daAt Haugaard|Braad we give high priority to data security and the protection of the personal data that we process. This personal data protection policy describes how we collect and process your personal data. The personal data protection policy applies to all personal data you provide, including data collected in the course of case handling, when you visit our website or otherwise make use of our various services.
1. Data controller
Haugaard|Braad is the data controller of your personal data and thus responsible for the processing of the data that we receive from you. Our contact details:
Haugaard|Braad Advokatpartnerselskab
Company reg. (CVR) No.: 32 77 36 80
Skibbrogade 3, 3.
DK-9000 Aalborg
Email: haugaardbraad@haugaardbraad.dk
Tel. +(45) 98 77 50 30
2. The purposes and the legal basis for the processing of your personal data
In connection with the delivery of our services we may in certain contexts receive and process personal data. Depending on the service we provide, we will process the following types of data about you:
2.1. Case handling - clients
If you are an existing or potential client, we will basically process your personal information in order to conclude or perform the agreement we have with you or the business, organisation or public authority you represent in order to provide legal advice.
We may process various general details about you, such as your name, email, telephone number, position, educational background, professional data and other data that are necessary under the remit we have been given as your legal representatives or in the course of our business relationship. We may also process data relating to your financial affairs, including payment and tax information. Depending on the circumstances, we may also process data, such as your private address and your personal contact details. The legal basis for our data processing, which depends on the nature of the legal service we provide, is article 6, paragraph 1, points (b), (c) and (f) of the General Data Protection Regulation.
In certain circumstances, we may process special categories of personal data (sensitive data), see article 9, paragraph 2, point (f) of the General Data Protection Regulation, and/or data about punishable offences, see section 8, subsections 3 and 4 of the Danish Data Protection Act, if circumstances relating to the relevant case(s) necessitate this. This might be the case in matters of insurance or compensation.
If we need to record data in the databases of public authorities via portals, such as virk.dk or tinglysning.dk, it may be necessary for us to process your CPR No. (civil registration number). The basis of processing is section 11(2) of the Danish Data Protection Act.
We use your personal data to communicate with you, process the relevant case and to make registrations, where needed, in the digital service solutions of public authorities.
Personal data is usually provided by you, but in some cases we may receive the data from a third party or from business partners.
We store your personal data for as long as is necessary in order to achieve the objective for which it is being processed. As a general rule, we store the data for 10 years after the case is closed, but in special circumstances the storage period may be longer or shorter, for instance in order to ensure compliance with legal requirements concerning erasure or storage.
2.2. Case handling - non-clients
If you are an opponent or in any other way involved in a case we are dealing with on behalf of a client, we generally process your data with a view to concluding or performing the agreement we have with our client and in the course of protecting his or her interests.
Depending on the nature of the case, we may process general personal data, sensitive data, ID information and data about punishable offences.
Personal data is provided by our client, by you, a third party and/or our business partners. If we have received personal data from persons other than you, you have a right to be informed of our processing of your personal data. However, we are subject to lawyer-client privilege and may therefore omit to notify you in order to maintain confidentiality.
We store your personal data for as long as is necessary in order to achieve the objective for which it is being processed. As a general rule, we store the data for 10 years after the case is closed, but in special circumstances the storage period may be longer or shorter, for instance in order to ensure compliance with legal requirements concerning erasure or storage.
2.3. Anti-money laundering procedure
As a law firm, we are subject to a number of obligations set out in the anti-money laundering legislation in the case of financial transactions. This implies that we must register the details of the beneficial owner, and you may be asked to produce proof of identity or assist in the identification of the client's beneficial owners.
In this connection, we will process your personal data, including ID information, such as name, CPR No., passport number and driving licence number.
We process ID information obtained under the Danish Anti-Money Laundering Act for the sole purpose of fulfilling our obligations under the said Act. Our processing of general personal data is based on article 6, paragraph 1, point (c) of the General Data Protection Regulation, and our processing of sensitive data is based on article 9, paragraph 2, point (g) of the General Data Protection Regulation, which sets out our obligation to fulfil our legal obligations.
Personal data is received from the affected persons themselves, via publicly accessible portals and via external business partners, who may for instance perform screening as to whether a person is a politically exposed person (PEP) or a next of kin of a PEP.
We store your personal data for as long as is necessary. As provided for in the Anti-Money Laundering Act, we do not store your anti-money laundering data for more than five years or until the termination of the business relationship.
2.4. Events and newsletters
If you sign up for one of our events, we will process your personal data. We process your name, position, place of business, email address, telephone number and address. The legal basis for processing is set out in the General Data Protection Regulation, article 6, paragraph 1, point b.
If we wish to process your data for other purposes (for instance for marketing purposes), we would always inform you to this effect and as a general rule, we would obtain your prior consent for such processing, see article 6, paragraph 1, point (a) of the General Data Protection Regulation.
We only use your personal data for marketing purposes if you give your express permission, see article 6, paragraph 1, point (a) of the General Data Protection Regulation. You always have the option to state that you do not wish to receive any more emails or other communications from us in the future.
If you sign up for our newsletter by email, we process your name, email, place of business, organisation, educational institution, position, language preferences and areas of interest. The legal basis for processing is your consent, see the General Data Protection Regulation, point a) of article 6, paragraph 1.
We store your personal data for as long as is necessary in order to hold the course in question or for subsequent evaluation. A course may be part of a series of courses or the establishment of a network which has been described in advance, and in such a case we store your personal data until the whole series or the network establishment has been completed and evaluated. If you are an employee of one of our clients, we store your personal data for as long as we have a business relationship with the client. In the case of a payment arrangement we store bookkeeping data, including invoices in the financial year plus five years, as provided for in the Danish Bookkeeping Act.
3. Recipients of personal data
We keep your personal data confidential and as a general rule we do not disclose your data to any third parties. However, we may disclose your data to external third parties if we are under obligation to do so or if it is part of the service we provide to you. Such parties may include the police, the tax authorities or other public authorities, courts of law, arbitration tribunals, other law firms, opponents in legal proceedings and external business partners.
We may also pass on your personal data to our business partners and suppliers. Our business partners will process personal data on our behalf only and in accordance with our instructions.
For instance, we use business partners in connection with operations and IT security (such as back up, hosting of websites etc.), the purpose of which is to protect your personal data against accidental or illegal destruction, loss or deterioration, and against being passed on to unauthorised persons or otherwise processed in contravention of personal data protection law.
As a general rule, we do not pass on personal data to countries outside the EU/EEA area.
4. Your rights
Under data protection law, you hold certain rights in connection with our processing of your personal data. These are:
- Right of access - You are entitled to the access to the data we process about you and to other items of information.
- Right to rectification - You are entitled to have incorrect data about you rectified.
- Right to erasure - In special circumstances, you are entitled to have your personal data erased prior to our deadline for erasure.
- Right to restriction of processing - In certain circumstances, you are entitled to a restriction in the processing of your personal data. If you have a right to restriction of processing, we may in future only process the data - apart from storage - with your consent, or with a view to establishing, submitting or defending legal claims or for the protection of a person or for reasons of overriding public interest.
- Right to object - In certain circumstances, you have a right to object to our otherwise lawful processing of your personal data. You may also object to the processing of your personal data for direct marketing purposes.
- The right to data portability - In certain circumstances, you have a right to receive personal data that you have given us in a structured, commonly used and machine-readable format, and you have the right to have the said personal data transferred from one data controller to another without obstructions.
You can read more about your rights in the guidelines about the rights of data subjects issued by the Danish Data Protection Agency, which you find at www.datatilsynet.dk.
If you wish to exercise your rights, please feel free to contact us at any time. We will respond to your communication as soon as possible, and not later than 30 days after you have approached us, if possible.
In connection with your request, we will ask you to confirm your identity or provide additional details. We will do this to ensure that only you have access to your personal data, and that such data cannot accidentally be disclosed to impostors.
5. Filing a complaint with the Danish Data Protection Agency
You are entitled to make a complaint if you are dissatisfied with our processing of your data. Send the complaint to:
Datatilsynet (Danish Data Protection Agency)
Carl Jacobsens Vej 35
2500 Valby (Copenhagen)
6. Changes to our personal data protection policy
We reserve the right to change and/or update our personal data protection policy, and we will continue to ensure that it is updated, accurate and in compliance with applicable law and the principles for the lawful processing of personal data.
Updated on 17 March 2021
