Privacy Policy

 

At HjulmandKaptain, we give very high priority to data security and confidentiality. We constantly ensure that we process and store all data securely, confidentially and in compliance with current legislation. This privacy policy contains information about how we process the personal data received by us in connection with our client relationship and when our clients visit our website and/or use the functions on the website or make use of the services provided by us in other respects.

 

This Privacy Policy is prepared by HjulmandKaptain Advokatpartnerselskab (Limited Liability Law Company).

 

1. Data Controller

HjulmandKaptain is the data controller of the personal data processed in connection with our business transactions. Below, you will find all relevant contact information, including where to direct your questions, if any, on the processing of your personal data:

 

HjulmandKaptain, Advokatpartnerselskab

CVR reg.no. (DK): 32 33 71 20

Østre Havnegade 12

DK-9000  Aalborg

Email: data@70151000.dk

Tel.: +45 70151000

 

2. Data Processor

In some situations, HjulmandKaptain is considered the data processor, e.g. if we administer a whistleblower scheme for our clients. In those situations, we will as data processor only process information in accordance with the instructions given by the data controller and subject to the data processing agreement entered into. The situations where HjulmandKaptain acts as data processor will not be further described in this Privacy Policy.

 

3. Categories of data subjects

HjulmandKaptain processes personal data about the following categories of data subjects:

 

· Clients

· Cooperation partners, suppliers, and others

· Visitors on our website

· Recipients of newsletters

· Guests and participants in events

· Parties, counterparties, representatives, or others in connection with our case management

 

4. Case management

4.1 When you are a client of HjulmandKaptain

When you are a client or potential client of HjulmandKaptain, we will basically process the personal data required in order to provide you with the proper legal advice. The personal data processed when attending to each case will vary, depending on the type of case, the type of client, and the management of the case in other respects. However, we will almost always process data regarding your identity, as well as contact and professional information, including your name, email address, telephone number, private email address, occupation, place of work, information about the proceedings, as well as information about certain financial affairs, including payment details and tax information.

 

The legal grounds for our processing of your personal information are implied in Article 6(1)(b) of the GDPR (contract performance) and Article 6(1)(f) of the GDPR (legitimate interest in the administration of the client relationship).

 

In certain types of cases, we may also process sensitive personal data, see Article 6(1)(f) and Article 9(2)(f) of the GDPR, and/or data about criminal offences, see Article 10 of the GDPR, cf. Section 8(3) and (4) of the Danish Data Protection Act.

 

Please note that as a law firm, we are subject to the Danish Anti-Money Laundering Act in connection with the management of certain types of cases. In such cases, we process personal data by way of your name, civil registration number, passport number/driver’s licence/health insurance card, and contact information. Such personal data are processed for the purpose of meeting our obligation under the Anti-Money Laundering Act.

 

4.2 When you are involved in a case administered by Hjulmand­Kaptain, e.g. as a party, a counterparty, or a representative

If you are involved in a case administered by HjulmandKaptain, e.g. as a party, a counterparty, or a representative, we will basically process the personal data already in our possession about you. Please note that we will only process the personal data required to attend to your case.

 

The personal data which we will process are e.g. your ID, and your contact and work-related information, including your name, email address, telephone number, private email address, occupation, relation to the case, and information about certain financial affairs, including e.g. financial interests in the case concerned.

 

The legal grounds for our processing are HjulmandKaptain’s legitimate interest in our client’s case, see Article 6(1)(f) of the GDPR. In certain types of cases, the legal grounds may be implied in Article 6(1)(c) if the processing concerns compliance with a legal obligation.

 

Dependent on the type of case, we may also process sensitive personal data about you in connection with our case management, see Article 6(1)(f) and Article 9(2)(f) of the GDPR, data on criminal offences, see Article 10 of the GDPR, cf. Section 8(3) and (4) of the Data Protection Act, and/or your civil registration number, see Article 6(1)(f) and Article 9(2)(f) of the GDPR, cf. Section 11(2)(4), cf. Section 7(1) of the Data Protection Act.

 

5. Use of our website and newsletter service

5.1 Use of our website

When you visit our website, please note that we may process personal data about you and your conduct by way of cookies. You can read more about our cookie policy here: (hjulmandkaptain.dk/cookie-politik/).

 

5.2 Subscription to newsletters

When you subscribe to HjulmandKaptain’s newsletters, we will process your name, occupation, email address, postal code and city, place of work, and fields of interest. As the processing is based on your consent, the legal grounds for our processing are Article 6(1)(a) of the GDPR.

 

The personal data processed by HjulmandKaptain in connection with the administration of your subscription to the newsletter service are stored in a CMS system made available to us by one of our suppliers. We have entered into data processing agreements with the external suppliers processing data on our behalf.

 

Please note that we use MailChimp in the administration of our newsletter service and the storage of your personal data. As MailChimp is an American company, this means that your personal data will be transferred to a third country. In connection with such transfer, we basically apply the Standard Contractual Clauses (SCC) of the EU Commission as the legal grounds for data transfer. To this may be added that MailChimp is certified according to the EU-US Data Privacy Framework, which may likewise be applied as the legal grounds for transfer.

 

You can always withdraw your consent by sending an email to mail@70151000.dk, stating in the subject line “Withdrawal of consent to the processing of personal data in connection with newsletters” or by clicking the unsubscription link at the bottom of the newsletter.

 

5.3 Signing op for events, courses, etc.

If you sign up for one of our events, courses, webinars, etc., we will process your name, occupation and place of work, email address, telephone number and sometimes your address. As we process your data in order to administer your application for participation in the event/course, the legal grounds are Article 6(1)(b) of the GDPR.

 

Please note that in connection with our physical events/courses, we take pictures and share them e.g. on our website and the social media for the purpose of branding the event and Hjulmand­Kaptain in general, the legal grounds for processing being Article 6(1)(f) of the GDPR.

 

If you do not wish to have your picture taken, please let us know by the beginning of the event. If your picture has been shared on our website and/or the social media, and you want it removed, please do not hesitate to send an email to data@70151000.dk, requesting us to take immediate action.

 

5.4 Inquiries into our chat room

When you use the chat function on our website, you have the possibility to enter your personal data, viz. your name, email address, and telephone number together with a description of your inquiry. If you enter such data, we will process them when replying to your inquiry, the legal grounds being Article 6(1)(b) of the GDPR. If you do not enter your personal data in connection with your inquiry, we will only process data about the IP address from where you are chatting and the location of the IP address, the legal grounds being Article 6(1)(f) of the GDPR.

 

We recommend that you refrain at all times from disclosing any sensitive or confidential data in your chat inquiry. The same applies to your civil registration number or any data on criminal offences.

 

The personal data processed by HjulmandKaptain in connection with the administration of the chat room are stored in a CMS system made available to us by one of our suppliers. We have entered into data processing agreements with the external suppliers processing these data on our behalf.

 

Please note that we use Zendesk in the administration of our chat function and the storage of your personal data. As Zendesk is an American company, this means that your personal data are transferred to a third country. In connection with such transfer, we basically apply the Standard Contractual Clauses (SCC) of the EU Commission as the legal grounds for data transfer. To this may be added that Zendeks is certified according to the EU-US Data Privacy Framework, which may likewise be applied as the legal grounds for transfer.

 

5.5 Inquiries using our contact form

If you use the contact form on our website, we will process your name, telephone number, email address, postal code and city, and the description of the problem for which you require our assistance. We will process these data to be able to provide the legal assistance required, the legal grounds therefore being Articles 6(1(b) and/or 6(1)(f) of the GDPR, depending on the character of the inquiry.

 

We recommend that you refrain at all times from disclosing any sensitive or confidential data when using the contact form. The same applies to any data on criminal offences or your civil registration number.

 

Your inquiry will be sent directly to our office mail, from where it will be forwarded to the relevant staff member. Your inquiry will be deleted in our email system after 90 days upon receipt thereof.

 

5.6 Use of share buttons (Facebook, LinkedIn, Youtube)

At the bottom of our website and in the contents of our knowledge universe, you will find a number of share buttons with direct references to HjulmandKaptain’s business profiles on the platforms concerned, viz. Facebook, Instagram, LinkedIn, and Youtube.

 

Please note that when using these share buttons, your data, including cookies, ip address, and search history, will be shared with the relevant suppliers of the platform concerned. E.g., if you use the share button for direct access to HjulmandKaptain’s Facebook profile, data will be shared with Meta, who is the supplier of Facebook. Please note that the suppliers of share buttons are considered independent data controllers. This means that HjulmandKaptain has no controlling influence of the data processed by the supplier. If this gives rise to any questions about how a specific supplier processes your personal data due to the use of the share buttons etc., we refer to the privacy police of the relevant supplier and recommend that you contact the supplier concerned.

 

You can always decide to renounce tracking based on the share buttons, which you can do on the page Your Online Choice

 

6. Physical visits to our offices

6.1 Issue of temporary parking permit (our office in Aalborg)

If you use our parking facilities when you visit our office in Aalborg, please note that we will process some of your personal data when issuing the temporary parking permit. The parking permit is issued by APCOA, providing the system in which the personal data for the issue of the permit are entered. The data processed will be your name, telephone number, and the registration number of the car which the parking permit concerns.

 

The legal grounds for processing your personal data are implied in Article 6(1)(b) of the GDPR. Please note that we consider APCOA the data controller of this processing of your personal data. If you have any questions to the storage or processing of your personal data in connection with the issue of the temporary parking permit, please direct such questions to APCOA.

 

6.2 Use of our guest network

At all our offices, you have the possibility to log on and use our guest network. When using the guest network, you will be asked to enter various data, including your name, email address, and telephone number. Such data will be processed when you access our guest network.

 

The legal grounds for this processing are implied in Article 6(1)(f) of the GDPR. Please note that you must accept our terms and conditions for the use of our guest network before gaining access.

 

7. Disclosure of data

In some situations, we entrust your personal data to other operators, including cooperation partners, suppliers, and others, e.g. IT suppliers, providers of client satisfaction surveys, suppliers of newsletter services, etc. Such operators will only process your personal data in accordance with our instructions and subject to the terms and conditions of a data processing agreement.

 

Likewise, we may disclose your personal data to other parties if we are required to do so under current statutes or if necessary to provide you with the service/advice concerned. Such other parties are e.g. the police, the tax authorities, the courts, the arbitration tribunal, other law firms, parties, counterparties, or representatives involved in lawsuits/cases, as well as other public authorities.

 

In addition, we may in some situations also disclose identity information to our banks when receiving client money as we are required to do so under the Danish Anti-Money Laundering Act.

 

8. Storage and deletion

We will delete your personal data when we no longer need to process them for the purpose for which they were collected. However, we may be required or entitled under special legislation, e.g. the Danish Book­keeping Act, the Anti-Money Laundering Act, and the Danish Limitation Act, to store them for a longer period. The data may also be processed and stored longer if they are depersonalized.

 

As a general rule, personal data collected in connection with our legal services, including data on parties, counterparties, representative, and other third parties involved in cases, are stored for 10 years after termination of the client relationship. In some situations, the storage periods may be shorter or longer, e.g. to comply with the legal requirements for deletion or storage or for other considerations.

 

Personal data being an integral part of bookkeeping records are stored for 5 years from the expiry of the financial year, as prescribed by Article 10 of the Bookkeeping Act, so the storage period is fixed for the purpose of complying with current legislation.

 

Personal data collected under the Anti-Money Laundering Act are stored for 5 years after termination of the client relationship.

 

Lists of participants in events and courses are generally stored for 12 months from the date of the individual event or course, the reason being our wish to evaluate who the participants are for the purpose of improving the content of the event/course, if we advertise the same at a later date. Consequently, we do not use the participants’ data to invite them again or for general marketing purposes, unless separate consent has been given.

 

If you unsubscribe from our newsletter service, this means that we will no longer send you newsletters.

 

9. Your rights as a data subject

You have a number of rights in relation to us due to our processing of your personal data. Below, you can read more about these rights; however, please feel free to contact us if you have any questions. We will do our best to reply to all your inquiries as soon as possible and within 30 days, at the latest. If we do not comply with your request according to the above, you may complain to the Danish Data Protection Agency.

 

You have the right to gain access to the personal data which we process about you; however, with certain exceptions prescribed by law. You may also object against our collection and further processing of your personal data. Further, you have the right to have incorrect personal data corrected, or you can request us to restrict the processing of your personal data.

 

At your request, we will without undue delay delete all personal data registered about you, unless we can continue the processing on other legal grounds. This may be relevant if the processing is required to determine a legal claim if it is necessary to reply to an inquiry from you or if we are legally obligated to store the data.

 

Under certain circumstances, you may also request us to give you a copy of your personal data in a structured, commonly used and machine-readable format and request us to transmit the data to another data controller (data portability).

 

If we process your personal data based on your consent, you may withdraw your consent at any time. If you withdraw your consent, we will cease the processing of your personal data. Withdrawal of your consent will not affect the lawfulness of the processing carried out prior to the withdrawal of your consent.

 

If you disagree in the way in which we process your personal data or the purposes for which we process them, please feel free to contact us. You are also entitled to file a complaint with

 

The Danish Data Protection Agency

Carl Jacobsens Vej 35

DK-2500  Valby

Tel.: +45 33 19 32 00

Email: dt@datatilsynet.dk