According to the General Data Protection Regulation (GDPR), we provide the following information on our processing of personal data and the rights of data subjects.
When advising our clients, we receive various documents from them. These documents are stored in a digital case file and in some situations also in a physical case file. The documents received from our clients often include personal data, and we regularly receive additional personal, e.g. from opponents and their advisers, authorities, and courts, or by way of publicly available information collected by us. This may be general personal data such as names and contact details.
Reliance A/S is the controller of data received in connection with our general advice to clients.
Our contact details are: Tel: +45 20 21 71 30, e-mail: email@example.com.
If you have any questions about our processing of your personal data, please contact us on firstname.lastname@example.org.
We process the data we receive for the purpose of advising our clients in the cases which the data concern.
The processing takes place depending on the nature of the assignment and of the data, based on article 6 (1), paragraph a, b, c, or f, article 9 (2), paragraph f of the GDPR, or section 8 (3) of the Danish Data Protection Act. Generally, the legal basis to collect and process the data is that (1) we have received the data subject’s consent to the processing, (2) it is necessary for performing the contract with our clients, (3) to comply with a legal obligation to which we are subject, (4) for establishing, relying on or defending our clients legal claims, or (5) for safeguarding our clients’ legitimate interests or (3). Our processing of civil registration numbers is based on section 11 of the Data Protection Act.
Processing of data in connection with subscribers/participants signing up for possible newsletters, news magazines or events is based on Article 6 (1), paragraph a of the GDPR.
In projects covered by the Danish Act on Measures to Prevent Money Laundering and Terrorist Financing, we collect identification data, etc. on our clients in order to comply with that statutory requirement. The authority for this processing is laid down in section 11 of the Act on Measures to Prevent Money Laundering and Terrorist Financing.
We will not make personal data available to any third parties for the purpose of marketing or the like.
We only transfer personal data if it is necessary for us to be able to safeguard our clients’ interests or to comply with a legal obligation to which we are subject. The typical recipients of such data are authorities, courts, opponents and their advisers. In cases covered by the Act on Measures to Prevent Money Laundering and Terrorist Financing, we transfer identification data, etc. to the extent we are obligated to do so under the Act.
We usually do not transfer data outside the EU, and if such transfer might take place, it will occur only in compliance with the necessary safeguards as required under current data protection legislation and you will be informed about the transfer.
We transfer personal data to our systems suppliers under processor agreements and for the sole purpose of enabling us to use our IT systems.
We have taken appropriate technical and organizational measures to protect against unauthorized access to, loss or destruction of data for which we are responsible. We develop and update our security policies and procedures on a regular basis to ensure that our systems are secure and protected. Only persons with a legitimate need for processing personal data for the above-mentioned purposes have access to those data.
We retain personal data as long as there is a relevant legal interest therein, which is usually determined based on a specific assessment of the significance of the data compared with the current statute of limitations. If there is a relevant legal interest for the storage, data may be stored for up to 10 years after the case has been closed, unless we asses that it is necessary to keep the data for longer.
In cases covered by the Act on Measures to Prevent Money Laundering and Terrorist Financing, we store identification data for five years after the case has been closed, according to the current rules.
According to the GDPR, the data subjects are entitled:
In connection with the data subject’s exercise of the above-mentioned rights, we may demand relevant identification.
For more information on your rights, see the Danish Data Protection Agency’s guidelines describing the data subject’s rights on www.datatilsynet.dk/english/.
You may file a complaint with the Danish Data Protection Agency if you are dissatisfied with our processing of your personal data. You can find the contact details of the Danish Data Protection Agency on www.datatilsynet.dk/english/.
This information has been updated 2 December 2019 and will be updated according to the current rules and practice and in line with any adjustments to our procedures.