Personal Data Policy
Nielsen Nørager’s procedures regarding personal data
Nielsen Nørager receives and processes personal data as part of our case handling. As part of our personal data policy we provide information about our processing of personal data in connection with case handling as well as the basis for and the purpose of such processing.
There may be several reasons why we have registered personal data about you, for instance that you are a client with us, that you are an opposing party to one of our clients, that you are a witness in court proceedings conducted by Nielsen Nørager or because your personal data is included in one of our files for other reasons.
As a data controller we have registered and process personal data about you electronically, which implies that according to the General Data Protection Regulation (GDPR) and the Danish Data Protection Act we shall provide you with certain information, including inter alia, that we process and how we process your personal data. Such information appears from the sections below. In that connection we would like to emphasize that we only process personal data – including personal data about you – to the extent that it is reasoned, proportional, and necessary to process this data.
Our processing of your personal data
We process personal data about you as part of the operation of our business. The type of registered personal information about you depends on what relations you have to us as a firm. In general, the personal data will be ordinary (insensitive) information such as your name, address and other customary identification data. In more rare cases we may also process sensitive personal data, including information on trade union membership and criminal records.
All information has been registered for the purpose of our case handling, and the information may have been provided by either yourself or by others.
The basis for our registration and processing of information is the Administration of Justice Act with appurtenant rules and regulation, the GDPR and Section 6, (1) and Section 7 of the Danish Data Protection Act. The basis for handling of ordinary personal data may be an engagement letter or another contractual arrangement with our firm that you as a client have entered into relating to legal assistance to be provided by us.
The processing authority can also be derived from a legal obligation that we are subject to. By way of example, the Administration of Justice Act and the ethical rules applicable to lawyers as adopted by the Danish Bar and Law Society (in Danish: Advokatsamfundet) provides that in assignments accepted by us, we may be obliged to contribute to appropriate disclosure of facts etc. Authority for us to process personal data may also follow from other legislation than the GDPR and the Data Protection Act, see e.g. Sections 10-11 of the Anti-Money Laundering Act. The basis of handling sensitive personal information may also be necessary for determining, submitting or defending a legal claim, cf. Section 9 (2) (f) of the General Data Protection Regulation.
In the course of our case handling it may be necessary to pass on your personal data to others, for instance the courts, other lawyers or public authorities. As a law firm we shall always handle this subject to the limits of the GDPR, the data protection law and other rules, including the confidentiality restrictions applicable to lawyers.
Legitimate interests to be pursued during the case handling
Our handling of your personal data will as a general rule take place under the authority of Section 6, (1) (b) and/or (c) of the Act, but can under the circumstances also take place on basis of the rule of balancing of interests found in Section 6 (1) (f) of the GDPR. This is due to our handling of your personal data being of significant importance for the proper performance of our responsibilities as lawyers, which is assumed under the provisions relating to the operation of law firms in the Administration of Justice Act.
Storage of your personal data
In general, your personal data is deleted 8 years after the termination of the assignment, in which the information is included. However, we may deviate from this general rule if as a result of an individual assessment, it is considered that there are no longer any reasons and required compelling reasons for storing the information. Similarly, we may decide to postpone the time for deleting information if as a result of an individual assessment, it is considered that there are grounds for storing information for longer than 8 years.
The right to withdraw a consent
If our handling of your personal data is based on your consent, you will have the right to withdraw your consent at any time. This can be done by contacting Nielsen Nørager.
Should you choose to withdraw your consent, your withdrawal will not affect the legitimacy of our handling of your personal data in the period from the time when your consent was originally given and until the time of the withdrawal. Consequently, if you decide to withdraw your consent, the withdrawal will only be effective from the time of withdrawal and onwards.
According to the GDPR you enjoy several rights in relation to our processing of personal information about you. Should you wish to invoke your rights, please contact us.
- Right to review data (right of access)
You have a right of access to the information that we handle about you as well as certain other information.
- Right to correct
You have a right to have corrected any incorrect information about you. You are also entitled to require that additional information is recorded if this serves to make your personal data more complete and/or updated.
- Right to delete
In certain situations you may be entitled to demand that information about you is deleted prior to the time when we – pursuant to our general deletion policy – would otherwise delete your information.
- Right to limit processing
In some situations you have a right to limit our processing of your personal data. If this is the case, we may from this time on only process your data – except for storage – with your consent or in order to determine, submit or defend a legal claim or in order to protect a person or substantial public interests.
- Right to object
You are entitled to object to our otherwise legitimate processing of your personal data. However, this only applies if our processing rests upon the authority provided in Section 6 (1) (e) (f) of the GDPR. You may also object to our processing of your personal information for the purpose of direct marketing activities conducted by us.
- Right to transmit information (data portability)
You may in some instances enjoy a right to receive your personal data in a structured, commonly applied and machine-readable format as well as to have this personal information transferred – without impediment – from one data controller to another.
You can read more about your rights in the Guidelines of the Danish Data Protection Agency which are available at www.datatilsynet.dk.
Complaint to the Danish Data Protection Agency
You are entitled to complain to the Danish Data Protection Agency about collection and registration etc. of information about you:
Carl Jacobsens Vej 35
+45 33 19 32 00
You can also contact us in our capacity as data controller:
Nielsen Nørager Law Firm LLP
DK-1459 Copenhagen K
+45 33 11 45 45
You may also write directly to the lawyer with whom you have been in contact.