top of page

Privacy Policy

Effective Date: January 1, 2024

Last Updated: February 1, 2025

​(A) This Policy

This Policy explains how we Process your Personal Data under the EU General Data Protection Regulation (“GDPR”) and other applicable data protection laws. We may amend this Policy from time to time, so please review it regularly for updates.

 

This Policy is issued by Nordic Standard Ltd. t/a LPO&Law (Reg. No. C96124), a company registered in Malta. We refer to ourselves in this document as “LPO&Law,” “we,” “us,” or “our.” This Policy is directed to individuals outside our organisation with whom we interact, including clients, potential clients, users of our Sites and Apps, and other recipients of our services (collectively, “you”). Defined terms used in this Policy are in Section (R).

 

For the purposes of the GDPR, LPO&Law is the Controller of your Personal Data. Our contact details appear in Section (Q). We may update this Policy to reflect changes in our data practices or to comply with new legal requirements.

 

(B) Collection of Personal Data

We may obtain your Personal Data in several ways, including:

  1. Directly from you: For example, when you contact us by email, phone, or fill out an online form.

  2. In the course of our business relationship: When we provide legal or LPO services, or otherwise interact with you.

  3. Publicly available sources: Such as social media posts or information in the public domain.

  4. When you use our Apps or visit our Sites: We may collect usage data, IP addresses, and browser details.

  5. Through third parties: For instance, information from law enforcement or credit reference agencies.

 

  • Data you provide

  • Personal Data you share voluntarily—e.g., through contact forms, emails, phone calls.

  • Relationship data

  • Personal Data generated during ordinary interactions—e.g., instructions or other business communications.

  • Data you make public

  • Personal Data you choose to disclose via social media or publicly accessible forums.

  • Site/App data

  • Personal Data collected when you visit our Sites, use our Apps, or register for services (e.g., device info, IP address).

  • Third-party sources

  • Personal Data from background check services, law enforcement, or other authorized third parties.

 

(C) Creation of Personal Data

We may create Personal Data about you, such as records of your communications with us (e.g., call recordings, meeting minutes, or transcripts). These records support client service, compliance, dispute resolution, and other legitimate business purposes.

 

(D) Categories of Personal Data we may Process

Depending on the context, we may Process:

  1. Personal details: Name, address, date of birth, nationality.

  2. Demographic information: Gender, age, language preferences.

  3. Contact details: Email address, phone number, social media handles.

  4. Matter details: Instructions, due diligence materials, contractual information.

  5. Payment details: Billing address, bank or card information.

  6. Site/App usage data: IP address, browser type, login details, usage activity.

  7. Employer details: Where relevant, if you interact on behalf of a business.

  8. Views/opinions: Feedback, comments, or social media posts referring to our services.

 

We only collect and use these categories of Personal Data to the extent necessary for the purposes described in this Policy.

 

(E) Sensitive Personal Data

We may Process Sensitive Personal Data (e.g., data relating to health or alleged criminal offenses) in limited situations and only when it is lawful and necessary. Legal bases may include:

  • Explicit consent: If you voluntarily provide it or consent for specific processing.

  • Legal obligation: Compliance with laws (e.g., anti-money laundering).

  • Detection/prevention of crime: Where legally permitted or required.

  • Establishment, exercise, or defence of legal claims: If needed for legal proceedings.

 

(F) Purposes of Processing and legal bases for Processing

We Process your Personal Data for various legitimate interests, contractual requirements, legal obligations, or with your consent where needed. These purposes include:

    1.    Providing legal and LPO services: Delivering our services (legal advice, contract drafting, etc.).

    •    Legal basis: Contractual necessity, legitimate interest, or consent.

    2.    Compliance checks: Performing client due diligence (KYC), sanctions screenings, and regulatory compliance.

    •    Legal basis: Legal obligation or legitimate interest.

    3.    Operating our business: Managing our Sites, Apps, and general operations (e.g., IT infrastructure, administration).

    •    Legal basis: Legitimate interest or contractual necessity.

    4.    Communications/marketing: Sending updates about our services, events, or legal insights, subject to your preferences.

    •    Legal basis: Legitimate interest or consent (if required by law).

    5.    IT management: Ensuring network and information security, preventing cyber attacks.

    •    Legal basis: Legitimate interest or legal obligation.

    6.    Health and safety: Providing a secure environment at our offices or events.

    •    Legal basis: Legal obligation, legitimate interest, or vital interest.

    7.    Financial management: Billing, accounting, audits, vendor management.

    •    Legal basis: Contractual necessity or legitimate interest.

    8.    Surveys: Gathering feedback to improve our services.

    •    Legal basis: Legitimate interest or consent.

    9.    Security and investigations: Protecting our premises, staff, and data; detecting misconduct or criminal activity.

    •    Legal basis: Legitimate interest or legal obligation.

    10.    Legal proceedings: Establishing, exercising, or defending legal claims.

    •    Legal basis: Legitimate interest or legal obligation.

    11.    Fraud prevention: Detecting, preventing, or reporting fraud.

    •    Legal basis: Legitimate interest or legal obligation.

    12.    Recruitment: Handling job applications, interviews, and hiring processes.

    •    Legal basis: Legitimate interest, legal obligation, or consent (for voluntary information).

 

(G) Disclosure of Personal Data to third parties

We may share your Personal Data with:

  1. Regulatory authorities: Where legally obligated to do so.

  2. Professional advisors: Such as accountants, auditors, or external lawyers.

  3. Processors: Third-party service providers under contract (e.g., data hosting, document review) who must adhere to strict data protection safeguards.

  4. Parties in legal proceedings: If necessary for legal claims or disputes.

  5. Law enforcement: Where required for crime prevention or detection.

  6. Business purchasers: In cases of a merger, acquisition, or sale of all or part of our business.

  7. Third-party content or advertising providers: If you choose to interact with their content on our Sites or Apps.

 

All such disclosures comply with applicable data protection laws and professional confidentiality requirements.

 

(H) International transfer of Personal Data

Because of our international reach, we may transfer your Personal Data to recipients located outside the European Economic Area (EEA). To protect Personal Data in these transfers:

  • We use Standard Contractual Clauses or other appropriate safeguards recognized by the GDPR.

  • If you directly transfer Personal Data to one of our non-EEA locations, we are not responsible for that initial transfer; however, once we receive your Personal Data, we will process it in accordance with this Policy.

 

(I) Data security

We implement appropriate technical and organisational measures to safeguard your Personal Data against unauthorised or unlawful Processing and against accidental loss, destruction, or damage.

 

However, no internet-based service can be entirely secure. You transmit information to us at your own risk and are responsible for securing your own devices and networks.

 

(J) Data accuracy

We take reasonable steps to ensure that the Personal Data we hold is accurate, complete, and up-to-date. Please notify us promptly of any changes so we can correct or update our records.

 

(K) Data minimisation

We only Process the Personal Data that is necessary for specific, legitimate purposes. Whenever possible, we aggregate or anonymise data to reduce the extent to which you can be personally identified.

 

(L) Data retention

We retain Personal Data only for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required by law or necessary to defend or pursue legal claims. Once the applicable retention period has ended, we will securely delete or anonymise your data.

 

(M) Your legal rights

Under the GDPR and other applicable laws, you may have the following rights regarding your Personal Data:

  1. Right of access: Request copies of your Personal Data.

  2. Right to rectification: Correct inaccuracies or incomplete information.

  3. Right to erasure (“right to be forgotten”): In certain circumstances, request the deletion of your Personal Data.

  4. Right to restrict Processing: In certain cases, limit how we Process your data.

  5. Right to object: Object to specific Processing activities, such as direct marketing.

  6. Right to data portability: Receive a copy of your Personal Data in a structured, commonly used format and/or request its transfer to another Controller where technically feasible.

  7. Right to withdraw consent: Where we rely on your consent, you can withdraw it at any time (this does not affect the lawfulness of prior Processing).

  8. Right to lodge a complaint: With a data protection supervisory authority, such as Malta’s Office of the Information and Data Protection Commissioner.

 

We may ask you to verify your identity before acting on your request. If your request is complex, we will let you know if we need more time.

(N) Cookies and similar technologies

We may use cookies or similar tracking technologies on our Sites or in our Apps to collect data about how you interact with our content and services. If required by law, we will seek your consent before placing non-essential cookies on your device. Disabling cookies could affect certain functionalities of our Sites or Apps.

 

(O) Legal Statements

Your use of our Sites, Apps, or services is also subject to our Terms of Use and any other legal notices posted on our website. We encourage you to read these statements regularly for any updates that may affect your rights or obligations.

 

(P) Direct marketing

We may Process your Personal Data to provide information about our services, news, or events that we believe might be of interest to you. You can unsubscribe at any time by following the instructions in any promotional message.

 

If you opt out, we may still send non-promotional communications (e.g., service updates, legal notices).

 

(Q) Contact details

If you have questions about this Privacy Policy or wish to exercise any of your rights, please contact us:

 

Nordic Standard Ltd. (Reg. No. C96124) t/a LPO&Law

San Ġwann, Malta

Email: info@lpoandlaw.com

Phone: T CET: +34 645313637 | T UTC-6: +52 4448490009

 

You also have the right to lodge a complaint with the Office of the Information and Data Protection Commissioner in Malta or any other supervisory authority where you live or work.

 

(R) Definitions

  • Adequate Jurisdiction: A country/territory recognized by the European Commission as providing an adequate level of data protection.

  • App: Any application operated by or on behalf of LPO&Law.

  • Controller: The organisation that decides how and why Personal Data is processed.

  • Cookie: A small text file placed on a device by websites, including our Site.

  • Data Protection Authority: A public authority responsible for enforcing data protection laws.

  • EEA: The European Economic Area (EU Member States plus Norway, Iceland, and Liechtenstein).

  • GDPR: The EU General Data Protection Regulation (2016/679).

  • Personal Data: Information relating to an identified or identifiable natural person.

  • Process/Processing/Processed: Any operation performed on Personal Data (e.g., collection, recording, storage, use, disclosure).

  • Processor: A third party that Processes Personal Data on behalf of the Controller.

  • Sensitive Personal Data: Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric data, health data, sex life or sexual orientation, or data related to criminal convictions/offences.

  • Site: Any website operated by or on behalf of LPO&Law.

  • Standard Contractual Clauses: EU-approved clauses to safeguard data transfers outside the EEA.

bottom of page