Privacy policy

Grey Advokatbyrå AB respects your privacy and values the protection of the personal data being processed by the firm. We ensure that your personal data is processed in accordance with applicable data protection legislation and with the secrecy and respect required for each individual situation.

This privacy notice describes how we collect, process and share personal data. When you are in contact with us, or occur in connection with our assignments, in the capacity of a client or its representative, business partner or consultant, witness, counter party or its counsel etc., personal data will be gathered by us or provided to us.

The same applies to visits to our website, However, when visiting our website, you can choose not to provide us with any personal data by not accepting cookies, you can find more information about cookies here › In the following we provide information about your rights as data subject and contact details to the law firm in case you have any questions regarding our processing of your personal data.

Collection of personal data

Calling and emailing us generally means that personal data that can be linked to individuals are provided. The information can consist of name, telephone number, work address, email address, title etc. In order to fulfil our assignments, we may also gather identification information, such as passports and personal identity numbers and financial information such as bank account numbers and tax information. In some assignments, the personal data can regard other information as well, such as circumstances or a sequence of events related to you and that is relevant to our assignment.

Normally, we do not gather any personal data if you do not provide it to us. However, within the framework of our assignments, it is sometimes necessary to gather information from private or public sources.

Usually there is no obligation to provide us with your personal data. However, if we do not receive certain personal data, we will not be able to accept an assignment since it can affect our possibilities to comply with our obligations to perform conflict of interest and money laundering checks. Furthermore, some processing and gathering of personal data might occur in contact with suppliers and other external parties.

Our purposes of, and legal basis for, the processing of personal data

We process your personal data in order to be able to fulfil our contractual obligations and safeguard our clients’ interests, administrative measures in connection to the assignments, as well as to fulfil the requirements laid down in laws and regulations and the rules issued by the Swedish Bar Association. In addition, processing of personal data occurs of administrative reasons to handle our relations with suppliers and other external parties.

In relation to information about clients who are private individuals, the legal basis for our processing is the performance of the contract that is the basis for the assignment that we have committed to. Regarding the relation to clients’ representatives, business partners and consultants, witnesses, counter parties and their counsels etc., the legal basis for the processing of personal data is based on the balancing of interests. When such processing occurs, that is based on a legitimate interest, we have previously determined that our or the client’s legitimate interest outweigh any opposing interests or fundamental rights and freedoms.

Processing performed in connection to conflict of interest and money laundering checks as well as archiving of data after completion of an assignment, is based on our obligation to comply with statutory obligations deriving from accounting and money laundering legislation as well as the rules issued by the Swedish Bar Association.

The processing carried out regarding emails is based on our legitimate interest to communicate with you and respond to incoming correspondence, to the extent that the processing is not covered by the preceding paragraphs.

Access to your personal data

The firm has employed appropriate technical and organisational security measures to help protect your personal data from loss or access from unauthorised persons.

Transfers of personal data outside the EU/EEA are only carried out in accordance with applicable data protection laws and for the purposes specified above. Transfers may occur to countries outside the EU/EEA within the scope of a certain assignment, but only to the extent necessary to determine, enforce or monitor our client’s legal claims.

We will not disclose your personal data to anyone outside the law firm, except where i) it has been agreed between the firm and you, ii) it is necessary within the scope of certain assignment in order to safeguard our client’s rights and interests, iii) it is necessary so we can fulfil a statutory obligation, comply with a decision of a public authority, court of law or the rules issued by the Swedish Bar Association, or iv) in cases where we engage an external service provider or business partner who perform services on our behalf, v) it is otherwise permitted by law.

Storage of personal data

The personal data is not saved longer than necessary given the purpose of the processing, unless a longer storage time is required or permitted by law.

The personal data used for the performance of a contract are saved during the time of the assignment and subsequently saved in accordance with the firm’s obligation according to the rules form the Swedish Bar Association. This means that the personal data will be saved for at least ten years starting from the day of the completion of the assignment, or for such longer time that is required by the assignment.

Your rights as a data subject

You have the right to access information about what personal data we have stored about you and how we process the information. You also have the right to receive a copy of this privacy policy. Furthermore, you have the right to rectify or complete inaccurate personal data. In some cases, you may also have the right to have your personal data deleted, for example if our processing no longer is necessary for the purpose for which the data was collected. You also have the right to object to, and to limit certain processing of personal data. In some cases, you may also have the right to obtain the personal data you have provided us with. The personal data should then be submitted to you in a machine-readable format and you also have the right to have this data transferred to another data controller, provided that it is technically possible.

Note that the above mentioned rights might be subject to a limitation with reference to the rules about confidentiality and archiving obligation applying to members of the Swedish Bar Association.

If you request your personal data to be restricted or deleted, we may not continue to be able to fulfil our obligations towards you.

Data controller

Grey Advokatbyrå AB, Reg. No. 556919-3252, Birger Jarlsgatan 12, 114 34 Stockholm is the controller of the personal data processing as described above. This means that we are responsible for ensuring that the personal data is processed correctly and in accordance with applicable data protection laws.

Contact details

If you have any questions regarding our processing of your personal data you are welcome to contact us at or by mail to Grey Advokatbyrå AB, Birger Jarlsgatan 12, 114 34, Stockholm.


If you have any objections or complaints regarding our processing of your personal information, you are entitled to contact or file complaints with a supervisory authority, in Sweden currently the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten). You can also file a complaint with the supervisory authority in the country where you live or work.

Amendments and updates

This information was updated in March 2021. We reserve the right to amend this information from time to time to comply with changes made to the relevant data protection legislation or our processing of personal data. Any amendments and updates will be published here on our website,