PRIVACY POLICY
Information about processing of personal data
Processing of personal data
NJORD Advokatpartnerselskab (“NJORD”) processes personal data about you as a client, counterparty, representative of a counterparty, etc., as part of, among other things, our client and case management in connection with the operation of our law firm, when you visit our website, subscribe to our newsletter, or participate in our events.
The terms governing our processing of your personal data and your rights in that regard are described in further detail in this privacy notice, in accordance with the rules set out in the General Data Protection Regulation (“GDPR”).
Contact information
By virtue of the rules applicable to the operation of a law firm, and as an adviser with broad discretion within the scope of our mandate and the ethical rules governing attorneys, NJORD is in many cases the data controller for the processing of your personal data. This applies both in connection with legal advice, your visit to our website, when you submit an inquiry via our contact form, when you subscribe to our newsletter, participate in our events, or similar activities.
If you have any questions regarding NJORD’s processing of your personal data or wish to exercise your rights, you are always welcome to contact us using the contact details provided below:
NJORD Advokatpartnerselskab
Pilestræde 58
1112 Copenhagen K
Att.: Jesper-Max Larsen
Company Registration No.: 34 87 78 07
Telephone: +45 33 12 45 22
e-mail: privacy@njordlaw.com
Categories of personal data, purpose and governing law
As part of the administration of our client management and case handling, we process a range of personal data about you. In all client relationships, we process information for the purpose of establishing client relationships, client management, and the performance of legal services. Below, we describe which categories of personal data are processed for these purposes.
Client management
To be able to administer, manage, and maintain our relationship with clients, we process various types of personal data about you as a client or potential client. The following categories of information may be processed as part of our client management. The data is processed regardless of the legal area in which you receive advice from NJORD.
Ordinary personal data. This includes identification details and contact information relating to clients, the client's owners and/or contact persons, as well as representatives of the client. We also process information about our relationship with the client, including correspondence, and information regarding receivables and outstanding balances. In certain cases, we may obtain credit information about clients
The legal basis for the processing is Article 6(1)(b) of the GDPR, which allows personal data to be processed when necessary for the performance of a contract, in this case, the engagement or potential engagement. Additionally, the data may be processed based on NJORD’s legitimate interests, including the establishment and maintenance of the client relationship, pursuant to Article 6(1)(f) of the GDPR. There may also be situations where we retain your data even if no engagement agreement is ultimately entered.
If clients receive payments into NJORD’s Client Trust Account, NJORD must obtain valid identification information for private individuals and an extract from the Danish Business Register (CVR) for legal entities, which must be reported to the financial institution.
Money laundering
In matters where NJORD provides assistance in advising on or carrying out transactions or opening a client account on behalf of a client, the anti-money laundering legislation imposes various obligations that NJORD must fulfil. To comply with these requirements aimed at preventing money laundering and terrorist financing, we process certain personal data about you.
Ordinary personal data. This may include information such as name, personal identification number (CPR) (alternatively passport number or other national identification number). Such information is verified against a reliable and independent source, e.g., the Danish Civil Registration Register (CPR), digital signature or NemID/MitID, or a copy of photographic ID (e.g., passport, driver’s licence), CVR number, ownership and control structure, beneficial owners, or alternatively the executive management (which must be identified with appropriate identification documents).
The legal basis for the processing is Article 6(1)(c) of the GDPR, which permits processing when necessary to comply with a legal obligation. In exceptional situations, sensitive personal data may also be processed. Such processing would occur under Article 9(2)(g) of the GDPR, and data concerning criminal offences may be processed pursuant to Section 8(5) of the Danish Data Protection Act.
Case management
For the actual handling of cases, NJORD processes additional categories of information. The specific data processed depends on the subject matter of the case. See the table below.
| Type of case | Purpose | Information | Basis of processing |
|---|---|---|---|
| Legal advice within commercial law, including company law, business transfers, purchase and sale of real estate, tenancy matters, tax law, and litigation, including criminal proceedings. | NJORD processes a range of personal data about you, including in your capacity as a business owner, beneficial owner, board member, employee, customer, and supplier. The data are processed in order for us to provide legal advice to our clients on commercial law matters. | Ordinary personal data:
Sensitive personal data: | Ordinary personal data: The legal basis for the processing is the performance of a contract (the engagement), compliance with legal obligations, and NJORD’s and the client’s legitimate interests in relation to case handling, legal advice, and the performance of legal services, pursuant to Article 6(1)(b), (c) and (f) of the GDPR.
Sensitive personal data and CPR number: Any processing of sensitive personal data will be based on Article 9(2)(f) of the GDPR, which permits the processing of sensitive personal data where necessary for the establishment, exercise, or defence of legal claims. For the processing of CPR numbers, the legal basis will be Section 11(2)(1) or Section 11(2)(4) of the Danish Data Protection Act. Any processing of data concerning criminal offences is based on Section 8(5) of the Danish Data Protection Act. |
| Debt collection | NJORD processes personal data about debtors and, where relevant, clients as part of our efforts to collect amounts owed by a debtor to either NJORD or NJORD’s client. . | Ordinary personal data:
Sensitive personal data: | Ordinary personal data: Sensitive data and CPR number: |
| Bankruptcy and reconstruction | NJORD processes personal data concerning, among others, the bankruptcy estate’s owners, board members, management, employees, customers, suppliers, etc., for the purpose of acting as trustee or restructuring administrator. | Ordinary personal data:
| Ordinary personal data: Sensitive personal data and CPR: |
| Debt Restructuring | NJORD processes personal data for the purpose of assisting the probate court and the applicant in preparing debt restructuring proposals in accordance with the rules of the Danish Bankruptcy Act. | Ordinary personal data:
| Ordinary personal data: Sensitive personal data and CPR number: |
Legal Advice and Case Handling within the Private Law Area This includes probate administration, inheritance law, family law matters, prenuptial agreements, property transactions, and tenancy matters.
| NJORD processes personal data as part of our legal advice and case handling for private clients, including for the purpose of preparing legal documents, carrying out probate administration, assisting clients in property transactions, and handling tenancy matters, among other things. | Ordinary personal data:
Sensitive personal data: Any health information, where necessary for the provision of legal advice. | Ordinary personal: Sensitive personal data and CPR number: |
Marketing
NJORD processes personal data in connection with marketing activities, including the offering of courses, events, and similar activities, as well as the distribution of newsletters. The processing is necessary in order to provide services for interested parties.
Ordinary personal data are processed in this context, including name, contact details, any company affiliation, and, where relevant, interests or topic preferences, as well as language preferences
The legal basis for processing personal data in connection with courses, events, newsletters, etc. is NJORD’s legitimate interest in marketing its business, pursuant to Article 6(1)(f) of the GDPR
NJORD will only distribute newsletters and other marketing material if we have received your explicit consent. You may withdraw your consent at any time by contacting NJORD using the contact information provided above or by following the instructions on our website or at the bottom of the newsletter.
Business operations of a law firm
In connection with the operation of NJORD’s law practice, personal data are processed concerning our suppliers and business partners.
Ordinary personal data are processed in this context, including name, place of employment, and contact information, as well as information regarding the relationship and correspondence
The legal basis is NJORD’s legitimate interest in administering and operating its legal practice, pursuant to Article 6(1)(f) of the GDPR. In some cases, the legal basis may be Article 6(1)(b) of the GDPR, allowing personal data to be processed for the performance of a contract with the data subject.
Administration of foundations and associations
Generally, NJORD acts as a data processor when administering foundations, associations, companies, etc. on behalf of clients. However, in certain cases, NJORD may act as data controller for the personal data processed.
In situations where NJORD is the data controller, we process personal data in connection with the administration of private foundations, associations, and companies, including related board work. This includes processing information about applicants to foundations, members of associations, and other board members.
In connection with such administration, ordinary personal data are processed, including identification and contact information, educational documents, financial information, CPR number, etc.
In certain cases, sensitive personal data may also be processed, fx health information, where necessary for the administration.
Where NJORD is the data controller, the legal basis for processing ordinary personal data is NJORD’s legitimate interest in performing legal services and the legitimate interest of foundations, associations, and companies in outsourcing administrative tasks, pursuant to Article 6(1)(f) of the GDPR.
The legal basis for processing CPR numbers is Section 11(2)(1) or Section 11(2)(4) of the Danish Data Protection Act, depending on the situation.
The legal basis for processing sensitive personal data is Article 9(2)(f) of the GDPR, which permits processing where necessary for the establishment, exercise, or defence of legal claims, or consent pursuant to Article 9(2)(a) of the GDPR. You may withdraw your consent at any time by contacting NJORD using the contact details provided above.
NJORD’s website
When you use NJORD’s website, we collect and process certain information about you through our use of cookies for marketing and statistical purposes, including to optimize our website and to target advertisements.
An overview of the cookies used by NJORD, as well as guidance on how to delete them, can be found in NJORD’s cookie policy.
Ordinary personal data are processed in this context, including your IP address in connection with NJORD’s use of cookies. In addition, we process the following information about you in aggregated form (i.e., non-identifiable): demographics, including gender and age, interests, geographic location, and information about your browser, device, and service provider.
The legal basis is NJORD’s legitimate interest in generating statistics and thereby analysing the use of our website, including for optimization purposes, pursuant to Article 6(1)(f) of the GDPR.
When you submit an inquiry through the contact form on NJORD’s website, we process your personal data and the information you provide in the form in order to respond to you.
- Ordinary personal data are processed, including your name, email address, and any information you provide when describing the nature of your inquiry.
- The legal basis is Article 6(1)(b) of the GDPR, which allows processing necessary for taking steps at your request prior to entering a contract.
- If you voluntarily and actively provide sensitive personal data to NJORD, such provision is deemed to constitute your consent, in accordance with Article 9(2)(a) of the GDPR.
Social media
NJORD is active on several social media platforms, including LinkedIn, Facebook, and Instagram. When you interact with NJORD on these platforms, you make information available to both NJORD and the respective platform, fx when you react to, comment on, or share our posts. We also process information relating to your “likes” or follows on our social media pages. Additionally, we process ordinary personal data about you such as identification details, contact information, and your profile picture.
NJORD may also, in some cases, share a news item or similar content in which your identification details (name) appear. In such cases, we always obtain your consent beforehand. You may withdraw your consent at any time by contacting NJORD using the contact details provided above.
The purpose of such processing is branding and marketing of NJORD.
The legal basis for the processing is NJORD’s legitimate interest in marketing itself as a law firm on social media and engaging in knowledge sharing through the publication of articles and similar content, pursuant to Article 6(1)(f) of the GDPR.
When using Facebook, Facebook itself uses the data collected on NJORD’s Facebook page, and NJORD and Facebook may be considered joint data controllers regarding such processing. You can read more about joint controllership with Facebook here.
Information on social media will be deleted when NJORD deletes a post, or when you delete your comment, share, reaction, or your “like” or follow indication.
Competitions on Facebook
When we hold competitions on NJORD’s Facebook page, we process your personal data to administer your participation in the competition. Processing is a prerequisite for your participation.
- Ordinary personal data are processed, including your name, email address, phone number, and any other information relevant to the specific competition.
- We process your personal data to pursue our legitimate interest in administering your participation in the competition, pursuant to Article 6(1)(f) of the GDPR.
- Personal data will be retained by NJORD until the competition has concluded and the data are no longer necessary for administering your participation, or until you inform NJORD that you no longer wish to participate.
You will receive more specific information regarding our processing of your personal data in connection with the particular competition.
Advertisements on Facebook
We use NJORD’s Facebook page to publish various advertisements within different business areas with the purpose of establishing new client relationships. If you use the contact form in one of these advertisements to contact us, we process your personal data.
- Ordinary personal data are processed, including your name, telephone number, email address, and the type of matter.
- The legal basis is Article 6(1)(b) of the GDPR, which permits processing necessary for taking steps at your request prior to entering into a contract.
Sources of personal data
In connection with client management, case handling, and legal advice, NJORD primarily collects information from the client but may also obtain information from publicly available sources, public authorities, and counterparties.
Information for the purpose of preventing money laundering and financing of terrorism is generally obtained from the client, but may also be collected from your employer (our client) and public registers.
Information collected for marketing purposes is obtained from you as the data subject, and in connection with various events and courses, the information may also be provided by the company you are employed by. Please note that when you visit our website, you automatically disclose information about your activity and behavior to NJORD and third parties. For more information, see our Cookie Policy.
In connection with the operation of the law firm, information is likewise obtained from the data subject (supplier, business partner, etc.) or from the company in which the person is employed.
Disclosure and transfer of personal data
Your personal data will only be disclosed in connection with case handling and legal advice, and only where NJORD is legally obligated to do so or where you have provided your consent. You may withdraw your consent at any time by contacting NJORD using the contact details provided above.
Data may be disclosed to the following recipients:
- The parties to the case
- Public authorities, including the Danish courts, the bailiff’s court, the probate court, the registration court, SKAT [the Danish tax authorities], the prosecuting authority, the Danish Rent Tribunal, the Danish Ministry of Justice, etc.
- Insurance companies and banks
- In connection with auditing
- The Danish Bar and Law Society (including the Disciplinary Board and the General Council)
- The Danish State Prosecutor for Serious Economic and International Crime (SØIK)
Additionally, NJORD transfers your personal data to data processors who assist NJORD in operating our business.
As a rule, NJORD does not transfer your personal data to countries outside the EU/EEA. However, such transfers may occur if you or another party to the case is located in a so‑called third country. In such cases, the legal basis will be Article 49(1)(e) of the GDPR, which permits transfer when necessary for the establishment, exercise, or defence of legal claims. Transfers may also occur if you have given your consent. You may withdraw your consent at any time by contacting NJORD using the above contact details.
In certain cases, NJORD also uses data processors located outside the EU/EEA. Below, you will find information on situations where such transfers occur, the data processors involved, and the legal basis for the transfer.
| In what situation | Data processor | Country | Basis of transfer |
|---|---|---|---|
| Cookies | Google LLC | USA | EU Commission standard contract provisions |
| Support for technical website functions | Cloudflare | USA | EU Commission standard contract provisions |
| Used for marketing | USA | EU Commission standard contract provisions | |
| Used for marketing | USA | EU Commission standard contract provisions |
NJORD can, upon request, inform you where you may obtain a copy of the relevant transfer mechanism.
Cooperating lawyers
NJORD shares joint data controllership with certain attorneys who operate their legal practice within NJORD’s framework. Under Article 26 of the GDPR, joint controllership exists when two or more controllers jointly determine the purposes and means of the processing of personal data. Agreements on joint controllership have been concluded with the relevant attorneys.
According to these agreements, NJORD is responsible for providing the necessary systems and ensuring the security of those systems. NJORD is also responsible for the administration of compliance with anti‑money laundering legislation, including the whistleblower scheme, as well as overall compliance with data protection legislation.
The attorneys are responsible for handling cases and carrying out legal services, including compliance with anti‑money laundering legislation, using the tools and systems made available by NJORD. Furthermore, the attorneys are independently responsible for fulfilling the information obligations towards their clients and for ensuring that they have an appropriate legal basis for the processing of personal data. With respect to data subject rights, NJORD is responsible for the right of access, the right to erasure, the duty to notify in connection with rectification, erasure or restriction, as well as the right to data portability. The attorneys are therefore responsible for the duty of disclosure, rectification, restriction of processing, and objections to processing.
Regardless of which right you wish to exercise, you may always contact NJORD using the contact information provided above, and your inquiry will be forwarded to the relevant attorneys where applicable.
Confidentiality
All NJORD employees are subject to strict confidentiality, including with respect to processed personal data. All NJORD attorneys are furthermore bound by the statutory duty of confidentiality for attorneys pursuant to Section 126 of the Danish Administration of Justice Act.
Erasure
NJORD processes your personal data for as long as necessary to fulfil the purpose of the processing.
Master data
Your identification details and identity documents are deleted 15 years after the last matter to which the master data relate has been archived.
Anti‑money laundering
Your personal data processed for anti‑money laundering purposes are retained for five years after the conclusion of the matter, in accordance with AML legislation.
Client management and case handling
Except for data processed for AML purposes and master data, your information will generally be deleted 15 years after the matter has been archived. However, particular circumstances may exist that justify retaining a case for longer than 15 years.
For criminal cases in which one of NJORD’s attorneys has been appointed by the court, digital case files must be deleted when the appeal period has fully expired. The deletion deadline for such case files is 30 days after the expiry of the appeal period.
If no formal case has been created and we have only registered information about you in connection with establishing a potential client relationship, your data will be retained for up to six months after the end of the correspondence.
Operation of the Law Firm
Information about you as a supplier or business partner is stored for up to five years after the end of the financial year in which the delivery took place or the cooperation ended.
Marketing and Website
NJORD retains your information for up to three months after you have participated in an event or unsubscribed from our newsletter.
NJORD retains consent declarations for up to two years after your consent has been withdrawn or has expired.
Accounting information and similar data relating to participation in events are deleted five years plus the current calendar year after the end of the financial year.
For information on the deletion of cookies, please refer to NJORD’s Cookie Policy.
> For deletion of cookies, see NJORD’s Cookie Policy.
Rights
As a data subject, you have certain rights according to the GDPR when your personal data are being processed. Below is a specification of your rights when NJORD processes personal data about you.
If you want to exercise one or more of your rights as a data subject, you must contact NJORD in writing via the e-mail address indicated above. Please state your full name and your e-mail address. You may be requested to provide further identification.
In general, you can exercise your rights at any time. However, exercising your rights must not affect the rights and freedoms of others and in such an event, NJORD may therefore refuse to comply with your rights wholly or in part.
Right of access
You have the right to obtain access to the personal data that NJORD processes about you. By contacting NJORD, you may be informed of the personal data we hold as data controller, the purposes of the processing, the recipients of the data, etc.
If you request additional copies of your data, NJORD may charge a fee for providing them. In cases of manifestly unfounded or excessive requests, we may also charge a fee or refuse to comply with the request.
Right to rectification
You have the right to have inaccurate or incomplete personal data about you corrected. If NJORD does not agree that the data are inaccurate, we are not obliged to rectify them, but we must note that you, as the data subject, dispute the accuracy of the data.
Right to erasure
In certain cases, you have the right to obtain erasure of your personal data if NJORD no longer has a purpose in processing your personal data or you object to the processing of your personal data for the purposes of direct marketing or pursuant to Article 6(1)(f) of the GDPR. If NJORD can demonstrate overriding legitimate grounds for the processing that override your interests, rights and freedoms, or the processing is necessary for a legal claim to be established, exercised or defended, however, NJORD is not obliged to erase your personal data.
Right to restriction of processing
In certain circumstances, you have the right to have the processing of your personal data restricted, for instance, if you dispute the accuracy of the data we hold about you, or if you have objected to processing based on legitimate interests under Article 6(1)(f) of the GDPR. In such cases, NJORD will only store your data until your objection has been assessed. If NJORD lifts the restriction on processing, you will be notified in advance.
Right to object
You have the right, on grounds relating to your particular situation, to object to NJORD’s processing of your personal data when the processing is based on legitimate interests, cf. Article 6(1)(f) of the GDPR.
If you object, we may no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defence of legal claims.
You always have the right to object to the processing of your personal data for direct marketing purposes.
Right to data portability
In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine‑readable format, as well as the right to have the data transmitted from one controller to another. This right applies only when the processing of your data is based on a contract pursuant to Article 6(1)(b) of the GDPR or on your consent pursuant to Article 6(1)(a) of the GDPR.
Right not to be subject to a decision based solely on automated processing, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling.
Your personal data are not subject to automated individual decisions, including profiling.
Right to withdraw your consent
If we process your personal data on the basis of your consent, you may withdraw that consent at any time for the processing that would take place going forward.
You can withdraw your consent by contacting the department to which you originally provided it, or by writing to privacy@njordlaw.com.
Lodge a complaint with a supervisory authority
As a data subject, you may submit a complaint to NJORD as data controller if you are dissatisfied with the way we process your personal data. You can find our contact details at the top of this policy.
You may also lodge a complaint with the Danish Data Protection Agency via their website www.datatilsynet.dk, by telephone at +45 33 19 32 00, or by email at dt@datatilsynet.dk.
Changes to our Personal Data Policy
This privacy policy will be updated on an ongoing basis to ensure that it is always current. You can always see below when the privacy policy was last revised.
Version 1.4, March 2026
