Data Protection Policy
Processing of personal data concerning users, customers and cooperation partners
This policy forms part of HjulmandKaptain’s overall documentation for its compliance with the current data protection legislation. The policy applies to the companies “HjulmandKaptain Advokatpartnerselskab” and “ITD HjulmandKaptain”.
The collection and processing of personal data, including sensitive and special category data, is always in strict compliance with the data protection legislation in force at any time, and HjulmandKaptain’s processing of personal data is always well-founded. In addition, HjulmandKaptain is aware that only personal data being required for securing a specific purpose may be processed, and any disclosure thereof to third parties must be specifically and objectively justified.
HjulmandKaptain’s processing of personal data meets the requirements in force at any time, including the security requirements provided by the data protection legislation. HjulmandKaptain is continuously reviewing all registered personal data, deleting data that is no longer relevant. The same applies if a client or a cooperation partner request us to delete their personal data, and the data are no longer relevant to us.
Under the current data protection legislation, HjulmandKaptain is considered the data controller concerning any personal data received from you.
1.1 Data controller
HjulmandKaptain is operated by two companies, both considered data controllers in respect of data collected on clients and cooperation partners. Below, you will find the relevant contact details for both companies:
Name: HjulmandKaptain, Advokatpartnerselskab (limited liability law company)
Address: Østre Havnegade 12, DK-9000 Aalborg
CVR reg.no. (DK): 32337120
2. Processing of personal data
In the course of our day-to-day operation, we process a wide range of personal data on all users on our website and on our clients and cooperation partners. Thus, HjulmandKaptain is particularly aware of processing all personal data confidentially and securely. This present policy lays down the further guidelines for our processing of personal data on the users of our services on the website, our clients and our cooperation partners.
Basically, the legal basis for processing your personal data is to reply to your inquiry or to perform the agreement on legal assistance made between us and you or your company or employer. However, the legal basis may sometimes also be the rule on the balancing of interests provided by the Data Protection Regulation. This is due to your personal data being of material importance to our compliance with the obligations incumbent on us as a law firm. Further, we may process personal data to comply with a legal obligation, thereby observing the Danish Administration of Justice Act, the Money Laundering Act, the Personal Data Regulation, the Data Protection Act, and the Bookkeeping Act. The legal basis for our processing sensitive personal data is typically either a consent, or the purpose is to pursue or establish a legal claim.
2.1 Receipt of inquiries
Upon our receipt of your inquiry by email or via our website or the social media, we shall process the personal data included in your inquiry. If e.g. you contact us via Facebook, we receive – via Facebook – certain information about you, e.g. by way of your name and a picture. However, the nature of such information depends on the structure of your private settings on Facebook. If you use our contact form, we shall process your personal data, including your name, email, telephone number, postal code and city, and the subject matter of your inquiry. The same applies, if you use the chat line on our website. We refer to the separate conditions applying to such use and presented to you when accessing the chat line function.
If you call us, we shall – if required – note your name and the subject-matter of your inquiry for the purpose of enabling us to follow up and document the inquiries received from our clients. Consequently, please note that we may sometimes record any relevant information that you give us during our telephone conversation.
Please do not provide us with any sensitive or confidential personal information on Facebook, LinkedIn or on our website, e.g. your civil registration number, account details or information as to your state of health.
2.2 Processing of information on participants in events
If HjulmandKaptain hosts a professional event requiring enrolment, we shall process contact details concerning the participants by way of their names, work places, titles, and email addresses, all for the purpose of handling their enrolments for this particular event.
If you participate in such an event, please note that we may sometimes take snapshots from the event for sharing on our website and/or the social media, the purpose being to brand the professional events arranged by us or HjulmandKaptain in general. If you do not wish to be on any such snapshots, please inform us accordingly at the beginning of the event.
2.3 Processing of client data
Being our client means that your personal data are processed by us along with the data of the other parties involved in the case.
We always register our clients in our case handling system. Such registration includes the following specific personal information:
- Name and address
- Email address
- telephone number
As for commercial clients, a specific contact person is usually registered in our system. In addition, any specific interests or requests of the company and/or the contact person in relation to our services will be noted.
HjulmandKaptain collects and records your personal data for the purpose of performing our agreement with you, invoicing our services and providing you with relevant information on the case.
In some specific types of cases, we may process a wide range of confidential and sensitive personal data about you. This applies e.g. to cases concerning family law or personal injury compensation as well as criminal cases. This means that sometimes we need to obtain your consent before proceeding with our case handling. If so required due to the specific type of case, you will be separately informed about the personal data to be processed about you in the specific situation, and whether your consent is required.
Our processing of your personal data will be separated from all other cases, and only the employees occupied with the specific type of case will have access to your case. Further, the access to our case handling system is protected by a separate and personal code for each individual user.
2.4 Money laundering information
In specific types of cases, we are obligated to obtain and store money laundering information. This means that we must obtain a copy of your passport and your driver’s license and/or your health insurance certificate. Such information will likewise be registered in our case handling system and kept for five years after our final case handling, all pursuant to the rules of the Danish Money Laundering Act.
2.5.1 Data register (“Datavagten”)
We register all our clients and the parties to a case with the data register called “Datavagten” for the purpose of ensuring that we always have a correct and updated version of your contact details. The registration of your personal data with “Datavagten” ensures that we are automatically notified in case of any changes in your name or address.
2.5.2 Television surveillance
We use live streaming at the entrance of our office in Aalborg. This means that we can see the person(s) using the entrance door to our building. The recordings are only stored upon activation by our reception , which only happens if someone rings the bell outside normal office hours. The recordings are only stored for 30 days and are only accessible to our IT department. In case of a suspicion of a criminal offence, the recordings may be entrusted to the police or other authorities under the current legislation on television surveillance.
2.5.3 Registration of licence plates (only at the Aalborg office)
When using our parking lot at the Aalborg office, you must register by entering your licence plate in our system in order to park for free. This information is merely used for handling your parking, and so it is deleted again within one month.
2.5.4 Use of network
When you visit us, please feel free to use our guest Wi-Fi; however, you need to be physically present in our buildings. When logging on to our guest Wi-Fi, you will be asked to enter your name, email address and cell phone number. Your email address will be your user name, and you will receive a text to the number given.
3. Storage period and deletion procedures
The rules of the data protection legislation do not prescribe a period after which personal data must be deleted. This is for us as the data controller to determine in each situation. We evaluate mainly, whether a continued storage of the personal data will serve a professional purpose, or whether we are legally obliged to store specific information or documents.
3.1 If you contact us
We always keep your inquiry, until it has been finally processed. If your inquiry results in the registration of an actual case, you will be considered our client, and so the deletion of your personal data will comply with our general procedure for the handling of case documents (see below).
3.2 If you have enrolled for a professional event
Generally, we keep lists of participants for 12 months after the event. We do this to evaluate the mix of participants with a view to improving the contents of the event, if we choose to offer it again. This means that we do not use any information about the participants for e.g. future invitations or general marketing purposes.
3.3 Unsubscription from newsletters
If you unsubscribe from our newsletters, we shall forthwith stop sending newsletters to you. You will be made inactive on our mailing list, and your personal data will be deleted within 30 calendar days, at the latest.
3.4 Storage of client information and case documents
Generally, we keep all relevant documents related to the case, including your personal data, for 10 years after termination of our client relationship. As for a few individual types of cases, we are required to keep the documents for a longer period, but if relevant, you will be specifically notified. However, we do not delete the personal data, if these are required for establishing or defending a legal claim, e.g. in case of a dispute arising in connection with outstanding accounts between you and HjulmandKaptain, in which case we are required to keep the case documents for a longer period than 10 years from termination of our client relationship.
We keep the case documents for the purpose of proving the proceedings in the event of a dispute in relation to our advice/assistance. Further, we keep the case documents for the purpose of complying with the code of legal conduct, requiring us – upon registration of a new case – to evaluate, whether there is any conflict of interests. Other personal data concerning you, which we are not required to keep in order to maintain the client relationship, will be deleted currently and at such time when we evaluate that there is no longer any professional need for a continued storage thereof, or if we are otherwise legally obliged to delete such data by a specific time.
Further, we always keep bookkeeping records and information obtained for five years for the purpose of complying with the Money Laundering Act (identification details), all pursuant to the Bookkeeping Act and the Money Laundering Act, respectively.
4. Safe processing of personal data
HjulmandKaptain observes confidentiality when processing your personal data, taking all technical and organizational safety precautions required to protect your personal data against any accidental or illegal destruction, forfeiture or deterioration and to prevent them from coming to third parties’ knowledge or from being misused or processed in other respects contrary to the data protection legislation.
Apart from having our own access to your personal data, HjulmandKaptain has also given access to a number of data processors, whom we employ in connection with assignments in terms of operation and IT security handled externally (e.g. back-ups, hosting of website etc.). Such access to your data is merely due to the data processor’s supply of technical service or other services to us in relation to the system or support on the operation and error detection within the limits defined by HjulmandKaptain. Any storage of data or establishment of such data processors’ access to data is subject to a number of rules; so data processing agreements have been entered into with all our data processors, for the purpose, among other things, of ensuring a suitable safety level and preventing your data from coming into possession of any unauthorised persons.
5. Disclosure of personal data
We will never disclose to third parties any data received from you in connection with your subscription for our newsletters or enrolment for an event, unless we have received your consent in advance, or we are legally obliged to do so.
If you are a client of ours, we may have to disclose your data to other parties or authorities, e.g. the courts of law, public authorities, banks, insurance companies and/or other attorneys, labour unions or accountants. The reason is that in many cases we are required either to disclose your personal data, or we may need to do so in order to attend to your interests.
We will only disclose your personal data, if we have a legal basis to do so. Such legal basis may e.g. be your consent, or we may be legally obliged or need to do so in order to establish or defend a legal claim. However, in many cases, we are required by specific rules applying to attorneys’ professional secrecy under the Administration of Justice Act not to disclose information to any other parties.
6. Your rights
You have several rights in relation to us, because we process your personal data. Below, you can read more about these rights; however, please also do not hesitate to contact us, if you have any questions. We endeavour to reply to all inquiries as soon as possible and within 30 days. If we fail to meet your request under the provisions stated below, you may complain to the Danish Data Protection Agency.
6.1 Right to access
You have a right to gain access to the personal data processed on you. A request of such access must be directed to us and need not be well-founded. In other words, this means that you are entitled to know which and for what purpose as well of the sources of the personal data processed and for how long we intend keep them and with whom we share them, if any.
6.2 Right to correct incorrect personal data
Should HjulmandKaptain process any incorrect or misleading personal data about you, you are entitled to request us to correct them. Upon receipt of any such request from you, we shall take action to ensure the correctness or deletion thereof.
6.3 Data erasure
In some situations, we are obliged to delete your personal data, before the time when we would normally delete your personal data, e.g. if we do no longer have a professional purpose of processing them, if a consent is withdrawn, if the personal data have been illegally processed, or if we are legally obliged to delete them, and sometimes if an objection is raised to our processing. We have taken these rights into account when determining our erasure policies.
6.4 Right to object
In certain cases, you are entitled to at any time to object to our processing of your personal data. Should we receive any such objection from you, we shall evaluate the possibility of limiting our processing of your personal data, until we have verified, whether our legitimate interests may supersede the client’s interests.
6.5 Data portability
In some situations, you are entitled to receive your personal data in a commonly use and machine readable format for the purpose of being transmitted to another data controller. If technically possible, we can likewise transmit the data directly to such new data controller.
6.6 Withdrawal of consent
If you have given your consent to us in relation to the processing of your personal data, you may withdraw such consent at any time. In that case, we shall cease the processing of the personal data attached to the consent, provided there is no other legal basis for a continued processing.
6.7 Complaint rules to the Data Protection Agency in Denmark
Should you have any objections against our processing of your personal data, please do not hesitate to contact us. However, you are also entitled, at any time, to complain to the Data Protection Agency about our processing and storage of your personal data. The Agency’s contact details are available on www.datatilsynet.dk