Information about our treatment of your personal data
The General Data Protection Regulation (GDPR) allows you to maintain an overview of the personal data we are processing about you at all times.
1. We are the data controller – how do you get in contact with us?
Havemann Advokataktieselskab is the data controller for processing the personal data we have received about you. You will find our contact details here:
1256 København K
CVR-nr.: 2689 0748
Phone: + 45 3345 4040
2. The objectives and legal basis for processing your personal data
We process your personal data for the following purposes:
- To enable us to provide legal assistance in the broadest sense, including legal advice and assistance in establishing and/or defending a legal position, including in connection with legal proceedings.
- In order to enable us to comply with our obligation to prevent money laundering, we are obliged in certain types of legal procedures to obtain clients’ identification particulars.
- To enable us to conclude and honour agreements with our suppliers.
The legal basis for our processing of your personal data is found in a number of regulations:
- 6(1), letter b, of GDPR, as processing is necessary for the performance of contracts.
- 6(1), letter c, of GDPR, as processing is necessary to comply with a legal obligation, including the Danish Money Laundering Act and the Bookkeeping Act as well as the rules governing good professional conduct for lawyers.
- 6(1), letter f, of GDPR, as your personal data are processed in order to safeguard a legitimate interest in protecting your legal status, and as such interests do not take priority before you.
- Section 11(2) of the Danish Data Protection Act, as processing of a civil registration (CPR) no. flows from the legislation, including the Danish Money Laundering Act.
- 9(2), letter e, of GDPR, as the personal data were submitted by you personally.
- 9(2), letter f, of GDPR, as processing of your personal data is necessary for the establishment, exercise or defence of your legal claim.
- 6(1), letter a, and Art. 9(2), letter a, cf. Art. 7, of GDPR, as you have consented to the processing of your personal data.
When we collect personal data from you directly, you submit your personal data voluntarily in most cases, or you submit the data in order to be able to conclude or honour a contract with us or with a third party, or to be able to exercise a legal claim. In some cases, you are obliged to provide us with these data, e.g. a CPR no. for reporting to the tax authorities when we administer the estate of a deceased person.
Depending on the particular circumstances, the consequence of not submitting your personal data to us may be that we will be unable to pursue the aims above or to attend to our relationship with the client or to maintain it, or to meet our obligations as lawyers/trustees etc. or to discharge our duties in respect of public authorities.
3. Categories of personal data
We process only the personal data about you that are relevant to our ability to solve your assignment. This may include the following categories of information to the extent it is necessary in order to meet the aims item 2:
- General information under Art. 6 of GDPR, including contact details
- ID particulars, including Danish CPR no.
- Social and family affairs
- Financial status
- Educational, vocational and employment matters
- Details of criminal offences under Section 8 (3) of the Danish Data Protection Act
- Special information under Art. 9 of GDPR
- Race or ethnic origins
- Political, religious or philosophical beliefs
- Trade union affiliations
- Sex life or sexual orientation
4. Recipients or categories of recipients
We pass on or disclose your personal data to the following recipients when necessary in order to perform our brief as lawyers, or when so required by legislation:
- Public authorities, including the Danish Central Customs and Tax Administration (SKAT), other government authorities, regions, municipalities, police and courts of law
- The opposing party/the negotiating partner and their representatives, including lawyers and auditors
- Specialists and valuation experts
- Witnesses and other persons with knowledge of factual information in the case
- We entrust access to such personal data to our data processors who supply our IT systems, including support. Depending on the case in hand, we may use other data processors such as ad hoc translators or external IT investigators.
As lawyers, we are subject to a duty of confidentiality and may not divulge information received from you unless you have given your acceptance.
We receive information about you from a number of sources, including:
- Publicly accessible registers such as the Danish Business Authority
- Opposing parties/negotiating partners
- Witnesses and other persons with knowledge of factual information
6. Storing your personal data
We generally store your personal data for 10 years after filing a case. This time-limit has been fixed with regard for the Danish Limitation Act and the rules about storing case records set out in the Code of Conduct of the Danish Bar and Law Society. If dictated by actual circumstances, we store data for shorter or longer periods, e.g., if operative documents are involved.
ID particulars obtained to meet the requirement in the Danish Money Laundering Act are deleted separately 5 years after the cessation of the client relationship.
7. The right to withdraw consent
If you have consented to processing of your personal data, you are entitled to withdraw your consent at any time. You can do this by contacting us using the contact details set out in item 1 above.
If you choose to withdraw your consent, it will not affect the legality of processing your personal data up to the point of withdrawal on the basis of the consent previously granted by you. Therefore, if you withdraw your consent, it will take effect from this point onwards.
8. Your rights
According to GDPR, you have certain rights in relation to our processing of information about you.
You should contact us if you wish to make use of your rights.
Right to see information (right of access):
You are entitled to access the information we process about you, as well as a number of other items of information.
Right of rectification (correction):
You are entitled to have incorrect information about yourself corrected.
Right to erasure:
In special cases you are entitled to have your personal data erased before the date when our general erasure takes place.
Right to restriction of processing:
In certain cases you are entitled to have the processing of your personal data restricted. In this case such data may only be processed – apart from being stored – with your consent, or in order to assert, exercise or defend legal claims, or to protect a person or vital social interests.
Right to object:
In certain cases you are entitled to object to our otherwise legitimate processing of your personal data. You can also object to processing of your data for direct marketing purposes.
Right to transmit data (data portability):
In certain cases you are entitled to receive your personal data in a structured, commonly used and machine-readable format and to have these personal data transmitted from one data controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Agency’s guideline on registrees’ rights, which you will find at https://www.datatilsynet.dk/english/
9. Complaining to the Data Protection Agency
You have the right to submit a complaint to the Danish Data Protection Agency if you are unhappy with the way we process your personal data. You will find the Agency’s contact details at www.datatilsynet.dk.