Cookie & Privacy Policy
One of the requirements of the General Data Protection Regulation (the GDPR) is that privacy policies should be easy to understand and comprehensible even for people without any legal or technical training. This follows from the principle of transparency (Art. 5.1.A). Consequently, we have tried to make our privacy policy as short and simple as possible, without adding difficult legal or technical terms. A word may have one meaning when used in daily language, but another meaning when written in a legal statute. A word might even have different legal meanings depending on what legal document it is in. This is why legal terms of contract are so boring to read and incomprehensible for the general public. If you have any questions about the policy or want more technical or legal details, you are welcome to contact us.
We are also legally obliged to tell you what cookies that are being installed on your computer when you visit our website. We do not install any cookies for marketing purposes, we do not sell your personal data to third parties. However, there are some cookies that are necessary from a technical perspective. Otherwise you would not be able to navigate on our website. You can read more under the headline “What information do we collect – When you visit our website”.
Jurisdiction
Oakstream Law has chosen to expand the rights that are granted to people within the European Union to also include people outside the Union. Therefore, you can be sure that what is written in this privacy policy applies to you too, even if you are located outside the European Union. (cf. Art. 3)
What information do we collect
When you visit our website
When you visit our website, third parties may collect information about your visit to our website. If you use a search engine, the search engine will collect information related to the keywords you searched for, as well as the fact that you clicked on a link that led to our website. The same applies if you click on an advertisement that leads to our website (for example, Youtube would collect information that you clicked on a Youtube advertisement that leads to our website). Your browser (Chrome, Firefox, Safari et.c.) may also collect information about your visit to the website, as does your Internet Service Provider. In these cases, it is the search engine, your browser and your Internet Service Provider that collect and process your data and personal information. It is not Oakstream Law. Accordingly, it is these parties you should turn to, if you want to exercise your rights under the GDPR, such as the right to be forgotten. The information that these parties may collect is things like: where you are when you visit our website (geographical location), who you are and what you do when you visit our website (e.g. click on a heading).
We do not install cross-site trackers or other cookies for statistical or marketing purposes. We do not sell your personal data and do not share it with third parties, unless we are obliged to, for the purposes described in this policy. Some cookies will be installed on your computer, these cookies are necessary from a technical perspective. This website is built in WordPress, including a range of plug-ins. WordPress and/ or the plug-ins, may install a few cookies on your computer when you visit the website, these are necessary from a technical perspective.
Those who do not wish to share information with WordPress or other third parties about their visit to our site are advised to use a VPN service or download the Tor browser, which is widely used by activists and journalists alike.
When you contact us by phone or email
If you contact us by email or telephone, the company behind your email account and/or your telephone company may store certain data about you. We strongly recommend that you create a free account with Protonmail – an encrypted email service developed by scientists at CERN in Switzerland. However, if you choose to email us via gmail, hotmail or any other email service provider, we cannot guarantee that your email provider or any other third party will not be able to access the contents of the emails you have written to us.
Oakstream Law will keep the personal data you provide us with as long as we are legally bound to do so. The grounds for processing the personal data are: to fulfil a contract, consent and our legitimate interest in being able to read previous correspondence. The emails you send to us will only be read by the lawyer you are in contact with.
You can contact us if you want us to delete the content of your email or text message (the right to be forgotten). We will comply with your request if possible. However, please note that you may also need to contact your telephone company or email provider. Sometimes we are prevented from deleting the content of your conversations with us. This may be for reasons such as: that we are legally obliged to keep the conversation, it is required for us to comply with documentation or accounting obligations, to perform contracts, to carry out the tasks we undertake, to protect clients’ interests, for potential litigation, and our legitimate overriding interest in preserving past correspondence.
When you make a payment
In this scenario, Oakstream Law shares your personal data with the payment service as well as with the bank. The legal basis for processing your data in this case is to fulfill a contract, as well as legal requirements. Please contact your bank or payment service for more information.
When you hire us or when you attend a seminar
When you engage with us for advice on IT security and/or attend a seminar, we will ask you for certain personal information, such as your name, address and email address. We will also ask you to identify yourself with a national ID card or passport. The basis for processing this data is: in order to fulfill a contract, consent, legal requirements and our legitimate interest. The reason behind this is legal obligations. Oakstream Law is required by law to “know our clients” and not “support” or “assist” in any criminal activity.
When you hire us for advice on IT security & special categories of personal data
Oakstream Law may process your data when you or someone else contact us for help or advice. Depending on the circumstances of the case at hand, we may collect information about you or someone else from private or public sources. This is an essential part of our business and something that needs to be done in order for us to carry out our mission and to best serve the interests of our clients. The legal grounds for collecting and processing your personal data are; to perform a contract, consent, legal requirements, and legitimate interest. Before we undertake an assignment, we may need to conduct background and identity checks.
In the course of our activities, we may collect, process and/or store personal data that qualify as special categories of personal data (Art. 9). We may also be entrusted with such data. Given the nature of law firms, this processing of personal data constitutes something that the individual reasonably can expect. This follows from the fact that we may need to conduct background checks before undertaking an assignment, it may also follow from the nature of the assignment or from our obligation to protect the interests of our clients. Similarly, individuals may reasonably expect that we, as a law firm, may come into contact with information relating to criminal offences (Art. 10).
Your legal rights
You have the right to be forgotten – a right to have your personal data erased. You also have the right to know what personal data we hold about you. Please remember that even if you want your personal data deleted from our records, it is possible that we are required by law to keep this data. Therefore, we kindly ask you to contact us so that we can tell you what data we have stored about you and whether or not it is possible for us to delete it. You also have the right to have inaccurate data corrected.
Third party services
We could have included a list of the services that Oakstream Law uses – such as Internet Service Provider, accounting software, banks, etc. – that may store data about you. We have chosen not to publish such a list in this policy, as it increases the risk of hackers and other third parties being able to track vulnerabilities and get hold of your personal data. However, if you are interested in the services we use that may process your personal data, please contact us.
The Confidentiality Requirement
Oakstream Law is bound by the confidentiality requirement . However, in some cases we are required by law to disclose certain information. In other cases, we will not disclose your information, other than as explained in this policy, unless you have given your consent or there is a dispute between us. An example of such a dispute would be if someone sends us threatening or abusive messages.
Data controller and contact
The controller is Oakstream Law. For questions please contact info@oakstreamlaw.com
Complaints
Complaints can be made to Integritetsskyddsmyndigheten (The Swedish Authority for Privacy Protection).