Privacy Policy

Legato Advokat AB

Last updated: October 27, 2025

.

1. Introduction

Legato Advokat AB (“Legato”, “we” or “us”) values the privacy and integrity of our clients and business contacts. This privacy policy describes how we process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Swedish law.

Data Controller:
Legato Advokat AB
Swedish Companies Registration Office’s registration number  559492-4077

Adress:

Legato Advokat AB

Kivra: 559492-4077

106 31 Stockholm
Sweden

 

Phone: +46 708994070

E-mail: stojan@legatoadvokat.se

 

2. What Personal Data We Process and Why

2.1 Legal Services

Purpose: To provide legal services, perform conflict of interest checks, handle invoicing, and fulfil our professional obligations.

Personal Data Processed:

  • Clients and representatives: Name, contact details (address, email, phone), personal identification number (when necessary), invoicing information, and any other information necessary to complete the assignment

  • Counterparties and their representatives: Name, contact details, employer information, and relevant information contained in documents related to the case

  • Other relevant persons: Contact information for authorities, witnesses, or other parties involved in the assignment

Legal Basis:

  • Performance of contract with our clients

  • Legitimate interest in completing legal work and defending our clients’ interests

  • Legal obligation (conflict checks, anti-money laundering requirements)

Retention Period: Ten (10) years from completion of the assignment, in accordance with the Code of Professional Conduct for Members of the Swedish Bar Association, or longer if required by the nature of the assignment. Financial data is retained for seven (7) years in accordance with the Swedish Accounting Act.

2.2 Marketing and Business Development

Purpose: To market our services, send newsletters, provide invitations to events, and maintain business relationships.

Personal Data Processed: Name, job title, employer, email address, and phone number.

Legal Basis: Legitimate interest in promoting our services to current and potential clients.

Retention Period: As long as there is an active business relationship, or until you unsubscribe from our communications.

2.3 Recruitment

Purpose: To evaluate job applications and conduct recruitment processes.

Personal Data Processed: Name, contact details, CV, cover letter, references, educational background, and other information provided in the application.

Legal Basis: Your consent to participate in the recruitment process.

Retention Period: During the recruitment process and up to 24 months thereafter for defence against potential legal claims. Spontaneous applications are retained for 12 months.

3. How We Collect Personal Data

We collect personal data directly from you, from public registers, from our clients, or from other parties involved in legal assignments. In some cases, we may collect information from credit institutions, public authorities (such as Bolagsverket), or other relevant sources when necessary for the assignment.

4. Who We Share Personal Data With

We only share personal data when:

  • Necessary to fulfil our assignment and protect our client's interests (e.g., with courts, authorities, counterparties)

  • Required by law or court order

  • You have given explicit consent

  • Our IT service providers process data on our behalf under strict confidentiality agreements

Personal data is primarily processed within the EU/EEA.

5. Your Rights

You have the following rights regarding your personal data:

  • Access: Request confirmation of whether we process your personal data and obtain a copy

  • Rectification: Request correction of inaccurate or incomplete data

  • Erasure: Request deletion of your personal data (with limitations based on legal obligations and the Swedish Bar Association Code of Conduct)

  • Restriction: Request limitation of processing in certain circumstances

  • Objection: Object to processing based on legitimate interest, including direct marketing

  • Data portability: Receive your data in a structured, machine-readable format

  • Withdraw consent: Withdraw consent for processing based on consent (e.g., recruitment, marketing)

To exercise your rights, please contact us at stojan@legatoadvokat.se.

Please note that some rights may be limited by our professional obligations under the Swedish Bar Association's Code of Conduct and legal retention requirements.

6. Security

We have implemented appropriate technical and organizational security measures to protect your personal data against unauthorized access, loss, or misuse. As a law firm, we are bound by strict confidentiality obligations under the Swedish Bar Association's Code of Conduct, ensuring that all personal data and client information is handled with the highest level of confidentiality.

7. Complaints

If you believe we are processing your personal data unlawfully, please contact us first so we can address your concerns. You also have the right to file a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at www.imy.se.

8. Changes to This Policy

We reserve the right to update this privacy policy to reflect changes in legislation or our processing activities. Any updates will be published on our website.

9. Contact Us

If you have questions about this privacy policy or how we process your personal data, please contact us at the address set out above in item 1.