Privacy Policy

Privacy policy of 360 Law Firm

This privacy policy describes how 360 Law Firm (‘we’, ‘our’ or ‘us’) processes personal data in connection with case work, anti-money laundering measures, courses and seminars, marketing and use of the website.

1. Data controller

The legal entity responsible for the processing of your personal data is:

360 Law Firm Advokatpartnerselskab
CVR: 41 33 22 55
Lautrupsgade 7
2100 Copenhagen Ø
info@360-lawfirm.com
Phone: +45 69 166 360

2. Contact us

If you have any questions regarding our processing of personal data, please contact us by phone +45 69 166 360 or email info@360-lawfirm.com.

 

3. Description of the processing

We have described the purposes for which we process personal data in the following:

3.1 Delivery of our services

When we provide services to a client, we always create a case in our case management system, Legis 365. The case will be associated with one or more parties who are parties to the case in different ways. If you are among such parties, whether you are part of the client’s organisation or associated with the opposing party, we will process a number of personal data about you.

We use the personal data to communicate with you, process the case and make any registrations in the authorities’ digital service solutions.

We process a number of general personal data about you, including contact information such as name, position, email, telephone, address and information about your employment. If we need to make registrations on public service platforms (virk.dk, tinglysning.dk or minretssag.dk), we may need to process more of your general personal data, including your CPR number, in order to identify you.

For example, in connection with the processing of insurance cases involving individuals, we may in some cases process sensitive personal data about you, such as health information.

The personal data source is either our client, yourself or another person associated with the party you represent.

If you, as a client, is an individual, we process your personal data on the basis of article 6.1.b of the General Data Protection Regulation, as the processing is necessary to enter into or fulfil the engagement letter concluded with our client.

If you are a counterparty, the basis for processing is article 6.1.f on the legitimate interest balance, where our legitimate interest is to enforce or defend a legal claim.

In the case of sensitive personal data or CPR number, the legal basis is article 9.2.f regarding the enforcement or defence of legal claims.

If official registrations are required, we may share your personal data with a number of public authorities via the authorities’ reporting portals. These are the Danish Business Authority (virk.dk), the Danish Land Registry (tinglysning.dk) and the Danish Court Administration (minretssag.dk).

We store your personal data for as long as it is necessary for the purpose(s) for which the data is processed. As a general rule, the data is stored for 5 years after the case is closed, but in special cases there may be shorter or longer storage periods – for instance to comply with legal requirements for deletion or storage.

3.2 Implementation of anti-money laundering procedure and establishment of client account in banks

In cases involving transaction of assets, we are required by the Anti-Money Laundering Act to register the client’s beneficial owners. The same requirement applies when we open a client account with a bank on behalf of a client. If you or your company is a client of ours, you may therefore be requested to provide documentation of who you are or to help identify your employer’s beneficial owners.

In order to conduct and finalise an anti-money laundering check, we need a number of general personal data such as name, address, place of birth and nationality. We will need to verify the information in the form of e.g. a scanned copy of a driving licence, health insurance card and/or birth certificate. When the beneficial owners are not Danish or have permanent residence in Denmark, we may need to obtain additional documentation, including proof of address.

The sources collection of data will always be the data subjects themselves. We process this personal data on the basis of article 6.1.c of the General Data Protection Regulation regarding compliance with legal obligations. The legal obligation is set out in the Act on the Prevention of Money Laundering and Terrorist Financing. In special cases, sensitive personal data may also be processed in accordance with article 9.2.g.

If creation of a client account is needed, we share the collected personal data with the relevant bank which will be governed by the same legislation as us.

If an authority, such as the Danish Financial Supervisory Authority or the State Prosecutor for Special Crime, takes an interest in certain transactions, we are obliged under the Money Laundering Act to disclose the information to the relevant authorities.

We store your data for as long as necessary. As required by the Anti-Money Laundering Act, we do not store your data for longer than 5 years after the business relationship has ended.

We are obliged to ensure that the collected information which is still relevant to the transaction is kept up to date, and in these cases, we will contact you for an update at maximum 36-month intervals.

3.3 Courses or events

When you participate in a course or event with us, we use your personal data to keep in contact with you before, during and after the activity.

If you are employed by one of our clients and you are registered for a course or an event, we store your personal data for as long as we have a business relationship with the client.

For the purpose of organising a course or an event, we only process general personal data, including information about your name, position, email, telephone and place of employment.

The sources of the processed data originate from you or from your employer, if your employer has registered you for the course or event.

We process your personal data as described above based on article 6.1.b if you are a party to the agreement, as the data is necessary to fulfil an agreement with you. Processing may also take place on the basis of section 6.1.f where the legitimate interest is to administer courses and events and send out evaluation forms etc.

We store your personal data for as long as it is necessary to carry out the relevant course or event and to evaluate it. A course or an event may be part of a pre-described established context with other events or networking and in these cases, we will retain your personal data until the entire programme or networking has been completed and evaluated. If you are employed by one of our clients, we will retain your data for as long as we have a business relationship with the client. In the event of a payment arrangement, we store invoice data for 5 years after the end of the current financial year as stipulated by the Danish Bookkeeping Act.

3.4 Marketing

We use personal data for marketing purposes, including to target our communication to you. The targeted communication includes sending out newsletters.

For this purpose, we only process general personal data, including name, position, e-mail, telephone and place of employment. We also register the language in which you wish to receive our material.

The personal data we use originates from you or is obtained from publicly available sources, such as your LinkedIn profile. The data may also be collected through the use of our website.

The legal basis for processing the data is your consent (article 6.1.a) for targeted marketing, and our legitimate interests (article 6.1.f). The legitimate interests we pursue are our marketing interest and our interest in targeting the material we send out. We do not disclose your personal data to any third party. Your consent can be revoked at any time.

If you have subscribed to one or more of our newsletters, we will store your personal data for as long as you wish to receive material from us and for two years thereafter. If we have collected publicly available information about you in order to carry out marketing initiatives, we will store such information for as long as the initiative in question is in progress and for two years thereafter.

3.5 Hiring process

When you apply for a position with us, we use your personal data in the recruitment process. In order to complete the recruitment process, we process a number of common personal data that you have provided us with through your application and CV.

The personal data in question includes information on name, address, position, email, educational history and employment history.

We process your personal data in connection with the recruitment process as described above based on our legitimate interests (article 6.1.f) The legitimate interest we pursue is the assessment of the applications received.

If we enter into an employment relationship with you, we will store your personal data until 5 years after your resignation. As an employee, you can read more about our processing of your personal data in our employment handbook.

If we do not enter into an employment relationship with you, we will delete your data no later than 6 months after the recruitment process is completed.

3.6 Use of our website

When you use our website, personal data about your behaviour is also collected through the use of ‘cookies’.

We process your personal data in connection with the use of our website, as described above and as further described in our cookie policy, on the basis of article 6.1.a, your consent, and article 6.1.f, where the legitimate interest is to offer you an interesting and optimally functioning website.

You can read more about the use of cookies in our cookie policy and revoke or change your consent by opting out of cookies, or you can block cookies in your browser.

4. Recipients

We treat the information confidentially and generally do not disclose the information to any third party. However, this may be the case to specific clients, counterparties, authorities and/or courts.

The data is not transferred to countries outside the EU/EEA unless this is done to a specific client, counterparty, court or similar. In such case, transfers are made in accordance with article 49.1, b-e of the General Data Protection Regulation.

The data may be transferred to external suppliers, including data processors, who assist us in the operation of the business.

5. Mandatory information

If we are to make registrations on your behalf in public service platforms such as virk.dk, tinglysning.dk or minretssag.dk, we must be able to uniquely identify you to the authorities. To assist you, it is therefore often necessary for us to be in possession of your CPR number.

To provide a service to you that is covered by the rules of the Danish Anti-Money Laundering Act, or if we are to open a bank account on your behalf, we must have copies of documents that uniquely identify you. This could be a driving licence, passport or birth certificate.

If we need to disburse funds to you, e.g. in connection with grant applications, we must be in possession of your CPR and bank account number. The same applies if you hold a paid position in one of the foundations or associations under our administration.

6. Your rights

You have the following rights:

  • (1) You have the right to request access, rectification or deletion of your personal data.
  • (2) You also have the right to object to the processing of your personal data and to have the processing of your personal data restricted
  • (3) In particular, you have the unconditional right to object to the processing of your personal data for direct marketing purposes.
  • (4) If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Your revocation will not affect the lawfulness of the processing carried out prior to your revocation of consent.
  • (5) You have the right to receive the personal data that you yourself have provided in a structured, commonly used and machine-readable format (data portability).
  • (6) You can always file a complaint with a data protection supervisory authority, such as the Danish Data Protection Agency.

You can exercise your rights by contacting us at info@360-lawfirm.com or telephone +45 69 166 360.

There may be conditions or limitations to these rights. It is therefore not certain that you have the right to data portability in a specific case – this depends on the specific circumstances of the processing activities.

7. The Danish Data Protection Agency

Any complaint may be filed with the Danish Data Protection Agency:

The Danish Data Protection Agency

Carl Jacobsens Vej 35

2500 Valby, Denmark

Tel. 33 19 32 00

dt@datatilsynet.dk

For more information, please go to www.datatilsynet.dk, where complaints may also be filed.