Privacy Policy 

Last updated on 8 January 2026.

Morling Consulting AB, reg. no. 556903-7301, with its address at Domarvägen 2, 141 62 Huddinge (“Morling Consulting”), is the controller for the personal data processed when you are in contact with us. At Morling Consulting, we value your privacy and aim to be transparent about which personal data we process about you and why. This privacy notice describes how, in our capacity as data controller, we collect and use your personal data. It also explains your rights and how you can exercise them.

You have the right to object to certain types of our processing of personal data. Read more under each purpose.

You can always contact us at Morling Consulting if you have questions about data protection and how we process your personal data. The easiest way to reach us is by email at privacy@morlings.se.

What is personal data and when does Morling Consulting process personal data?

Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is someone who can be identified, directly or indirectly, for example by name, personal identity number or address. Encrypted data and various electronic identifiers (such as IP addresses) also constitute personal data to the extent that they can be linked to a natural person.

Processing of personal data covers anything that can be done with personal data, for example collection, registration, processing and storage.

What information do we collect about you and why?

Purpose:
Providing legal services to companies (legal persons)

To provide legal services to companies (legal persons), Morling Consulting processes personal data about you as an employee of a company for which we carry out engagements, including prior to entering into such cooperation. Certain processing of personal data is also necessary for Morling Consulting to provide good service and to investigate queries. This may, for example, include you if you work for a supplier, customer or partner of a company for which we perform assignments.

Processing activities:

  • Receiving and responding to requests for quotations from companies based on our legitimate interest in offering our services.
  • Business communications (for example, engagement confirmations and internal messages) based on our legitimate interest in providing legal services and good service.
  • Follow-up on services delivered based on our legitimate interest in providing legal services and good service.
    Invoicing, payment follow-up, reminders and debt collection based on our legitimate interest in safeguarding and receiving payment for our services.
  • Maintaining a customer register based on our legitimate interest in administering business relationships.
  • Credit assessment of a customer, which in some cases may include a so-called representative enquiry, based on our legitimate interest in preventing credit losses in our business.
  • Storage of accounting material (invoices, receipts, etc.) pursuant to our legal obligation under the Swedish Accounting Act (1999:1078).
  • Technical support, system maintenance and back-ups based on our legitimate interest in keeping our systems efficient and secure.
  • Complying with your rights under the General Data Protection Regulation, for example erasure or rectification, pursuant to our legal obligations (GDPR Articles 15–23).
  • Identifying, documenting and reporting incidents under the GDPR pursuant to our legal obligations (GDPR Articles 33–34).
  • Documentation of requests to exercise rights under the GDPR based on our legitimate interest in following up actions taken in relation to these obligations.

Categories of personal data:

  • Name
  • Personal identity number
  • Work-related information (for example, role, area of expertise and company name)
  • Email address
  • Telephone number
  • Credit reference information (for example, income, payment defaults)
  • IP address

From which sources do we collect personal data?

In addition to the personal data you provide to us, data may also be obtained from third parties such as public registers, social media and credit reference agencies.

Legal basis: To satisfy our legitimate interest in carrying out the processing described above, such processing is based on a balancing of interests where we assess that the processing does not materially infringe your privacy.

Certain personal data may also be processed because we have a legal obligation to fulfil, for example due to our bookkeeping obligations or other statutory obligations.

Your right to object to the processing: You may object to our processing based on legitimate interest. We will then assess your objection and cease the processing unless we have compelling legitimate grounds to continue or if the processing is required for the establishment, exercise or defence of legal claims. Contact us at privacy@morlings.se if you wish to object to the processing.

Retention period: We retain your personal data for as long as necessary to fulfil our contractual obligations and/or to the extent necessary to comply with legal requirements. After the relationship has ended, we retain the personal data for the period during which a legal claim may be brought under the contract.

When we store your personal data for purposes other than our contractual obligations, we store your personal data only for as long as needed for the purpose and/or to the extent necessary to comply with legal requirements.

Your personal data will be erased or anonymised when the purpose or the statutory obligation to store the personal data ceases.

Purpose:
Providing our services to natural persons (sole traders and private individuals)

To provide legal services to you as a natural person (sole trader or private individual), Morling Consulting processes personal data about you as a customer. Certain processing of personal data is also necessary for Morling Consulting to provide good service and to investigate queries. This may, for example, include you if you work for a supplier, customer or partner of a company for which we perform assignments.

Processing activities:

  • Receiving and responding to requests for quotations as part of taking steps prior to entering into a contract to provide legal services.
  • Business communications (for example, engagement confirmations and internal messages) to provide legal services under our contract and based on our legitimate interest in providing good service.
  • Follow-up on services delivered based on our legitimate interest in providing good service.
  • Invoicing, payment follow-up, reminders and debt collection based on our legitimate interest in safeguarding and receiving payment for our services.
  • Maintaining a customer register based on our legitimate interest in administering business relationships.
  • Credit assessment based on our legitimate interest in preventing credit losses in our business.
  • Storage of accounting material (invoices, receipts, etc.) pursuant to our legal obligation under the Swedish Accounting Act (1999:1078).
  • Technical support, system maintenance and back-ups based on our legitimate interest in keeping our systems efficient and secure.
  • Complying with your rights under the GDPR, for example erasure or rectification, pursuant to our legal obligations (GDPR Articles 15–23).
  • Identifying, documenting and reporting incidents under the GDPR pursuant to our legal obligations (GDPR Articles 33–34).
  • Documentation of requests to exercise rights under the GDPR based on our legitimate interest in following up actions taken in relation to these obligations.

Categories of personal data:

  • Name
  • Personal identity number
  • Postal address
  • Email address
  • Telephone number
  • Credit reference information (for example, income, payment defaults, credit scoring)
  • IP address

From which sources do we collect personal data?
In addition to the personal data you provide to us, data may also be obtained from third parties such as public registers, social media and credit reference agencies.

Legal basis: Performance of a contract. To satisfy our legitimate interest in carrying out the processing described above, the processing is based on a balancing of interests where we assess that the processing does not materially infringe your privacy.

Certain personal data may also be processed because we have a legal obligation to fulfil, for example due to our bookkeeping obligations or other statutory obligations.

Your right to object to the processing: This processing of your personal data is necessary for us to provide our service. If you wish to object to this type of processing, we are unfortunately unable to offer our service.

You may object to our processing based on legitimate interest. We will then assess your objection and cease the processing unless we have compelling legitimate grounds to continue or if the processing is required for the establishment, exercise or defence of legal claims. Contact us at privacy@morlings.se if you wish to object to the processing.

Retention period: We retain your personal data for as long as necessary to fulfil our contractual obligations and/or to the extent necessary to comply with legal requirements. After the relationship has ended, we retain the personal data for the period during which a legal claim may be brought under the contract.

When we store your personal data for purposes other than our contractual obligations, we store your personal data only for as long as needed for the purpose and/or to the extent necessary to comply with legal requirements.

Your personal data will be erased or anonymised when the purpose or the statutory obligation to store the personal data ceases.

Purpose:
Introduction to another adviser/partner

If we cannot provide the requested service, we may introduce you to a partner who is considered able to assist you. To make such an introduction, we process personal data about you as a sole trader, private individual or as an employee of a company requesting our services.

Processing activities:

  • Contact via email, telephone and/or digital channels based on our legitimate interest in understanding your needs.
  • Assessment of the request for engagement regarding type of service, timeframe, priority and preferred delivery format based on our legitimate interest in introducing you to the partner.
  • Forwarding contact details and engagement needs to the partner based on our legitimate interest in enabling the introduction between you and our partner.
  • Documenting that an introduction has taken place (for example, date, contact person and which partner was introduced) based on our legitimate interest in following up and administering business relationships.

Categories of personal data:

  • Name
  • Email address
  • Telephone number
  • Details of role/title and employer
  • Information about the engagement needs (for example, requested service and timeframe)
  • IP address

From which sources do we collect personal data?
In addition to the personal data you provide to us, for example via the contact form on our website www.morlings.se, data may also be obtained from third parties such as public registers and social media.

Legal basis: Legitimate interest in assisting you further by introducing you to a relevant partner when we cannot take on the engagement ourselves, and in administering our cooperation linked to such introductions. This processing is based on a balancing of interests where we assess that the processing does not materially infringe your privacy.

Your right to object to the processing: We care about your privacy and will not process your personal data for this purpose if you no longer wish us to do so. Contact us at privacy@morlings.se and we will remove your data.

Retention period: When we store data based on our legitimate interests, we store your data only for as long as needed for the purpose and/or to the extent necessary to comply with legal requirements.

Your personal data will be erased or anonymised when the purpose or the statutory obligation to store the personal data ceases.

Purpose:
Resourcing with subcontractors

To resource engagements with subcontractors, we process personal data about you as a sole trader or as an employee of a company that may be considered as a subcontractor. Processing takes place before or during an ongoing customer engagement.

Processing activities:

  • Contact via email, telephone and/or digital channels based on our legitimate interest in inviting you to a dialogue about potential engagements.
  • Collection and assessment of competence materials, for example CV/profile and experience, as well as availability, remuneration and assignment terms, based on our legitimate interest in resourcing engagements.
  • Taking references, for example previous engagements, certifications or role history, based on our legitimate interest in ensuring delivery capability and quality.
  • Maintaining a register of subcontractors based on our legitimate interest in administering business relationships, ensuring business continuity and delivery capacity.

Categories of personal data:

  • Name
  • Email address
  • Telephone number
  • Details of role/title and employer
  • Competence and experience data (for example, CV and areas of specialism)
  • Availability
  • Commercial information (for example, remuneration and assignment terms)
  • Reference information
  • IP address

From which sources do we collect personal data?
In addition to the personal data you provide to us, for example via the contact form on our website www.morlings.se, data may also be obtained from third parties such as public registers and social media.

Legal basis: Legitimate interest in resourcing engagements with subcontractors to ensure delivery capacity and quality in our engagements. This processing is based on a balancing of interests where we assess that the processing does not materially infringe your privacy.

Your right to object to the processing: We care about your privacy and will not process your personal data for this purpose if you no longer wish us to do so. Contact us at privacy@morlings.se and we will remove your data.

Retention period: When we store data based on our legitimate interests, we store your data only for as long as needed for the purpose and/or to the extent necessary to comply with legal requirements.

Your personal data will be erased or anonymised when the purpose or the statutory obligation to store the personal data ceases.

Purpose:
Engaged as a subcontractor

To administer and perform engagements with subcontractors, we process personal data about you as a sole trader or as an employee of a company that we have engaged as a subcontractor.

Processing activities:

  • Contact via email, telephone and/or digital channels based on our legitimate interest in planning, organising and following up the delivery within the engagement.
  • Administering the subcontractor’s involvement, for example resource planning, engagement start/end, allocation of work and delivery follow-up, based on our legitimate interest in ensuring delivery capacity and quality.
  • Managing commercial and administrative matters, for example contracts, time reporting, invoicing, payment and follow-up of terms, based on our legitimate interest in being able to perform and follow up the engagement.
  • Documenting communications, deliveries and decisions related to the engagement based on our legitimate interest in ensuring traceability, quality and the ability to handle any deviations or legal claims.
  • Maintaining a register of engaged subcontractors based on our legitimate interest in administering business relationships, ensuring business continuity and delivery capacity.

Categories of personal data:

  • Name
  • Email address
  • Telephone number
  • Details of role/title and employer
  • Contact and other data related to the engagement (for example, responsible contact person and availability)
  • Commercial information (for example, hourly rate, engagement terms, time reporting and invoicing details)
  • Information in communications and documentation related to delivery (for example, working materials and delivery status linked to the engagement)
  • IP address

From which sources do we collect personal data?
In addition to the personal data you provide to us in connection with the dialogue, contracting and performance of the engagement, data may also be obtained from the customer, your company/employer and from third parties such as public registers and social media.

Legal basis: Legitimate interest in administering and performing engagements with engaged subcontractors to ensure delivery capacity, quality and follow-up. This processing is based on a balancing of interests where we assess that the processing does not materially infringe your privacy.

Certain personal data may also be processed because we have a legal obligation to fulfil, for example due to our bookkeeping obligations or other statutory obligations.

Your right to object to the processing: You may object to our processing based on legitimate interest. We will then assess your objection and cease the processing unless we have compelling legitimate grounds to continue or if the processing is required for the establishment, exercise or defence of legal claims. Contact us at privacy@morlings.se if you wish to object to the processing.

Retention period: When we store data based on our legitimate interests, we store your data only for as long as needed for the purpose and/or to the extent necessary to comply with legal requirements.

Your personal data will be erased or anonymised when the purpose or the statutory obligation to store the personal data ceases.

Purpose:
Communications about offerings and operations

To communicate our offerings and our operations, we process personal data about you as a sole trader or as an employee of a company with which we have, have had, or intend to initiate such communications.

Processing activities:

  • Maintaining business relationships through electronic communications.
  • Communicating our offerings and operations through communications and electronic communications.

Categories of personal data:

  • Name
  • Email address
  • Telephone number
  • IP address

From which sources do we collect personal data?
In addition to the personal data you provide to us, for example via the contact form on our website www.morlings.se, data may also be obtained from third parties such as public registers and social media.

Legal basis: Legitimate interest in communicating our offerings and our operations. This processing is based on a balancing of interests where we assess that the processing does not materially infringe your privacy.

Your right to object to the processing: We care about your privacy and will not process your personal data for this purpose if you no longer wish us to do so. Contact us at privacy@morlings.se and we will remove your data.

Retention period: When we store data based on our legitimate interests, we store your data only for as long as needed for the purpose and/or to the extent necessary to comply with legal requirements.

Your personal data will be erased or anonymised when the purpose or the statutory obligation to store the personal data ceases.

Who else may gain access to your personal data?

Where compatible with the purposes for which we collected the data, we may transfer your personal data to other companies acting as processors or controllers.

When your personal data is shared with processors, Morling Consulting vets all processors to ensure they can provide sufficient assurances regarding the security and confidentiality of personal data. We have written agreements with all processors under which they guarantee the security of the personal data processed and undertake to follow our security requirements and instructions. A processor is a company that processes personal data on behalf of the controller.

Your personal data is shared with another controller only if needed to perform the contract, to provide good service, to make an introduction to another adviser, to investigate queries, or otherwise if we have obtained your consent to share the data. A controller is a company that processes personal data for its own purposes and has an independent responsibility towards you for the processing it carries out.

Your personal data may be disclosed to third parties when required by law or other statutory decisions. We may also disclose personal data to third parties such as the Police Authority, the Tax Agency or other law enforcement authorities in a criminal investigation or otherwise if we are obliged to provide such information under law or an authority decision.

Where do we process your personal data?

Our aim is to process your personal data only within the EU/EEA. In certain cases, Morling Consulting may need to transfer your personal data to a third country, for example due to systems, cloud service solutions or server locations that cannot be avoided. Where we need to transfer your personal data to a third country, Morling Consulting will implement appropriate safeguards to ensure that your rights and freedoms are protected and that your data is processed as securely as with us.

When transferring personal data to a country outside the EU/EEA, we rely either on decisions by the European Commission that the country in question ensures an adequate level of protection or on the European Commission’s standard contractual clauses.

Transfers of personal data may be made to processors participating in the EU–U.S. Data Privacy Framework (“DPF”). It may be necessary for such a processor to disclose personal data processed under the DPF in response to lawful requests by public authorities, for example to meet national security or law enforcement requirements.

What rights do you have as a data subject?

Right of access: You have the right to request information about which personal data we process about you. To ensure that no one else can gain access to your data, you must identify yourself when requesting an extract from the register.

Right to rectification: In relation to the purposes described, Morling Consulting is obliged to hold accurate and up-to-date personal data about you. If your personal data is incorrect, you may request rectification. Depending on the purpose of the processing, you also have the right to complete incomplete personal data.

Right to restriction: You also have the right to request that we restrict the processing of your personal data, for example while we assess our legitimate interests.

Right to erasure: Under certain conditions, you may request that data about you be erased when it is no longer necessary for the purposes for which it was collected. Morling Consulting deletes data about you when it is no longer needed, but may be required by other legislation to retain data about you to meet legal requirements.

Right to object: You have the right to object to processing based on legitimate interests. You also have the right to object to direct marketing.

Right to data portability: If you have given your consent or if we base the processing on a contract with you, you have the right to request that the data relating to you and that you have provided to us be transferred to another controller (so-called data portability). A condition for data portability is that the transfer is technically feasible and can be carried out by automated means.

To exercise any of your rights, the easiest way to contact us is by email at privacy@morlings.se.

Cookies

Our website www.morlings.se uses cookies or similar technologies. You can see how we use cookies and for which purposes at www.morlings.se/en/cookies.

How are your personal data protected?

Morling Consulting uses only IT systems that protect the confidentiality, integrity and availability of personal data. Technical and organisational measures have been taken in relation to the risk to protect the personal data that we process. Only those persons who actually need to process your personal data for us to fulfil our stated purposes have access to them.

What does it mean that the Data Protection Authority is the supervisory authority?

The Swedish Data Protection Authority (IMY) is responsible for monitoring the application of personal data legislation. If you believe that Morling Consulting is handling personal data incorrectly, you can file a complaint with IMY.

Telephone: +46 8-657 61 00
Email: imy@imy.se
Postal address: Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm.

On IMY’s website, www.imy.se, you can find further information on how to submit a complaint.

How can you most easily contact us with questions about personal data protection?

Questions about personal data protection are of great importance to us. If you have questions about Morling Consulting’s processing of personal data, the easiest way to reach us is by email at privacy@morlings.se.