Data processing agreement forms an integral part hereof.
Purposes and scope of Personal Data
We are committed to ensuring the privacy and confidentiality of the information pertaining to our clients, potential clients, their affiliates and affiliated individuals, and to adhering to the policy set out below in congruence with our professional responsibilities and the applicable Data Protection Laws.
Reference in this policy to “your Personal Data” means any information that identifies, or could reasonably be used to identify, you as one of the aforementioned persons (“Personal Data”), including for the following purposes:
- a) News, publications and events: We will the use the information that you have provided to send you news about the latest developments at Larssen, the scope of services than we can provide to you, as well as information about any upcoming events that may be of interest to you, including educational seminars. We will use your Personal Data for this purpose until you inform us that you no longer wish to receive such information from us. We may use your name, title, position, your e-mail address, any provided phone numbers, your address and other information that can be used to contact you for the sake of providing you with this information.
- c) Recruitment:We use the Website and other contact channels that are listed on the Website to collect information about your employment or internship application. We will utilize the Personal Data that has been included in any and all of the documents that you have provided to us in your application. The application will be processed to determine whether your application matches the needs of the Firm. We will retain the data that we have obtained via our recruitment processes for as long as necessary to evaluate the application and in accordance with all relevant laws and regulations. Furthermore, we may ask for your consent to retain your Personal Data for some time after we have evaluated your application.
- d) Professional services:We collect information that has been provided by our client or on behalf of our clients, or information that we acquire independently within the scope of providing professional services. This collection of Personal Data is necessary to fulfil the obligations that we have towards our clients, and in our legitimate interest as a law firm to legal counsel to our clients and potential clients. As per our professional responsibilities, we will take the utmost care to ensure the confidentiality and integrity of the Personal Data of our clients, potential clients and former clients.
When providing professional services, we may supplement the Personal Data that you have provided to us directly with personal data that has been obtained from other sources.
The transfer of your Personal Data to third parties
We are part of Crowe Global, a global network of firms and in common with other professional service providers, we use third parties located in other countries to help us run our business. As a result, personal data may be transferred outside the countries where we and our clients are located.
In respect of personal data being regulated by EU legislation, please note that: cross border transfers may include countries outside the European Economic Area (“EEA”) and countries that do not have laws that provide specific protection for personal data. We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EEA are done lawfully. Where we transfer personal data outside of the EEA to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EEA, such as the European Commission approved standard contractual clauses. The European Commission approved standard contractual clauses are available here.
Personal data held by us may be transferred to:
- Other Crowe member firms
We may share personal data with other Crowe member firms where necessary for administrative purposes and to provide professional services to our clients (e.g. when providing services involving advice from Crowe member firms in different territories).
- Third parties that provide applications/functionality, data processing or IT services to us;
We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centers around the world, and personal data may be stored in any one of them;
- Third parties that otherwise assist us in providing goods, services or information;
- Auditors, lawyers and other professional advisers;
- Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation;
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
Changes to this privacy statement
We may make any changes to this Policy as we see fit. If the Policy has been changed in any way, then the newest edition of this Policy will be published on our website. We encourage you to check whether any changes have been made to the Policy from time to time.
Data controller and contact information
The data controller is legal entity, a member of Crowe, as applicable, that is a contracting party for the purposes of providing or receiving services or the entity you have contacted.
If you have any questions about this policy or how and why we process personal data, please contact us at:
firstname.lastname@example.org, Larssen CS OÜ & Larssen Capital OÜ, Narva mnt 13, 10151, Tallinn, Estonia
Individuals’ rights and how to exercise them
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. Where we decide how and why personal data is processed, we are a data controller and include further information about the rights that individuals have and how to exercise them below.
Access to personal data
You have a right of access to personal data held by us as a data controller. This right may be exercised by emailing us at email@example.com
Amendment of personal data
To update personal data submitted to us, you may email us at firstname.lastname@example.org or, where appropriate, contact us via the relevant website registration page or by amending the personal details held on relevant applications with which you registered.
When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information.
Withdrawal of consent
Where we process personal data based on consent, individuals have a right to withdraw consent at any time. We do not generally process personal data based on consent (as we can usually rely on another legal basis). To withdraw consent to our processing of your personal data please email us at email@example.com or, to stop receiving an email from a Crowe marketing list, please click on the unsubscribe link in the relevant email received from us.
Right to restrict or object to our processing of personal data
You have the right to restrict or object to the processing of your personal information at any time, on reasonable grounds relating to your particular situation, unless the processing is required by law.
In such case, we will no longer process or restrict the processing of the personal data, unless we can demonstrate compelling legitimate grounds for the processing or for the establishment, exercise or defense of legal claims.
Other data subject rights
We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to firstname.lastname@example.org. We will look into and respond to any complaints we receive.
You do have the right to lodge a complaint with a Data Protection Authority (“DPA”) if you think that your Personal Data is being processed incorrectly or your data subject rights have been violated by us. You can lodge a complaint by contacting the DPA that is local to your jurisdiction i.e. the location of the alleged violation of your data subject rights or the inappropriate processing or your data, or the place you live and work.
This is the list of DPAs that are relevant to the scope of this Policy:
- The Estonian Data Protection Inspectorate in Estonia: http://www.aki.ee/en
- What personally identifiable information is collected from you through the web site, how it is used and with whom it may be shared.
- What choices are available to you regarding the use of your data.
- The security procedures in place to protect the misuse of your information.
- How you can correct any inaccuracies in the information.
Providing Visitors with Anonymous Access
You can access our web site home page and browse our site without disclosing your personal data.
Information Collection, Use, and Sharing
We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via e-mail or other direct contact from you. We will not sell, rent, loan, trade, or lease this information to anyone.
We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to ship an order.
It is our policy only to disclose information to third parties under the following circumstances:
- As required by law through subpoena, search warrant or other legal process
- When explicitly requested by a visitor
- When required to deliver publications or reference materials requested by a visitor
- When required to facilitate conferences or events hosted by a third party
- Our policy is to disclose information to third parties upon visitors submitting their requests (e.g. when ordering a publication, we display the party fulfilling the order).
We take precautions to protect your information. When you submit sensitive information via the web site, your information is protected both online and off-line.
Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for “https” at the beginning of the address of the web page.
While we use encryption to protect sensitive information transmitted online, we also protect your information off-line. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.