Kammeradvokaten / Poul Schmith protects and processes the personal data of our clients, opponents, suppliers, employees, partners and recipients of marketing information, etc., in accordance with the law on processing of personal data as applicable at any time.
The relevant personal data rules currently applicable for our processing of personal data are laid down in the Data Protection Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (Regulation no. 2016/679 of 27 April 2016) and the Danish Data Protection Act (Act no. 502 of 23 May 2018).
Our data protection policy concerns our processing of personal data as data controller. We are the data controller in a number of situations, such as when we handle the cases of our clients, engage new employees and in relation to our marketing activities.
1. What personal data do we process?
"Personal data" includes any information relating to an identifiable natural person, such as the person's name, e-mail address, personal identification number (CPR number) and address, and to factors specific to the physical, physiological, financial, cultural or social identity of that person. Data on legal persons are not included in the definition of "personal data". Depending on the nature of the case or inquiry, we process general data, identification data (CPR number), data on criminal offences and sensitive data.
2. Where do the data come from?
We collect personal data directly from you or from a third party, such as clients, public authorities or partners.
3. How do we process the data?
"Processing" of personal data covers any activity involving personal data, such as collection, recording, structuring, organisation, storage, adaptation, alteration, consultation, use or disclosure.
We primarily process personal data about our clients, opponents, suppliers, employees and partners, but only to the extent necessary for the specific purpose and if there is a legal basis for doing so.
In most cases, we need to process general personal data, such as name, title, telephone number and e-mail address. The processing is necessary to enable us to deliver our legal services, submit invoices and perform quality assurance and audit and to comply with the documentation of identity requirements under the Act on Measures to Prevent Money Laundering and Financing Terrorism that we are subject to in a number of cases.
In addition, it may in certain situations be necessary for us to process data on criminal offences and to process sensitive data such as data concerning health.
4. To whom do we disclose your personal data?
We only disclose your personal data internally or to external operators if necessary and if there is a legal basis for doing so. External operators may be public authorities, private businesses or persons, foundations, associations, etc., depending on the nature of the case. In addition, we pass on data to our data processors (e.g. IT suppliers).
Internally, only employees with a work-related need to see your personal data will be able to access the data.
5. When do we delete your data?
We delete your personal data recorded with us when they are no longer necessary for the purpose(s) for which they were collected or processed.
We have internal guidelines for the period of storage of all categories of personal data. The guidelines are determined in accordance with the obligations we are subject to under applicable law, including documentation and auditing requirements.
6. What are your rights?
You have certain rights under the data protection rules in relation to our processing of data about you.
If you wish to exercise any of those rights, please contact us. You have the following rights:
The right to see the data (right of access)
You are entitled to access the data that we process about you and certain other information.
Right of rectification (correction)
You are entitled to have incorrect data about you corrected.
Right of erasure
In special circumstances you are entitled to have data about you erased before the time of our generally scheduled erasure.
Right of restriction of processing
You are in certain circumstances entitled to restriction of processing of your personal data.
Right to object
You are in certain circumstances entitled to object to our otherwise lawful processing of your personal data.
Right to withdraw consent
Where our processing of your personal data is based on your consent, you are entitled to withdraw your consent at any time. You may do so by contacting us as specified below.
If you choose to withdraw your consent, this will not affect the lawfulness of our processing of your personal data on the basis of your previous consent until the time of the withdrawal. If you withdraw your consent, this will only take effect at the time of the withdrawal.
You can read more about your rights in the Danish Data Protection Agency's guide to the rights of data subjects, available at www.datatilsynet.dk.
7. How do we secure your data?
We comply with the requirements of ISO 27001 in our information security work.
The security measures in our organisation, processes and IT systems are laid down taking into account the nature, scope, context and purpose of the processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons.
The measures ensure among other things:
- Encryption of personal data
- Confidentiality, integrity, availability and resilience
- The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
- Regularly testing, assessing and evaluating the effectiveness of our measures for ensuring security of processing
8. Contact us
You may contact us if you wish to exercise any of your rights as described in paragraph 6 above, if you wish to complain, or if you have any other questions in relation to our personal data policy.
In this connection, please write to your closest contact person with us or as follows:
Kammeradvokaten / Poul Schmith
Vester Farimagsgade 23
DK-1606 Copenhagen V
Att.: Sanne Dahl Fredslund
Telephone: + 45 33 15 20 10
9. Complaint to the Danish Data Protection Agency
You may also complain to the Danish Data Protection Agency about our processing of your personal data. See for more information www.datatilsynet.dk.
10. Changes to our data protection policy
Our data protection policy was last updated on 25 May 2018 and will be regularly updated.