1 Data controller

The legal entity responsible for the processing of your personal data is:

Plesner Advokatpartnerselskab
Company Registration (CVR) No: 38 47 79 35
Amerika Plads 37
2100 Copenhagen Ø, Denmark
plesner@plesner.com
Tel: +45 33 12 11 33

2 Contact us

If you have any questions concerning our processing of personal data, please contact us by telephone +45 3312 1133 or by email plesner@plesner.com.

3 Description of processing

We describe the purposes for which we process personal data below.

3.1 Provision of our services
In connection with our provision of services to a client we always create a case file in our document management system. One or several parties who are involved in the matter in different ways will be named as contacts. If you are such a person, we will process personal data about you, regardless of whether you are part of the client's organisation or are associated with the counterparty. 

We will use the personal data to communicate with you, handle the case and to make any registrations in authorities' electronic service systems.

We will process basic personal data about you, including contact details such as name, title or position, email address, telephone, address and your place of employment. If we are to make registrations in public authorities' databases (virk.dk, tinglysning.dk or minretsag.dk) we may, in order to be able to identify you, have to process some of your basic personal data, including your personal identification number.

In connection with insurance matters relating to individuals, we may sometimes process sensitive personal data, for example your health data. 

Personal data are provided either by our client, yourself or a third person associated with the party you represent.

We will process your personal data based on Article 6(1)(b) of the General Data Protection Regulation if you as a client is a person , as processing is necessary for the entering into or performance of a contract with our client about the provision of legal services. If you are a counterparty, data will processed based on Article 6(1)(f) on the balancing of legitimate interests where the legitimate interest is enforcement and defence of the legal claim. In case of sensitive personal data or personal identification numbers, processing will be carried out based on Article 9(2)(f) on enforcement or defence of legal claims. 

If it becomes necessary to make official registrations, we may share your personal data with certain public authorities through the data registration portals of such authorities, i.e. the Danish Business Authority (virk.dk), the Danish Registration Court (tinglysning.dk) and the Courts of Denmark (minretsag.dk).

We will keep your personal data as long as they are necessary for the purpose or purposes for which they are being processed. As a general rule, data will be kept for 15 years following the conclusion of a case but under special circumstances such periods may be shorter or longer, including for the purpose of complying with legal requirements for the erasure or keeping of data. 

3.2 Implementation of a money laundering procedure and the opening of client accounts with banks
Under the Danish Act on Measures to Prevent Money Laundering and Financing of Terrorism, we are to register the client's beneficial owners clearly in cases concerning the transaction of values. This also applies when we are to open a client account with a bank on behalf of a client. Consequently, if you or your undertaking is a client with us, you may be asked to provide documentation proving who you are or to assist in identifying your employer's beneficial owners.

In order to be able to carry out and complete anti-money laundering control, we need some basic personal data, including name, address, place of birth and nationality. We will need to have such data confirmed, for example in the form of a scanned copy of a driver's license, a health insurance card and/or a birth certificate. When the beneficial owners are not Danish or do not have permanent residence in Denmark, it may be necessary to collect additional data.

The sources for the collection of the data will always be the persons in question.
We will process such personal data based on Article 6(1)(c) of the General Data Protection Regulation on compliance with legal obligations. The legal obligation appears from the Danish Act on Measures to Prevent Money Laundering and Financing of Terrorism. Under special circumstances, sensitive personal data may also be processed. Such processing will be carried out based on Article 9(2)(g).

In situations where it is necessary to open a client account, we will share the personal data collected with the bank in question, which in such case will be subject to the same legislation as we are.

If a public authority, for example the Danish Financial Supervisory Authority or the Danish Public Prosecutor for Serious Economic and International Crime, take an interest in certain transactions, we are, under the Danish Act on Measures to Prevent Money Laundering and Financing of Terrorism, obliged to disclose the data to the authorities in question.

We will keep your personal data as long as they are necessary. As laid down in the Danish Act on Measures to Prevent Money Laundering and Financing of Terrorism, we will not keep your data for more than five years after the expiry of the business relationship. 

We are obliged to ensure that the data we collect, and which are still relevant for the transaction, are updated on a regular basis, and in such circumstances we will, with intervals of no more than 36 months, contact you for the purpose of updating such data.

3.3 Courses and seminars
When you attend one of our courses or seminars, we will use your personal data to keep in touch with you before, during and after the event in question.

If you are employed by one of our clients and you have registered for a course or seminar, we will keep your personal data as long as we have a business relationship with the client in question. 

For the purposes of a course or a seminar we will only process basic personal data, including name, title or position, email address, telephone and your place of employment. 

We obtain the personal data we process from yourself or from your employer, if your employer has registered you for a course of a seminar.

If you are a party to the contract yourself, we will process your personal data as described above based on Article 6(1)(b), as the data are necessary for performing a contract to which you are a party. 

The personal data may also be processed based on Article 6(1)(f) (the rule on balancing of legitimate interests) where the legitimate interest is to administer seminars and send out evaluation forms etc.

We will keep your personal data as long as they are necessary for the purposes of the course or seminar in question and for the evaluation of such course or seminar. A course may be one of a number of related courses or networking activities described in advance, and in such situations we will keep your personal data until the entire process or networking activities have been completed and evaluated. If you are employed by one of our clients, we will keep your data as long as we have a business relationship with the client in question. In case of an event that is subject to an attendance fee, we will keep invoicing data during the relevant financial year plus five years, as laid down in the Danish Bookkeeping Act.   

3.4 Administration of foundations and associations
We provide secretariat assistance to a number of foundations and association. We maintain and update lists of members, send out invitations and hold meetings, collect membership fees and administer applications for grants. 

In order to be able perform secretariat assistance we will process basic personal data in the form of names, titles or positions, email addresses and places of employment of the members of associations. We will also process the personal identification numbers and account numbers of the members holding salaried positions in either a foundation or an association. If you have applied for a grant we process basic personal data about you, including name, title or position, email address and place of employment. If, as a result of your application for a grant, you are to receive funds from a foundation, we will also process your personal identification number and your account number.

We will obtain the data we process from you. 

As described above, we will process your personal data in connection with applications for grants based on the rule on balancing of legitimate interests (Article 6(1)(f)). The legitimate interests pursued are the evaluation of the applications for grants received and the administration of the disbursement of such grants. The legal basis for our processing of your personal identification number is section 11(2)(i) of the Danish Data Protection Act (pursuant to law) as we are to report the disbursements to the Danish Customs and Tax Administration (SKAT).

As described above, we process your personal data in connection with the provision of other secretariat assistance to foundations and associations based on the rule on balancing of legitimate interests (Article 6(1)(f)). The legitimate interest pursued is our provision of secretariat assistance to a foundation or association. Our legal basis for processing of your personal identification number is section 11(2)(i) of the Danish Data Protection Act (pursuant to law) as we are required to report any disbursements of grants or salaries to the Danish Customs and Tax Administration (SKAT).

We will not disclose your personal data to third parties. The secretariat of an association or a foundation may, however, be transferred to another administrator, typically another law firm. In such a situation your personal data will be transferred with the secretariat to the new administrator.

We will keep your personal data as long as they are necessary. In relation to an association it means that such a term will correspond to the term of your membership of the association in question. We will keep the personal data relating to applicants for grants and members having salaried positions with associations or foundations for at least five years from expiry of the financial year in order to comply with the legal obligations arising from the Danish Bookkeeping Act and requirements for reporting to the Danish Customs and Tax Administration (SKAT). 

3.5 Marketing
We will use your personal data for the purposes of marketing, including for the purposes of being able to target communication specifically to you. Targeted communication includes newsletters, including Plesner Insight.

For this end we will only use basic personal data, including name, title or position, email address, telephone and your place of employment. We will also register the language in which you wish to receive such material.

The personal data we use are provided by you or are collected from publicly accessible sources, for example your LinkedIn profile. The information may also be obtained through your use of our website.

The legal basis for our processing of the data is the rule on balancing of legitimate interests (Article 6(1)(f)).  The legitimate interests pursued are our interest in carrying out marketing activities and our interest in targeting the material we send out. We will not disclose your personal data to third parties.

If you have registered for one or several of our newsletters, we will keep your personal data for as long as you wish to receive material from us and for two succeeding years. If we have collected publicly accessible information about you for the purpose of being able to carry out marketing activities, we will keep such data for as long as the relevant activity is ongoing and for two successive years.

3.6 Use of our website
When you use our website, cookies are used to collect personal data about your behaviour. This includes various social media plugins, which makes it easier for you to share content from Plesner's website on Facebook, LinkedIn etc. Plesner and the provider of such third party cookies act as joint data controllers. You may read more about this and locate a link to the privacy policies of such third party providers in the cookie overview, which may be accessed through Plesner's cookie policy.

We process your personal data in connection with your use of our website as described above and as further described in the cookie overview, which may be accessed through Plesner's cookie policy, based on Article 6(1)(f) of the General Data Protection Regulation, where the legitimate interest is to provide you an interesting website that works optimally.

You may read more about the use of cookies in Plesner's cookie policy. You may withdraw or change your consent by rejecting cookies in the cookie overview or by blocking cookies in your web browser. 

4 Recipients

We will treat the data as confidential and we will generally not disclose the data to third parties. Data may, however, be disclosed to specific clients, counterparties, authorities and/or courts.

The data will not be transferred to countries outside the EEC/EEA unless such transfer is made to a specific client, counterparty, court or the like. In that case, such transfers will made based on Article 49(1)(b)-(e) of the General Data Protection Regulation.

The data may be passed on to external suppliers, including any IT service providers that are assisting Plesner. 

5 Mandatory information

If we are to make registrations on your behalf in public databases such as virk.dk, tinglysning.dk or minretssag.dk we must be able to uniquely identify you to the relevant authority. In order to provide our services to you we will therefore often need your personal identification number.

If we are to supply a service to you that is subject to the Danish Act on Measures to Prevent Money Laundering and Financing of Terrorism or if we are to open a bank account on your behalf, it is necessary for us to have copies of documents that uniquely identify you, for example a driver's license, a passport or a birth certificate. 

If we are to disburse payments to you, for example a grant, we must be in possession of your personal identification number and your bank account number. The same applies if you have a salaried position with one of the foundations and associations we administer.

6 Your rights

You have the following rights:

• (a) You are entitled to request access to, rectification or erasure of your personal data.
• (b) You are also entitled to oppose the processing of your personal data and to request restriction of the processing of your personal data.
• (c) You have in particular an unconditional right to oppose the processing of your personal data for direct marketing purposes.
• (d) If the processing of your personal data is based on your consent, you are entitled to revoke such consent at any time. Revocation of your consent will not affect the lawfulness of the processing carried out prior to your revocation of consent.
• (e) You are entitled to receive personal data which you have provided to us in a structured, commonly used and machine-readable format (data portability
• (f) You can always lodge a complaint with a data protection authority, for example the Danish Data Protection Agency.

You can exercise your rights by contacting Plesner by email plesner@plesner.com or by telephone +45 3312 1133

Such rights may be subject to conditions or restrictions. Accordingly, there is no certainty that you will be entitled to for example data portability in the specific situation; it will depend on the circumstances of the processing.

Last updated: 6 July 2018