Privacy notice

This privacy notice (hereinafter the „notice“) explains how Advokaadibüroo Nordx Legal OÜ (hereinafter the „firm“ or „us“) collects or processes in any other manner the personal data of its clients and visitors of the website www.nordxlegal.com (hereinafter the „website“), as well as the personal data of individuals, processing of which is necessary for provision of legal services to the clients of the firm (all such persons, including individual clients or the representatives of legal persons, as well as the visitors of the website are referred to as “you” or the “data subject”).

This notice describes the processing of personal data (hereinafter the “data”) by the firm as a data controller. This means that the firm individually or along with others determines the purposes and means of processing of personal data.

  • Data controller

    Advokaadibüroo Nordx Legal OÜ

    Registry code: 14407142

    Address: Piiskopi 3, 10130 Tallinn

    Email: info@nordx.com

  • What categories of personal data the firm processes?

    The personal data we process include, but is not limited to the following:

    Main data: this includes e.g. name and surname, personal identification number, date of birth, citizenship, residency, profession, your photo or video records which you have provided to us for your identification

    Sources of collection of data: we get the data from you, also we get certain Main data from public registries and databases (e.g. Commercial Register). It cannot be out ruled that your data has been provided to us by a third person in connection with the provision of legal services by us.

    Contact details: this includes e.g. a phone number, an email address and a home address.

    Sources of collection of data: we collect this data from you when you e.g. enter your contact details (e.g. email address) when filling out a contact form, also we get certain personal data (e.g. email address) from public registries and databases (e.g. Commercial Register). It cannot be out ruled that your data has been provided to us by a third person in connection with the provision of legal services by us.

    Document data: number of an identity document (e.g. a Passport of an ID-card), date of issuance, expiry date and other information related to this, also a photo of your identity document which you have provided to us for your identification.

    Sources of collection of data: we get the data from you when you provide us with your identity document, or the data is provided to us by a third person in connection with the provision of legal services by us.

    Background check data: this includes data which is collected by the firm in order to adhere to requirements arising from relevant legislation (e.g. Money Laundering and Terrorist Financing Prevention Act), e.g. the data whether you are involved into money laundering or terrorist financing or whether you are the subject of international sanctions.

    Sources of collection of data: we get the data from you, also we get certain Background check data from public registries and databases (e.g. Commercial Register, Financial Sanctions Database).

    Service data: this includes data which reflect your activities in connection with the services provided by us to you, including the data regarding the content of requested or ordered services, the information regarding the agreements entered into by you and the data regarding a potential breach of the agreement. Also, information concerning client communication related to the provision of legal services (e.g. correspondence related to the provision of legal services).

    Sources of collection of data: we get the data from you, as well as via ordering and using the services provided by the firm.

    Transaction data: the details of transactions made from your payment account, including payer’s name, date of payment, currency, amount of payment and payment details.

    Sources of collection of data: we get the data from you, from the third persons in connection with the provision of legal services or from the financial institution providing the services to our firm.

    Special categories of personal data: these are the data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

    Sources of collection of data: the purpose of our firm is not to collect the special categories of personal data, but such data can be disclosed to us accidentally, e.g. if such data is disclosed during the client relationship. Collection of the special categories of personal data (from you, as well as from other sources) can be also possible if it is necessary for the provision of legal services (e.g. on the basis of § 41 of Bar Association Act).

    Website visit data: this includes the data which is generated as a result of visiting and using the website (e.g. the data regarding how you use the website, the IP address and your location). Please see the explanation in section “Cookies and other web technologies” below.

    Sources of collection of data: we get the data when you visit and use the website.

  • The purpose and the legal grounds for of processing of personal data

    The firm relies on the following four grounds upon processing of your personal data:

    Processing necessary for the fulfilment of the contract

    The firm processes the personal data on this legal ground if it is necessary for the fulfilment of the contract or for taking measures prior to concluding of such contract based on your request.

    Purposes of processing Categories of data
    Pre-contractual relations (request of fee quotes and responding to such requests) Main data, contact data
    Identification of the client Main data, contact data, document data
    Keeping and development of client relationship (concluding the contract, transferring the information related to fulfilment of the contract, handling the claims) Main data, contact data, document data, Background check data, service data
    Calculating and managing service-related charges (including reports on provided legal services and time records) Main data, contact data
    Invoicing (making a submission the invoices, the receiving payments) Main data, contact data, service data, transaction data
    Provision of legal services Main data, contact data, service data, special categories of data

    Processing necessary for compliance with a legal obligation

    The firm processes personal data on this legal ground if the legal obligation for processing arises from the law.

    Purposes of processing Categories of data
    Avoidance of conflict of interest Main data, contact data, service data
    Fulfilment of due diligence obligation, including for the prevention of money laundering and terrorist financing Main data, contact data, document data, background check data, service data
    Notification of the client about activities related to the provision of legal services (information exchange) Main data, contact data, service data
    Keeping the records of ongoing issues Main data, service data
    Bookkeeping (including storage of accounting source documents) Main data, contact data, service data
    Notification and response to the information requests of public authorities and government institutions, as well as the bodies of the Estonian Bar Association (considering the restrictions imposed by law, including the obligation of professional secrecy) Main data, contact data, document data, background check data, service data

    Legitimate interest

    The legitimate interest means that the firm does not have to process your data necessarily for the fulfilment of contract and the firm does not have the obligation arising from the law, but processing of personal data is still necessary. This may be necessary, e.g. for development of services and products provided by the firm by improving them for you and to protect the property, clients and employees of the firm, as well as for making business decisions.

    You have the right to ask clarifications form the firm regarding the processing based on the legitimate interest by sending the request to info@nordx.com. You also have the right to send the objection, if you find that processing of your data for the purposes provided below prejudice your rights.

    The overview below regarding processing of data based on the legitimate interest is not exhaustive. The firm may process your personal data for other purposes upon reasonable necessity and to the extent provided by the law.

    Purposes of processing Categories of data
    Development of services and products Main data, contact data, service data, website visit data
    Provision of legal services (including processing of personal data based on § 41 of the Bar Association Act, according to which a sworn advocate is competent to process personal data of a person other than the client received on the basis of a contract or law, including sensitive personal data without the consent of the respective persons if it is necessary for the provision of legal service). Main data, contact data, service data, special categories of data
    Marketing activities Main data, contact data, service data, website visit data
    Keeping and development of client relationship (answering the requests, general customer service, information exchange) Main data, contact data, service data
    Fraud prevention Main data, contact data, document data, background check data, service data

    Consent

    In some cases, we need your consent for data processing. Based on your consent we can send you our newsletters, as well as the invitations to the trainings and other events organized by the firm.

    You always have the right to withdraw the consent by sending us respective email at info@nordx.com.  Withdrawal of the consent does not affect the legality of the processing of your personal data prior to withdrawal.

    Purposes of processing Categories of data
    Direct marketing (e.g. sending the offers by emails and SMS messages) Main data, contact data, service data
    Development of products and services Website visit data

     

  • Categories of recipients of personal data and transfer of personal data to third countries

    In some cases, the firm can transfer your personal data to third persons. Such are categorized as follows:

    Partners who provide the services to the firm, e.g.:

    • Other law firms;
    • ICT service providers (including software maintenance and support);
    • Providers of accounting services;
    • Auditors;
    • Archive service providers.

     

    All above-mentioned persons process the personal data on behalf of the firm and can use your personal data only for the provision of services agreed with the firm and in limited cases.

    Public authorities and supervisory bodies, e.g.:

    • Bodies of the Estonian Bar Association;
    • Court;
    • Police and Border Guard Board;
    • Financial Intelligence Unit;
    • Data Protection Inspectorate.

     

    We transfer your data to the Public authorities and supervisory bodies only if it is required by the law. The firm does not transfer your personal data outside Estonia, European Union or European Economic Area, nor to such third country or international organization, the level of data protection of which the European Commission has not considered adequate. If it is still necessary (e.g. for provision of legal services), such transfer of personal data will take place only upon appropriate legal basis and the firm will take appropriate protective measures.

    You have the right to get additional information about the transfer of your personal data by sending us the request by email at info@nordx.com.

  • Retention of personal data

    The firm keeps your personal data for the period necessary for the achievement of purposes stated in this notice or until it is required by the law or the guidelines established by the Estonian Bar Association (e.g. guidelines on keeping the client’s files).

    For example, the firm will retain accounting source documents for seven years as of the end of the financial year when a business transaction was recorded in the accounting journals and ledgers on the basis of the source document. The firm will retain the Court decisions or other execution documents for 30 years.

    More specific terms of retention can be exercised by accessing your personal data. Please see the explanation in the section “Your rights regarding the personal data”.

  • Your rights regarding the personal data

    Right of access to your data: you have the right to know, whether personal data concerning you are being processed or not, what is the purpose of processing and what are the categories of personal data. Besides, to whom the data is disclosed (especially the recipients in third countries), for how long the data is retained and what are your rights concerning rectification, erasure and restriction of the processing.

    Right of rectification: you have the right to demand rectification of the personal data concerning you if the data are inaccurate or incomplete.

    Right of erasure: in some cases, you have the right to demand erasure of the personal data concerning you, for example in case when you withdraw your consent and there are no other legal grounds for the processing of the data.

    Right to restrict the processing: some cases, you have the right to restrict processing of the personal data concerning you for a certain time (e.g. if you have objected the processing of personal data).

    Right to object: you have the right to object the processing of personal data which is processed based on the legitimate interest, including the profiling. Upon objection, the firm will no longer process the personal data unless the firm demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms.

    Right to data portability: if processing of your personal data is based on your consent or the contract with the firm and the data processing is carried out by automated means, then you have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. Also, you have the right to claim the firm to transmit those data to another service provider if it is technically possible.

    Right to turn to the firm, supervisory authority or a court: if you want to exercise the above-mentioned rights, please send us an email at info@nordx.com. If you find that your rights have been breached, you have the right to turn to the Data Protection Inspectorate (Andmekaitse Inspektsioon) and/or court. The contact details of the Data Protection Inspectorate are available at www.aki.ee.

  • Cookies

    Our website does not use any cookies.

  • Amendment of this notice

    The firm has the right to amend this notice unilaterally. The firm will notify of amendment of this notice on its website, by email or in another manner.