Confidential and lawful process of personal data is important to us. On this page you will find information on how we collect and process personal information.

We at Norra Attorneys are committed to protecting your privacy and processing information securely. We comply with the General Data Protection Regulation (GDPR) and other applicable legislation and good data protection practices in all personnal data processing. Our responsibilities include the implementation of the rights of the data subject. For more information about your rights, see Registered Rights.

For what purpose we collect and store personal data

We process personal data for the following purposes:  

  • management of customer relationships and assignments;
  • fulfill the statutory obligations, such as the Money Laundering Act;
  • recruitment processes; and
  • for communication and marketing purposes.

Legal basis for processing personal data

The processing of personal data for the aforementioned purposes is based on the performance of a contract or a customer relationship, compliance with a statutory obligation, or it is necessary for the purposes of our legitimate interests as a law firm offering attorney services to our clients.

What personal data we collect and handle

The information we collect are personal data of customers, their representatives and third parties, which we have received while providing legal services. Personal data may include identification information (name, title, entity), contact information (address, email, phone number) and other relevant information.

In the course of recruitment, we also process data related to education and work history and other information that is necessary in the recruitment process. When organizing customer or stakeholder events, we can collect information about food allergies to plan serving. We may process personal data included into special data groups referred to in Article 9 of GDPR  for example in disputes related to employment relationships. We are required to collect customer identification data in situations required by the Act on the Prevention of Money Laundering and Financing of Terrorism (444/2017). We collect and store customer identification data as well as data of counterparties to check possible conflicts of interest. 


We use necessary technical and organizational security tools to protect your personal data against unauthorized access, disclosure, destruction or other unlawful processing. Such tools include firewalls, cryptographic techniques, secure device facilities, proper access control, controlled access and control of usage, use of encryption techniques, guidance of personnel involved in processing personal data and careful selection of subcontractors.

Transfer of personal data

We may disclose personal data to, inter alia, the public authorities, courts, and our counterparties. Transfer is always based on the statutory obligation, disclosure is indispensable for the purpose of creating, presenting, defending or extraditing a legal person is the consent of the data subject.

Primarily, personal data is only processed within the EEA. On a case-by-case basis, we may have to pass information outside the EEA. In such situations transferring is reported to the data subject and the transfer is subject to the provisions of the law and the best way to ensure that the transfer is carried out with the appropriate security.

Data storage period

In the maintenance of personal data, we comply with our statutory obligations and the recommendations of Finnish Bar Association on archiving. Personal data relating to an assignment is stored for as long as it is necessary for the performance of the assingment and check possible conflicts of interests. The data collected to identify the customer is maintained by the law. Personal data is kept only to the extent that it is necessary. Otherwise, personal data will be deleted when there is no statutory basis for its storage or it is no longer needed for the purposes it was collected originally.


We may collect information about visitors on our website by cookies. A cookie is a text file that is stored on your computer or mobile device. Cookies often contain anonymous, unique identifier, which allows us to identify and calculate visitors on our site.

Your rights

You may at any time exercise your rights as a data subject:

  • Right of access: You have the right to obtain from us, as the controller, a confirmation as to whether or not your personal data is being processed and access to the personal data relating to you. This includes e.g. the right to be informed what personal data is being processed and the purpose of the processing.

  • Right to rectification: You have the right to request that inaccurate or incomplete personal data be corrected.

  • Right to be forgotten: In certain circumstances you may also request that your personal data be erased if e.g. the personal data is no longer necessary for the purposes for which it was collected, the processing is unlawful, or the personal data has to be erased to enable us to comply with a legal requirement.

  • Right to data portability: You may request that personal data concerning you that you have provided to us is transmitted to an another controller when the personal data is being processed automatically with your consent or in accordance with a contract between you and Norra.

  • Right to object: You are entitled to object to certain processing of personal data, including for example processing of your personal data for marketing purposes or when we otherwise base our processing of you on a legitimate interest.

  • Right to withdraw your consent: When the personal data processing is based on your consent, you have the right to withdraw your consent to such processing at any time.

Note that there may be situations where our confidentiality and other obligations under applicable legislation and Finnish Bar Rules may prohibit us from disclosing or deleting your personal data or otherwise prevent you from exercising your rights, if the personal data relates to our client work.

Contact information

If you have any complaints about how we process your personal data, or would like further information, please contact us at any time ( If you wish to file a complaint with a supervisory authority regarding our processing of your personal data, you may do so by contacting the Data Protection Ombudsman (