Privacy policy of
Accura Advokatpartnerselskab

Here you can read about Accura Advokatpartnerselskab’s (“Accura”, “we”, “us”, “our”) processing of personal data. You are always welcome to contact us at compliance@accura.dk if you have any questions about how we process personal data.

 

Data control etc.
Controller
When you are a client with us (or you are in contact with us for other reasons) and when you use our websites, we generally process your personal data as a controller under the General Data Protection Regulation (the “GDPR”) and the Danish Data Protection Act (databeskyttelsesloven) (the “DPA”).

You can find our contact details at the end of this policy.

 

Processor
However, in certain cases, Accura acts as a processor. This would be the case if, for example, Accura were to set up a virtual data room without having any influence on the contents thereof (for example, if we represent the buyer of a business but set up the data room for the seller and the seller selects the contents to be disclosed in the data room) or if we manage a whistleblower scheme for our client. This privacy policy does not cover the processing activities that we carry out as a processor.

Purposes and categories of personal data etc.
We process the following personal data:

Categories (persons)DataPurposesLegal basisStorage
Clients who are natural persons.

Persons associated with clients and/or consolidated undertakings, including employees, suppliers, advisors, members of the executive board and of the board of directors, etc.
Contact details, including names, email addresses, addresses and telephone numbers, and other information depending on the nature of the matter, such as civil reg. (CPR) nos, financial situations and contractual relationships.

In special cases, sensitive data (such as data concerning your health) or information about criminal offences.
Answering and processing your enquiry, including providing legal advice and managing our relationship with the client.Ordinary data:
Point (b) of article 6(1) of the GDPR, in respect of clients who are natural persons.

Point (f) of article 6(1) of the GDPR, in respect of other persons, as we pursue our legitimate interest in providing legal advice and managing our relationship with the client.

Sensitive data:
Point (f) of article 9(2) of the GDPR, cf. point (b) of article 6(1) in respect of clients who are natural persons or point (f) of article 6(1) in respect of other persons. See above for our legitimate interest.

Civil reg. (CPR) no.: Section 11 of the DPA.

Criminal offences: Section 8 of the DPA.
For the duration of our relationship with the client and up to 10 years after it has ended (depending on the nature of the specific data).
Opposing parties who are natural persons.

Persons associated with opposing parties and/or opposing parties' consolidated undertakings, including employees, suppliers, advisors, members of the executive board and of the board of directors, etc.
Contact details, including names, email addresses, addresses and telephone numbers, and other information depending on the nature of the matter, such as financial situations and contractual relationships.

In special cases, sensitive data (such as data concerning your health) or information about criminal offences.
Being able to contact opposing parties and providing legal advice for the purpose of managing our relationship with the client.Ordinary data:
Our legitimate interest in being able to contact opposing parties and providing legal advice and managing our relationship with the client; see point (f) of article 6(1) of the GDPR.

Sensitive data:
Point (f) of article 9(2) of the GDPR, cf. point (f) of article 6(1). See above for our legitimate interest.

Criminal offences: Section 8 of the DPA.
For the duration of our relationship with the client and up to 10 years after it has ended (depending on the nature of the specific data).
Persons associated with target companies or consolidated undertakings in connection with due diligence processes of transactions etc.Contact details, including names, email addresses, addresses and telephone numbers, information about employers and job titles, and other information depending on the nature of the matter, such as information about leases, financial situations and contractual relationships (data room information).Providing advice in connection with transactions (due diligence).Ordinary data:
Our legitimate interest in being able to go through data room material for the purpose of providing legal advice; see point (f) of article 6(1) of the GDPR.

See above for information about persons associated with clients etc. and persons associated with opposing parties etc.
For the duration of our relationship with the client and up to 10 years after it has ended (depending on the nature of the specific data).
Witnesses, experts, other advisors, etc.Contact details, including names, email addresses, addresses and telephone numbers.
Education, professional experience and other offices, experience, and business partners.

Particularly in relation to witnesses: Other information depending on the nature of the matter, such as financial situations and contractual relationships, and, in certain cases, sensitive data such as information about criminal offences and data concerning your health.
Being able to make contact when providing legal advice to our clients and the inclusion of personal data in connection with court or arbitral proceedings etc.Ordinary data:
Our legitimate interest in being able to make contact and providing legal advice (including court or arbitral proceedings) and managing our relationship with the client; see point (f) of article 6(1) of the GDPR.

Sensitive data:
Point (f) of article 9(2) of the GDPR, cf. point (f) of article 6(1). See above for our legitimate interest.

Criminal offences: Section 8 of the DPA.
For the duration of our relationship with the client and up to 10 years after it has ended (depending on the nature of the specific data).
Visitors on our websites.IP addresses when placing cookies.

Please refer to our cookie policy.
Preparing statistics on the use of our websites and optimising our websites.

Please refer to our cookie policy.
Ordinary data:
If our processing is not based on your consent, it is based on our legitimate interest in optimising our websites; see point (f) of article 6(1) of the GDPR.
Please refer to our cookie policy.
Recipients of our newsletters.Names, email addresses and, if relevant, association with businesses. In some cases, we also register other information, which you give us, for the purpose of sending personalised news to you.Marketing.Ordinary data:
Point (a) of article 6(1) of the GDPR. You can withdraw your consent at any time.

You can see our contact details at the end of this policy.
For as long as your consent is valid.
Participants in Accura events, courses, presentations, etc.Names, email addresses and, if relevant, association with businesses.Distributing invitations, planning courses and events, and issuing course certificates.Ordinary data:
Our legitimate interest in offering and running courses etc.; see point (f) of article 6(1) of the GDPR.
For up to 5 years after the end of the course or event.
Accura's suppliers and business partners etc.Contact details, including names and email addresses, and association with the suppliers etc.Being able to contact suppliers or business partners. Ordinary data:
Our legitimate interest in being able to communicate with the supplier or the business partner; see point (f) of article 6(1) of the GDPR.
For as long as we have a collaboration with the supplier/business partner and up to 5 years after the end of the collaboration.
Beneficial owners and members of management associated with the client. Information about politically exposed persons or related parties or close business partners of politically exposed persons.Names, addresses, email addresses, telephone numbers and, if relevant, civil reg. (CPR) nos and passport copies. Political affiliations (politically exposed persons) and information about spouses, registered partners, cohabitants or parents and children and their spouses, registered partners or cohabitants (related parties to a politically exposed person).Complying with obligations under the Danish Anti-Money Laundering Act (hvidvaskloven), including customer due diligence procedures under the anti-money laundering rules (KYC).Ordinary data:
Point (c) of article 6(1) of the GDPR, cf. part 3 of the Danish Anti-Money Laundering Act.

Sensitive data:
Point (g) of article 9(2) of the GDPR, cf. point (c) of article 6(1), cf. part 3 of the Danish Anti-Money Laundering Act.

Civil reg. (CPR) no.: Section 11 of the DPA.
5 years after the end of the business relationship or the completion of a one-off transaction.
Persons recorded by our surveillance cameras.Physical appearance (surveillance footage) and geographical location (time and place).Preventing and solving criminal offences.Ordinary data:
Our legitimate interest in keeping our entry areas etc. under surveillance as part of our security measures; see point (f) of article 6(1) of the GDPR.

Criminal offences: Section 8 of the DPA.
Up to 30 days in accordance with the Danish Camera Surveillance Act (tv-overvågningsloven).
Persons mentioned in the Danish Central Business Register (CVR), judgments and other public sources.Names, employers, job titles, addresses, telephone numbers, associations with businesses.Legal processing and background knowledge.Ordinary data:
Our legitimate interest in legal processing and in obtaining background knowledge; see point (f) of article 6(1) of the GDPR.
For as long as the information is public.
Our employees' relatives.Names, telephone numbers, email addresses, addresses and the nature of their relations with the employees.Being able to contact relatives, if necessary.Ordinary data:
Our legitimate interest in being able to contact relatives; see point (f) of article 6(1) of the GDPR.
For as long as the employee is employed with Accura and up to 5 years after the employee has left the company.

Recipients
Disclosure to third parties
We generally do not disclose personal data to others. However, we may be required by law to disclose your personal data, and it may also be necessary for the purpose of pursuing the purposes described above.

The recipients could be public authorities (for example, the corporate and commercial authorities, the tax authorities, the Danish Financial Supervisory Authority, the competition, consumer or data protection authorities), the courts, arbitration boards and institutes, external legal advisors, financial advisors and auditors, banks, insurance companies and other third parties (for example, businesses examining matters or advising on matters other than those mentioned).

Making available personal data to processors
In some cases, we leave the processing of personal data to our processors who, for example, provide our IT systems, including hosting, backup and support and virtual data room providers. Depending on the specific situation, we may need to use other processors.

 

Transfers to third countries
In certain cases, we transfer personal data to recipients outside the EU and EEA. The recipients could be opposing parties, advisors or authorities. They could also be our processors (for example IT providers).

If the recipient is located outside the EU and EEA we will conclude EU standard contractual clauses approved by the European Commission with the recipient before we transfer personal data. Moreover, we may transfer personal data if necessary for the purpose of establishing, making or defending legal claims.

If you want a list of third country transfers and the grounds for them, please send an email to compliance@accura.dk.

 

Mandatory data
Most of the personal data collected about you are given voluntarily or for the purpose of concluding or performing an agreement with us or a third party or for the purpose of making legal claims.

If we are to apply for registrations in Danish public systems (such as the online business portal (virk.dk), the digital registration system (tinglysning.dk) or the online court portal (minretssag.dk) on your behalf, we need to be able to identify you. Therefore, we will often need to have your civil reg. (CPR) number in our possession. We will also need to have documentation in our possession that uniquely identifies you; for example, if the situation is governed by the Danish Anti-Money Laundering Act or if we are to open a bank account on your behalf. Such documentation could be a copy of your passport. Similar obligations apply if we are to pay out funds to you, for example in connection with the award of applications for grants or payment of remuneration or compensation.

The consequence of failing to give us the information could be that we are unable to pursue the purposes mentioned, including, in certain cases, our relationship with the client, or that we are unable to fulfil our obligations to public authorities. As regards information obtained under the Danish Anti-Money Laundering Act, the provision of such information is mandatory in order for us to fulfil our statutory obligations.

 

Storage
Please refer to the description in the table above under “Purposes and categories of personal data etc.”

 

Your rights
Please contact us at compliance@accura.dk if you wish to exercise your rights. As a main rule, you have the following rights:

Right of access: You have the right to view the data which we process about you.

Right to rectification: You can ask us to correct inaccurate data about you.

Right to erasure: In special cases, you have the right to request that we erase data about you before we normally are required to erase such data.

Right to restriction of processing: In some cases, you have the right to restrict the processing of your personal data. In that case, we will only process your personal data with your consent, for the establishment, exercise or defence of a legal claim or for the protection of a person or important public interests. In any circumstance, we may store your personal data.

Right to object: In some cases, you have the right to object to our otherwise lawful processing of your personal data. You may also object to our processing of your personal data for the purpose of direct marketing.

Right to data portability: In some cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have such personal data transferred from one controller to another.

You can read more about your rights in the Danish Data Protection Agency’s guidance on the data subjects’ rights, which is available on www.datatilsynet.dk (in Danish only).

In some cases, your rights under the data protection rules do not apply to Accura’s processing of your personal data, including because of our duty of confidentiality. Therefore, you may not be entitled to erasure or data portability in specific cases as this would depend on the specific circumstances.

 

Complaint to the Danish Data Protection Agency
You have the right to file a complaint with the Danish Data Protection Agency if you are not satisfied with our processing of your personal data. You can find the Danish Data Protection Agency’s contact details on www.datatilsynet.dk.

 

Accura’s contact details
If you have any questions, comments or requests concerning the processing of your personal data, you are welcome to contact us at:
Accura Advokatpartnerselskab
CVR no.: 33039018
Tuborg Boulevard 1
DK-2900 Hellerup
Email: compliance@accura.dk
Telephone: +45 3945 2800

Version: August 2020