Elmann is highly committed to the safeguarding of information that may be used to identify a person.
In this Privacy Policy Statement, we outline the safeguarding and processing of personal information on clients, opponents, suppliers, employees, and business partners.
1. DATA CONTROLLER
In general, Elmann Attorneys-at-Law is responsible for the safeguarding and secure processing of personal information in our custody and control.
Company data for Elmann Attorneys-at- Law:
Elmann Advokatpartnerselskab
Business Registration no. 34 58 49 15
Stockholmsgade 41
DK-2100 Copenhagen Ø
Elmann IPR Attorneys-at-Law is generally responsible for the safeguarding and secure processing of personal information in our custody and control.
Company data for Elmann IPR Attorneys at Law:
Elmann IPR Advokatfirma (Attorney Tanya Meedom)
Business Registration no. 40 86 82 24
Stockholmsgade 41
DK-2100 Copehagen Ø
2. PROCESSING AND CATEGORIES OF PERSONAL INFORMATION
In the following, we describe personal information Elmann and Elmann IPR (“Elmann”, “we” or “us”) process, including the specific purposes for the use of the information.
2.1. Legal Services
In connection with the provision of legal services to our clients, information will be collected about the person or persons related to specific case. The information will be collected during the initiation of and the later work on the case.
Personal information is primarily used for case management and potential registration with public authorities. Similarly, personal information is used for the purpose of enabling communication between the parties to the case.
The personal information we hold can be divided into a “general” category and a “sensitive” category. In addition, we process information regarding criminal offences and personal identification numbers.
General personal information includes e.g.:
- Name
- Employer and job title
- Address
- Email address and telephone number
- Information on current employment
- Information on the financial and tax status
- Details on marital status and similar circumstances
Sensitive personal information includes e.g.:
- Details on health
- Trade union affiliation
Information on criminal offences includes e.g.:
- Criminal sanctions
- Disqualifications
2.1.1. Legal Basis and Origin
If you are a client, we process your personal information in accordance with Article 6(1)(b) of the General Data Protection Regulation since this processing is necessary to enter into or to fulfill the agreement on the provision of our legal services.
However, if you are an opponent, your personal information will be processed in accordance with the rule on balancing of interests noted in Article 6(1)(f) of the General Data Protection Regulation. The legitimate interest in such cases is to enforce or defend the legal claim to which the case relates.
In the case of sensitive information, the basis for processing will be Article 9(1)(f) of the General Data Protection Regulation as this processing is necessary in order to determine the legal claims that are asserted or defended.
Information on criminal offences and civil registration numbers will be processed in accordance with Articles 8(3) and 11(2) of the General Data Protection Regulation.
The sources of the personal information mentioned above are our clients, yourself, or another person associated with the party represented by you.
Personal information collected for the purpose of our provision of legal services will be stored for as long as necessary in order for us to provide the requested service.
However, special rules pursuant to legislation, including e.g. the Danish Bookkeeping Act and the Danish Limitation Act, may oblige or permit us to store personal information for an extended period of time.
We store information for a maximum period of 10 years after the termination of work on a case and then delete it.
2.2. Money Laundering and Client Account Creation
In establishing client relationships, we are subject to several obligations pursuant to money laundering legislation. Similar requirements apply when we need to set up client accounts in banks on behalf of our clients.
Since we must by law collect and store personal information on all our clients, you may be asked to provide official documentation of your identity, and you may be asked to help identify your employer’s beneficial owners regardless whether it is a company or a fund.
In completing and closing the money laundering prevention procedure, we need general personal information about you, including:
- Name
- Address
- Place of birth
- Nationality
To verify such details, we need a copy of your passport or driver’s license as well as a health insurance card and/or birth certificate. For clients outside Denmark, there may be a need to obtain additional documentation.
Since we are obliged to ensure that the above information remains relevant to the activities involved in the case, we will contact you at intervals of no more than 36 months in order to update the information you provided.
2.2.1. Legal Basis and Origin
The information is collected and processed in accordance with Article 6(1)(c) of the General Data Protection Regulation since we need it to comply with our legal obligations under the Act on Measures to Prevent Money Laundering and Financing of Terrorism.
The information is always collected directly from the person in question.
We draw attention to the fact that, according to the Danish Act on Measures to Prevent Money Laundering, we are obliged to disclose the information if a relevant authority (e.g. the Danish Financial Supervisory Authority or the State Prosecutor for Special Crime) requests such disclosure.
Similarly, it will be necessary to share the information with the bank in which the client account is set up.
2.2.2. Retention Period
Personal information collected for the purpose of Elmann’s compliance with money laundering legislation will be stored for as long as necessary in view of the purpose for which the information was collected.
However, a maximum retention period for the above mentioned types of information has been applied: The data will be kept for 5 years after the final termination of the business relationship.
2.3. Marketing
In addition to the use of your personal information for the purposes mentioned above, we may with your consent use your personal information for marketing purposes that are primarily limited to the sending of electronic newsletters.
Personal information used for marketing purposes will be limited to:
- Name
- Employer and job title
- Company
- Email address and telephone number
- Language
2.3.1. Legal Basis and Origin
Your personal information will be used only for marketing to the extent that you have given us prior “opt in” consent in accordance with Articles 6(1)(a) and 7 of the General Data Protection Regulation.
Similarly, you may always contact Elmann directly by using the contact information listed in Section 6 if you no longer wish to receive any marketing materials.
Such a request does not affect the lawfulness of our handling of your personal data on the basis of your consent up to the time your consent is withdrawn. A withdrawal of your consent will take effect subsequently and will not be applied retroactively.
You are the only source of the personal data we retain about you for marketing purposes.
2.3.2 Retention Period
If you have consented to receiving marketing related materials, we will retain your personal information for as long as you wish to receive materials from us.
Nevertheless, for reasons of limiting storage requirements, we will automatically delete your information after 24 months unless you have previously renewed your consent.
2.4. Website
Elmann uses various forms of cookies with the overall purpose of customizing and improving the content on our website. Similarly, we use cookies to generate statistics on the use of our website.
A cookie is a small text file that is stored in your browser program. It enables recognition of your computer, mobile phone, or tablet when you revisit www.elmann.dk. Some cookies may contain personally identifiable information, in most cases limited to IP addresses.
Elmann uses the following types of cookies:
- Essential cookies
- Performance and analytics related cookies
- Marketing cookies
For more information on Elmann’s use of cookies, please see our Policy on Cookies.
3. DISCLOSURE AND TRANSFER OF PERSONAL INFORMATION
Due to the high degree of confidentiality in our case processing, we never pass on personal information to third parties.
Depending on the nature of the individual case, relevant information may be passed on to clients, opponents, authorities, and courts/arbitration institutes. Similarly, in the course of our work on a case, it may be necessary to pass on personal information to other entities, for example banks or insurance companies.
In some instances, your personal information will be managed by our partners and suppliers, e.g. IT suppliers.
If personal information for which Elmann is responsible is processed by an external partner and/or supplier, the processing will always be subject to Elmann’s instructions in accordance with a data processing agreement entered into by the parties. The minimum requirements for security as well as for the establishment of the necessary degree of confidentiality with regard to the information processed will be set out in the data processing agreement.
3.1. Transfer to Third Countries and International Organizations
Elmann does not transfer personal information to third countries and/or international organizations located outside the EU/EEA unless a situation referred to in Article 45, Article 46, or Article 49 of the General Data Protection Regulation pertains, or unless we have a prior and explicit consent from the person whose information is considered for transfer..
4. SECURITY
We always process your personal information securely and confidentially and in accordance with the data protection legislation in force at any time.
Appropriate technical and organizational precautions have been implemented to prevent personal information from being accidentally or unlawfully destroyed, lost, or altered, or to prevent errors from being introduced. This includes the prevention of misuse of personal information or its delivery to an unauthorized person.
As a consequence, only those employees who have a valid need will have access to your personal information, just as physical access restrictions have been implemented at our offices. Similarly, physical material is stored under locks, and unauthorized persons have no access.
Our IT facilities are subject to ongoing activity logging whereby incidents affecting the fundamental security of processing are traceable. In addition, the necessary internal procedures have been established to ensure that Elmann is able to react promptly in the event of an unexpected breach of the General Data Protection Regulation.
5. YOUR RIGHTS AS A REGISTERED PERSON
Pursuant to the General Data Protection Regulation, you are granted several rights when we process your personal information. You have the following rights:
- In certain situations you have the right to obtain insight into the personal information that we are processing about you pursuant to Article 15 of the General Data Protection Regulation. 15.
- In certain situations, you have the right to demand correction of any obvious or demonstrable error in your personal information, pursuant to Article 16 of the General Data Protection Regulation. 16.
- In certain situations, you have the right to demand deletion of personal information Elmann is no longer required by law to retain, pursuant to Article 17 of the General Data Protection Regulation. 17.
- You have the right to freely withdraw any consent you previously granted (e.g. a consent to receive marketing materials), pursuant to Article 7 of the General Data Protection Regulation. 7.
- In certain situations, you have the right to demand that we restrict the processing of your personal information per Article 18 of the General Data Protection Regulation. 18.
- In certain situations, you have the right to receive your personal information in a structured, commonly used, and machine-readable format, and you have the right to transmit the information to another data controller per Article 20 of the General Data Protection Regulation. 20.
- In certain situations, you have the right to object to the processing of your personal information pursuant to Article 21 of the General Data Protection Regulation. 21.
In addition to these rights, you are generally entitled to be informed when Elmann collects personal information about you per Articles 13 and 14 of the General Data Protection Regulation.
5.1 Exceptions
Since Elmann is subject to an obligation of confidentiality under the Danish Administration of Justice Act and the Code of Conduct issued by the Danish Bar and Law Society, we may in certain situations elect to not to fulfil our obligations per Chapter III of the General Data Protection Regulation.
Similarly, we may elect to not comply with our obligations to you in view of vital private interests, including yours, or vital public interests if they are deemed to take precedence over the interest that you have in receiving the information. This exception will apply in particular if the fulfillment of our obligations will have negative consequences for the protection of our clients’ interests, e.g. in connection with legal prosecution and enforcement of civil law claims or with criminal acts and similar circumstances.
6. CONTACT INFORMATION AND COMPLAINT PROCEDURE
Inquiries made per this Privacy Statement, including requests for the exercise of the registered rights, may be addressed to our Data Protection Officer:
The contact details of Elmann’s Data Protection Officer are:
Henrik Græsdal
Elmann Advokatpartnerselskab
Stockholmsgade 41
DK-2100 Copenhagen Ø
Telephone: +(45) 33 34 78 14
Email: hgr@elmann.dk
If you wish to file a complaint or are concerned about how Elmann applies your personal information, please contact our Data Protection Officer so that your concern may be addressed as soon as possible.
In addition, you have the right to file a complaint with the Danish Data Protection Agency if you feel our processing of your personal information is unsatisfactory.
You can find the contact details of the Data Protection Authority at www.datatilsynet.dk.