Registration and processing of personal data
Jon Palle Buhl, CVR no. 17900285, (“the Law Firm”) operates from the address Valkendorfsgade 16, DK-1151 Copenhagen K, and accordingly receives personal information about clients and other natural persons.
The Law Firm is responsible (data controller) for the processing of this personal data. The Law Firm's processing of the personal data is subject to the terms of this Personal Data Policy.
What personal information is stored and used?
The Law Firm processes the following categories of personal information about clients, the client's family members, counterparties and other natural persons:
- General contact information, including name, address, telephone number and email address
- IP addresses
- Personal Identification No.
- Identification documentation, e.g. copy of passport or driving licence
- Financial and legal information
- Insurance information
- Social and personal information
- Health information
- Criminal information
- Employment information, including any information on trade union affiliation
The personal information is processed in digitised, and in some cases physical form.
The purposes of data processing
The Law Firm processes personal data:
- to provide legal assistance in disputes in ordinary courts, professional and non-professional arbitration, boards, etc.
- to provide assistance in connection with the execution of business transactions concerning the Law Firm's clients, for example business transfers
- to provide legal and related advice to clients in areas of law that fall within the Law Firm's business areas
- to provide assistance in rectifying clients' legal matters, such as completing the purchase of real estate
The processing of personal data will be limited to what is necessary to fulfil the purpose(s) in question.
Collecting personal data
Personal data processed by the Law Firm will be i) provided by the data subject him- or herself, ii) received from third parties (e.g. courts, public authorities, counterparties and their attorneys, witnesses or other persons involved in cases processed by the Law Firm), or iii) collected by the Law Firm from public registers, or iv) collected by the Law Firm from other public sources, including the Internet.
Basis for processing of personal data
The legal basis for the Law Firm's processing of personal data is one or more of the following:
- for the purpose of fulfilling an agreement with the client, including an agreement on legal representation in court proceedings or an agreement on the provision of legal advice,
- to determine, assert or defend legal claims, including for example when the Law Firm participates in a lawsuit,
- in certain cases when it is necessary for the Law Firm to pursue a legitimate interest and when the interests of the data subject do not prohibit such interest;
- to comply with money laundering rules applicable to attorneys
Sharing of personal information
The following natural and legal persons will, to the extent it is relevant, be able to access personal information as part of the Law Firm's case processing:
- courts/tribunals, arbitral tribunals, boards of appeal and public authorities, which can decide in pending cases
- counterparties and their attorneys involved in litigation or legal arrangements to which the data subject is a party
- other parties and their attorneys in linked cases which the Law Firm handles
- banks, real estate agents and other companies that play a relevant part in the processing of the Law Firm's cases
- insurance companies that provide legal aid coverage or that otherwise represent a party interest in a case to which the Law Firm is party
- experts and other persons, including witnesses involved in a case
- employees at the Law Firm
- public authorities which, according to law, are entitled to require personal data to be disclosed, or to whom the Law Firm has a duty to report, for example in connection with money laundering rules
- representatives of the Danish Bar and Law Society in connection with supervision in accordance with current regulations for attorneys
- public authorities, if required by law, including in specific cases for the purpose of combating online fraud and other criminal activities or attempts to do so;
Sharing/disclosure take place only when it is required for the Law Firm's processing of a case and related administrative and financially tasks, such as invoicing.
Personal data can, when relevant to the case processing, be transferred to other countries both inside and outside of the EU. The law firm carefully selects its partners and attaches crucial importance to the fact that information about cases is always treated confidentially.
Duration of storage
The Law Firm stores the personal information as long as it (i) is relevant to the Law Firm's performance of its duties, (ii) is necessary to meet any claims that may be raised against the client or the Law Firm, and in addition (iii) as long as is necessary to be able to ensure the client's interests and meet the client's needs.
The personal data is generally deleted 5 years after the end of the case, but this depends on a specific assessment in each individual case.
In this assessment, emphasis is put on the nature of the assistance provided, documentation considerations and the relevant legislation, including in particular the accounting rules, the rules on conflict of interest and general rules on limitation of property law claims and the client's need to access the information in future.
A client may at any time terminate the arrangement with the Law Firm, just as an arrangement may be terminated by the appointing authority. However, even in this situation, the Law Firm is subject to a number of rules and duties, which make it necessary to store the personal data for a longer period.
The Law Firm secures personal information through both technical and organisational security measures in order to protect the data subject's information against unauthorised access, manipulation, destruction/deletion or loss of information.
The law firm uses Advosys (Unik System Design A/S) as system supplier for processing and storage of personal data on servers run and hosted by Microsoft and Sentia Denmark A/S, respectively.
Data processor agreements have been entered into to guarantee the relevant, recommended and statutorily required security measures and the consequent protection of the personal data processed by the Law Firm.
The Law Firm has determined that other attorneys and employees at the firm may only access personal information to the extent that this is relevant to the case processing. The persons at the Law Firm who gain access to personal information are subject to a duty of confidentiality.
Rights of the data subject
The natural person about whom the Law Firm retains information, including the client, has the following rights in relation to the Law Firm:
- Access to be informed of which personal information about the person in question has been registered by the Law Firm.
- Ret til at få berigtiget urigtige oplysninger om den pågældende registreret af Advokatfirmaet.
- The right to have information about the person in question deleted when the registration is no longer necessary for the fulfilment of the purposes in sections 3 and 7 and is not prevented by a task/duty incumbent on the Law Firm pursuant to Danish or EU legislation.
- Right to limited processing of personal data about the person in question when the accuracy or inaccuracy of the personal data in question cannot be established or the personal data is to be used as evidence.
- Access to receive in a structured, ordinary and machine-readable format, possibly by e-mail to the person in question, or to a newly appointed attorney or other third party, the information that the person in question has provided to the Law Firm.
The Law Firm does not inform a person who is not a client about this personal data policy, including the person's rights under this section 9, if the Law Firm's processing of the personal data is covered by the Law Firm's duty of confidentiality, and this shall be compromised by the information.
Change of personal data policy
This personal data policy can be continuously adjusted by the Law Firm to comply with the personal data rules in force at any given time.
If the data subject has objections to the Law Firm's processing of his/her personal data, the data subject is encouraged to contact the Law Firm (Attorney Ulrich Birch Hartmann: firstname.lastname@example.org.
The data subject also has the right to complain to the Danish Data Protection Agency in relation to his/her rights and about the Law Firm's processing of the person's personal data. For further information, please refer to the Danish Data Protection Agency's website www.datatilsynet.dk.