HjulmandKaptain’s Privacy Policy
At HjulmandKaptain, data security and confidentiality are given the highest priority. We continuously ensure that the data we process and store are handled securely, confidentially and in compliance with applicable legislation.
In this privacy policy, you can read more about how we process personal data when you are a client of ours, visit our website and/or use the functions available on our website, as well as when you otherwise make use of the functions or services we offer.
This privacy policy has been prepared for HjulmandKaptain Advokatpartnerselskab. The privacy policy was last updated in December 2025.
1. Data Controller
HjulmandKaptain is the data controller of the personal data we process in connection with the conduct of our business. Below you will find all relevant contact details, including where to direct any enquiries regarding our processing of your personal data:
HjulmandKaptain Advokatpartnerselskab
CVR No. 32337120 (Danish company registration number)
Østre Havnegade 12
9000 Aalborg
Email: data@70151000.dk
Telephone: +45 70 15 10 00
2. Data Processor
In certain situations, HjulmandKaptain acts as a data processor. This applies, for example, when we administer a whistleblowing scheme on behalf of our clients. In such cases, HjulmandKaptain processes personal data solely in accordance with instructions from the data controller and pursuant to the applicable data processing agreement.
Situations in which HjulmandKaptain acts as a data processor are not described in further detail in this privacy policy.
3. Categories of Data Subjects
HjulmandKaptain processes personal data relating to the following categories of data subjects:
- Clients
- Business partners, suppliers and similar parties
- Website visitors
- Newsletter subscribers
- Guests and participants at events
- Opposing parties, parties, representatives or similar parties in connection with case handling
4. When You Are a Client of HjulmandKaptain
4.1 Categories of Personal Data
When you are a client or a prospective client of HjulmandKaptain, we generally process the personal data necessary to provide you with appropriate legal advice. The specific personal data processed may vary depending on the type of case, the type of client and the manner in which the case is handled.
As a general rule, however, we will always process your identity, contact and professional details, including your name, email address, telephone number, personal email address, job title and place of work, information relating to the course of the case and certain financial information, including payment details.
4.2 Purpose and Legal Basis
The primary purpose of processing your personal data is to perform and fulfil the agreement we have entered into with you (or the company you represent, which is our client). The legal basis for such processing is Article 6(1)(b) of the General Data Protection Regulation (performance of a contract).
In addition, we may process personal data on the basis of our legitimate interest in administering the client relationship and ensuring efficient case management. The legal basis for this processing is Article 6(1)(f) of the GDPR.
In a number of cases, we also process special categories of personal data and information relating to criminal convictions and offences in connection with the handling of your case. The legal basis in such cases is Article 6(1)(f) cf. Article 9(2)(f) of the GDPR and Article 10 of the GDPR cf. sections 8(3)–(5) and section 7(1) of the Danish Data Protection Act.
We may also process your Danish personal identification number (CPR number). The legal basis for this is section 11 of the Danish Data Protection Act.
In certain types of cases, HjulmandKaptain, as a law firm, is subject to the Danish Anti-Money Laundering Act and its rules on customer due diligence (“KYC”) and identification. As a result, we process personal data such as name, contact details and CPR number. In some cases, we also process copies of passports, driving licences or health insurance cards.
The purpose of this processing is to comply with our statutory obligations under the Anti-Money Laundering Act. The legal basis is therefore Article 6(1)(c) of the GDPR and section 11 of the Danish Data Protection Act.
4.3 Pooled Client Account
If we handle entrusted funds in a pooled client bank account, we are required under section 38b of the Danish Anti-Money Laundering Act to obtain and verify identity information regarding the beneficial owners of the funds. In this context, we verify your identity using MitID (the Danish electronic ID system), including your CPR number. If you do not have MitID, we will obtain photographic identification. The information is disclosed to the financial institution where the pooled client account is held immediately after the deposit.
The purpose is to comply with our statutory obligations relating to the prevention of money laundering and terrorist financing. The processing is carried out pursuant to Article 6(1)(c) of the GDPR and, with regard to CPR numbers, section 11 of the Danish Data Protection Act. The information is used solely for identification and verification purposes and is stored in accordance with applicable rules.
5. When You Are a Party, Opposing Party, Representative or Similar
5.1 Categories of Personal Data
If you are a party, opposing party, representative or similar in a case handled by HjulmandKaptain, we generally process the personal data concerning you that form part of the case. Please note that we only process personal data that are necessary for the handling of our client’s case.
We process personal data such as your identity, contact and work-related information, including name, email address, telephone number, personal email address, job title, role in the case and certain financial information, such as your financial interest in the relevant matter.
5.2 Purpose and Legal Basis
The primary purpose of processing your personal data is our legitimate interest in handling our client’s case and safeguarding our client’s interests. The legal basis is therefore Article 6(1)(f) of the GDPR.
In certain types of cases, the purpose of the processing may be to comply with a legal obligation, in which case the legal basis is Article 6(1)(c) of the GDPR.
Depending on the type of case, we may also process special categories of personal data and information relating to criminal offences. The legal basis is Article 6(1)(f) and Article 9(2)(f) of the GDPR and, with respect to criminal offences, Article 10 of the GDPR cf. sections 8(3)–(5) and section 7(1) of the Danish Data Protection Act.
In certain cases, it may also be necessary to process your CPR number. If so, the legal basis is section 11 of the Danish Data Protection Act.
6. Processing in Connection with Bankruptcy Estates
6.1 Categories of Personal Data and Data Subjects
In cases of bankruptcy, including both personal bankruptcy and the bankruptcy of companies, HjulmandKaptain may be appointed as trustee in bankruptcy. The bankruptcy estate remains the data controller, but in connection with the administration of the estate, HjulmandKaptain processes personal data relating to other associated parties, including, for example, employees, customers, suppliers and business partners of the estate.
In cases of personal bankruptcy, these parties typically include other creditors, spouses/cohabitants and other involved family members.
In connection with the administration of a bankruptcy estate, we may process ordinary personal data (Article 6), special categories of personal data (Article 9), CPR numbers and information relating to criminal offences (Article 10).
For corporate bankruptcies, the data typically processed include identification and contact details, employee data, payroll and financial data, CPR numbers, contractual arrangements, information on trade union membership and/or health (sickness absence), as well as any information relating to criminal offences.
For personal bankruptcies, the data typically processed include identification and contact details, financial data, contractual arrangements, information regarding ability to pay, and in some cases CPR numbers and information relating to criminal offences.
6.2 Purpose and Legal Basis
The purpose of processing personal data is to administer and conclude the bankruptcy proceedings.
The legal basis for processing ordinary personal data is both our legal obligation under the Danish Bankruptcy Act, pursuant to Article 6(1)(c) of the GDPR, and our legitimate interest in performing legal services, pursuant to Article 6(1)(f) of the GDPR.
The legal basis for processing special categories of personal data is Article 9(2)(f) of the GDPR and such processing only takes place where necessary for the establishment, exercise or defence of legal claims.
If we process information relating to criminal offences, this may take place either where it is deemed necessary to safeguard a legitimate interest or in connection with the pursuit of a legal claim. The legal bases are section 8(3) (necessary for safeguarding an interest) and section 8(5) cf. section 7(1) of the Danish Data Protection Act.
CPR numbers are processed where necessary for unambiguous identification and/or where required by law, pursuant to section 11(2)(1) of the Danish Data Protection Act. In addition, CPR numbers may be processed in connection with the establishment, exercise or defence of a legal claim, pursuant to section 11(2)(4) cf. section 7(1) of the Danish Data Protection Act.
7. Use of Our Website and Newsletter Scheme
7.1 Visits to the Website
When you visit our website, we process information about your IP address and your behaviour on the website, including through the use of cookies. In addition, we process information about a unique ID assigned to you via Google Ads when you visit our website.
The purposes of the processing include optimising your visit to the website, ensuring the functionality of the website, generating statistics on website usage, remembering your preferences for future visits and optimising advertising activities on our social media platforms.
Our legal basis for processing your IP address is our legitimate interest in generating accurate and meaningful statistics on website usage, optimising website operations and marketing our services on social media. The legal basis is Article 6(1)(f) of the GDPR.
The placement of other cookies, including cookies that are not strictly necessary for the functionality of the website, as well as the unique ID assigned via Google Ads, is based on your consent pursuant to Article 6(1)(a) of the GDPR. You may withdraw or amend your consent at any time.
For a detailed description of the cookies used on our website, please refer to our cookie policy.
Your IP address is stored for up to 14 months from the time the relevant statistical cookie is placed on your device. Instructions on how to delete cookies are also available in our cookie policy.
For the preparation of website statistics, we use a third-party provider, Matomo. Matomo acts solely on behalf of HjulmandKaptain and in accordance with our instructions and may not process the data for its own purposes.
7.2 Subscription to Newsletters
When you subscribe to HjulmandKaptain’s newsletter, we process your name, job title, email address, postcode and city, place of work and areas of interest. The processing is based on your consent, and the legal basis is Article 6(1)(a) of the GDPR.
The information is used to distribute newsletters, invitations to events and other marketing material within your selected areas of interest, as well as to tailor communication based on your engagement with newsletters, events and similar activities.
You may unsubscribe from newsletters and invitations at any time either via the unsubscribe link included in the newsletters or by emailing data@70151000.dk. Please use the subject line “Withdrawal of consent for processing of personal data in connection with newsletters”.
Your personal data will be stored until you unsubscribe, at which point all data will be deleted without undue delay.
HjulmandKaptain does not disclose your personal data to third parties. We do, however, use third-party service providers for the distribution of newsletters and invitations. These providers act solely on our behalf and under our instructions.
7.3 Registration for Events, Courses and Similar Activities
When you register for events, courses, webinars or similar activities, we process your name, job title, place of work, email address, telephone number and, in some cases, address. The legal basis is Article 6(1)(b) of the GDPR.
Please note that photographs may be taken at physical events and shared on our website and social media platforms for branding purposes. The legal basis is Article 6(1)(f) of the GDPR.
If you do not wish to be photographed, please inform us at the beginning of the event. If an image has been shared and you wish it removed, please contact us at data@70151000.dk as soon as possible.
7.4 Enquiries via the Contact Form
When you contact us via the contact form on our website, we process your name, telephone number, email address, postcode and city, and a description of the matter for which you seek assistance. The legal basis is Article 6(1)(b) and/or Article 6(1)(f) of the GDPR, depending on the nature of the enquiry.
You are encouraged not to include sensitive or confidential information, information relating to criminal offences or CPR numbers when using the contact form.
Your enquiry is sent directly to our main mailbox and forwarded to the relevant case handler. It is deleted from our email system after 90 days.
7.5 Use of Share Buttons (Facebook, LinkedIn, YouTube)
Share buttons linking directly to HjulmandKaptain’s business profiles appear at the bottom of our website and on content from our knowledge platform. These include Facebook, Instagram, LinkedIn and YouTube.
When using these buttons, your data—including cookies, IP address and browsing history—may be shared with the relevant platform provider (e.g. Meta in the case of Facebook). These providers act as independent data controllers. Questions regarding their processing of personal data should be directed to the relevant provider’s privacy policy or contact point.
You may opt out of tracking via share buttons at any time via the page Your Online Choices.
8. Physical Visits to Our Offices
8.1 Issuance of Temporary Parking Permits (Aalborg Office)
When using our parking facilities at our Aalborg office, we process personal data in connection with issuing temporary parking permits. The permits are issued by Q-Park, which also provides the system used. The processed data include your name, telephone number and vehicle registration number.
The legal basis is Article 6(1)(b) of the GDPR. Q-Park is the data controller for this processing. Enquiries should be directed to privacy@q-park.dk.
8.2 Use of Guest Network
Guest Wi-Fi is available at all offices. To access it, you must provide your name, email address and telephone number. The legal basis is Article 6(1)(f) of the GDPR. Access requires acceptance of the guest network terms.
9. Disclosure of Information (Recipients)
9.1 Disclosure to Other Parties
In certain cases, personal data may be shared with business partners, suppliers and other parties such as IT providers, customer satisfaction survey providers and newsletter service providers. These parties act solely under our instructions and pursuant to applicable data processing agreements.
Personal data may also be disclosed where required by law or necessary to deliver legal services, including disclosure to the police, tax authorities, courts, arbitral tribunals, other law firms, parties and public authorities.
In addition, identity information may be disclosed to financial institutions in connection with client account funds, as required by the Danish Anti-Money Laundering Act.
9.2 Use of Artificial Intelligence (AI)
We use artificial intelligence (AI) as part of our digital tools to support and streamline our legal services, for example to analyse documents, structure information and assist with case handling.
All AI-generated outputs are reviewed by an employee before use. No fully automated decisions are made.
Appropriate technical and organisational measures have been implemented to protect personal data and ensure transparency and accountability. No disclosure of personal data takes place in connection with the use of AI tools. Processing is based on a legitimate interest pursuant to Article 6(1)(f) of the GDPR.
10. Storage and Deletion
We delete personal data when it is no longer required for the purposes for which it was collected. Certain statutory obligations, including under bookkeeping, anti-money laundering and limitation legislation, may require longer retention periods. Data may be stored longer in anonymised form.
As a general rule, personal data relating to legal services are stored for 10 years following termination of the client relationship.
Accounting data are stored for five years from the end of the financial year, in accordance with section 10 of the Danish Bookkeeping Act.
Data collected under the Anti-Money Laundering Act are stored for five years following termination of the client relationship.
Participant lists for events and courses are stored for 12 months for evaluation purposes only and are not used for marketing unless separate consent has been given.
Unsubscribing from newsletters means that no further newsletters will be sent after the date of unsubscribing.
11. Your Rights
You have a number of rights in relation to our processing of your personal data. You are always welcome to contact us with questions. We aim to respond as soon as possible and no later than 30 days. If your request is not granted, you may lodge a complaint with the Danish Data Protection Agency (Datatilsynet).
You have the right of access, objection, rectification and restriction of processing, subject to statutory exceptions.
You may request erasure of your data unless processing may continue on another legal basis, such as the establishment or defence of legal claims or statutory retention obligations.
You may also request data portability under certain conditions.
Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Complaints may be submitted to:
Datatilsynet (Danish Data Protection Agency)
Carl Jacobsens Vej 35
2500 Valby
Telephone: +45 33 19 32 00
Email: dt@datatilsynet.dk