1. Data controller
As data controllers, we are responsible for your personal data. Our company information is as follows:
Fabritius Tengnagel & Heine
CBR No. 27103111
Store Kongensgade 67C
1264 Copenhagen K
2. How to contact us?
3. What do we do, and what is the legal basis?
We handle and process the following personal data:
If you are a client (or potential client) of our law firm, we need to process your personal data to be able to provide you with legal advice.
We create a file in our electronic case management system. Only legal staff members have access to the file. One or more parties will be connected to the case in different capacities. If you are one of these persons, a part of the client’s organisation or being connected to the opposing party, we will be handling some of your personal data.
Data concerning corporations, with the exception of owner-managed companies, are not covered by the EU General Data Protection Regulation. Identity data concerning a natural person, fx name, phone number, private address, occupation, etc., handled by us are covered by the General Data Protection Regulation.
When handling your personal data, the data is primarily collected from you. In many cases, however, we also collect data from others, including the opposing party and other stakeholders.
We process general personal data concerning you, including identity data, fx name, occupation, phone number, and address. If you are a client, the legal basis for processing data is Article 6(1)(b) of the EU General Data Protection Regulation, since processing is necessary for the conclusion or the performance of the contract on legal assistance. If you are an opposing party, the legal basis is Article 6(1)(f) of the EU General Data Protection Regulation concerning the balance of interest, the legitimate interest being that a legal claim may be established, exercised or defended.
If we need to make any registrations in databases held by public authorities (virk.dk, tinglysningen.dk or minretssag.dk), we may share your personal data with a number of public authorities through their reporting portals. In this connection, we may have to process your personal identification number. The legal basis for this is Section 11 of the Danish Data Protection Act.
As an example, in connection with employment agreements, we process sensitive personal data concerning you, fx personal health data. The legal basis for processing such data is Article 9(2)(f) of the EU Data Protection Regulation, since processing is necessary for the establishment, exercise or defence of legal claims.
In connection with criminal cases, we process data concerning your criminal offences committed by you. The legal basis for this is Section 8(3) and (4) of the Danish Data Protection Act.
We also process general personal data in the form of email addresses of the recipients of our newsletter. If you sign up for our newsletter on our website, we will process your email address. In this case, the legal basis is your consent, cf. Article 6(1)(a) of the EU General Data Protection Regulation. You can unsubscribe from our newsletter at any time by clicking ”Unsubscribe” (“Afmeld”) at the bottom of the newsletter. Or, if you send an email to email@example.com, we will unsubscribe you promptly.
Furthermore, we process electronic data and user behavior on our website (cookies) for the purpose of our website and the transmission of our newsletters.
4. The recipients of your personal data
We treat your personal data as confidential, and we do not make them available to any third parties. However, we may disclose your personal data to opposing parties, authorities and courts of law.
We make your personal data available to external suppliers of computer services, including data processors, who will process your personal data on our behalf and according to our instructions only.
Furthermore, based on an individual assessment, we may communicate your personal data to other parties because we are ordered to do so, or because this is a consequence of the agreement with you. We may communicate your personal data to the police, the Danish tax authorities, other public authorities, the courts, arbitral tribunals, other law firms or opposing parties.
5. Third countries
We do not transmit your personal data to any third countries (countries outside the EU or the EEA).
6. Protection of your personal data
We always strive to protect your personal data, implementing both technical and organisational measures to protect your integrity and to prevent your personal data from being adversely affected. We have implemented technical security measures to ensure that your personal data are protected, and in addition to this, we have implemented organisational measures in the form of of internal procedures, guidelines and policies.
If you need to send us sensitive personal data, we recommend that you use encryption, fx secure email or a file protected by a password (Word or PDF format).
7. How long will your personal data be kept, and when will we delete your personal information?
We will keep your personal data for as long as it is necessary to fulfill the purpose(s) for which the data are processed.
When it is no longer necessary to process your personal data for professional purposes, they will be deleted. In principle, we will delete your personal data 10 years after the completion of the case. We are under an obligation to retain your personal data for 10 years, partly as a consequence of our responsibilities as advisers, partly as a consequence of the Danish Limitation Act, according to which the limitation period for enforcing liability claims is 10 years.
In specific cases, the retention period may be shorter or longer to comply with legal requirements regarding erasure and retention, fx may data concerning our clients and opposing parties be retained for a longer period if this is necessary to comply with our obligations relating to conflict of interest according to the ethical standards for lawyers.
Personal data retrieved according to the Danish Anti-Money Laundering Act are retained for 5 years after the termination of the lawyer-client relationship. At the end of this period, the data are deleted.
8. Your rights
As a data subject, you have a number of rights:
- In principle, you have the right to apply for access to the personal data concerning you processed by us.
- In principle, you have the right to request for rectification your personal data if these are inaccurate.
- In principle, you have the right to request the erasure of your personal data.
- In principle, you have the right to object to the processing of your personal data and to obtain the restriction thereof.
- In principle, you have the right to request data portability, i.e. to ask for a copy of your personal data in a structured, commonly used and machine-readable format, and to have those data transmitted to a new data controller, fx a new lawyer.
- If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of you consent does not affect the lawfulness of processing based on consent before its withdrawal.
These rights may be subject to conditions or limitations. Therefore, for instance, you may not have a right of erasure. This depends on the actual circumstances of the processing.
You can exercise your rights by contacting us by email at firstname.lastname@example.org or phone at +45 33 13 69 20.
You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet). Information on how to lodge a complaint with the Data Protection Agency is available on the Data Protection Agency’s website.