Privacy policy
of Accura
Advokatpartnerselskab
Here you can read about Accura Advokatpartnerselskab’s (“Accura”, “we”, “us”, “our”) processing of personal data. You are always welcome to contact us at [email protected] if you have any questions about how we process personal data.
Data control etc.
Controller
When you are a client with us (or you are in contact with us for other reasons) and use our websites, we generally process your personal data as a controller under the General Data Protection Regulation (the “GDPR”) and the Danish Data Protection Act (databeskyttelsesloven) (the “DPA”).
You will find our contact details at the end of this policy.
Processor
However, in certain cases, Accura acts as a processor. This would be the case if, for example, Accura were to set up a virtual data room without having any influence on the contents thereof, for example, if we represent the buyer of a business but set up the data room for the seller who selects the material to be disclosed in the data room. This privacy policy does not cover the processing activities that we carry out as a processor.
Purposes and categories of personal data etc.
We process the following personal data:
| Categories (persons) | Data | Purposes | Legal basis | Storage |
| Clients who are natural persons. Persons associated with clients and/or group companies, including employees, suppliers, advisors, members of management, etc. | Contact details, including names, email addresses, addresses and telephone numbers, and other information depending on the nature of the case, such as civil reg. (CPR) nos, financial circumstances and contractual relationships. In special cases, sensitive data, such as data concerning your health, or information about criminal offences. | Answering and processing enquiries, including providing legal advice and managing our relationship with the client. | Ordinary data: Point (b) of article 6(1) of the GDPR in respect of clients who are natural persons. Point (f) of article 6(1) of the GDPR in respect of other persons as we pursue our legitimate interest in providing legal advice and managing our relationship with the client. Sensitive data: Point (f) of article 9(2) of the GDPR, cf. point (b) of article 6(1) in respect of clients who are natural persons or point (f) of article 6(1) in respect of other persons. See above for our legitimate interest. Civil reg. (CPR) no.: Section 11 of the DPA. Criminal offences: Section 8 of the DPA. | For the duration of our relationship with the client and up to ten years after it has ended depending on the nature of the specific data. |
| Opposing parties who are natural persons. Persons associated with opposing parties and/or opposing parties’ group companies, including employees, suppliers, advisors, members of management, etc. | Contact details, including names, email addresses, addresses and telephone numbers, and other information depending on the nature of the case, such as financial circumstances and contractual relationships. In special cases, sensitive data, such as data concerning your health, or information about criminal offences. | Being able to contact opposing parties when providing legal advice for the purpose of managing our relationship with the client. | Ordinary data: Our legitimate interest in being able to contact opposing parties when providing legal advice and in being able to manage our relationship with the client; see point (f) of article 6(1) of the GDPR. Sensitive data: Point (f) of article 9(2) of the GDPR, cf. point (f) of article 6(1). See above for our legitimate interest. Criminal offences: Section 8 of the DPA. | For the duration of the case and up to ten years after it is closed. |
| Persons associated with target companies or group companies in connection with due diligence processes of transactions etc. | Contact details, including names, email addresses, addresses and telephone numbers. Information about employers, job titles and other information depending on the nature of the case, such as information about leases, financial circumstances and contractual relationships (data room information). | Providing advice in connection with transactions (due diligence). | Ordinary data: Our legitimate interest in being able to go through data room material for the purpose of providing legal advice; see point (f) of article 6(1) of the GDPR. See above for information about persons associated with clients etc. and persons associated with opposing parties etc. | For the duration of the case and up to ten years after it is closed unless special circumstances require us to store the data for a shorter or longer period. |
| Witnesses, experts, other advisors, etc. | Contact details, including names, email addresses, addresses and telephone numbers. Information about education, professional experience and other offices, experience and business partners. Particularly in relation to witnesses: Other information depending on the nature of the case, such as financial circumstances and contractual relationships, and, in certain cases, sensitive data such as information about criminal offences and data concerning health. | Being able to make contact when providing legal advice to our clients and the inclusion of personal data in connection with court or arbitral proceedings etc. | Ordinary data: Our legitimate interest in being able to make contact and provide legal advice, including court or arbitral proceedings, and in being able to manage our relationship with the client; see point (f) of article 6(1) of the GDPR. Sensitive data: Point (f) of article 9(2) of the GDPR, cf. point (f) of article 6(1). See above for our legitimate interest. Criminal offences: Section 8 of the DPA. | For the duration of the case and up to ten years after it is closed unless special circumstances require us to store the data for a shorter or longer period. |
| Executives, managers and employees, creditors, chargees, contracting parties, customers, clients, debtors, shareholders and other persons associated with businesses and/or persons involved in or otherwise affected by compulsory dissolution, restructuring, insolvency and bankruptcy processes. | Contact details, including names, email addresses, addresses and telephone numbers. Statements of receivables including associated documentation and information about any dispute in respect thereof. Payment details, bank account numbers and statements of claims for interest. Depending on the nature of the case, sensitive personal data concerning health and information about criminal offences. Information relating to the employment, including the executive service agreements or employment contracts, working hours, absence due to sickness, payroll data, tax information, financial information, bank account numbers and any claims made to the Employees’ Guarantee Fund (LG). Passport details Civil reg. (CPR) nos Depending on the nature of the case, sensitive personal data about trade union memberships, health, including information about pregnancy and maternity/paternity leave. In lease and rent cases in which the debtor is a tenant, information about the lease, including lease agreement, move-in and move-out inspection report, complaints procedures, deposit, etc. | Being able to make contact when we process the case, including examination of affairs and safeguarding the interest in seeking to obtain satisfaction, including examination of claims, collection and recovery. Being able to make payments depending on the nature of the case. | Ordinary data: Our legitimate interest in being able to make contact and process the case, review and imply terms into agreements originating from the case and to comply with the legal obligations to which the trustee is subject; see points (b), (c) and (f) of article 6(1) of the GDPR. Sensitive data: Point (f) of article 9(2) of the GDPR, cf. point (f) of article 6(1). See above for our legitimate interest. Criminal offences: Section 8 of the DPA. | For the duration of the case and up to ten years after it is closed unless special circumstances require us to store the data for a shorter or longer period. |
| Executives, managers, employees and others associated with our clients. | Contact details, including names, email addresses, addresses and telephone numbers, and information about employers and job titles and other information depending on the nature of the case, such as information about illness, absence and other information pertaining to the employment. | Providing advice in connection with employment law requests from clients, including legal opinions, management of whistleblowing reports and similar investigations. | Ordinary data: Our legitimate interest in being able to make contact and process the case; see point (f) of article 6(1) of the GDPR. Sensitive data: Point (f) of article 9(2) of the GDPR, cf. point (f) of article 6(1). See above for our legitimate interest. Criminal offences: Section 8 of the DPA. | For the duration of the case and up to ten years after it is closed unless special circumstances require us to store the data for a shorter or longer period. |
| Persons reporting wrongdoings under the whistleblowing schemes which we manage for our clients. Persons mentioned in the reports made under the whistleblowing schemes which we manage for our clients. | Contact details, including names and job titles, and other information which we receive in relation to the reported wrongdoings. This may include information on criminal offences. | Processing of reports received under the whistleblowing schemes which we manage for our clients and in respect of which Accura is the controller. Accura is the whistleblowing entity for the client. We process the personal data to be able to carry out the required processing of the reports and to keep track of the reports which we have processed. | Whistleblowing schemes established under the Danish Act on the Protection of Whistleblowers (lov om beskyttelse af whistleblowere) All data: Section 22 of the Danish Act on the Protection of Whistleblowers. Whistleblowing schemes established voluntarily (not subject to the Danish Act on the Protection of Whistleblowers) Ordinary data: Our legitimate interest in investigating the report which we have received; see point (f) of article 6(1) of the GDPR. Sensitive personal data: Point (f) of article 9(2) of the GDPR. Criminal offences: Section 8 of the DPA. | For the duration of the case and up to ten years after it is closed depending on the nature of the specific data. |
| Visitors on our website. | IP addresses when placing cookies. Please refer to our cookie policy. | Preparing statistics on the use of our websites and optimising our websites. Please refer to our cookie policy. | Ordinary data: If our processing is not based on your consent, it is based on our legitimate interest in optimising our websites; see point (f) of article 6(1) of the GDPR. | Please refer to our cookie policy. |
| Recipients of our newsletters. | Names, email addresses and, if relevant, Names, email addresses and, if relevant, association with businesses. In some cases, we also register other information, which you give us, for the purpose of sending personalised news to you. | Marketing. | Ordinary data: Point (a) of article 6(1) of the GDPR. You can withdraw your consent at any time. You can see our contact details at the bottom of this page. | For as long as your consent is valid. |
| Participants in Accura’s events, courses, presentations, competitions, etc. | Names, email addresses and, if relevant, association with businesses, titles, educational institutions and graduation years. | Distributing invitations, planning courses and events, issuing course certificates and communicating about the awarding of prizes. | Ordinary data: Our legitimate interest in offering and running courses, events, presentations, competitions, etc.; see point (f) of article 6(1) of the GDPR. | For up to five years after the end of the event, course, presentation, competition, etc. |
| Accura’s suppliers and business partners etc. | Contact details, including names and email addresses, and information about the association with the suppliers etc. | Being able to contact suppliers or business partners. | Ordinary data: Our legitimate interest in being able to communicate with the supplier or the business partner; see point (f) of article 6(1) of the GDPR. | For as long as we have a collaboration with the supplier/business partner and up to five years after the end of the collaboration. |
| Beneficial owners and members of management associated with the client. Information about politically exposed persons or related parties or close business partners of politically exposed persons. | Names, addresses, email addresses, telephone numbers and, if relevant, civil reg. (CPR) nos and passport copies. Political affiliations (politically exposed persons) and information about spouses, registered partners, cohabitants or parents and children and their spouses, registered partners or cohabitants (related parties to a politically exposed person). | Complying with obligations under the Danish Anti-Money Laundering Act (hvidvaskloven), including customer due diligence procedures under the anti-money laundering rules. | Ordinary data: Point (c) of article 6(1) of the GDPR, cf. part 3 of the Danish Anti-Money Laundering Act. Sensitive data: Point (g) of article 9(2) of the GDPR, cf. point (c) of article 6(1), cf. part 3 of the Danish Anti-Money Laundering Act. Civil reg. (CPR) no.: Section 11 of the DPA. | For five years after a case covered by the Money Laundering Act is closed. |
| Persons recorded by our surveillance cameras. | Physical appearance (surveillance footage) and geographical location (time and place). | Preventing and solving criminal offences. | Ordinary data: Our legitimate interest in keeping our entry areas etc. under surveillance as part of our security measures; see point (f) of article 6(1) of the GDPR. Criminal offences: Section 8 of the DPA. | For up to 30 days in accordance with the Danish Camera Surveillance Act (TV-overvågningsloven). |
| Persons mentioned in the Danish Central Business Register (CVR), judgments and other public sources. | Names, employers, job titles, addresses, telephone numbers, associations with businesses. | Legal processing and background knowledge. | Ordinary data: Our legitimate interest in legal processing and in obtaining background knowledge; see point (f) of article 6(1) of the GDPR. | For as long as the information is public. |
| Our employees’ relatives. | Names, telephone numbers, email addresses, addresses and the nature of their relations with the employee. | Being able to contact relatives, if necessary. | Ordinary data: Our legitimate interest in being able to contact relatives; see point (f) of article 6(1) of the GDPR. | For as long as the employee is employed with Accura. |
| Persons who have applied or otherwise have been considered for a position with us. | Names, telephone numbers, email addresses, addresses, information provided in CVs, education and grades, payroll data, language preferences, nationalities, personal or behavioural profiles, results of personality assessments and tests, references, work experience, history. | Recruitment, including evaluation of applicants, statistics and, potentially, management of objections. | Ordinary data: Our legitimate interest in being able to assess whether a candidate is fit for a position at Accura; see point (f) of article 6(1) of the GDPR. | We store applications for specific job advertisements for up to six months after the position has been filled. We store unsolicited applications for six months, after which the applicant may choose to extend the application for an additional six months. |
Recipients
Disclosure to third parties
We generally do not disclose personal data to others. However, we may be required by law to disclose your personal data, and it may also be necessary for the purpose of pursuing the purposes described above.
The recipients could be public authorities (such as the corporate and commercial authorities, the tax authorities, the Danish Financial Supervisory Authority, the competition, consumer or data protection authorities), courts, arbitration boards and institutes, external legal advisors, financial advisors and auditors, banks, insurance companies and other third parties, such as businesses examining matters or advising on matters other than those mentioned. In the event of suspected money laundering or terrorist financing, we are required to notify the Danish Bar and Law Society and/or the Danish Money Laundering Secretariat and in that connection disclose your ID information. We are not permitted to inform you if we make such a notification.
If you participate in a recruitment process, we may collect information from your previous employer(s), LinkedIn and other social media, recruitment agencies, publicly available websites and from people who have recommended you for a position with us. We may also disclose your information to headhunters, skill and personality test providers and recruiters in our group companies if relevant for the specific position.
Making available personal data to processors
In some cases, we leave the processing of personal data to our processors who, for example, provide our IT systems, including hosting, backup and support and virtual data room providers. Depending on the specific situation, we may need to use other processors.
Transfers to third countries
In certain cases, we transfer personal data to recipients outside the EU and the EEA. The recipients could be opposing parties, advisors or authorities. They could also be our processors, such as IT providers. If you participate in a recruitment process, we may disclose your personal data to recruiters in our group companies if relevant for the specific position.
If the recipient is located outside the EU or the EEA, we will conclude EU standard contractual clauses approved by the European Commission with the recipient before we transfer the personal data. Moreover, we may transfer personal data if necessary for the purpose of establishing, making or defending legal claims. If you want a list of third country transfers and the grounds for them, please send an email to [email protected].
Mandatory data
Most of the personal data collected about you are given voluntarily or for the purpose of concluding or performing an agreement with us or a third party or for the purpose of making legal claims.
If we are to apply for registrations in Danish public systems, such as the online business portal (virk.dk), the digital registration system (tinglysning.dk) or the online court portal (minretssag.dk) on your behalf, we need to be able to identify you. Therefore, we will often need to have your civil reg. (CPR) number in our possession. We will also need to have documentation in our possession that uniquely identifies you; for example, if the situation is governed by the Danish Anti-Money Laundering Act or if we are to open a bank account on your behalf. Such documentation could be a copy of your passport. Similar obligations apply if we are to pay out funds to you, for example in connection with the award of applications for grants or payment of remuneration or compensation.
The consequence of failing to give us the personal data could be that we are unable to pursue the purposes mentioned, including, in certain cases, our relationship with the client, or that we are unable to fulfil our obligations to public authorities. As regards information obtained under the Danish Anti-Money Laundering Act, the provision of such information is, therefore, mandatory in order for us to fulfil our statutory obligations.
Storage
Please refer to the description in the table above under “Purposes and categories of personal data etc.”.
Your rights
Please contact us at [email protected] if you wish to exercise your rights. As a main rule, you have the following rights:
Right of access: You have the right to view the data which we process about you.
Right to rectification: You can ask us to correct inaccurate data about you.
Right to erasure: In special cases, you have the right to request that we erase data about you before we normally are required to erase such data.
Right to restriction of processing: In some cases, you have the right to restrict the processing of your personal data. In that case, we will only process your personal data with your consent, for the establishment, exercise or defence of a legal claim or for the protection of a person or important public interests. In any circumstance, we may store your personal data.
Right to object: In some cases, you have the right to object to our otherwise lawful processing of your personal data. You may also object to our processing of your personal data for the purpose of direct marketing.
Right to data portability: In some cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have such personal data transferred from one controller to another.
You can read more about your rights in the Danish Data Protection Agency’s guidance on the data subjects’ rights, which is available on www.datatilsynet.dk (in Danish only).
In some cases, your rights under the data protection rules do not apply to Accura’s processing of your personal data, including because of our duty of confidentiality. Therefore, you may not be entitled to erasure or data portability in specific cases as this would depend on the specific circumstances.
Complaint to the Danish Data Protection Agency
You have the right to file a complaint with the Danish Data Protection Agency if you are not satisfied with our processing of your personal data. You can find the Danish Data Protection Agency’s contact details on www.datatilsynet.dk.
Accura’s contact details
If you have any questions, comments or requests concerning the processing of your personal data, you are welcome to contact us at:
Accura Advokatpartnerselskab
CVR no.: 33039018
Alexandriagade 8
DK-2150 Nordhavn
Email: [email protected]
Phone: + 45 3945 2800
You may contact the DPO of Accura Singapore FLP PTE. LTD at [email protected].
Version: 3 October 2024