Privacy policy

Information about processing of personal data

Processing of personal data

NJORD Advokatpartnerselskab (‘NJORD’) processes personal data about you as a client, opponent, representative of an opponent, etc. as a part of our client and case management in connection with the business operations of our law firm, when you visit our website, subscribe to our newsletter or attend our events.

The conditions of our processing of your personal data and your personal rights in this connection are further described below in accordance with the rules of the General Date Protection Regulation (the ‘GDPR’).

Contact information

As part of the rules regarding business operations of a law firm and as adviser with a large extent of freedom of action within the framework of our tasks and the Code of Conduct for the Danish Bar and Law Society, NJORD is in many cases data controller of the processing of your personal data. This applies both in connection with advice, your visit to our website, when you subscribe to our newsletter, attend our events, etc.

If you have any questions about NJORD’s processing of your personal data or you wish to exercise your rights, you are always welcome to contact us:

NJORD Advokatpartnerselskab
Pilestræde 58
1112 Copenhagen K
Att.: Jesper-Max Larsen
Company Registration No.: 41 76 01 33

Telephone: +45 33 12 45 22
e-mail: privacy@njordlaw.com

Categories of personal data, purpose and governing law

As part of the administration of our client and case management, we are processing personal data about you. In all relationships with clients, we are processing information with a view to establishing a relationship with the client, client management and performance of the business operations of a law firm. Below is specified the personal data processed in this connection.

Client management

In order to administer, manage and cultivate the relationship with our clients, we process personal data about you as a client or a potential client. As part of our client management, the following types of information are processed. The information is processed without regard to the field in which you are receiving advice from NJORD.

  • Ordinary personal data. These include identification information and contact information about clients, owners of the client and/or contact persons, as well as representatives of the client. Furthermore, we process information about our relationship with the client, including correspondence, and information about accounts receivable and outstanding amounts. In certain cases, we collect credit information about clients.
  • The legal basis for the processing is Article 6(1)(b) of the GDPR, according to which personal data can be processed if necessary for the performance of a contract, in this case the task or the potential task. Furthermore, personal data can be processed if necessary for the purposes of NJORD’s legitimate interests, including the establishment and cultivation of a relationship with a client, see Article 6(1)(f) of the GDPR; just as there might be situations where we store your personal data even if we do not enter into a consultancy agreement.

Money laundering

In cases where NJORD provides assistance in advising on or performing transactions or opening a clients’ account on behalf of a client, there is a number of requirements in the anti-money laundering legislation that NJORD must meet. In order to meet these requirements for the prevention of money laundering and financing of terrorism, we process personal data about you.

  • Ordinary personal data. Including processing of information, such as name, Civil Registration No. (alternatively passport number or another national identification number), the information is compared with a reliable and independent source, e.g. the Danish central national register, digital signature or NemID, or copy of picture ID (e.g. passport, driver’s licence or the like), CVR number, owner and control structure, beneficial owners, alternatively the day-to-day management (must be authenticated by identity information).
  • The legal basis for the processing is Article 6(1)(c) of the GDPR, according to which personal data can be processed when necessary for compliance with a legal obligation. In exceptional cases, sensitive personal data can be processed, and such processing will be based on Article 9(2)(g) of the GDPR; just like information about criminal offences can be processed pursuant to Section 8(5) of the Danish Data Protection Act.

Case management

In connection with case management, NJORD processes various categories of data. The type of data processed depends on the nature and context of the case. See the below form.

Type of casePurposeInformationBasis of processing
Legal advice in the field of commercial law, including company law, M&A, purchase and sale of real property, lease, tax law and lawsuits, including criminal cases.NJORD processes personal data about you as, for example, business owner, beneficial owner, board member, employee, customer and supplier. These data are processed in order to advise our clients on matters pertaining to commercial law.

Ordinary information that may be processed:

• Identification information, including Civil Registration No.
• Contact information
• Copy of ID (health insurance card, passport, driver’s licence)
• Information about criminal offences
• Family matters
• Bank and payment information
• Financial matters
• Property records
• Contractual relationships
• Tax matters
• Staff matters
• Other relevant information available

Sensitive information:

Any relevant data concerning health, data revealing trade union membership, etc.

Ordinary information:

Basis of processing when processing is necessary for the performance of a contract (the task), compliance with a legal obligation, NJORD and the client’s legitimate interests in relation to conducting legal proceedings, advising and practising law, see Article 6(1)(b)(c) and (f) of the GDPR.

Sensitive information and Civil Registration No.:

As to any sensitive information, the legal basis for processing is Article 9(2)(f) of the GDPR, according to which sensitive personal data can be processed if necessary for the establishment, exercise or defence of legal claims.

As to Civil Registration Nos., the legal basis is either Section 11(2)(1) or (4) of the Danish Data Protection Act.

As to any criminal offences, the legal basis is Section 8(5) of the Danish Data Protection Act.

Debt collection

NJORD processes personal data about debtors and possible clients as part of collecting money owed by a debtor to either NJORD or NJORD’s client.

As a client, you can read more about which type of data NJORD processes about you under ‘client management’.

Ordinary information:

• Identification information
• Civil Registration No.
• Contact information
• Purchase data
• Family matters
• Financial matters
• Other relevant information available

Sensitive information:

Any relevant data concerning health, e.g. if non-payment is due to a work-related accident.

Ordinary information:

Basis of processing when processing is necessary for the performance of a contract (the task) and NJORD and the client’s legitimate interests in relation to conducting legal proceedings, advising and practising law, see Article 6(1)(b) and (f) of the GDPR.

Sensitive information and Civil Registration No.:

As to any sensitive information, the legal basis for processing is Article 9(2)(f) of the GDPR, according to which sensitive personal data can be processed for a legal claim to be established, exercised or defended.

As to Civil Registration Nos., the legal basis is Section 11(2)(1) of the Danish Data Protection Act.

Digital offencesNJORD processes personal data in order to identify any persons involved in the possible digital offences to be in a position to advise and process and in other ways assist the digitally offended person.

Clients:

  • Identification information, e.g. name, address, Civil Registration No, copy of health insurance card
  • Contact information, e.g. telephone number and e-mail address
  • Videos/photos
  • Relevant data concerning health, for example psychological diagnosis

Opponents:

  • Identification information
  • Police interrogation reports
  • Information about criminal offences
  • Videos/photos

Other parties, including the police:

  • Identification information
  • Contact information
  • Police records concerning the case

Ordinary information:

Basis of processing when processing is necessary for the performance of a contract (the task) and NJORD and the client’s legitimate interests in relation to conducting legal proceedings, advising and practising law, see Article 6(1)(b) and (f) of the GDPR.

Sensitive information and Civil Registration No.:

As to any sensitive information, the legal basis for processing is Article 9(2)(f) of the GDPR, according to which sensitive personal data can be processed if necessary for the establishment, exercise or defence of legal claims.

As to Civil Registration Nos., the legal basis is Section 11(2)(1) of the Danish Data Protection Act.

As to any criminal offences, the legal basis is Section 8(5) of the Danish Data Protection Act.

Bankruptcy and reconstructionNJORD processes personal data about e.g. the owners of the bankruptcy estate, board members, management, employees, customers, suppliers, etc., for the purpose of acting as trustee or reconstructor.
  • Identification information
  • Contact information
  • Information about family matters (marriage)
  • Information about position
  • Terms and conditions of employment
  • Pay and payment information
  • The debtor’s assets and liabilities
  • Any information about criminal offences, e.g. managerial responsibility
  • Other relevant information available

Ordinary information:

Basis of processing when processing is necessary for compliance with a legal obligation to which NJORD is subject as trustee or reconstructor, see Article 6(1)(c) of the GDPR.

Sensitive information and Civil Registration No.:

As to any sensitive information, the legal basis for processing is Article 9(2)(f) of the GDPR, according to which sensitive personal data can be processed if necessary for the establishment, exercise or defence of legal claims.

As to Civil Registration Nos., the legal basis is Section 11(2)(1) of the Danish Data Protection Act.

As to any criminal offences, the legal basis is Section 8(5) of the Danish Data Protec-tion Act.

Legal advice and case management within the private area, including administration of estates, wills and succession, family law, marriage contracts, purchase of real property, and lease.NJORD processes personal data as part of advising and conducting cases for private clients, including to be able to draw up legal documents, administer estates, assist clients in cases concerning purchase of real property and cases concerning lease, etc.

Ordinary information:

  • Identification information, including Civil Registration No.
  • Bank information
  • Financial information
  • Property records
  • Citizenship
  • Family matters and relatives
  • Information about assets and liabilities
  • Other relevant information available

Sensitive information:

Any data concerning health, if necessary for rendering advice.

Ordinary information:

Basis of processing when processing is necessary for the performance of a contract (the task) and NJORD and the client’s legitimate interests in relation to conducting legal proceedings, advising and practising law, see Article 6(1)(b)(c) and (f) of the GDPR.

Sensitive information and Civil Registration No.:

As to any sensitive information, the legal basis for processing is Article 9(2)(f) of the GDPR, according to which sensitive personal data can be processed if necessary for the establishment, exercise or defence of legal claims.

As to Civil Registration Nos., the legal basis is either Section 11(2)(1) or (4) of the Danish Data Protection Act.

As to any criminal offences, the legal basis is Section 8(5) of the Danish Data Protection Act.

File sharingNJORD processes personal data in order to assist our client in identifying persons, who have unlawfully shared/downloaded material protected by copyright, as well as conducting legal proceedings for the client.

Ordinary information:

  • Identification information, including Civil Registration No.
  • Contact information
  • Internet information, e.g. IP address
  • Any criminal offences
  • Any sensitive information revealed in films
  • Other relevant information available

Ordinary information:

Basis of processing when processing is necessary for the performance of a contract (the task) and NJORD and the client’s legitimate interests in relation to conducting legal proceedings, advising and practising law, see Article 6(1)(b) and (f) of the GDPR.

As to Civil Registration Nos., the legal basis is either Section 11(2)(1) or (4) of the Danish Data Protection Act.

As to any criminal offences, the legal basis is Section 8(5) of the Danish Data Protection Act.

Marketing

NJORD processes personal data in connection with marketing activities, including the provision of courses, events, etc., as well as sending out newsletters. Processing is necessary in order to provide services to interested parties.

  • In this context, ordinary personal data are processed, including name, contact information and possible interests or preference for topics, as well as language.
  • The legal basis for processing of personal data in connection with courses, events, sending out newsletters, etc. is NJORD’s legitimate interests in marketing its business, see Article 6(1)(f) of the GDPR.
  • NJORD sends out newsletters and other marketing material only if we have obtained your explicit consent. You can always withdraw your consent by contacting NJORD via the above contact information or follow the instructions on our website or at the bottom of our newsletters.

Business operations of a law firm

In connection with NJORD’s business operations as a law firm, we process personal data concerning our suppliers and business partners.

  • In this connection, ordinary personal data are processed, including name, place of work and contact information, as well as information about the relationship and correspondence.
  • The legal basis is NJORD’s legitimate interests in managing and practising law, see Article 6(1)(f) of the GDPR. In some cases, the legal basis is Article 6(1)(b) of the GDPR, according to which processing is necessary for the performance of a contract to which the data subject is a party.

Administration of foundations and associations

Basically, NJORD is data processor in connection with the administration of foundations, associations, companies, etc. on behalf of clients, but in some cases NJORD may be data controller of the data processed. In cases where NJORD is data controller, we process personal data in connection with the administration of private foundations, associations and companies, and associated board assignments, e.g. processing information about applicants to foundations and members of associations as well as other board members.

  • Ordinary personal data are processed in connection with the administration, including identification and contact information, documents concerning education, information concerning financial matters, Civil Registration No., etc.
  • In some cases, sensitive information in the form of data concerning health can be processed where necessary for the administration.
  • In cases where NJORD is data controller, the legal basis for processing of ordinary information is NJORD’s legitimate interests in practising law, as well as the legitimate interests of foundations, associations and companies in outsourcing the administration, see Article 6(1)(f) of the GDPR.
  • For the processing of Civil Registration Nos., the legal basis is Section 11(2)(1) or (4) of the Danish Data Protection Act, depending on the situation. The legal basis for any processing of sensitive information is Article 9(2)(f) of the GDPR, according to which sensitive personal data can be processed if necessary for the establishment, exercise or defence of legal claims, or consent, see Article 9(2)(a) of the GDPR. You can always withdraw your consent by contacting NJORD via the above contact information.

NJORD’s website

When you visit NJORD’s website, we collect and process information about you in connection with our use of cookies for marketing and statistical purposes, e.g. to optimize our website and target ads.

You can find an outline of the types of cookies used by NJORD and how to delete them, etc. in NJORD’s Cookie Policy.

  • Ordinary personal data are processed in the form of your IP address in connection with NJORD’s use of cookies. In addition, we process the following information about you in an aggregate form (i.e. non-personally identifiable): demography, including gender and age, interests, geography and information about your browser, device and service provider.
  • The legal basis is NJORD’s legitimate interests in generating statistics and, by this processs, analysing the use of our website, e.g. to optimize it, see Article 6(1)(f) of the GDPR.

Social media

NJORD is active on several social media, including LinkedIn, Facebook, and Instagram. When you interact with NJORD on these media, you are making information available to NJORD and the social media, e.g. when you respond to our postings, comment on or share them, just like we process information that you ‘like’ NJORD or follow us on the social media. In addition, ordinary information is processed about you in the form of, for example, identification information, contact information, your profile photo, etc. Furthermore, NJORD will in some cases share, for example, a piece of news in which your identification information (name) is included. In these cases, we always request your prior consent. You can always withdraw your consent by contacting NJORD via the above contact information. The purpose of the processing is branding and marketing of NJORD.

  • The legal basis for the processing is NJORD’s legitimate interests in marketing us as a law firm on the social media and knowledge sharing in the form of sharing of articles, etc., see Article 6(1)(f) of the GDPR.
  • When using Facebook, Facebook makes use of information collected from NJORD’s Facebook page, and NJORD and Facebook can be considered as being joint data controllers of the processing of data. You can read more about joint data control with Facebook here.
  • Information on the social media is deleted when NJORD deletes a posting or when you delete your comment, share, reaction or indication that you ‘like’ or follow NJORD.

Sources of personal data

In connection with client management, case management and legal advice, NJORD primarily obtains information from the client but may also obtain information from publicly available sources, public authorities and opponents.

Information for the prevention of money laundering and financing of terrorism is generally obtained from the client but may also be obtained from your employer (our client) and public registers.

We obtain information in connection with marketing from you as a data subject, and in connection with various events and courses, the information may be collected from the company where you are employed.

Please note that when you visit our website, you automatically submit information about your activities, usage, etc. on our website to NJORD and third parties. Read more in our Cookie Policy.

In connection with the business operations of a law firm, information is likewise obtained from the data subject (supplier, business partner, etc.), or from the company where the person is employed.

> Read more in our Cookie Policy. 

Disclosure and transfer of personal data

Your personal data are disclosed only in connection with case management and legal advice, and only when NJORD is legally obliged to do so, or when you have given your consent. You can always withdraw your consent by contacting NJORD via the above contact information. Data may be disclosed to the following parties:

  • The parties to the case
  • Public authorities, including the Danish courts, the bailiff’s court, the probate court, the registration court, SKAT [the Danish tax authorities], the prosecuting authority, the Danish Rent Tribunal, the Danish Ministry of Justice, etc.
  • Insurance companies and banks
  • In connection with auditing
  • The Danish Bar and Law Society (including the Disciplinary Board and the General Council)
  • The Danish State Prosecutor for Serious Economic and International Crime (SØIK)

In addition, NJORD discloses your personal data to data processors, who are assisting NJORD in our business operations.

In principle, NJORD does not transfer your information to countries outside the EU/EEA. However, transfer may take place if you or a party to the case is located in a so-called third country. In this case, the legal basis is Article 49(1)(e) of the GDPR, according to which transfer may take place if necessary for the establishment, exercise or defence of legal claims, just like transfer may take place if you have given your consent. You can always withdraw your consent by contacting NJORD via the above contact information.

In certain cases, NJORD also uses data processors located outside the EU/EEA. Below is indicated in what situation transfer takes place, the data processors in question, and the basis of transfer.

In what situationData processorCountryBasis of transfer
 Publishing newslettersMailChimpUSAEU Commission standard contract provisions
Administration of participation in events and webinarEventbriteUSAEU Commission standard contract provisions
CookiesGoogle LLCUSAEU Commission standard contract provisions

 

At your request, NJORD can inform you where you can obtain a copy of the basis of transfer in question.

Cooperating lawyers

NJORD are joint data controllers with some of our lawyers, as they are practising law under the auspices of NJORD. Pursuant to Article 26 of the GDPR, joint data control exists when two or more data controllers jointly determine the purposes and means of processing of personal data. Agreements on joint data responsibility have been entered into with the lawyers in question.

NJORD is, according to the agreements entered into, responsible for making systems available and the security of such systems, just like NJORD is responsible for the administration of compliance with the money laundering legislation, including the whistle-blower system, and the overall compliance with the data protection legislation. The lawyers are responsible for case managing and practising law as well as compliance with money laundering legislation by means of the tools provided by NJORD. In addition, the lawyers are responsible for compliance with the obligation to provide information to their clients, etc. and to have a legal basis for the processing of personal data.

In respect to the rights of the data subjects, NJORD is responsible for the right of access, right to erasure, obligation to provide information in connection with rectification, erasure or restriction, as well as right to data portability. Thus, the lawyers are responsible for providing information, rectification, restriction of processing and objection to processing. Whatever right you want to exercise, you can always contact NJORD via the above contact information, and your request will be passed on to the lawyers, where relevant.

Confidentiality

All NJORD’s employees are subject to strict confidentiality, including the processing of personal data. Furthermore, all NJORD’s lawyers are subject to the statutory duty of confidentiality for lawyers pursuant to Section 126 of the Danish Administration of Justice Act.

Erasure

NJORD processes your information for as long as it is necessary to fulfil the purpose of the processing.

Client management, case management and money laundering

In connection with client management, case management and legal advice, NJORD generally stores your information for five years from the end of the year in which the case was closed, unless otherwise required according to legislation or in case of original documents, such as wills, contracts, etc.

If no case has been created and we have registered information about you only in connection with creating a possible relationship, we will store your information for up to six months after ending the correspondence.

Information for money laundering control purposes, etc. is stored for five years after the case is closed pursuant to the money laundering legislation.

Business operations of a law firm

Information about you as a supplier or cooperating partner is stored for up to five years after the end of the year during which the delivery took place or the cooperation was terminated.

Marketing and website

NJORD stores your information for up to two years after you have participated in an event or unsubscribed to our newsletter.

> For deletion of cookies, see NJORD’s Cookie Policy.

Rights

As a data subject, you have certain rights according to the GDPR when your personal data are being processed. Below is a specification of your rights when NJORD processes personal data about you.

If you want to exercise one or more of your rights as a data subject, you must contact NJORD in writing via the e-mail address indicated above. Please state your full name and your e-mail address. You may be requested to provide further identification.

In general, you can exercise your rights at any time. However, exercising your rights must not affect the rights and freedoms of others and in such an event, NJORD may therefore refuse to comply with your rights wholly or in part.

Right of access

As a data subject, you have the right to obtain access to your personal data being processed by NJORD. By contacting NJORD, you can obtain information about the categories of personal data that we as data controller are processing about you, the purpose of the processing, the recipients to whom the personal data have been disclosed, etc.

If you request further copies of the personal data undergoing processing, NJORD may charge a fee. If the inquiry is manifestly unfounded or excessive, we may either charge a fee for providing the information or reject your request.

Right to rectification

You have the right to obtain rectification of your personal data if these are inaccurate or misleading. If NJORD does not agree that the data are inaccurate, however, we are not obliged to correct them, but to add that you as a data subject do not think that the data are correct.

Right to erasure

In certain cases, you have the right to obtain erasure of your personal data if NJORD no longer has a purpose in processing your personal data or you object to the processing of your personal data for the purposes of direct marketing or pursuant to Article 6(1)(f) of the GDPR. If NJORD can demonstrate overriding legitimate grounds for the processing that override your interests, rights and freedoms, or the processing is necessary for a legal claim to be established, exercised or defended, however, NJORD is not obliged to erase your personal data.

Right to restriction of processing

In certain cases, you have the right to obtain restriction of processing of your personal data, e.g. if you contest the accuracy of the personal data collected about you or if you have objected to the processing of your personal data based on legitimate interests pursuant to Article 6(1)(f) of the GDPR. In such an event, NJORD will only store your personal data until your objection has been considered. If NJORD lifts the restriction of our processing of your personal data, you will be notified in advance.

Right to object

On grounds relating to your particular situation, you have the right to object to NJORD’s processing of your personal data, if the processing is based on legitimate interests, see Article 6(1)(f) of the GDPR. If you object to NJORD’s processing of your personal data, we are no longer entitled to process your personal data, unless we can demonstrate overriding legitimate grounds for the continued processing that override your interests, rights or freedoms, or the processing is necessary for a legal claim to be established, exercised or defended.

You always have the right to object to the processing of your personal data if the processing takes place for the purposes of direct marketing.

Right to data portability

In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have those data transmitted from one data controller to another data controller. This right applies only when the processing of your personal data is based on a contract pursuant to Article 6(1)(b) of the GDPR or your consent, see Article 6(1)(a) of the GDPR.

Right not to be subject to a decision based solely on automated processing, including profiling

Your personal data are not subject to decisions based solely on automated processing, including profiling.

Right to withdraw your consent

To the extent that we process your personal data based on your consent, you can always withdraw your consent to any future processing. You can withdraw your consent by sending an e-mail to privacy@njordlaw.com.

Lodge a complaint with a supervisory authority

As a data subject, you can lodge a complaint with NJORD as data controller if you are not satisfied with the way that we process your personal data. You can find our contact information above.

You can always lodge a complaint with the Danish Data Protection Agency on their website https://www.datatilsynet.dk/, by telephone: +45 33 19 32 00, or by e-mail dt@datatilsynet.dk.

Changes to our Personal Data Policy

 NJORD’s Personal Data Policy will be updated on an ongoing basis so that it is always up-to-date. Below you can always find the date of the last updated version of the Personal Data Policy.

Version 1.2, May 2019.