Magnusson website.
This Privacy Notice applies to the processing of personal data by the Advokaadibüroo Magnusson OÜ (registered in the Republic of Estonia under registry code 12543378 and registered office at Maakri 19/1, 10145 Tallinn, Republic of Estonia; hereinafter Magnusson, we or us).

Definitions

The following terminology is used in these Privacy Terms in the following meaning:
Data Subject is a natural person on who Magnusson has data or information that can be used to identify the natural person. Data Subjects are, for example, Clients who are natural persons, office visitors, persons wishing consultation, persons submitting requests or questions, co-operation partners and individuals associated with them, individuals associated with the corporate Clients (e.g. representatives or employees), persons related to the Client’s case;
Personal Data is any information relating to an identified or identifiable Data Subject, including the Client or persons related to the Client’s case;
GDPR is the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
Client Data is any information (incl. information treated as Personal Data) that is known to Magnusson about the Client or its representatives;
Client is any natural or legal person who uses, has used or has expressed an intention to use the services provided by Magnusson or is otherwise associated with our services;
Third Party is a natural or legal person, public authority, agency or body, and any person other than the Data Subject, Magnusson, an authorized employee of Magnusson, or a person who may process the Personal Data of the Data Subject under the authority of Magnusson or Processor of Magnusson;
Agreement is a contract with any content concluded between Magnusson and the Client, primarily Client Agreement and Authorisation Agreement;
Processing means any operation or set of operations, which is performed on Personal Data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, regardless of the method of operation or the used means;
Processor means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of Magnusson, the controller.

Security

Magnusson takes the security of all data in its possession very seriously. Magnusson ensures the confidentiality of Client Data and Personal Data under applicable law and implements appropriate technical and organisational measures to protect Personal Data from unauthorized access, unlawful Processing or disclosure, accidental loss, alteration or destruction.
Magnusson may use Processors for Processing of Personal Data. In such cases, Magnusson will ensure that the Processing of Personal Data is carried out in accordance with Magnusson’s instructions and in accordance with the applicable law and this Privacy Notice. We apply contractual and appropriate security measures to protect your Personal Data and maintain confidentiality.
To protect your and others’ Personal Data, please follow at least the following minimum requirements when forwarding us any information:
• do not send us excessive or unnecessary Personal Data, including other person’s Personal Data. Forward the Personal Data only in the extent necessary to fulfil the purpose of sending that information to us;
• do not indicate Personal Data (e.g. first name, surname, address, phone number, email address, personal identification code, date of birth, bank account number and other special (sensitive) kind of data) in the subject line of the e-mail or query or in the names of the files attached to the e-mail;
• do not write your own or other person’s personal identification number, financial data, health and other special (sensitive) kind of data in the text of an e-mail, query or file (attachment). Forward us the corresponding data in encrypted form.

How we collect your Personal Data?

Magnusson collects Personal Data primarily in the following ways:
• we mainly collect Personal Data from the Client or other Data Subject itself or from the persons acting on the Client’s or other Data Subject’s instructions (e.g. through requests, applications, conclusion and performance of Agreements);
• in the context of providing services, (e.g. advising Clients in pre-trial or court proceedings, we may also Process Personal Data of any other concerned person’s conduct or activity retrieved from publicly available resources, supervisory authority or other Third Party);
• Personal Data, including e-mail correspondence, emerged as a result of normal communication between the Data Subject and Magnusson;
• Personal Data clearly disclosed by the Data Subject (e.g. in social media);
• Personal Data generated by the use of services provided by Magnusson (e.g. executing transfers);
• Personal Data received from Third Parties (e.g. from the commercial register, population register or other databases and national registers);
• Personal Data combined by Magnusson (e.g. history of provided services and Client communication);
• the camera recordings of the Client visiting the Magnusson’s office for protection of Magnusson’s property.

Which Personal Data we Process?

The categories of Personal Data that Magnusson mainly, but not exclusively, collects and processes are the following:
• person’s identification data (e.g. name, personal identification code, date of birth, details of the identification document (e.g. copy of passport, ID card and/or driving license));
• contact details (e.g. address, phone number, e-mail address, language of communication);
• data of the Data Subject’s employer and position;
• information on family ties;
• any financial and tax information;
• data about the Data Subject’s business activities and relationships with legal persons (e.g. information submitted by the Data Subject or retrieved from public registers or received through Third Parties for making transaction on behalf of a legal person);
• information on the Data Subject’s authorisations;
• information relating to the provided services (e.g. performance or non-performance of Agreements, concluded and terminated Agreements, relationships with persons, submitted applications, queries and complaints);
• Client’s satisfaction data (e.g. activeness of using the services, data on services used, Satisfaction Survey data of the Client, Client’s complaints);
• records of the Data Subject’s inquiries;
• communication data (e.g. data collected via e-mail, messages and other communication means (incl. social media));
• information on the Client’s segment (area and category);
• images and activities of persons recorded with video cameras placed in the office building of Magnusson;
• data obtained and/or created by the performance of a statutory obligation (e.g. data resulting from inquiries made by investigative bodies, notaries, courts and bailiffs).

Magnusson primarily uses the following Personal Data for marketing purposes:
• e-mail address and name of the Data Subject (incl. the Client);
• information on which segment the Client belongs to (mainly the area of activity and law);
• information on the provided services.

Additional information about the Personal Data we collect, can also be accessed under the subsections of Our Specific Processing Activities. In addition to the categories of Personal Data explicitly stated in this Privacy Notice, Magnusson may collect additional and other Personal Data in accordance with the law, if needed.

On which legal bases we Process your Personal Data?

In summary, Magnusson Processes Personal Data on the following legal bases:
• for compliance with legal obligations arising from legislation (both national and EU legislation). This means that we must Process your Personal Data for legal obligation and such obligation is the justification for Processing. Such situations include Processing, for example, for accounting obligation, verification and documentation of provided services, or identification obligation;
• for the performance of Agreement or for the preparation of the conclusion of Agreement with the Data Subject. We may use Personal Data to perform the Agreement without the Data Subject’s separate consent. This means that Processing of your Personal Data is necessary for fulfilment of the Agreement concluded with you, and the Agreement is the justification for Processing. Such situation is, for example, provision of legal services to you;
• on the basis of consent within the limits, scope, and purposes expressed in the consent by the Data Subject (incl. the Client). In such case we will ask an appropriate consent from you;
• in other cases, we will Process your Personal Data for our or Third Parties legitimate interest or protection.
The legal bases are defined in a more detailed manner under the section “Our Specific Processing Activities” of this Privacy Notice.

Our Specific Processing Activities

Business contacts and potential Clients

Processing of Personal Data
Magnusson Processes Personal Data of contacts (existing or potential Clients and/or persons associated with them) in the Client Management System (hereinafter ‘CRM’).
The Personal Data we collect about contacts include primarily first and last name, name of the employer/organisation, contact’s position and contact details (phone number, e-mail address). Also, communication data (e-mail sender’s name, recipient’s name, date and time) and agreed meetings/events data are Processed for respective contacts in both CRM and calendar systems (organiser’s name, participant’s name, date and time of the event).

Use of Personal Data
Personal Data related to contacts is visible to CRM users and the data may be used by them to obtain information about existing or potential Client, primarily by using Personal Data for the following purposes:
• provision and improvement of services;
• development of our business, especially for marketing activities to share information about us and our services as well as to provide services and to send invitations to events;
• for organisational and internal management purposes, based on our and companies’ belonging to the Magnusson’s international network of law firms (Magnusson Group) legitimate interest to jointly market and jointly manage Client Database and IT systems, to provide comprehensive, cross-regional and cross-border services;
• identification of Clients with similar needs or profiles;
• performing analyses (e.g. on Client relationships or sales opportunities).

Legal bases for Processing
We Process the Personal Data of our business contacts and potential Clients based on our legitimate interest or consent, if such consent has been obtained from the Data Subject. Our legitimate interest is to market our services or to provide information to persons who we value to be interested in such information, also to improve our services and to develop business.

Individuals related to our business Clients

Processing of Personal Data
We only collect Personal Data to the extent necessary for the intended purposes. We ask our Clients to keep this in mind when forwarding to us any information containing Personal Data. We also ask our Clients to provide relevant information to the concerned Data Subjects about the use (incl. transferring to us) of their Personal Data and refer to this Privacy Notice in order to provide the Data Subjects an overview of how we Process Personal Data provided by our Client.
The Personal Data we Process about individuals related to our business Clients include primarily first and last name, name of the company/organization, position, relationship with the business Client and contact details (phone number, e-mail address, address).

Use of Personal Data
We use the Personal Data of persons related to our business Clients for the following purposes:
provision of services and Client relationship management, primarily for conclusion and performance of Agreements with the Client, making proposals as to the amount of fee, processing of the Client’s applications, identifying the Client’s representatives and associated persons, communicating with the Client, ensuring the Client’s payment obligation, solving Client’s complaints;
complying with requirements set out to us by law or the professional association (to which we belong) and cooperating with public authorities and providing the required information, including, if necessary, for complying with the requirements of the Money Laundering and Terrorist Financing Prevention Act;
maintaining and developing our business and services to improve the quality of the services provided, verify business transactions or other business communications, and manage and use IT systems, applications, and websites;
ensuring a trusting Client relationship and preventing fraud and damages;
conducting Client Satisfaction Surveys, including for contacting the Client;
managing and analysing the Client Database to provide the Client with the best and most personalised offers for services;
evidencing and defending legal claims, in particular to record communications and authorisations given by Client by means of e-mail, as well as information and other actions that we have carried out;
• for our and companies’ belonging to the Magnusson’s international network of law firms (Magnusson Group) organisational and internal management purposes;
ensuring security, primarily implementing security measures that include identification, analysis, and elimination of security risks, and which may also include Processing of Personal Data (e.g. scanning dangerous emails to identify security risks);
communicating to our Clients information about our services and organising events, primarily we use the contact details of the persons related to Clients to provide the information about us and our services that we consider necessary, to send invitations to Client’s events and other marketing information (e.g. we send information about news and overviews in important fields);
expanding the Client base, for this purpose we publish information on our experiences and services provided to our existing Clients, in particular to provide offers to potential Clients and/or international publications (such as Chambers & Partners and Legal500) that publish rankings of prominent and leading actors by countries and practice areas.

Legal bases for Processing
If we have a legal obligation under the applicable law to Process Personal Data, the Processing of Personal Data of individuals related to our business Clients is based on legal obligation. Such situations include, for example, identifying the Client’s representatives and associated persons, complying with the requirements of the Money Laundering and Terrorist Financing Prevention Act, evidencing or documenting the provided services.
The legal basis for Processing Personal Data of individuals related to our business Clients can also be in some cases our legitimate interest, for example when providing services to the employer of Data Subject, or consent obtained from the Data Subject. In addition, a legal basis for Processing Personal Data can also be our and companies’ belonging to the Magnusson’s international network of law firms (Magnusson Group) legitimate interest to jointly market and jointly manage Client Database and IT systems, to provide comprehensive, cross-regional and cross-border services (organisational and internal management purposes).

Private Clients

Processing of Personal Data
We only collect Personal Data to the extent necessary for the intended purpose. We ask our Clients to keep this in mind when forwarding to us any information containing Personal Data. We also ask our Clients to provide relevant information to the concerned Data Subjects about the use (incl. transferring to us) of their Personal Data and refer to this Privacy Notice in order to provide the Data Subject an overview of how we Process Personal Data provided by our Client.
The Personal Data we Process include primarily first and last name, date of birth and personal identification code, contact details (address, e-mail address, phone number), information on family ties, any financial and tax information. In the course of providing the services, we may also collect other categories of Personal Data and in other scope, including special categories of Personal Data, depending on the provided services.

Use of Personal Data and legal bases for Processing
We use the Personal Data of private Clients for the following purposes and based on the following justifications:
provision of services and Client relationship management, primarily for conclusion and performance of Agreements with the Client, making proposals as to the amount of fee, processing of the Client’s applications, identifying the Client, communicating with the Client, ensuring the Client’s payment obligation, solving the Client’s complaints, based on:
the implementation of pre-contractual measures to conclude Agreement, or the performance of Agreement, or the performance of legal obligation;
complying with the requirements set out to us by law or the professional association (to which we belong) and cooperating with public authorities and providing the required information, including, if necessary, for complying with the requirements of the Money Laundering and Terrorist Financing Prevention Act, based on:
the performance of legal obligation;
maintaining and developing our business and services to improve the quality of services provided, verify business transactions or other business communications, and manage and use IT systems, applications, and websites, based on:
the implementation of pre-contractual measures to conclude Agreement, or the performance of Agreement, or the performance of legal obligation, or the consent of the Client, or our legitimate interest to ensure and/or improve the quality of the services;
ensuring a trusting Client relationship and preventing fraud and damages, based on:
the performance of legal obligation, or our legitimate interest to ensure quality of the services;
• conducting Client Satisfaction Surveys (incl. for contacting the Client), market analysis and statistics, based on:
our legitimate interest to improve Magnusson’s services and the Client’s experience of the services, or the consent of the Client;
managing and analysing the Client Database to provide Clients with the best and most personalised offers for services, based on:
the consent of the Client, or our legitimate interest to provide information about Magnusson’s services to interested persons as well as to existing Clients;
for organisational and internal management purposes, based on:
our and companies’ belonging to the Magnusson’s international network of law firms (Magnusson Group) legitimate interest to jointly market and jointly manage Client Database and IT systems, to provide comprehensive, cross-regional and cross-border services;
evidencing and defending legal claims, in particular to record communications and authorisations given by Client by means of e-mail, as well as information and other actions that we have carried out, based on:
the implementation of pre-contractual measures to conclude Agreement, or the performance of Agreement, or the performance of legal obligation, or our legitimate interest to enforce legal claims;
ensuring security, primarily implementing security measures that include identification, analysis, and elimination of security risks, and which may also include Processing of Personal Data (e.g. scanning dangerous emails to identify security risks), based on:
our legitimate interest, or the consent of the Client;
communication to our Clients information about our services and organising events, primarily we use the contact details of the Clients to provide the information about us and our services that we consider necessary, to send invitations to Client’s events and other marketing information (e.g. we send information about news and overviews in important fields), based on:
the performance of legal obligation, or our legitimate interest to ensure security of the communication;
expanding the Client base, for this purpose we publish information on our experiences and services provided to our existing Clients, in particular to provide offers to potential Clients and/or international publications (such as Chambers & Partners and Legal500) that publish rankings of prominent and leading actors by countries and practice areas. In such cases the Processing of Personal Data is based on:
• Magnusson’s legitimate interest or the consent of the Client.

Private individuals whose Personal Data we receive in the course of provision of services to our Clients

Processing of Personal Data
We only collect Personal Data to the extent necessary for the intended purpose. We ask our Clients to keep this in mind when forwarding to us any information containing Personal Data. We also ask our Clients to provide relevant information to the concerned Data Subjects about the use (incl. transferring to us) of their Personal Data and refer to this Privacy Notice in order to provide the Data Subjects an overview of how we Process Personal Data provided by our Client.
For the Processing of Personal Data of individuals related to our business Clients, please see the section “Individuals related to our business Clients” of this Privacy Notice.
The Personal Data we Process includes primarily first and last name, date of birth and personal identification code, contact details (address, e-mail address, phone number), information on family ties, positions in companies (e.g. board members), information on financial situation (incl. data about income/salary), information relating to business activities, information relating activities that affect Client’s or Third Party’s legitimate interests. In the course of providing the services, we may also collect other categories of Personal Data and in other scope, including special categories of Personal Data, depending on the provided services.

Use of Personal Data
We use the Personal Data for the following purposes:
provision of services and Client relationship management, primarily for conclusion and performance of Agreement with the Client;
complying with requirements set out to us by law or the professional association (to which we belong) and cooperating with public authorities and providing the required information;
maintaining our business and services to verify business communication and Client authorisations, and manage and use IT systems and applications;
ensuring and defending legal claims, in particular to record communications, authorisations and orders made by the Client by means of telecommunications (e-mail), as well as information and other actions that we have carried out;
ensuring security, primarily implementing security measures that include identification, analysis, and elimination of security risks, and which may also include Processing of Personal Data (e.g. scanning dangerous emails to identify security risks).

Legal bases for Processing
If we have a legal obligation under the applicable law to process the Personal Data described in this subsection, the Processing is based on legal obligation. Such situations include, for example, evidencing or documenting the provided services.
If the Personal Data is processed for other purposes described in this subsection, the legal basis for Processing is our or Client’s legitimate interest, or consent obtained from the Data Subject. In addition, a legal basis for Processing Personal Data can also be our and companies’ belonging to the Magnusson’s international network of law firms (Magnusson Group) legitimate interest to jointly market and jointly manage Client Database and IT systems, to provide comprehensive, cross-regional and cross-border services (organisational and internal management purposes).

Other individuals who contact us

Processing of Personal Data
We also collect Personal Data of Data Subject when they contact us with any question (incl. feedback), for example, contacting us via e-mail, phone or social network (e.g. LinkedIn, Facebook). In this case, it is Data Subject’s own decision to which extent Data Subject considers it is necessary to share Personal Data with us. We will use Personal Data only in the manner and to the extent necessary to resolve the specific inquiry. For more information, please see the section “Security” of this Privacy Notice.
The Personal Data we Process include primarily first and last name, employer’s name, position, contact details (phone number, email address, address) and other data that is provided by the Data Subject itself.

Use of Personal Data and legal bases for Processing
We use the Personal Data of individuals who contact us for the following purposes and based on the following justifications:
resolving specific inquiry in the appropriate manner and scope, based on:
our legitimate interest or the consent of the Data Subject;
for organisational purposes, based on:
our and companies’ belonging to the Magnusson’s international network of law firms (Magnusson Group) legitimate interest to jointly market the Magnusson’s law firm network on social media platforms under a common international brand and trademark, and publish information regarding Magnusson’s professional or other relevant activities on the platforms.

Our partners, subcontractors and individuals related to them

Processing of Personal Data
We collect Personal Data of our partners, suppliers, subcontractors and individuals related to them if we use their services or buy their products or work with them for the purpose of providing services to the Client.
As a general rule, the Personal Data we Process about such Data Subject is primarily first and last name, date of birth and personal identification code, contact details (e-mail address, phone number, address) and position in the company.

Use of the Personal Data and legal bases for Processing
We use Personal Data for the following purposes and based on the following justifications:
using the services, based on:
the implementation of pre-contractual measures to conclude Agreement, or the performance of Agreement, or our legitimate interest;
provision of services and Client relationship management, primarily in case of the partners and persons related to them with whom we jointly provide services to the Client, based on:
the implementation of pre-contractual measures to conclude Agreement, or the performance of Agreement, or our legitimate interest;
complying with the requirements set out to us by law or the professional association (to which we belong) and cooperating with public authorities and providing the required information, based on:
the performance of legal obligation;
maintaining and developing our business and services to manage relationships with suppliers and partners, as well as evidence related transactions, and manage and use IT systems, applications, and websites, based on:
the implementation of pre-contractual measures to conclude Agreement, or the performance of Agreement, or the performance of legal obligation, or our legitimate interest;
carrying out a cost analysis, based on:
our legitimate interest;
managing and analysing the database of our partners, suppliers, and subcontractors to select the best and most suitable offerings of products and services, based on:
our legitimate interest;
evidencing and defending legal claims, in particular to record communications and authorisations given by means of communications (e-mail), based on:
the implementation of pre-contractual measures to conclude Agreement, or the performance of Agreement, or the performance of legal obligation, or our legitimate interest to enforce legal claims;
ensuring security, primarily implementing security measures that include identification, analysis, and elimination of security risks, and which may also include Processing of Personal Data (e.g. scanning dangerous emails and files to identify security risks), based on:
our legitimate interest to ensure security of the communication;
• communication of information about our services and organising events, primarily we will use Personal Data in accordance with applicable law to provide important information about our services and invitations to events, based on:
our legitimate interest;
for organisational purposes, based on:
our and companies’ belonging to the Magnusson’s international network of law firms (Magnusson Group) legitimate interest to jointly market the Magnusson’s law firm network on social media platforms (e.g. LinkedIn) under a common international brand and trademark, and publish information regarding Magnusson’s and its employees’ professional or other relevant activities. These activities may include the Processing of Personal Data of our partners, sub-contractors and individuals related to them.

Office visitors

Processing of Personal Data
Our office building has security measures in place. Such measures include security cameras that are monitored in real-time and which record video footage for later use, and access control to the office building. There is corresponding information signs on the use of security cameras in the office building.
Video recordings are stored on a secured manner and used only when there is a specific need to investigate a case. Security camera recordings are usually overwritten within 2-3 calendar months, except if it is required to preserve the recording for a longer period in a specific case (e.g. if an offense is committed).

Legal bases for Processing
The legal basis for Processing the Personal Data (a person’s image) is our legitimate interest to ensure security, and the protection and confidentiality of the property at our disposal (in order to detect unauthorised entry into the premises and other incidents of offense, and to store necessary evidences for investigating the incidents).

To whom we transfer your Personal Data?

Magnusson transfers Personal Data to the following recipients:
• other Magnusson Group companies (see more detailed explanation under the section “Responsible Persons and Contact Details” of the Privacy Notice);
• employees authorised by Magnusson for such purpose;
• public authorities (e.g. law enforcement agencies, courts, bailiffs, notary offices, tax authorities, supervisory authorities and Financial Intelligence Units);
• persons related to the provision of services and performance of Agreement concluded with the Client (e.g. payment intermediaries, providers of communication, IT, data processing, data backup, translation, courier and postal services, IT application providers, advertising and marketing partners, provider of the destruction of confidential documents, opposite parties of the court proceedings and their representatives);
• auditors, accounting service providers, financial consultants or other Magnusson’s consultants;
• payment default registrars to whom information is transmitted to enable Third Parties to assess the Client’s payment behaviour and creditworthiness;
• the debt collection service providers, courts and trustees in bankruptcy if the Client has violated Agreement;
• participants and/or parties involved with payment systems and payment solutions;
• security service providers (for usage of cameras and access control of office building).

Where Your Personal Data is being processed?

As a general rule, Processing of Personal Data takes place within the European Union / European Economic Area (EU/EEA). If there is a need to Process Personal Data outside EU/EEA, the transfer will only take place if appropriate safeguards are implemented. Examples of appropriate safeguards include:
• an adequate level of data protection is in place in the country outside of the EU/EEA in accordance with the decision of the European Commission;
• existence of a valid agreement containing standard contract clauses developed by the EU or approved codes of conduct or certifications or other similar things that comply with the GDPR;
• the recipient is certified under the Privacy Shield (applicable to recipients in the United States).

In the absence of appropriate safeguards, Magnusson has the right to transfer Personal Data outside the EU/EEA in situations where:
• the Data Subject has given an explicit and informed consent about the lacking protection measures;
• it is necessary for the conclusion or performance of Agreement between the Client and Magnusson or for the implementation of pre-contractual measures taken at the request of the Data Subject;
• it is necessary for the conclusion or performance of a contract concluded in the interest of the Data Subject between Magnusson and another natural or legal person;
• it is necessary for the establishment, exercise or defence of legal claims;
• it is necessary in order to protect the vital interests of the Data Subject or other persons, where the Data Subject is physically or legally incapable of giving consent;
• the transfer is made from a register which according to European Union or national law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions laid down by European Union or national law are fulfilled in the particular case;
• the transmission is not repetitive, concerns only a limited number of Data Subjects, is necessary to protect Magnusson’s legitimate interests, for which the interests, rights or freedoms of the Data Subject are not predominant, and if Magnusson has assessed all data transfer circumstances and established based on the assessment appropriate safeguards for Personal Data protection. Magnusson will notify the supervisory authority of the transfer.
For receiving more information about the transfer of Personal Data outside the EU/EEA, please contact us by e-mail: tallinn@magnussonlaw.com.

How long we store your Personal Data?

Magnusson does not Process Personal Data for longer than it is necessary for the purposes related with such data and/or to comply with the statutory data storing obligations. The retention period may also be based on the Agreements with the Client (e.g. to settlement a dispute arising from the Agreement concluded with the Client), Magnusson’s legitimate interest or applicable law (e.g. legislation about accounting or limitation period).
As a general rule, the retention period for Personal Data and documentary evidences used in the course of provision of our services is maximum of 10 years. Personal Data Processed under your consent will only be Processed until the consent is withdrawn.

Responsible persons and Magnusson contact details

Advokaadibüroo Magnusson OÜ is the controller for the Processing activities described in this Privacy Notice. If you have any questions regarding the Processing of your Personal Data, please contact us in the following ways:
address: Maakri 19/1, 10145 Tallinn, Estonia
e-mail address: tallinn@magnussonlaw.com

In some specific cases the companies belonging to Magnusson’s international network of law firms (hereinafter “Magnusson Group”) are the joint controllers of Processing of the Personal Data. Personal Data is Processed by the respective companies belonging to Magnusson Group for their organisational and internal management purposes, which are based on our and law firms’ belonging to Magnusson Group legitimate interest to jointly market and jointly manage Client Database and IT systems, to provide comprehensive, cross-regional and cross-border services.
The information regarding the Processing of Personal Data by Magnusson Group companies is provided in the relevant subsections of this Privacy Notice. It is possible to access Privacy Notices of each Magnusson Group company under the respective country section of the webpage www.magnussonlaw.com. The table below exclusively provides additional information regarding the Processing of Personal Data by the Magnusson Group companies: Learn more

The contact details of the companies who are co-responsible for Processing Personal Data can be found at: www.magnussonlaw.com. Data Subjects may contact Magnusson with questions regarding Processing of Personal Data by email: tallinn@magnussonlaw.com

Which right you have and how to use them?

The Data Subject has the following rights in connection with the Processing of his/her Personal Data:
• to obtain information about the Processing of their Personal Data and the right to request a copy of the Personal Data being Processed;
• to request the rectification of their Personal Data if it has changed or is otherwise inaccurate;
• to object to the Processing of their Personal Data if the Processing of Personal Data is based on a legitimate interest. For example, the Client may prohibit the use of their contact information for sending offers, to use it, the Client can remove itself from the list of the recipients upon receipt of the marketing email;
• to request restriction of the Processing of their Personal Data, for example at a time when Magnusson assesses whether the Client is entitled to delete its Personal Data;
• to withdraw their consent for Processing of Personal Data. Upon withdrawal of the consent, Magnusson will no longer Process the Personal Data of the Data Subject for the purpose of the respective consent. The consent is valid until it is withdrawn;
• data portability right;
• to request deletion of their Personal Data, for example, if Magnusson has no right to Process such data or if the Processing of Personal Data is based on a consent and the consent has been withdrawn. Such right does not apply (or to such an extent) if Processing of Personal Data that is requested to be deleted is also been Processed for other legal bases, for example, under Agreement or for the performance of legal obligations;
• to contact us at any time regarding the use of their Personal Data. To do so, please send us an e-mail at tallinn@magnussonlaw.com. You also have the right to lodge a complaint to the Estonian Data Protection Inspectorate (website: www.aki.ee) or to a competent court.
The Data Subject can exercise its rights by contacting us at tallinn@magnussonlaw.com. We will respond to the request without delay, but not later than within one month from receiving the request.

Validity and Changes to Privacy Notice

Magnusson has the right to unilaterally amend the Privacy Notice at any time in accordance with the applicable law.
Magnusson will notify the Data Subject of any changes to the Privacy Notice via the website and by the e-mail at least one month before the changes take effect, except if the Privacy Notice is amended as a result of changes in legislation.