Information about our treatment of your personal data
The General Data Protection Regulation (GDPR) grants you additional rights, allowing you at all times to maintain an overview of the personal data we are processing about you.
1. We are the data controller – how do you get in contact with us?
Havemann Advokataktieselskab is the data controller for processing the personal data we have received about you. You will find our contact details here:
1256 København K
CVR-nr.: 2689 0748
Phone: + 45 3345 4040
2. The objectives and legal basis for processing your personal data
We process your personal data for the following purposes:
- To enable us to provide legal assistance in the broadest sense, including legal advice and assistance in establishing and/or defending legal status, including in connection with legal proceedings.
- To enable us to comply with our obligation to prevent money laundering, we are obliged in a number of cases to obtain clients’ identification particulars individually.
- To enable us to conclude and honour agreements with our suppliers.
The legal basis for our processing of your personal data stems from a number of regulations:
- Art. 6(1), letter b, of GDPR, as processing is necessary for the performance of contracts.
- Art. 6(1), letter c, of GDPR, as processing is necessary for compliance with a legal obligation, including the Danish Money Laundering Act and the Bookkeeping Act as well as the rules governing good professional conduct for lawyers.
- Art. 6(1), letter f, of GDPR, as your personal data are processed in order to safeguard a legitimate interest in protecting your legal status and does not override consideration for you.
- Section 11, subs. 2, of the Danish Data Protection Act, as processing of a civil registry and social security number (CPR no.) flows from the legislation, including the Danish Money Laundering Act.
- Art. 9(2), letter e, of GDPR, as the personal data have been published by you yourself.
- Art. 9(2), letter f, of GDPR, as processing of personal data is necessary for the establishment, exercise or defence of your legal claim.
- Art. 6(1), letter a, and Art. 9(2), letter a, cf. Article 7, of GDPR, as you have granted consent for the processing of personal data.
When we collect personal data from you directly, you give us the personal data voluntarily in most cases, or in order to be able to conclude or honour a contract with us or a third party, or to be able to exercise a legal claim. In some cases, you are obliged to provide us with these data, e.g. a CPR number for reporting to the tax authorities when administering a deceased person’s estate.
Depending on the particular circumstances in question, the consequence of not giving us such personal data may be that we are unable to pursue the aims above, including being unable to safeguard our relationship with the client and possibly even being unable to maintain it, being unable to meet our obligations as lawyers/trustees etc. or being unable to discharge our duties vis-à-vis public authorities.
3. Categories of personal data
We process only the personal data about you that are relevant to our ability to perform our brief for you. This may include the following categories of information to whatever extent necessary to meet the aims in pt. 2:
- General information under Art. 6 of GDPR, including contact details
- ID particulars, including Danish CPR no.
- Social and family affairs
- Financial status
- Educational, vocational and employment matters
- Details of criminal offences under Section 8, subs. 3, of the Danish Data Protection Act
- Special information under Art. 9 of GDPR
- Race or ethnic origins
- Political, religious or philosophical beliefs
- Trade union affiliations
- Sex life or sexual orientation
4. Recipients or categories of recipients
We pass on or disclose your personal data to the following recipients whenever necessary in order to perform our brief as lawyers, or whenever so required by legislation:
- Public authorities, including the Danish Central Customs and Tax Administration (SKAT), other local and central government authorities, regions, and the police and courts
- The opposite party/the negotiating partner and their representatives, including lawyers and auditors
- Specialists and valuation experts
- Witnesses and other people with knowledge of factual information for use in a case
- We entrust access to such personal data to our data processors, who supply our IT systems, including support. Depending on the case in hand, one option may be to use other data processors, e.g. ad hoc translators or external IT investigators.
As lawyers, we are subject to a duty of confidentiality and may not divulge information received from you unless you have given your acceptance.
We receive information about you from a number of sources, including:
- Publicly accessible registers such as the Danish Business Authority
- Opposite parties/negotiating partners
- Witnesses and other people with knowledge of factual information
6. Storing your personal data
We generally store your personal data for 10 years after filing a case away. This time-limit has been fixed with regard for the Danish Limitation Act and the rules about storing case records set out in the Code of Conduct for the Danish Bar and Law Society. If dictated by actual circumstances, we store data for shorter or longer periods, e.g. if operative documents are involved.
ID particulars obtained to meet the requirement in the Danish Money Laundering Act are deleted separately 5 years after the cessation of the client relationship.
7. The right to withdraw consent
If you have granted consent for processing of your personal data, you are entitled to withdraw your consent at any time. You can do this by contacting us at the contact details set out in pt. 1 above.
If you choose to withdraw your consent, it will not affect the legality of our processing your personal data on the basis of the consent previously granted by you up to the point of withdrawal. If you withdraw your consent, therefore, it will only take effect from this point onwards.
8. Your rights
According to GDPR you have a number of rights in relation to our processing of information about you.
If you wish to take advantage of your rights, you must contact us.
Right to see information (right of access):
You are entitled to access the information we process about you, as well as a number of other items of information.
Right of rectification (correction):
You are entitled to have incorrect information about yourself corrected.
Right to erasure:
In special cases you are entitled to have information about yourself deleted before the point when our general deletion occurs.
Right to restriction of processing:
In certain instances you are entitled to have the processing of your personal data restricted. If you are entitled to have processing restricted, in future we may only process the data – apart from storage – with your consent, or with a view to the establishment, exercise or defence of legal claims, or to protect a person or vital social interests.
Right to object:
In certain instances you are entitled to object to our otherwise legitimate processing of your personal data. You can also object to the processing of your data for direct marketing purposes.
Right to transmit data (data portability):
In certain instances you are entitled to receive your personal data in a structured, commonly used and machine-readable format and to have these personal data transmitted from one data controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Agency’s guideline on registrees’ rights, which you will find at https://www.datatilsynet.dk/english/
9. Complaining to the Data Protection Agency
You have the right to submit a complaint to the Danish Data Protection Agency if you are unhappy with the way we process your personal data. You will find the Agency’s contact details at www.datatilsynet.dk.