NJORD Personal data policy
NJORD Advokatpartnerselskab (”NJORD”) processes personal data as a natural part of the law firm’s client and case management.
As part of the special rules regarding the business operations of a law firm and as adviser with a large extent of freedom of action within the framework of our assignments and the Code of Conduct for the Danish Bar and Law Society, NJORD is considered a data controller for all matters pertaining to counselling.
In some cases, we provide proper service functions, e.g. secretarial functions, mailbox services or other purely administrative tasks. In these cases, NJORD is the data processor, whereas the party for whom we perform the task is the data controller. NJORD’s processing in such cases takes place based on a data processing agreement, and the data controller’s personal data policy will apply to the data subjects.
If you have any questions about NJORD’s processing of personal data or wish to exercise your rights, you are always welcome to contact us:
1112 Copenhagen K
Att.: Conni Falkner
Purpose of processing
NJORD processes personal data for various purposes, primarily in connection with client management, case management, business operations, and marketing.
Client management; In order to manage the relationship with our clients, we process a number of personal data, for example, name and contact details of the client and/or the owners and contacts of the client. We also process information about our relationship with the client, including correspondence, and information about accounts receivable and outstanding amounts. In some cases, we collect credit information on clients. In this context, the processing of personal data takes place based on a consultancy agreement.
Furthermore, NJORD processes information about clients if we are statutorily required to do so, including in connection with money laundering legislation. For example, at the beginning of a case and to the extent necessary, we collect identification details about the client and/or the client’s beneficial owners, including photo ID, home address, and nationality.
Case management; In connection with the management of most cases, NJORD processes data to a greater or lesser extent. The category of personal data processed in connection with a specific case depends on the nature and context of the case. The most commonly processed data are names and contact details of the parties to the case, both clients and counterparties, as well as other persons of relevance to the case. Processing of personal data in connection with case management takes place for various reasons, depending on the case. Processing of personal data usually takes place in order for NJORD to perform the contract with the client, or because NJORD or the client has as legitimate interest in processing personal data. If the information concerns criminal offences, the basis for the processing will often be that the client’s legitimate interest in the processing clearly exceeds the data subject’s interest in non-disclosure of the information. Often, the processing will take place in order to determine, maintain or defend a legal claim. This is often the basis when dealing with sensitive data. Examples of cases where we collect data on third parties other than our clients based on our legitimate interests are cases concerning collection, infringement of copyright and digital offences.
Business operations; In connection with business operations, NJORD will process personal data regarding our suppliers and business partners. In these cases, the processing mainly includes name, place of work and contact details as well as information about the relationship, including correspondence. The processing of personal data in this context takes place because NJORD has a legitimate interest in managing and operating its business. In some cases, the processing may also be carried out in order to perform contracts with the data subject.
Marketing; NJORD processes personal data in connection with our marketing activities, including the provision of courses, events, etc. as well as sending out newsletters. Such processing takes place because NJORD has a legitimate interest in marketing its business. The sending out of newsletters and other marketing materials via e-mail will take place only if NJORD has obtained explicit consent hereto.
Disclosure of personal data
To what extent NJORD discloses personal data to third parties depends on NJORD’s purpose of the processing and the context in which the personal data are included.
Personal data are disclosed to third parties where it is relevant for the management or completion of a case, or where NJORD is required to do so. Such disclosure may include e.g. the parties to the case and public authorities, including the police, SKAT [the Danish tax authorities] and the courts. These parties are independent data controllers.
NJORD also uses data processors that provide various kinds of services. For example, IT support and IT infrastructure. Any type of data processing takes place according to a written agreement, which ensures full compliance with applicable rules.
Personal data transferred outside the EU
NJORD uses certain data processors located outside the EU. Below are stated the data processors and the legal transfer basis.
MailChimp USA Privacy Shield
At your request, NJORD can inform you where you can obtain a copy of the transfer basis in question.
Erasure of personal data
NJORD erases personal data when the processing no longer serves a purpose, for example for archiving purposes. Consequently, we are obliged to store the files for an appropriate period, which NJORD has fixed at five years after the completion of the case.
All NJORD’s employees are subject to strict confidentiality, including the processing of personal data. Furthermore, all NJORD’s lawyers are subject to the statutory duty of confidentiality for lawyers pursuant to Section 126 of the Danish Administration of Justice Act.
The personal data processed by NJORD are usually obtained directly from the data subject or from clients. In some cases, however, NJORD also collects personal data from publicly available registers.
As a data subject, you have a number of rights when NJORD processes your personal data.
If you want to exercise one or more of your rights, you are welcome to contact NJORD at any time. Our contact details can be found in clause 2. Exercising your rights is free of charge. However, if the inquiry is manifestly unfounded or excessive, NJORD may charge a fee or reject your request. NJORD will answer your request as soon as possible and within 30 days.
Right of access; You have the right to obtain access to your personal data being processed by NJORD.
Right to rectification; You have the right to obtain rectification of your personal data being processed by NJORD if these are inaccurate or misleading.
Right to erasure; In certain cases, you have the right to obtain erasure of your personal data being processed by NJORD.
Right to restriction; In certain cases, you have the right to obtain a temporary restriction of your personal data being processed by NJORD to comprise merely storage.
Right to data portability; In certain cases, you have the right to obtain a copy of your personal data provided to NJORD, in a structured, commonly used and machine-readable format.
Right to withdrawal of consent; You have the right to withdraw your consent to NJORD’s processing of your personal data at any time.
Right to object; You have the right to object to NJORD’s processing of your personal data at any time, based on your particular circumstances or special reasons. If your objection concerns the use of your personal data for direct marketing, NJORD will cease such processing.
Right to make a complaint; You have the right to make a complaint about NJORD’s processing of your personal data if you have not received satisfactory treatment after contacting us. Such a complaint may be lodged with the Danish Data Protection Agency, Borgergade 28, 5th floor, 1300 Copenhagen, www.datatilsynet.dk.
Please note that you cannot exercise your rights in violation of the legitimate interests of NJORD or any third party. Such considerations will be included in a concrete assessment.
Changes to the Personal Data Policy
NJORD will continuously update and make changes to this Personal Data Policy so that it is always up-to-date. Information about changes to the Personal Data Policy will be published on NJORD’s website, www.njordlaw.com, and in some cases also sent by e-mail.
This is NJORD’s Personal Data Policy of May 2018, which will apply from 25 May 2018.