Privacy Policy

Latest update 15 December 2022

1. INTRODUCTION

1.1
Donatzky & Partnere Advokatfirma P/S (”we”, ”our”, ”us”) is a partner law firm with offices at Trelleborggade 15, 1st floor, right side, DK-2150 Nordhavn, Denmark registered with company registration number (CVR): 39 35 85 30.

1.2
We process personal data in the ordinary course of our activities as a law firm and we are responsible as data controller for processing your personal information on the terms and conditions contained in this policy (”Privacy Policy”).

1.3
Our Privacy Policy consists of two parts. In the first part, you can read about our specific processing activities. In the second part, you can read the general terms applying to all specific processing activities.

1.4
In case you have any questions regarding our processing of your personal data or want to assert your rights, please contact us via the below contact information:

Email: info@donatzky.com
Phone: 0045 3311 1010

2. SPECIFIC PROCESSING ACTIVITIES

2.1 Client Relations
Purpose, categories of personal data and legal basis

We process personal data about you as a client to handle all administrative tasks associated with the client relationship. This includes correspondence, case registration and our compliance with the obligations in the Danish Code of Conduct for lawyers and the Danish Money Laundering Act.

The following personal data is part of our processing:

  • Name
  • Position
  • Company affiliation
  • Address
  • Email
  • Telephone number
  • Civil registration number (personal client or beneficial owner of client)
  • Personal photo ID (driver’s license, passport or similar official ID)
  • PEP status

Our legal basis for processing ordinary personal data in the client relationship follows from Article 6(1)(b) of the GDPR on processing that is necessary for the performance of a contract to which you are a party or for the implementation of measures taken at your request prior to entering a contract.

Our legal basis for processing ordinary personal data as documentation for our compliance with the obligations in the Code of Conduct for lawyers and the Money Laundering Act, follows from Article 6(1)(c) of the GDPR on processing necessary to comply with legal requirements, cf. Chapter 3 of the Money Laundering Act regarding the customer due diligence procedure, and Chapter 12 of the Danish Administration of Justice Act on the practice of law (which forms the basis for the Danish Code of Conduct for lawyers).

Our legal basis for processing civil registration number is section 11(2)(1) of the Danish Data Protection Act regarding the possibility for private companies to process civil registration number when it follows from the legislation (the Money Laundering Act).

Storage

As a main rule, we store case information until 5 years after the end of the case. The deadline has been set considering the Danish Code of Conduct for Lawyers on the storage of case information.

Depending on specific circumstances, we may choose a 10-year retention period for case information on behalf of our client, e.g., in the case of law-creating documents (settlements, judgments, orders or the like), cf. section 5(1)(3) of the Danish Limitation Act.

Depending on specific circumstances, we may choose a 10-year retention period if there has been a special responsibility associated with our legal proceedings considering the absolute obsoletion period of 10 years for our own liability, cf. section 3(3)(2) and (4) of the Danish Limitation Act.

Information collected based on the customer due diligence procedures in the Danish Money Laundering Act is kept for 5 years from the time of collection but is continuously updated in connection with new cases, after which the 5-year retention period begins again. These principles follow from section 30 of the Danish Money Laundering Act.

Any personal data processed for the purpose of bookkeeping material is kept with the bookkeeping material for the current year + 5 years, cf. section 12 of the Danish Bookkeeping Act.

Sources

Client

Public registers, e.g., the Company Registration Office or the Land Registration Court

2.2 Case Processing
Purpose, categories of personal data and legal basis

In our case processing, we process personal information depending on what the case concerns. This includes the processing of personal data about our own client, including employees or other stakeholders. It also includes counterparties, judges, witnesses, and other persons relevant to the case. The purpose of the processing is to safeguard the clients’ interests.

The following personal data is typically included in the processing:

  • Name
  • Job position
  • Email
  • Company affiliation
  • Telephone number
  • Any other personal data relevant for establishing, invoking or determining a legal claim.

Our legal basis for processing ordinary personal data follows from Article 6(1)(f) of the GDPR regarding legitimate interest. The legitimate interest is determined by the Danish Code of Conduct for lawyers, which originates from section 126(1) of the Danish Administration of Justice Act on good legal practice.

Our legal basis for processing special categories of personal data follows from Article 9(2)(f) of the GDPR on the establishment of legal claims, cf. the safeguarding of clients’ best interests pursuant to professional conduct.

Our legal basis for processing information about criminal offences follows from Article 10 of the GDPR, cf. section 8(3)(2) of the Danish Data Protection Act regarding legitimate interest.

All processing activities are thus based on a legitimate interest arising from our clients’ interests, and which thus do not override the data subject’s fundamental rights and freedoms as long as it is contained in the framework established for good legal practice.

Storage

As a main rule, we store case information until 5 years after the end of the case. The deadline has been set considering the Danish Code of Conduct for lawyers regarding the accessibility of case information.

Depending on specific circumstances, we may choose a 10-year retention period on behalf of our client, e.g. in the case of law-creating documents (settlements, judgments, orders or the like), cf. section 5(1)(3) of the Danish Limitation Act.

Depending on specific circumstances, we may choose a 10-year retention period if there has been a special responsibility associated with our legal proceedings considering the absolute obsoletion period of 10 years for our own liability, cf. section 3(3)(2) and (4) of the Danish Limitation Act.

Sources
  • Courts
  • Our client
  • Counterparties
  • Public registers
  • Public sources (daily newspapers, social media, etc.)
2.3 Business Partners and Suppliers
Purpose, categories of personal data and legal basis

We process personal data in connection with general correspondence in supplier relationships and collaborations.

The following personal data is part of our processing with you:

  • Name
  • Position
  • Email
  • Telephone number

Our legal basis for processing personal data follows from Article 6(1)(b) of the GDPR on processing necessary for the performance of a contract, including pre-contractual correspondence.

Storage

Contact information for employees of our suppliers and partners is stored for up to 3 years after the termination of the contract, cf. Section 3(1) of the Danish Limitation Act.

2.4 Social Media
Purpose, categories of personal data and legal basis

We are active on LinkedIn. When you interact with us on such platforms, you make information available to us and the social media, for example when you respond to our posts, comment or share posts, just as we process information that you “like” us or follow us on the social media.

Donatzky & Partnere and LinkedIn are considered joint data controllers and you should therefore be aware that LinkedIn also process their own information about you.

The agreement on joint data responsibility can be found here. You can read more about LinkedIn’s independent processing of personal data here.

The legal basis for processing your personal data follows from Art. 6(1)(f) of the GDPR on processing necessary for us to pursue a legitimate interest where your interests are not overridden because your participation on social media is voluntary for you on the terms applicable on social media.

Storage

We will retain your personal data until it is no longer necessary for us to process. As a main rule, we do not delete posts. You can try to edit or delete posts you have made on our company page through the social media editing features.

Sources
  • You
  • LinkedIn
2.5 Other Contact
Purpose, categories of personal data and legal basis

You can contact us by phone, via the contact formular on our website or contact one of our employees at the email addresses listed on our website.

When you send us an email or contact us by phone, we naturally process your contact information and the content of your message.

Our legal basis for processing your personal data is Article 6(1)(f) of the GDPR regarding processing based on a legitimate interest, where your rights are not overridden, as we only process what is absolutely necessary to answer your inquiry. If your inquiry concerns a client relationship or a specific case, the conditions described in the relevant sections apply.

Storage

The correspondence is deleted when it is no longer necessary for the fulfilment of the purpose (answering the inquiry) or 6 months after the latest correspondence.

2.6 Job Applications
Purpose, categories of personal data and legal basis

If you wish to apply for a position with us, you can send us your CV and a motivated application as well as any references that we may contact. We will then process your name, email and the other information that appears in your application. All processing is confidential and takes place exclusively for recruitment purposes. Your information will not be disclosed without your consent.

Our legal basis for processing your personal data is Article 6(1)(b) of the GDPR, regarding processing necessary for the performance of a contract, including pre-contractual correspondence which takes place at your request.

Storage

The retention period is 6 months after receipt in accordance with the Danish Data Protection Agency’s guidelines on the retention period for job applications. If we wish to retain your application for more than 6 months, we will send you an email asking you to give your consent to a specified extension of the retention period.

Sources
  • You
  • References

 

3. GENERAL PROVISONS

3.1
Information to Counterparties and Ancillary Persons

3.1.1
Pursuant to Article 14(5) of the GDPR, we may exceptionally refrain from giving notice of our processing of personal data if:

  • the provision of such information proves impossible or would require a disproportionate effort or
  • the personal data must remain confidential because of our statutory duty of

3.1.2
In this connection, we consider most of the personal data we process as relevant to our specific case processing in each individual case. This means, in our opinion, that the ordinary practice of a lawyer does not set aside the considerations behind the information duty. Therefore, most persons are notified about our processing of personal data through ordinary correspondence and reference to the Privacy Policy. However, there are also people who are considered ancillary to the case itself and thus are not independently notified of our activities. This applies, for example, to judges, civil servants, witnesses, and other persons who, by virtue of their position or natural part of a given case, are not genuinely subject to the proceedings, or where notification to these persons overrides confidentiality concerns.

3.2 Recipients of Personal Data

3.2.1
We use security-approved data processors who help us with IT or other services. When we use data processors, a data processing agreement has been entered determining the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data and the categories of data subjects as well as the data controller’s obligations and rights.

3.2.2
We disclose personal data as part of our case processing, including to public authorities, courts and counterparties when necessary to safeguard our clients’ interests. Disclosure thus rests on our clients’ rights and obligations together with our recommended actions by virtue of the legal profession.

3.2.3
It may also be necessary to disclose personal data based on specific legal requirements to us as a law firm, e.g. to the Danish Money Laundering Secretariat. Any disclosure is made against the lawyer’s statutory duty of confidentiality and thus requires compelling reasons and confidentiality at the recipient.

3.2.4
To a limited extent, we transfer personal data to third countries. For the purpose of case processing, this may be done specifically in individual cases pursuant to Article 49(1)(e) of the GDPR regarding transfers that are necessary to safeguard the interests of a legal claim. Some IT services contain hosting services (cloud), which can be considered as third-country transfers under the data protection rules. In case of data processing on our behalf, such transfer takes place in accordance with the EU Commission’s standard contractual clauses (SCC), cf. Article 46(2)(c) of the GDPR. Please contact us for more information.

3.3 Your Rights

3.3.1
According to the GDPR, you have several rights in relation to our processing of information about you, which include:

  • Right of access: You have the right to access the information we process about you including receiving a copy hereof.
  • Right to rectification: You have the right to have incorrect information about yourself corrected.
  • Right to erasure: You have the right to have information deleted.
  • Right to restriction of processing: In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, in future we may only process the information – except for storage – with your consent, or for the purpose of establishing, exercising or defending legal claims, or to protect a person or important public interests.
  • Right to object: In certain cases, you have the right to object to our (lawful) processing of your personal data.
  • Right to dataportability: In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have this personal data transferred from one data controller to another without restrictions.

3.3.2
You can read more about your rights in the Danish Data Protection Agency’s guide on the rights of data subjects, which you can find on datatilsynet.dk.

3.3.3
Please note that your rights are not absolute and must necessarily be limited if it may conflict with our obligations to our clients to assert them.

3.3.4

If you want to exercise your rights, please contact us.

3.4 Complaints to the Danish Data Protection Agency

3.4.1
You have the right to lodge a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data. You will find the Danish Data Protection Agency’s contact information on datatilsynet.dk.