>
Home Privacy Policy

Privacy Policy

Latest update 2025-09-22

1. Introduction

Your integrity and digital security are important to us at Moll Wendén Advokatbyrå AB, company reg. no. 556648-7939 (”Moll Wendén”). This privacy policy (the ”Privacy Policy”) describes how we process personal data belonging to:

  • Clients who are natural persons
  • Authorised signatories who enter into agreement with Moll Wendén on behalf of a client
  • Owners of clients who enter into agreements with Moll Wendén
  • Contact persons of clients who enter into agreements with Moll Wendén
  • Where applicable, contact persons of potential clients and other prospects
  • Counterparties who are natural persons
  • Contact persons of counterparties
  • Other persons involved in the assignment

You should always feel safe when you submit personal data to Moll Wendén. Moll Wendén is the controller for the processing of personal data and you can contact us at any time to ask questions related to the processing of your personal data (see contact details in section 11 below). You are not obliged to submit personal data to us, except when it is required by law (for example in the case of a court order for disclosure), however, not submitting personal data may, inter alia, lead to us not being able to commit to an assignment, fulfil our assignment, or send newsletters and/or invitations to seminars to you.

The Privacy Policy has been valid since 25 May 2018 with subsequent updates and its purpose is to inform you of our processing of your personal data and your rights in connection with such processing.

Personal data is all the information which directly or indirectly can be linked to a natural person who is alive, for example name, addresses, telephone number and IP addresses. All personal data that we collect about you has a connection to our legal practice and we do not use the information for any other purpose.

Moll Wendén will always comply with applicable legislation on how your personal data may be processed, including the General Data Protection Regulation (“GDPR”), the Swedish Act containing supplementary provisions to the EU General Data Protection Regulation (the “Swedish Data Protection Act”) and other applicable laws. Moreover, we are obliged to observe the confidentiality of information that occurs in our client-related business, which follows from both applicable law and the Swedish Bar Association’s Code of Conduct.

Our obligation to observe confidentiality in client-related matters normally prevents us from disclosing information attributable to such matters without the client’s approval. This is also relevant for other personal data, not directly related to the client’s own data, which we in some cases may need to process as a necessary step in our legal practice in order to maintain our client’s interests appropriately.

2. Which personal data do we collect about you and why?

The type of personal data being processed about you and for what purposes depends on which category of data subject you belong to.

2.1 Clients who are natural persons

Personal data being processed about you as a client includes name, personal identification number, address, email, telephone, certified copy of identification, bank account number and, if relevant for the execution of our assignment, health data, political opinion etc. We, inter alia, engage in such processing activities to perform an assignment, control conflicts of interest and execute money laundering control, execute and administer assignments, maintain your interests and for purposes of accounting and invoicing.

For a compilation of what personal data is processed, why and for how long, please see Appendix 1.

2.2 Authorised signatories who enter into agreements on behalf of clients

Personal data that is being processed about you as an authorised signatory who enters into agreements on behalf of clients includes name, personal identification number, certified copy of identification and your employer. We, inter alia, engage in such processing activities to undertake and perform an assignment as well as to carry out mandatory conflict of interest and money laundering checks.

For a compilation of what personal data is processed, why and for how long, please see Appendix 1.

2.3 Beneficial owner

Personal data that we process about you as beneficial owner in some of our client companies includes your name, personal identification number, and shareholding. We, inter alia, engage in such processing activities to undertake and perform an assignment as well as to carry out mandatory conflict of interest and money laundering checks.

For a compilation of what personal data is processed, why and for how long, please see Appendix 1.

2.4 Contact persons for the client

Personal data that is being processed about you as a contact person for our client includes name, email, employer, and position. We, inter alia, engage in such processing activities to undertake, administer and carry out an assignment as well as for accounting and invoicing purposes.

For a compilation of what personal data is processed, why and for how long, please see Appendix 1.

2.5 Counterparties and other persons who occur in the assignment

2.5.1 Counterparty who is a natural person

Personal data that is being processed about you as a counterparty who is a natural person includes, your name, personal identification number (or other information regarding date of birth), email, telephone number etc. We, inter alia, engage in such processing activities to carry out mandatory conflict of interest checks.

For a compilation of what personal data is processed, why and for how long, please see Appendix 1.

2.5.2 Counterparty who is a legal person

Personal data that is being processed about you as a counterparty who is a legal person includes contact details of a contact person at the company which you have appointed including name, email, as well as data regarding employees and persons in senior management. We, inter alia, engage in such processing activities to carry out mandatory conflict of interest checks.

For a compilation of what personal data is processed, why and for how long, please see Appendix 1.

2.5.3 Other persons who may be involved within the assignment

Other persons who may be involved within the assignment means for example the counterparty’s legal representative, an employee at the client, consultants hired for the assignment, witnesses etc. Personal data which is being processed regarding such persons includes name, title, employer and contact details. We, inter alia, engage in such processing activities to execute assignments and act as legal representative for the client.

For a compilation of what personal data is processed, why and for how long, please see Appendix 1.

3. Other processing

3.1 Personal data in client relations

In certain cases, you may contact our employees as a client, client representative, or potential client, for example by email or telephone. During such communication, we collect and store the personal data and contact details you provide to us in order to address your enquiry. We are responsible for processing personal data relating to contact persons and other individuals from client companies that is provided to us in connection with undertaking, preparing, and administering assignments.

3.2 Personal data in interest forms

When you subscribe to our newsletter, we collect certain personal data. We use this information to send newsletters to you and to evaluate content when preparing future newsletters based on the interests of our newsletter recipients. We also retain this data to enable us to send you future newsletters and to conduct market analysis for the purpose of improving both our newsletter distribution and our business operations generally.

3.3 Personal data at notifications to events

When you register for our events, lectures, or webinars, we collect and process personal data including your name, email address, and professional title. This processing encompasses various activities necessary for planning, executing, and following up on these events.

The processing includes managing communications with you before, during, and after events. This may involve sending practical information, reminders, and other relevant materials. Additionally, your data is processed to provide an overview of participants and their professional backgrounds, which is essential for ensuring events maintain high quality and reach the appropriate audience.

If we organise events with partners, such as industry associations, educational institutions, or other relevant entities, we may share your personal data with them. The purpose is to facilitate effective planning and tailor event content to participants’ professional needs and interests. Similarly, processing your data may also serve other participants’ interests by ensuring well-organised, audience-relevant events that prioritise networking opportunities and professional exchanges.

In addition to these purposes, we retain your data to invite you to future similar events and to conduct market analyses aimed at improving our operations and services. Your data may also be used for statistical purposes and to fulfil legal requirements, such as accounting and documentation obligations.

During physical events, we may also collect personal data in the form of photographs featuring participants. These photographs are used to publish information about events, such as news on our website or social media, and for documentation purposes to support the improvement of future events. We emphasise that you can always choose not to be photographed and have the right to object to such processing.

Our processing of personal data is based on a balancing of interests, where we have determined that our legitimate interests outweigh any potential conflicting interests. We have particularly considered the importance of ensuring effective administration and execution of events, lectures, and webinars, as well as our interest in communicating with you before, during, and after these occasions. Additionally, we have considered our interest in inviting you to future similar events, conducting market analyses, using data for statistical purposes, and complying with legal requirements. We have also assessed our partners’ legitimate interests in targeting relevant audiences and ensuring that events, lectures, and webinars meet participants’ needs. We always ensure that your rights and freedoms are considered and balanced against these interests.

3.4 Personal data in connection with market research and marketing

We process your personal data when you participate in market research conducted by third parties, in which we sometimes feature in various studies regarding law firms that require information from client representatives. We also process your data to publish news about our business, for example on our website, and in connection with our marketing activities.

4. How do we collect the personal data?

Personal data is provided to us by, or on behalf of, you as a client, potential client, counterparty, legal representative, or any other person involved in an assignment. We also collect personal data from such persons or from private or public registers or sources. Personal data may furthermore be submitted to us by, or on behalf of, you via our website, social media platforms, digital mailing and invitation systems, or through other means. Finally, data may be provided to us in our capacity as an external cooperation partner for whistleblowing.

5. How do we share the information with other companies?

5.1 Our business is generally subject to strict confidentiality requirements and we do not share any type of client or case information in breach of the regulatory framework governing the operation of legal practice

Our business is generally covered by strict confidentiality, and we do not share any kind of client or case information in breach of the framework regulating our law practice activities. We will not disclose any personal data to third parties other than in the cases where (i) it has been specifically agreed between Moll Wendén and you, (ii) when, in the framework of a certain assignment, it is necessary in order to safeguard your rights, (iii) it is necessary in order for us to fulfil a legal obligation or comply with a decision from a regulatory authority or a court decision, (iv) in the case we hire a third party for services performed on our behalf.

5.2 Example on recipients of personal data are:

  • The client’s auditor or or any other person in accordance with the client’s instruction.
  • The Financial Intelligence Unit (Sw. Finanspolisen) when and to the extent that we are obliged to do so according to the Money Laundering and Terrorist Financing (Prevention) Act (Sw. Lag (2017:630) om åtgärder mot penningtvätt och finansiering av terrorism).
  • When we hold client funds for the client at the bank, to our bank when the bank requires information regarding the client and the beneficial owner and our documentation regarding this matter according to the Money Laundering and Terrorist Financing (Prevention) Act (as above), provided that the client, as a condition for the use of our client fund account, has given separate consent stating that such disclosure may take place.
  • The Swedish Bar Association when and to the extent we are obliged to do so according to the Swedish Bar Association’s regulatory framework.
  • Authorities or other parties when and to the extent we are obliged to do so according to applicable law.
  • Our indemnity insurance provider, our indemnity insurance broker, as well as representatives that we or such broker have engaged, the Swedish Enforcement Authority, debt collection companies, courts, arbitration panels, or our counterparty or its legal representative to the extent it is necessary to protect our legal interests.
  • The client’s insurer (legal protection insurance), counterparty, legal representative of a counterparty, arbitration panel, court, authority, bank, or any consultant or similar person engaged in connection with the assignment to the extent it is necessary to safeguard the client’s interests and not in breach of the client’s instructions.

5.3 Events

We may share information with you regarding events which we have organised ourselves or together with partners to provide you with the services for which you have registered interest, or if you, due to your position, are deemed to have an interest in receiving information from us. For example, an HR manager may receive invitations to employment law seminars, which we may arrange together with our partners, if interest in such matters has been indicated or is otherwise deemed relevant for you as a contact person of the client.

5.4 Digital tools

Moll Wendén uses different suppliers of servers, databases, and programmes to make the processing of your personal data and communication with you as smooth as possible. We always enter into agreements with such external parties to ensure that our relationships are covered by confidentiality and comply with the requirements stated in applicable law regarding the transfer, execution, and processing of personal data. All this is to ensure that security and confidentiality regarding your personal data is guaranteed.

6. Transfers to countries outside the EU/EEA

Moll Wendén does not normally transfer your personal data to countries outside the EU or EEA. However, due to the nature of your case, it may be necessary to transfer personal data to such countries if the case in which you are involved, for instance, requires assistance from a foreign legal representative or concerns an international transaction or dispute.

Such transfers will always be executed in a safe and lawful manner. We will not transfer your personal data to an external party outside the EU or EEA without first having entered into an agreement or having ensured that the country has been approved by the European Commission.

Alternatively, we will ensure that appropriate safeguards are in place between us as data exporter and the third-country data importer. Such appropriate safeguards consist of us having entered into an agreement containing either contractual clauses or standard contractual clauses which are binding between us and the third-country data importer and in accordance with the relevant provisions of the GDPR and other applicable data protection provisions. A copy of such standard contractual clauses can be found here.

We may also employ an approved code of conduct in accordance with Article 40 GDPR and the requirements set out in Article 46.2(e) GDPR, or utilise an approved certification mechanism pursuant to Article 42 GDPR in accordance with the requirements set out in Article 46.2(f) GDPR.

In specific situations where neither an adequacy decision nor any of the above appropriate safeguards are applicable for such a transfer, we may also conduct a third-country data transfer in accordance with an applicable derogation as stated within Article 49 of the GDPR. If such derogations are applied for a specific transfer, we may inform you further about this separately.

If you would like to know more about the requirements for transfers of personal data to countries outside the EU or EEA with support of the European Commission’s decision on standard clauses for the transfer of personal data to controllers or processors established in third countries, you can read more here.

7. Your rights

It is our obligation to only process personal data which is correct, relevant, and necessary with regard to the purposes of the processing, and you are, in your capacity as a data subject for such personal data, entitled to control this. Moll Wendén is responsible for processing your personal data in accordance with applicable law. Moll Wendén will, upon your request or on our own initiative, correct, anonymise, erase, or supplement data which is found to be inaccurate, incomplete, or misleading. Subject to applicable exceptions arising from the above-mentioned obligations for us to observe confidentiality, you may have several rights as a data subject under applicable law. If you wish to exercise any such rights as stated below, you are welcome to contact us. Our contact details are specified in section 11.

As a data subject, you may have the right to:

I. Gain access to your personal data

Upon your request, we will as soon as possible and no later than 30 days from when your request for access to your personal data was received, provide information regarding what personal data we are processing about you.

This means that you have a right to, by written and signed application, without any cost, receive a registry copy wherein it is stated which personal data we are processing about you, the purposes of such processing, and to which recipients the data have been or shall be disclosed. Moreover, the registry shall include information on where the data has been collected when it has not been collected from you, the existence of any automated decision-making (including profiling), as well as the predicted period for which the data will be stored, or the criteria used to determine that period.

You are also entitled to obtain a copy of the personal data which is being processed.

II. Demand rectification of your personal data

Upon your request we will as soon as possible and no later than 30 days from having received your request regarding rectification, rectify your personal data which we process if such data is inaccurate or incomplete.

III. Demand erasure of your personal data

Upon your request, we will as soon as possible and no later than 30 days from when we received your request for erasure, erase your personal data if it is no longer necessary for the purpose for which it was collected.

There may be reasons causing us to be unable to immediately erase your personal data. For example, such is the case if the related personal data is saved in accordance with the obligations in the Swedish Bar Association’s Code of Conduct, during a period of ten years from the day of the completion of the case, or, alternatively if found appropriate, for a longer period due to the nature of the case. If so, we will cease our processing for other purposes and inform you about the legal basis and the relevant purpose for our continued processing.

IV. Demand restriction of processing

You have the right to have your personal data marked so that it may only be processed for certain limited purposes. For instance, you may demand that we restrict our processing of such data when you consider that your personal data processed by us is inaccurate, and you have demanded rectification in accordance with section II, above. Whilst we assess the accuracy of such personal data, we will restrict our processing of it.

We will inform you if our assessment results in us restricting our future processing of such data. We will also ensure that necessary measures of rectification, erasure, and/or restriction of our future processing of such personal data are made by us as well as the companies or other entities to which we have disclosed your personal data (in accordance with section 5, above).

V. Demand data portability

Under certain conditions, you have a right to receive your personal data which we are processing in a structured, commonly used, and machine-readable format; such data may also be transmitted to another controller.

VI. Object to personal data processing carried out based on legitimate interest

You can object to our processing of your personal data where we have based such processing on a legitimate interest as the applicable legal ground. If you object to such processing, we will only continue to process your personal data if there are compelling reasons for us to continue such activities which outweigh your interests. We will inform you of our reasoning for such assessments if applicable.

VII. Demand that we cease to process your personal data for direct marketing

You always have a right to object against our direct marketing measures by sending an e-mail to info@mollwenden.se. When we have received your objection, we will cease to process the personal data for such marketing purposes. You may always contact us at info@mollwenden.se or unsubscribe for our newsletter and similar mailings.

VIII. Complain about our processing of your personal data and compliance with the law to the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten, ”IMY”).

You have the right to file a complaint regarding our processing of your personal data to the Swedish Authority for Privacy Protection if you think we are violating this Privacy Policy, do not fulfil your rights, or are otherwise acting in violation of applicable law.

Please note that the Swedish Authority for Privacy Protection is the former Swedish Data Inspection Authority (Sw. Datainspektionen) which changed its name.

8. Security

You should always feel secure when you submit personal data to us. To ensure this, Moll Wendén has introduced the necessary security measures to protect your personal data against unauthorised access, alteration, and/or erasure as well as ensured that our suppliers of technical services maintain a suitably high level of technical security in their technical infrastructure within which your personal data is being processed. For instance, such security-enhancing measures include the use of encrypted connections, antivirus software, firewalls, clear and purpose-adjusted policies and guidelines which have been introduced and are maintained, as well as physical security applications such as installed fire and water protection.

It is important to us that information regarding our clients is protected. Even though we observe necessary precautions for data protection, no security measures are completely secure, and we can therefore not fully guarantee the security of your personal data.

Should we lose control of your personal data and given that it is likely that such loss of control entails a risk to your rights and freedoms, we will notify you immediately and no later than within 72 hours of us having discovered the incident.

9. Changes to the Privacy Policy

Sometimes we may make changes to this Privacy Policy. If such changes are significant, you will, based on what is deemed appropriate in view of the circumstances, be notified by us, for example by email or text message. In the event of such a notice, please read it carefully.

If you do not want us to continue to process your personal data in accordance with the new version of the Privacy Policy, you can notify us. We will then delete your personal information within 30 days of receiving your message. However, please note that we cannot delete your information if there are legal reasons for us to further process your personal data. If so, we will notify you of the reasons for our continued processing.

10. Information regarding cookies, other technology and third parties’ collection of data

When you use the website www.mollwenden.se, we may, mainly based on you having given consent thereto in connection with your visit to our website, register information about your use. This information includes which pages you visit and how you behave on the website.

For more detailed information about our use of cookies, see our cookie policy. This policy describes the use of cookies and other technology on our website.

11. Contact details

Thank you for reading our Privacy Policy. If you have questions regarding our processing of personal data, you find our contact details below.

Data Controller

Moll Wendén Advokatbyrå AB

Postal address

Stortorget 8
211 34 Malmö
Sweden

Telephone

(+46) 40-665 65 00

E-mail

info@mollwenden.se

Privacy Policy – Appendix 1 (pdf)

To make the functions and information on our website accessible to you, we use cookies. A cookie is a text file that is stored on your device. We only use cookies that are necessary for the website to function properly and these cannot be turned off. For further information, please visit: Cookie policy

Moll Wendén Law Firm
Stortorget 8 SE-211 34 Malmö Sweden
+46 40 665 65 00 / info@mollwenden.se

Corporate identity number 556648-7939
VAT number SE556648793901


Subscribe to our newsletter

Subscribe

All rights reserved Moll Wendén Advokatbyrå AB