Privacy policy

Data processing agreement forms an integral part hereof.

Legal Basis

We process Personal Data under this Privacy Policy and in accordance with applicable legislation, including the General Data Protection Regulation (2016/679) (the “GDPR”) and the applicable national data protection laws in Estonia (“Data Protection Laws”).

Purposes and scope of Personal Data

We are committed to ensuring the privacy and confidentiality of the information pertaining to our clients, potential clients, their affiliates and affiliated individuals, and to adhering to the policy set out below in congruence with our professional responsibilities and the applicable Data Protection Laws.

Reference in this policy to “your Personal Data” means any information that identifies, or could reasonably be used to identify, you as one of the aforementioned persons (“Personal Data”), including for the following purposes:

  1. a)    News, publications and events: We will the use the information that you have provided to send you news about the latest developments at Larssen, the scope of services than we can provide to you, as well as information about any upcoming events that may be of interest to you, including educational seminars. We will use your Personal Data for this purpose until you inform us that you no longer wish to receive such information from us. We may use your name, title, position, your e-mail address, any provided phone numbers, your address and other information that can be used to contact you for the sake of providing you with this information.
  2. b)    Cookies:We use cookies to obtain information about your use of our Website. Cookies allow us to provide you with a more streamlined and accessible experience when using the Website. The information generally does not comprise any data that would allow us to individually identify you as a natural person. We will process your data using cookies for the duration of the period in which you have granted us consent.
  3. c)    Recruitment:We use the Website and other contact channels that are listed on the Website to collect information about your employment or internship application. We will utilize the Personal Data that has been included in any and all of the documents that you have provided to us in your application. The application will be processed to determine whether your application matches the needs of the Firm. We will retain the data that we have obtained via our recruitment processes for as long as necessary to evaluate the application and in accordance with all relevant laws and regulations. Furthermore, we may ask for your consent to retain your Personal Data for some time after we have evaluated your application.
  4. d)    Professional services:We collect information that has been provided by our client or on behalf of our clients, or information that we acquire independently within the scope of providing professional services. This collection of Personal Data is necessary to fulfil the obligations that we have towards our clients, and in our legitimate interest as a law firm to legal counsel to our clients and potential clients. As per our professional responsibilities, we will take the utmost care to ensure the confidentiality and integrity of the Personal Data of our clients, potential clients and former clients.

When providing professional services, we may supplement the Personal Data that you have provided to us directly with personal data that has been obtained from other sources.

The transfer of your Personal Data to third parties

We are part of Crowe Global, a global network of firms and in common with other professional service providers, we use third parties located in other countries to help us run our business.  As a result, personal data may be transferred outside the countries where we and our clients are located.

In respect of personal data being regulated by EU legislation, please note that: cross border transfers may include countries outside the European Economic Area (“EEA”) and countries that do not have laws that provide specific protection for personal data. We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EEA are done lawfully. Where we transfer personal data outside of the EEA to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EEA, such as the European Commission approved standard contractual clauses. The European Commission approved standard contractual clauses are available here.

Personal data held by us may be transferred to:

  • Other Crowe member firms

We may share personal data with other Crowe member firms where necessary for administrative purposes and to provide professional services to our clients (e.g. when providing services involving advice from Crowe member firms in different territories).

  • Third parties that provide applications/functionality, data processing or IT services to us;

We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centers around the world, and personal data may be stored in any one of them;

  • Third parties that otherwise assist us in providing goods, services or information;
  • Auditors, lawyers and other professional advisers;
  • Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation;

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights.  We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

Changes to this privacy statement

We may make any changes to this Policy as we see fit. If the Policy has been changed in any way, then the newest edition of this Policy will be published on our website. We encourage you to check whether any changes have been made to the Policy from time to time.

Data controller and contact information

The data controller is legal entity, a member of Crowe, as applicable, that is a contracting party for the purposes of providing or receiving services or the entity you have contacted.

If you have any questions about this policy or how and why we process personal data, please contact us at:

info@larssen.ee, Larssen CS OÜ & Larssen Capital OÜ, Narva mnt 13, 10151, Tallinn, Estonia

Individuals’ rights and how to exercise them

Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights.  Where we decide how and why personal data is processed, we are a data controller and include further information about the rights that individuals have and how to exercise them below.

Access to personal data

You have a right of access to personal data held by us as a data controller. This right may be exercised by emailing us at info@larssen.ee

Amendment of personal data

To update personal data submitted to us, you may email us at info@larssen.ee or, where appropriate, contact us via the relevant website registration page or by amending the personal details held on relevant applications with which you registered.

When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information.

Withdrawal of consent

Where we process personal data based on consent, individuals have a right to withdraw consent at any time.  We do not generally process personal data based on consent (as we can usually rely on another legal basis). To withdraw consent to our processing of your personal data please email us at info@larssen.ee or, to stop receiving an email from a Crowe marketing list, please click on the unsubscribe link in the relevant email received from us.

Right to restrict or object to our processing of personal data

You have the right to restrict or object to the processing of your personal information at any time, on reasonable grounds relating to your particular situation, unless the processing is required by law.

In such case, we will no longer process or restrict the processing of the personal data, unless we can demonstrate compelling legitimate grounds for the processing or for the establishment, exercise or defense of legal claims.

Other data subject rights

This Privacy Policy is intended to provide information about what personal data we collect about you and how it is used.  As well as rights of access, amendment and restriction or objection to processing referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion and the right to data portability.

Complaints

We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to info@larssen.ee. We will look into and respond to any complaints we receive.

You do have the right to lodge a complaint with a Data Protection Authority (“DPA”) if you think that your Personal Data is being processed incorrectly or your data subject rights have been violated by us. You can lodge a complaint by contacting the DPA that is local to your jurisdiction i.e. the location of the alleged violation of your data subject rights or the inappropriate processing or your data, or the place you live and work.

This is the list of DPAs that are relevant to the scope of this Policy:

 

Website

This privacy policy applies solely to information collected by this web site. It will notify you of the following:

  • What personally identifiable information is collected from you through the web site, how it is used and with whom it may be shared.
  • What choices are available to you regarding the use of your data.
  • The security procedures in place to protect the misuse of your information.
  • How you can correct any inaccuracies in the information.

Providing Visitors with Anonymous Access

You can access our web site home page and browse our site without disclosing your personal data.

Information Collection, Use, and Sharing

We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via e-mail or other direct contact from you. We will not sell, rent, loan, trade, or lease this information to anyone.
We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to ship an order.

Unless you ask us not to, we may contact you via e-mail in the future to tell you about specials, new products or services, or changes to this privacy policy.
We use small text files called cookies to improve the overall site experience, however, these are not used to track individual visitors to our site. The use of cookies is now standard operating procedure for most Web sites, however if you are uncomfortable with the use of cookies, most browsers now permit users to opt-out of receiving them

It is our policy only to disclose information to third parties under the following circumstances:

  • As required by law through subpoena, search warrant or other legal process
  • When explicitly requested by a visitor
  • When required to deliver publications or reference materials requested by a visitor
  • When required to facilitate conferences or events hosted by a third party
  • Our policy is to disclose information to third parties upon visitors submitting their requests (e.g. when ordering a publication, we display the party fulfilling the order).

Security

We take precautions to protect your information. When you submit sensitive information via the web site, your information is protected both online and off-line.

Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for “https” at the beginning of the address of the web page.

While we use encryption to protect sensitive information transmitted online, we also protect your information off-line. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

If you feel that we are not abiding by this privacy policy, you should contact us immediately via e-mail at info@larssen.ee