Personal data policy
How Nielsen Nørager processes personal data
Nielsen Nørager receives and processes personal data as part of our case processing. As part of our personal data policy, we provide information about our processing of personal data in connection with case processing and further details about the background and purpose of the processing.
There may be several reasons why we have registered personal data about you, for example because you are a client of ours, because you are a counterparty to one of our clients, because you are a witness in legal proceedings that we are conducting, or because your personal data are included in our proceedings for other reasons.
The fact that we have registered and process personal data about you electronically means that, in accordance with the General Data Protection Regulation and the Data Protection Act, we as data controller must provide you with some information, including that and how we process your personal data. This information is set out below. In this connection, we would like to emphasize that we only process personal data - including your personal data - to the extent that it is objective, proportionate and necessary to process this data.
Our processing of your personal data
We process personal data about you in the course of our legal practice. The types of personal data we have registered about you depend to a significant extent on the relationship you have with us. As a starting point, the personal data will be ordinary (non-sensitive) data. This may include, for example, your name, address and other general identification information. In some rare cases, it may also be sensitive personal data, including information about trade union activities and information about criminal offenses.
The information is registered for the purpose of our case processing and may come either from yourself or from others. The basis for our registration and processing of data is the Danish Administration of Justice Act and related rules, the General Data Protection Regulation and sections 6(1) and 7 of the Danish Data Protection Act. The basis for the processing of general personal data may, for example, be the contract or agreement that you as a client have entered into with us for legal assistance.
The basis for processing may also be a legal obligation. Thus, it follows, for example, from the Administration of Justice Act and the rules of professional ethics that we may be obliged to contribute to ensuring that the cases we take on are informed, etc. For example, legislation other than the Regulation and the Data Protection Act may also contain rules stating that personal data may or must be processed. This may, for example, be sections 10-11 of the Anti-Money Laundering Act. The basis for processing sensitive personal data will typically also be that the processing is necessary for the establishment, exercise or defense of legal claims, cf. Article 9(2)(f) of the General Data Protection Regulation.
As part of our case processing, it may be necessary to disclose your personal data to others, e.g. the courts, other lawyers or public authorities. This will always take place within the framework of the General Data Protection Regulation, the Danish Data Protection Act and the other rules to which we as a law firm are subject, including the rules on professional secrecy for lawyers.
Legitimate interests pursued by the processing
As a starting point, our processing of your personal data may be based on Article 6(1)(b) and/or (c), but may, depending on the circumstances, also be based on the balancing of interests rule in Article 6(1)(f) of the General Data Protection Regulation. This is because our processing of your personal data is essential for us to be able to perform the work provided for in the rules of the Danish Administration of Justice Act on legal services.
Storage of your personal data
As a general rule, your personal data will be deleted 8 years after the case in which the data are included has been closed. After a concrete assessment, this starting point can of course be deviated from, so that data is deleted before 8 years have passed, if there are no objective and sufficiently necessary reasons for further storage. Similarly, the time for deletion of data may of course also be extended after a concrete assessment, so that data is stored for longer than 8 years.
The right to withdraw consent
If the basis for our processing of your personal data is based on your consent, you have the right to withdraw this consent at any time. You can do this by contacting us. If you choose to withdraw your consent, it does not affect the lawfulness of our processing of your personal data on the basis of your previously given consent and up to the moment of withdrawal. Therefore, if you withdraw your consent, it will only take effect from that moment onwards.
Under the General Data Protection Regulation, you have a number of rights in relation to our processing of information about you. If you wish to exercise your rights, please contact us.
- Right to see data (right of access)
You have the right to access the data we process about you, as well as a range of additional information.
- Right of rectification (correction)
You have the right to have inaccurate information about yourself rectified. You also have the right to have your data completed with additional information if this would make your personal data more complete and/or up-to-date.
- Right to erasure
In certain cases, you have the right to have data concerning you erased before the time of our regular general erasure.
- Right to restriction of processing
In certain cases, you have the right to restrict the processing of your personal data. If you have the right to restrict processing, we may in future only process the data - except for storage - with your consent, or for the establishment, exercise or defense of legal claims, or for the protection of a person or important public interests.
- Right to object
You have the right to object to our otherwise lawful processing of your personal data. However, this only applies if our processing is based on Article 6(1)(e) and (f) of the GDPR. You may also object to the processing of your data for direct marketing purposes.
- Right to transmit data (data portability)
In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have those personal data transmitted from one controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Agency's guide on data subjects' rights, available at www.datatilsynet.dk.
Complaint to the Data Protection Authority
You have the right to complain to the Danish Data Protection Agency about the collection and registration etc. of information about you:
Danish Data Protection Agency
Carl Jacobsens Vej 35
+45 33 19 32 00
You can also contact us as a data controller:
Nielsen Nørager Law Firm LLP
DK-1459 Copenhagen K
+45 33 11 45 45 45
You can also write directly to the lawyer you have been in contact with.