1 Who are we?

CLEMENS Advokatpartnerselskab
Central Business Registration No. 32676561
Skt. Clemens Straede 7
DK-8000 Aarhus C

(hereafter referred to as “we”, “us” or “our”) is the data controller responsible for processing of your personal data.

If you have any questions about our processing of your personal data, you are always free to contact us at databeskyttelse@clemenslaw.dk.

2 Which personal data do we process and why?

2.1 Clients

In order to provide legal assistance to you or your company, we collect and process i.a. the following ordinary personal data:

  • Name
  • Telephone number
  • Address, email or other contact information

Depending on the nature of the case, it may be necessary to obtain additional information about you. This could for example be:

  • Confidential information, including, for example, Danish civil registration number (CPR), information on wealth, tax or family matters
  • Sensitive personal data, including e.g. health data
  • Information on criminal convictions and offences

You will always be informed when we collect such additional information about you.

If we obtain data that requires your consent, we request your consent at the time of collection of such data.

2.2 Collection and storage of identification related to anti-money laundering

If our collaboration is covered by the Danish Anti-Money Laundering Act, we process the following personal data about you to comply with our legal obligations under the said act:

  • Danish civil registration number (CPR)
  • Documentation of identity (passport/driver’s license copies)

2.3 Candidates

If you have sent us an application, we process the following personal data about you: 1) personal data in your application material 2) personal data that we may collect from public online media, including for example LinkedIn, Facebook etc. and 3) personal data we may collect from references.

We only collect ordinary personal data about you.

Depending on the type of data you have provided in your application material, we may also process personal data about you within the below categories:

  • Sensitive personal data
  • Information on criminal convictions and offences
  • Confidential personal data, including Danish civil registration number (CPR)

2.4 Recipients of newsletter

If you’ve subscribed to our newsletters, we process the following personal data about you in order for us to send you our newsletters:

  1. name
  2. email address.

2.5 Other individuals

If you are a counterparty in one of our cases, we process the personal data which appears from and is necessary for handling the case. This will typically be information about your name and contact information but may also be Danish civil registration number (CPR) or other categories of personal data.

If you have attended a seminar, course or similar with us, we process the personal data necessary to register and, if necessary, to prepare a course certificate, including e.g. your name, contact information and information about your employer.

When you visit our website, we use cookies if you consent to this. Learn more about this in our cookie policy.

3 What is the legal basis for our processing of personal data?

3.1 Clients

When we provide legal assistance to you, we process your personal data because it is necessary to provide our services to you, cf. article 6(1)(b) of the GDPR, or because the processing is necessary to pursue legitimate interests, cf. article 6(1)(f) of the GDPR.

3.2 Collection and storage of identification related to anti-money laundering

If we process the personal data, which appears from your passport/driver’s license, including your Danish civil registration number (CPR) as a result of our obligations under the Danish Anti-Money Laundering Act, this processing takes place because it follows from applicable legislation, cf. section 11(2) of the Danish Data Protection Act and/or to comply with our legal obligations under the Danish Anti-Money Laundering Act, cf. article 6(1)(c) of the GDPR.

3.3 Candidates

When we receive your application, we process your personal data, because it is necessary for you as well as CLEMENS to pursue a legitimate interest, cf. article 6(1)(f) of the GDPR.

To the extent that we process other categories of personal data, because you have provided this information in your application material on your own initiative, your submission of this information is considered as consent to our processing of the data during the recruitment process (invited applications), or until we have assessed whether or not we intend to save your application for a period of time (uninvited applications).

If we request to obtain references about you in connection with a specific recruitment process, we will request your consent before contacting any references who may have been provided in the application material.

If we request to save your application for a certain period of time, we will request your explicit consent to do so.

3.4 Recipients of newsletter

When you subscribe to our newsletters, we process your personal data based on your consent to direct marketing, cf. article 6(1)(a) of GDPR and the Danish Marketing Practices Act article 10.

You can always retract you consent by contacting us.

3.5 Other individuals

If you are a counterparty in one of our cases, we process your personal data because it is necessary to pursue legitimate interests, cf. article 6(1)(f) of the GDPR, or because the processing is necessary for a legal claim to be established, asserted or defended, cf. article 9(2)(f) of the GDPR.

If you have attended a course or similar with us, we process your personal data, because it is necessary to pursue legitimate interests, cf. article 6(1)(f) of the GDPR.

When you visit our website, we process your personal data based on your consent to cookies, cf. article 6(1)(a) of the GDPR.

4 To whom is your personal data disclosed?

We only disclose your personal data when absolutely necessary to provide services to our clients, or if it follows from a legal obligation.

When it is necessary to disclose your personal data, we work hard to ensure that all recipients comply with applicable personal data legislation.

In connection with day-to-day operations and in order to provide the best service to our clients, we may disclose your personal data to the following general categories of suppliers, business partners and data processors:

• Operations and software suppliers and other data processors
• Counterparties in court cases or any out of court disputes
• Professional third parties, including real estate agents, banks etc.
• Credit rating agencies
• Public authorities
• Other subsuppliers and business partners

In connection with events, etc., we may in some cases take candid photos for social media (LinkedIn). In this regard, we make great efforts to ensure that the individuals in the pictures do not feel exposed or violated, and we ask for permission to take the pictures in the specific situations. If we publish such pictures of you, you have the right to object to this, and in such cases, we will always do what we can to remove pictures/posts. If you wish to object to our processing of your personal data, please contact us at databeskyttelse@clemenslaw.dk.

5 When do we delete/depersonalize your personal data?

We store your personal data for as long as necessary for the said purposes.

As a general rule, we store your personal data for 10 years after termination of a case and/or client relationship, unless we continue to have a legitimate purpose for storing the data.
We store personal data collected to comply with our legal obligations under the Danish Anti-Money Laundering Act for five (5) years after termination of the client relationship, unless we continue to have a legitimate purpose for storing the data.

We store your application material until the end of the recruitment period (invited applications). In some cases, we ask for your consent to store your application for a period of 6-12 months (invited and uninvited applications). If you give your consent in such cases, we will store your application for the period to which you have consented.

6 Security measures

Your personal data security is a high priority to us, and our focus is on processing your personal data in compliance with applicable personal data protection law.

In order to best protect your personal data, we continuously assess the risks that may be associated with our processing of your personal data. In particular, we pay attention to protecting your personal data against discrimination, identity theft, financial loss, loss of reputation and data confidentiality.

We have adopted internal information security rules, which contain instructions and measures to protect your personal data from being destroyed, lost/altered and against any unauthorized disclosure or unintended access.

To avoid loss of personal data, we continuously backup our systems, and we make use of encryption or other security measures where necessary.

Finally, we train our employees in handling personal data.

In the event of a data breach that involves high risk to your rights, we will notify you of the breach as soon as possible under the given circumstances.

7 Your rights

The right of access into your personal data
You are entitled to access to the personal data, we process about you.

The right of rectification
You are entitled to rectification of any incorrect personal data about you.

The right of deletion
You have the right to have your personal data deleted in special cases.

The right to restrict processing
You have the right to request that processing of your personal data be limited to storage in special cases.

The right to object
In certain cases, you are entitled to object to our processing of your personal data. This applies for example when we process your personal data according to article 6(1)(f) of the General Data Protection Regulation.

The right to have personal data transmitted (data portability)
In certain cases, you are entitled to receive your personal data in a structured, commonly used and machinereadable format and to have such personal data readily transferred from one data controller to another.

If you wish to make use of your rights, you may contact us at databeskyttelse@clemenslaw.dk.

Learn more about your rights in the Danish Data Protection Agency’s guidelines at www.datatilsynet.dk.

8 Complaint to the Danish Data Protection Agency

You have the right to file a complaint to the Danish Data Protection Agency, if you are dissatisfied with the way in which we process your personal data. However, we obviously hope that you will reach out to us beforehand to find a solution.

The Danish Data Protection Agency’s contact information and information on complaints can be found at www.datatilsynet.dk.

9 Subject to change

We reserve the right to amend this privacy policy. We recommend that you continually monitor and update yourself with our privacy policy.