Privacy policy
of Accura
Advokatpartnerselskab

Here you can read about Accura Advokatpartnerselskab’s (“Accura”, “we”, “us”, “our”) processing of personal data. You are always welcome to contact us at [email protected] if you have any questions about how we process personal data.

Data control etc.
Controller
When you are a client with us (or you are in contact with us for other reasons) and use our websites, we generally process your personal data as a controller under the General Data Protection Regulation (the “GDPR”) and the Danish Data Protection Act (databeskyttelsesloven) (the “DPA”).
You can find our contact details at the bottom of this page.

Processor
However, in certain cases, Accura acts as a processor. This would be the case if, for example, Accura were to set up a virtual data room without having any influence on the contents thereof (for example, if we represent the buyer of a business but set up the data room for the seller and the seller selects the contents to be disclosed in the data room). This privacy policy does not cover the processing activities that we carry out as a processor.

Purposes and categories of personal data etc.
We process the following personal data:

Categories (persons)DataPurposesLegal basisStorage
Clients who are natural persons.

Persons associated with clients and/or consolidated undertakings, including employees, suppliers, advisors, members of management, etc.
Contact details, including names, email addresses, addresses and telephone numbers, and other information depending on the nature of the case, such as civil reg. (CPR) nos, financial circumstances and contractual relationships.

In special cases, sensitive data (such as data concerning health) or information about criminal offences.
Answering and processing enquiries, including providing legal advice and managing our relationship with the client.Ordinary data:
Point (b) of article 6(1) of the GDPR, in respect of clients who are natural persons.

Point (f) of article 6(1) of the GDPR, in respect of other persons, as we pursue our legitimate interest in providing legal advice and managing our relationship with the client.

Sensitive data:
Point (f) of article 9(2) of the GDPR, cf. point (b) of article 6(1) in respect of clients who are natural persons or point (f) of article 6(1) in respect of other persons. See above for our legitimate interest.

Civil reg. (CPR) no.: Section 11 of the DPA.

Criminal offences: Section 8 of the DPA.
For the duration of our relationship with the client and up to 10 years after it has ended (depending on the nature of the specific data).
Opposing parties who are natural persons.

Persons associated with opposing parties and/or opposing parties’ consolidated undertakings, including employees, suppliers, advisors, members of management, etc.
Contact details, including names, email addresses, addresses and telephone numbers, and other information depending on the nature of the case, such as financial circumstances and contractual relationships.

In special cases, sensitive data (such as data concerning health) or information about criminal offences.
Being able to contact opposing parties and providing legal advice for the purpose of managing our relationship with the client.Ordinary data:
Our legitimate interest in being able to contact opposing parties and providing legal advice and managing our relationship with the client; see point (f) of article 6(1) of the GDPR.

Sensitive data:
Point (f) of article 9(2) of the GDPR, cf. point (f) of article 6(1). See above for our legitimate interest.

Criminal offences: Section 8 of the DPA.
For the duration of our relationship with the client and up to 10 years after it has ended (depending on the nature of the specific data).
Persons associated with target companies or consolidated undertakings in connection with due diligence processes of transactions etc.Contact details, including names, email addresses, addresses and telephone numbers, information about employers and job titles, and other information depending on the nature of the case, such as information about leases, financial circumstances and contractual relationships (data room information).Providing advice in connection with transactions (due diligence).Ordinary data:
Our legitimate interest in being able to go through data room material for the purpose of providing legal advice; see point (f) of article 6(1) of the GDPR.

See above for information about persons associated with clients etc. and persons associated with opposing parties etc.
For the duration of our relationship with the client and up to 10 years after it has ended (depending on the nature of the specific data).
Witnesses, experts, other advisors, etc.Contact details, including names, email addresses, addresses and telephone numbers.
Information about education, professional experience and other offices, experience, and business partners.

Particularly in relation to witnesses:
Other information depending on the nature of the case, such as financial circumstances and contractual relationships, and, in certain cases, sensitive data such as information about criminal offences and data concerning health.
Being able to make contact when providing legal advice to our clients and the inclusion of personal data in connection with court or arbitral proceedings etc.Ordinary data:
Our legitimate interest in being able to make contact and providing legal advice, including court or arbitral proceedings, and managing our relationship with the client; see point (f) of article 6(1) of the GDPR.

Sensitive data:
Point (f) of article 9(2) of the GDPR, cf. point (f) of article 6(1). See above for our legitimate interest.

Criminal offences: Section 8 of the DPA.
For the duration of our relationship with the client and up to 10 years after it has ended (depending on the nature of the specific data).
Executives, managers and employees, creditors, chargees, contracting parties, customers, clients, debtors, shareholders and other persons associated with businesses and/or persons involved in or otherwise affected by compulsory dissolution, restructuring, insolvency and bankruptcy processes.Contact details, including names, email addresses, addresses and telephone numbers.

Statements of receivables including associated documentation and information about any dispute in respect thereof.

Payment details, bank account numbers and statements of claims for interest.

Depending on the nature of the case, sensitive personal data concerning health and information about criminal offences.

Information relating to the employment, including the executive service agreements or employment contracts, working hours, absence due to sickness, salary details, tax information, financial information, bank account numbers and any claims made to the Employees’ Guarantee Fund (LG).

Passport details Civil reg. (CPR) nos

Depending on the nature of the case, sensitive personal data about trade union memberships, health, including information about pregnancy and maternity/paternity leave.

In lease and rent cases in which the debtor is a tenant, information about the lease, including lease agreement, move-in and move-out inspection report, complaints procedures, deposit, etc.
Being able to make contact when we process the case, including examination of affairs and safeguarding the interest in seeking to obtain satisfaction, including examination of claims, collection and recovery.

Being able to make payments depending on the nature of the case.

Any registrations necessary for the case processing.
Ordinary data:
Our legitimate interest in being able to make contact and process the case, review and imply terms into agreements originating from the case and to comply with the legal obligations to which the trustee is subject; see points (b), (c) and (f) of article 6(1) of the GDPR.

Sensitive data:
Point (f) of article 9(2) of the GDPR.

Criminal offences: Section 8 of the DPA.
For the duration of the case and up to 10 years after it is closed (depending on the nature of the specific data).
Executives, managers, employees and others associated with our clients.Contact details, including names, email addresses, addresses and telephone numbers, and information about employers and job titles and other information depending on the nature of the case, such as information about illness, absence and other information pertaining to the employment.Providing advice in connection with employment law requests from clients, including legal opinions, management of whistle-blower reports and similar investigations.Ordinary data:
Our legitimate interest in being able to make contact and process the case; see point (f) of article 6(1) of the GDPR.

Sensitive data:
Point (f) of article 9(2) of the GDPR.

Criminal offences: Section 8 of the DPA.
For the duration of the case and up to 10 years after it is closed (depending on the nature of the specific data).
Persons reporting concerns under the whistleblowing schemes which we manage for our clients.

Persons mentioned in the reports made under the whistleblowing schemes which we manage for our clients.
Contact details, including names and job titles, and other information which we receive in relation to the reported concerns or incidents. This may include information on criminal offences.Processing of concerns received under the whistleblowing schemes which we manage for our clients and in respect of which Accura is the controller (Accura is the whistleblowing entity for the client.).

We process the personal data to be able to carry out the required follow-up on the reports and to keep track of the reports which we have processed.
Whistleblowing schemes established under the Danish Whistleblowing Act
All items of information:
Section 22 of the Danish Whistleblowing Act.

Whistleblowing schemes established voluntarily (not subject to the Danish Whistleblowing Act)
Ordinary data:
Our legitimate interest in investigating the report which we have received; see point (f) of article 6(1) of the GDPR.

Sensitive personal data: Point (f) of article 9(2) of the GDPR.

Criminal offences: Section 8 of the Danish Data Protection Act.
For the duration of the case and up to 10 years after it is closed (depending on the nature of the specific data).
Visitors on our website.IP addresses when placing cookies.

Please refer to our cookie policy.
Preparing statistics on the use of our websites and optimising our websites.

Please refer to our cookie policy.
Ordinary data:
If our processing is not based on your consent, it is based on our legitimate interest in optimising our websites; see point (f) of article 6(1) of the GDPR.
Please refer to our cookie policy.
Recipients of our newsletters.Names, email addresses and, if relevant, association with businesses.

In some cases, we also register other information, which you give us, for the purpose of sending personalised news to you.
Marketing.Ordinary data:
Point (a) of article 6(1) of the GDPR.

You can withdraw your consent at any time. You can see our contact details at the bottom of this page.
For as long as your consent is valid.
Participants in Accura’s events, courses, presentations, competitions etc.Names, email addresses and, if relevant, association with businesses, titles, educational institutions and graduation years.Distributing invitations, planning courses and events, issuing course certificates and communicating about the awarding of prizes.Ordinary data:
Our legitimate interest in offering and running courses, events, presentations, competitions etc.; see point (f) of article 6(1) of the GDPR.
For up to 5 years after the end of the course, event, presentation, competition etc.
Accura’s suppliers and business partners etc.Contact details, including names and email addresses, and information about association with the suppliers etc.Being able to contact suppliers or business partners.Ordinary data:
Our legitimate interest in being able to communicate with the supplier or the business partner; see point (f) of article 6(1) of the GDPR.
For as long as we have a collaboration with the supplier/business partner and up to 5 years after the end of the collaboration.
Beneficial owners and members of management associated with the client. Information about politically exposed persons or related parties or close business partners of politically exposed persons.Names, addresses, email addresses, telephone numbers and, if relevant, civil reg. (CPR) nos and passport copies.

Political affiliations (politically exposed persons) and information about spouses, registered partners, cohabitants or parents and children and their spouses, registered partners or cohabitants (related parties to a politically exposed person).
Complying with obligations under the Danish Anti-Money Laundering Act (hvidvaskloven), including customer due diligence procedures under the anti-money laundering rules (KYC).Ordinary data:
Point (c) of article 6(1) of the GDPR, cf. part 3 of the Danish Anti-Money Laundering Act.

Sensitive data:
Point (g) of article 9(2) of the GDPR, cf. point (c) of article 6(1), cf. part 3 of the Danish Anti-Money Laundering Act.

Civil reg. (CPR) no.: Section 11 of the DPA.
For 5 years after the end of the business relationship or the completion of a one-off transaction.
Persons recorded by our surveillance cameras.Physical appearance (surveillance footage) and geographical location (time and place).Preventing and solving criminal offences.Ordinary data:
Our legitimate interest in keeping our entry areas etc. under surveillance as part of our security measures; see point (f) of article 6(1) of the GDPR.

Criminal offences: Section 8 of the DPA.
For up to 30 days in accordance with the Danish Camera Surveillance Act (tv-overvågningsloven).
Persons mentioned in the Danish Central Business Register (CVR), judgments and other public sources.Names, employers, job titles, addresses, telephone numbers, associations with businesses.Legal processing and background knowledge.Ordinary data:
Our legitimate interest in legal processing and in obtaining background knowledge; see point (f) of article 6(1) of the GDPR.
For as long as the information is public.
Our employees’ relatives.Names, telephone numbers, email addresses, addresses and the nature of their relations with the employees.Being able to contact relatives, if necessary.Ordinary data:
Our legitimate interest in being able to contact relatives; see point (f) of article 6(1) of the GDPR.
For as long as the employee is employed with Accura and up to 5 years after the employee has left the company.

Recipients
Disclosure to third parties
We generally do not disclose personal data to others. However, we may be required by law to disclose your personal data, and it may also be necessary for the purpose of pursuing the purposes described above.

The recipients could be public authorities (for example, the corporate and commercial authorities, the tax authorities, the Danish Financial Supervisory Authority, the competition, consumer or data protection authorities), courts, arbitration boards and institutes, external legal advisors, financial advisors and auditors, banks, insurance companies and other third parties (for example, businesses examining matters or advising on matters other than those mentioned).

Making available personal data to processors
In some cases, we leave the processing of personal data to our processors who, for example, provide our IT systems, including hosting, backup and support and virtual data room providers. Depending on the specific situation, we may need to use other processors.

Transfers to third countries
In certain cases, we transfer personal data to recipients outside the EU and EEA. The recipients could be opposing parties, advisors or authorities. They could also be our processors (for example IT providers).

If the recipient is located outside the EU or the EEA, we will conclude EU standard contractual clauses approved by the European Commission with the recipient before we transfer the personal data. Moreover, we may transfer personal data if necessary for the purpose of establishing, making or defending legal claims. If you want a list of third country transfers and the grounds for them, please send an email to [email protected].

Mandatory data
Most of the personal data collected about you are given voluntarily or for the purpose of concluding or performing an agreement with us or a third party or for the purpose of making legal claims.

If we are to apply for registrations in Danish public systems (such as the online business portal (virk.dk), the digital registration system (tinglysning.dk) or the online court portal (minretssag.dk) on your behalf, we need to be able to identify you. Therefore, we will often need to have your civil reg. (CPR) number in our possession. We will also need to have documentation in our possession that uniquely identifies you; for example, if the situation is governed by the Danish Anti-Money Laundering Act or if we are to open a bank account on your behalf. Such documentation could be a copy of your passport. Similar obligations apply if we are to pay out funds to you, for example in connection with the award of applications for grants or payment of remuneration or compensation.

The consequence of failing to give us the information could be that we are unable to pursue the purposes mentioned, including, in certain cases, our relationship with the client, or that we are unable to fulfil our obligations to public authorities. As regards information obtained under the Danish Anti-Money Laundering Act, the provision of such information is mandatory in order for us to fulfil our statutory obligations.

Storage
Please refer to the description in the table above under “Purposes and categories of personal data etc.”.

Your rights
Please contact us at [email protected] if you wish to exercise your rights. As a main rule, you have the following rights:

Right of access: You have the right to view the data which we process about you.

Right to rectification: You can ask us to correct inaccurate data about you.

Right to erasure: In special cases, you have the right to request that we erase data about you before we normally are required to erase such data.

Right to restriction of processing: In some cases, you have the right to restrict the processing of your personal data. In that case, we will only process your personal data with your consent, for the establishment, exercise or defence of a legal claim or for the protection of a person or important public interests. In any circumstance, we may store your personal data.

Right to object: In some cases, you have the right to object to our otherwise lawful processing of your personal data. You may also object to our processing of your personal data for the purpose of direct marketing.

Right to data portability: In some cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have such personal data transferred from one controller to another.

You can read more about your rights in the Danish Data Protection Agency’s guidance on the data subjects’ rights, which is available on www.datatilsynet.dk (in Danish only).

In some cases, your rights under the data protection rules do not apply to Accura’s processing of your personal data, including because of our duty of confidentiality. Therefore, you may not be entitled to erasure or data portability in specific cases as this would depend on the specific circumstances.

Complaint to the Danish Data Protection Agency
You have the right to file a complaint with the Danish Data Protection Agency if you are not satisfied with our processing of your personal data. You can find the Danish Data Protection Agency’s contact details on www.datatilsynet.dk.

Accura’s contact details
If you have any questions, comments or requests concerning the processing of your personal data, you are welcome to contact us at:

Accura Advokatpartnerselskab
CVR no.: 33039018
Alexandriagade 8
DK-2150 Nordhavn
Email: [email protected]
Telephone: +45 3945 2800

Version: 17 April 2023